Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research,...
-
Upload
reina-capell -
Category
Documents
-
view
216 -
download
2
Transcript of Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research,...
![Page 1: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/1.jpg)
Meta Predicate Abstractionfor Hierarchical Symbolic
HeapsJosh Berdine
Microsoft Research, Cambridge
joint with
Mike EmmiUniversity of California, Los Angeles
![Page 2: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/2.jpg)
• What:
– Method of defining extrapolation and join operations
for separation logic based analyses
• Main Goals:
– Enable join operations between Powerset and Cartesian
– Provide systematic definitions and parameterizations of operations
2
![Page 3: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/3.jpg)
• Goal: Enable join operations between Powerset and Cartesian
– “Maximally” precise Powerset (disjunctive-normal form) join too
costly / redundant
• Particularly for shape analysis: tends to overuse disjunction
– “Minimally” precise Cartesian (no disjunction) join usually too
imprecise
• Therefore here:
– Use symbolic heap formulae that allow arbitrary nesting of
conjunction & disjunction
– Parameterize join to control when to weaken by shifting from
disjunctive to a more conjunctive form
3
![Page 4: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/4.jpg)
• Goal: Provide systematic definitions and parameterizations of
operations
– Join & extrapolation generally have ad-hoc definitions in SL analyses
– Significant impediment to systematic or automatic tuning
• Therefore here:
– Define join & extrapolation using a form of predicate abstraction
• Unary predicates in (positive) first-order logic with transitive closure
• Interpreted over “points in the structure” of SL formulae
– Opens the way to specializing operations to particular:
• Program
• Program point: lazy abstraction
• Program point at particular point in analysis: abstraction refinement
4
![Page 5: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/5.jpg)
• Approximate semantics
• Soundness condition for
– Join:
– Extrapolation:
5
What are extrapolation & join?
![Page 6: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/6.jpg)
• Simple fragment of separation logic
• Consider analysis
– Sets of symbolic heap formulae
– Set theoretic order, join, pointwise lift of transformers
• Now to define extrapolation…
6
Simple symbolic heaps
![Page 7: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/7.jpg)
• First-order logic with transitive closure
• Entailment judgment
• Closure rules
7
Meta predicate logic
![Page 8: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/8.jpg)
• Base predicate satisfaction
• Predicate satisfaction
• Unary predicates:
are evaluated:
lift to vectors of predicates: and expressions:
8
Meta predicate evaluation
![Page 9: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/9.jpg)
• Predicates:
• Symbolic Heap:
• Valuations:
9
Predicate evaluation example
![Page 10: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/10.jpg)
• Append entailment
• Simplified concatenation rewrite rule
• General concatenation rewrite rule
10
Meta predicate based Extrapolation
![Page 11: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/11.jpg)
• Consider:
– then:
– and:
• Non-confluence:
• In general, confluence depends on predicate set
11
Extrapolation example
![Page 12: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/12.jpg)
• Consider the predicates
• Then we have the rewrites
• Note similarity to Distefano+ TACAS’06 & Manevich+ VMCAI’05
• But:
12
Predicates example
![Page 13: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/13.jpg)
• Disjunctive symbolic heaps
Add production:
• Symbolic heap contexts
• Predicate satisfaction judgment
13
Disjunctive symbolic heaps
![Page 14: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/14.jpg)
14
Predicate satisfaction
![Page 15: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/15.jpg)
15
Example deduction
![Page 16: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/16.jpg)
16
Predicate evaluation algorithm
![Page 17: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/17.jpg)
17
Predicate evaluation algorithm
![Page 18: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/18.jpg)
• Concatenation rewrite
• “Selected branch” of a context
18
Extrapolation
![Page 19: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/19.jpg)
• Factorization rewrite
• Example
19
“Weaken & distribute ¤ over Ç” Join
![Page 20: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/20.jpg)
• Joining segments with equal heads and unequal tails
• Example
20
“Trade disjuncts for existentials” Join
![Page 21: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/21.jpg)
• Work from leaves of whole formula to root
• For each decomposition into context and symbolic heap
– View selected symbolic heap as graph
– Edges for points-to’s, list segments and equalities
• Apply rewrite rules to paths in graph in a length-decreasing
order
21
Extrapolation & Join algorithms
![Page 22: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/22.jpg)
• Disjunctive Hierarchical Symbolic Heaps
• Base predicate satisfaction changes
• Otherwise mostly orthogonal extension
• Extrapolation & Join algorithms complicated by needing to
construct segment graphs inductively over patterns
• Rewrite rules now need to use subtraction
– Paths in segment graph don’t imply append entailment applies
22
Hierarchical Symbolic Heaps
![Page 23: Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.](https://reader038.fdocuments.in/reader038/viewer/2022110304/5518a4c6550346881f8b4a18/html5/thumbnails/23.jpg)
• Proposed method of defining extrapolation & join operations
– For separation logic based analyses
– Over formulae allowing arbitrary nesting of *-conjunction and
disjunction
– Using a form of (unary, FOTC) predicate abstraction
• Enables join operations between Powerset and Cartesian
• Provides systematic definitions and parameterizations of
operations
• Can be seen as a meeting point of Canonical Abstraction and
separation logic based analysis
– Representation of invariants & local semantics of programs from SL
– Extrapolation & join based on valuation of FOTC predicates a la CA
23
Summary