Finite Differencing of Logical Formulas for Static Analysis Thomas Reps University of Wisconsin...
-
date post
20-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Finite Differencing of Logical Formulas for Static Analysis Thomas Reps University of Wisconsin...
Finite Differencing of Logical Formulasfor Static Analysis
Thomas RepsUniversity of Wisconsin
Joint work with M. Sagiv and A. Loginov
Dynamic Algorithms
• This meeting, this community, . . .– Dynamic algorithms for better efficiency
• This talk– Dynamic updates expressed via logical
formulas• DB maintenance of materialized views• Dynamic descriptive complexity
– Dyn-FO [Patnaik & Immerman]– FOIES [Dong & Su]
– Dynamic algorithms for greater precision (avoid loss of information)
• The administrator of the U.S.S. Yorktown’s Standard Monitoring Control System entered 0 into a data field for the Remote Data Base Manager program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units.
• The Yorktown was dead in the water for about two hours and 45 minutes.
• A sailor on the U.S.S. Yorktown entered a 0 into a data field in a kitchen-inventory program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units.
• The Yorktown was dead in the water for about two hours and 45 minutes.
Analysis musttrack numericinformation
x = 3;y = 1/(x-3);
x = 3;px = &x;y = 1/(*px-3);
x = 3;p = (int*)malloc(sizeof int);*p = x;q = p;y = 1/(*q-3);
need to track valuesother than 0
need to track pointers
need to track dynamically allocated storage
Static Analysis
• Determine information about the possible situations that can arise at execution time, without actually running the program on particular inputs
• Typically:– Run the program on “aggregate values”,
which describe many stores all at once– For each point in the program, find a
descriptor that represents (a superset of) the stores that could possibly arise at that point
Static Analysis
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
Bad
Actual
Static Analysis
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
Bad
Actual
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Materialization
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
return y
t = y
ynext = t
y = x
x = xnext
x != NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
x
yt
x
yt
pointer analysis?points-to analysis?
alias analysis?shape analysis?
Dynamic storage allocationDestructive updating through pointers
Why is Shape Analysis Difficult?
• Destructive updating through pointers– p next = q– Produces complicated aliasing relationships
• Dynamic storage allocation– No bound on the size of run-time data
structures
Using Relations to Represent Linked Lists
Relation Intended Meaning
x(v) Does pointer variable x point to cell v?
y(v) Does pointer variable y point to cell v?
t(v) Does pointer variable t point to cell v?
n(v1,v2) Does the n field of v1 point to v2?
n u1 u2 u3 u4
u1 0 1 0 0u2 0 0 1 0u3 0 0 0 1u4 0 0 0 0
x(u) y(u) t(u)u1 1 1 0u2 0 0 0u3 0 0 0u4 0 0 0
u1 u2 u3 u4
xy
Using Relations to Represent Linked Lists
n u1 u2 u3 u4
u1 0 1 0 0u2 0 0 1 0u3 0 0 0 1u4 0 0 0 0
Canonical Abstraction
u1 u2 u3 u4
xu1
xu234
x(u) y(u)u1 1 0u2 0 0u3 0 0u4 0 0
n u1 u234
u1 0
u234 0 1/2
x(u) y(u)u1 1 0
u234 0 0
n u1 u2 u3 u4
u1 0 1 0 0u2 0 0 1 0u3 0 0 0 1u4 0 0 0 0
Canonical Abstraction
u1 u2 u3 u4
xu1
xu234
x(u) y(u)u1 1 0u2 0 0u3 0 0u4 0 0
n u1 u234
u1 0
u234 0 1/2
x(u) y(u)u1 1 0
u234 0 0
= u1 u2 u3 u4 u1 1 0 0 0 u2 0 1 0 0 u3 0 0 1 0 u4 0 0 0 1
Canonical Abstraction
u1 u2 u3 u4
xu1
xu234
x(u) y(u)u1 1 0u2 0 0u3 0 0u4 0 0
= u1 u234 u1 1
u234 0 1/2
x(u) y(u)u1 1 0
u234 0 0
x
yt
NULL
return y
t = y
ynext = t
y = x
x = xnext
x != NULL
x
yt
NULL
x
yt
NULL
u1 u
x
x(u) y(u) t(u)u1 1 0 0u 0 0 0
n u1 u
u1 0 1/2
u 0 1/2
yu1 u
x
x(u) y(u) t(u) u1 1 1 0 u 0 0 0
n u1 u
u1 0 1/2
u 0 1/2
y’(v) = x(v)
10
x
yt
NULL
x
yt
NULL
x
yt
return y
t = y
ynext = t
y = x
x = xnext
x != NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
x
yt
x
yt
Formalizing “. . .”• Informally x …
• Formally u1x u2
y
y
• Really: tables for x, y, and n
v2v1
u1 u2
u1 0 ½
u2 0 ½
n(v1,v2)x(v)v
u1
1
u2
0
y(v)v
u1 1
u2 0
Formalizing “. . .”
• Informally
• Formally
x
y
…
…
t
t’
rxrxx
ryy ry ry,rt’
t’
trx,rt
ry,rt’
rx,rtu4
u8u7u6u5
u1 u2 u3
…
…
Formalizing “. . .”
• Really
• Formally
p (relation) p (definition)
var(v) core
n(v1,v2),
eq(v1,v2)core
rvar(v) v ’ : (var(v’) n*(v’,v))
rxrxx
ryy ry ry,rt’
t’
trx,rt
ry,rt’
rx,rtu4
u8u7u6u5
u1 u2 u3
Formalizing “. . .”
• Really
• Formally
v2v1
u1 u2 u3
u4
u1 0 ½ 0 0
u2 0 ½ ½ 0
u3 0 0 0 ½
u4 0 0 0 ½
v u1 u2 u3 u4
u5
u6 u7
u8
0 0 1 0 0 0 0 0n(v1,v2)
t(v)
rt(v)v u1 u2 u3 u
4
u5
u6 u7
u8
0 0 1 1 0 0 0 0
rxrxx
ryy ry ry,rt’
t’
trx,rt
ry,rt’
rx,rtu4
u8u7u6u5
u1 u2 u3
Need for Update Formulas
x = xnrx
x
rx
rx
x
rx
rx
• Re-evaluating formulas can be impreciserx(v) = v’ : (x(v’) n*(v’,v))
Need for Update Formulas
• Re-evaluating formulas can be imprecise
rx
rx
x
rx = ½
rx
x
rx = 1
x = xn
rx(v) = v’ : (x(v’) n*(v’,v))
F[rx](v) = rx(v) ¬ x(v)
Goal: Create Update Formulas Automatically
• Originally: users provided all update formulas– A lot of work – Error prone
• Idea: finite differencing of formulas pnew(v) = p(v) ? ¬ :
= F[p, st](v)
negative differencepositive difference
[p, st](v) +[p, st](v)
update formula
Finite Differencing of Formulas
– core update• S’ - updated core
structure p – instrumentation
relation formula• p – instrumentation
relation
S S’
p p
pp
p’
DB
DB’U
V’V
Maintenance of Materialized DB Views
• U – database update• DB’ – updated database - view query• V – view value
UV
DB: efficiencyStatic analysis: avoid loss of precision (½)
TC Maintenance for Single Edge Addition in Arbitrary Graphs
• Let tn(v1,v2) = n*(v1,v2)
• F[tn(v1,v2)] = tn(v1,v2)
v1’,v2’: tn(v1,v1’) +[n(v1’,v2’)] tn(v2’,v2)
TC Maintenance in FO Logic
• 3 special cases [Dong&Su, Immerman]– Acyclic relations– Relations with all nodes of outdegree at most
1– Undirected relationsFor a single edge addition or deletion (not both)
Suspicious Pairs
a b
• Suspicious tn pairs: (a,b)
S(v1,v2) =
v1’,v2’: tn(v1,v1’) [n(v1’,v2’)] tn(v2’,v2)
Suspicious Pairs (cont.)
• Suspicious tn pairs: (a,b) but not (c,d)
S(v1,v2) =
v1’,v2’: tn(v1,v1’) [n(v1’,v2’)] tn(v2’,v2)
a b
c d
Trusty Pairs
• Trusty pairs: (c,d) but not (a,b)– non-suspicious tn pairs (not using the deleted edge).
T(v1,v2) = tn(v1,v2) ¬S(v1,v2)
a b
c d
TC Maintenance for Single Edge Deletion in Acyclic Graphs (cont.)
• Future tn pairs:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
TC Maintenance for Single Edge Deletion in Acyclic Graphs
(cont.)• Future tn pairs:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
a b
TC Maintenance for Single Edge Deletion in Acyclic Graphs (cont.)
• Future tn pairs:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
TC Maintenance for Single Edge Deletion in Acyclic Graphs (cont.)
• Future tn paths:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
c d
Measure of Success
Fraction of automatically generated update formulas that are as precise as existing hand-crafted update
formulas
Evaluation
Data Structure Sample properties
Singly linked list
• Partial correctness of sorting• Absence of insecure information flow• Merge preserves ADT and loses no elements of either list
Doubly linked list Append and Delete preserve ADT
Binary tree Deutsch-Schorr-Waite preserves ADT
Binary-search tree
Insert and Delete preserve ADT
Results
• 100% success (acyclic relations)– Cyclic relations correctly detected in 3 programs
• Performance effect was modest − 4% (decrease) to 44% average: ‹ 15%– Can be improved (e.g., caching of results)
• Optimization of set-theoretic expressions– Paige 79, Paige and Koenig 82
– Fong & Ullman (late 70s)
• DB: view maintenance; enforce integrity
constraints– Stonebraker 75; Paige 81; Horwitz & Teitelbaum 86
– Large body of DB literature in the 90s
• Dynamic descriptive complexity (Dyn-FO, FOIES)– Patnaik & Immerman 94; Dong & Su 93
• “Incrementalizing” functional programs– Liu 95; Liu & Teitelbaum 95
Related Work
For More Information
• Reps, T., Sagiv, M., and Loginov, A., Finite differencing of logical formulas for static analysis. In Proc. European Symp. on Programming, LNCS Vol. 2618, 2003.
• Sagiv, M., Reps, T., and Wilhelm, R., Parametric shape analysis via 3-valued logic. ACM TOPLAS 24, 3 (2002).
• Homepage for the TVLA system: http://www.math.tau.ac.il/~rumster/TVLA/