amortised resource analysis using separation logic
play

Amortised Resource Analysis using Separation Logic Robert Atkey - PowerPoint PPT Presentation

Aug 30, 2022 •135 likes •754 views

Robert.Atkey@strath.ac.uk Amortised Resource Analysis using Separation Logic Robert Atkey University of Strathclyde 20th July 2017 Dagstuhl Seminar 17291 Resource Specification and Verification Programs execute. But not for free. How much

  1. Robert.Atkey@strath.ac.uk Amortised Resource Analysis using Separation Logic Robert Atkey University of Strathclyde 20th July 2017 Dagstuhl Seminar 17291

  2. Resource Specification and Verification Programs execute. But not for free. How much will it cost? How do we say how much it will cost?

  3. Specifying Resource Usage Maybe we could attach sizes to things: list n ( x ) And then state the resource consumption in these terms: { list n ( x ) ∧ r c = r 1 } iterateList { list n ( x ) ∧ r c = r 1 + n } How well does this work?

  4. Dequeue ( unit) Enqueue ( unit) Enqueue ( unit) Dequeue ( unit) Dequeue ( units) ( to reverse d c , to remove c ) Total: units a b Functional Queues

  5. Enqueue ( unit) Enqueue ( unit) Dequeue ( unit) Dequeue ( units) ( to reverse d c , to remove c ) Total: units b Functional Queues ▶ Dequeue ( 1 unit)

  6. Enqueue ( unit) Dequeue ( unit) Dequeue ( units) ( to reverse d c , to remove c ) Total: units b c Functional Queues ▶ Dequeue ( 1 unit) ▶ Enqueue ( 1 unit)

  7. Dequeue ( unit) Dequeue ( units) ( to reverse d c , to remove c ) Total: units b d c Functional Queues ▶ Dequeue ( 1 unit) ▶ Enqueue ( 1 unit) ▶ Enqueue ( 1 unit)

  8. Dequeue ( units) ( to reverse d c , to remove c ) Total: units d c Functional Queues ▶ Dequeue ( 1 unit) ▶ Enqueue ( 1 unit) ▶ Enqueue ( 1 unit) ▶ Dequeue ( 1 unit)

  9. Total: units d Functional Queues ▶ Dequeue ( 1 unit) ▶ Enqueue ( 1 unit) ▶ Enqueue ( 1 unit) ▶ Dequeue ( 1 unit) ▶ Dequeue ( 3 units) ( 2 to reverse [ d , c ] , 1 to remove c )

  10. d Functional Queues ▶ Dequeue ( 1 unit) ▶ Enqueue ( 1 unit) ▶ Enqueue ( 1 unit) ▶ Dequeue ( 1 unit) ▶ Dequeue ( 3 units) ( 2 to reverse [ d , c ] , 1 to remove c ) ▶ Total: 7 units

  11. Specifying the Resource Behaviour Using a ghost variable r c for consumed resources. Predicate queue ( x , h , t ) ▶ Queue pointed to by x ; ▶ Head of length h , tail of length t ∀ r 1 . { queue ( x , h , t ) ∧ r c = r 1 } enqueue { queue ( x , h , t + 1) ∧ r c = r 1 + R } ∀ r 1 . { queue ( x , 0 , t ) ∧ r c = r 1 } dequeue { queue ( x , t − 1 , 0) ∧ r c = r 1 + (1 + t ) R } ∀ r 1 . { queue ( x , h + 1 , t ) ∧ r c = r 1 } dequeue { queue ( x , h , t ) ∧ r c = r 1 + R } Exposes the internals of the queue abstraction.

  12. Dequeue ( unit) Enqueue ( units) Enqueue ( units) Dequeue ( unit) Dequeue ( unit) Total: units a b Amortised Analysis (Tarjan 1985)

  13. Enqueue ( units) Enqueue ( units) Dequeue ( unit) Dequeue ( unit) Total: units b Amortised Analysis (Tarjan 1985) ▶ Dequeue ( 1 unit)

  14. Enqueue ( units) Dequeue ( unit) Dequeue ( unit) Total: units b c Amortised Analysis (Tarjan 1985) ▶ Dequeue ( 1 unit) ▶ Enqueue ( 2 units)

  15. Dequeue ( unit) Dequeue ( unit) Total: units b d c Amortised Analysis (Tarjan 1985) ▶ Dequeue ( 1 unit) ▶ Enqueue ( 2 units) ▶ Enqueue ( 2 units)

  16. Dequeue ( unit) Total: units d c Amortised Analysis (Tarjan 1985) ▶ Dequeue ( 1 unit) ▶ Enqueue ( 2 units) ▶ Enqueue ( 2 units) ▶ Dequeue ( 1 unit)

  17. Total: units d Amortised Analysis (Tarjan 1985) ▶ Dequeue ( 1 unit) ▶ Enqueue ( 2 units) ▶ Enqueue ( 2 units) ▶ Dequeue ( 1 unit) ▶ Dequeue ( 1 unit)

  18. d Amortised Analysis (Tarjan 1985) ▶ Dequeue ( 1 unit) ▶ Enqueue ( 2 units) ▶ Enqueue ( 2 units) ▶ Dequeue ( 1 unit) ▶ Dequeue ( 1 unit) ▶ Total: 7 units

  19. Where Do Resources Live? Tarjan: associate the extra resources for enqueue with the nodes. Banker’s method. When accessing that node we get to use the resources. Applied to functional languages by Hofmann and Jost (2003).

  20. Dequeue ( unit) ( real unit) Enqueue ( units) ( real unit) Enqueue ( units) ( real unit) Dequeue ( unit) ( real unit) Dequeue ( unit) ( real units) Total: units a b Where Do Resources Live?

  21. Enqueue ( units) ( real unit) Enqueue ( units) ( real unit) Dequeue ( unit) ( real unit) Dequeue ( unit) ( real units) Total: units b Where Do Resources Live? ▶ Dequeue ( 1 unit) ( 1 real unit)

  22. Enqueue ( units) ( real unit) Dequeue ( unit) ( real unit) Dequeue ( unit) ( real units) Total: units b c Where Do Resources Live? R ▶ Dequeue ( 1 unit) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit)

  23. Dequeue ( unit) ( real unit) Dequeue ( unit) ( real units) Total: units b d c Where Do Resources Live? R R ▶ Dequeue ( 1 unit) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit)

  24. Dequeue ( unit) ( real units) Total: units d c Where Do Resources Live? R R ▶ Dequeue ( 1 unit) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit) ▶ Dequeue ( 1 unit) ( 1 real unit)

  25. Total: units d Where Do Resources Live? ▶ Dequeue ( 1 unit) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit) ▶ Dequeue ( 1 unit) ( 1 real unit) ▶ Dequeue ( 1 unit) ( 3 real units)

  26. d Where Do Resources Live? ▶ Dequeue ( 1 unit) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit) ▶ Enqueue ( 2 units) ( 1 real unit) ▶ Dequeue ( 1 unit) ( 1 real unit) ▶ Dequeue ( 1 unit) ( 3 real units) ▶ Total: 7 units

  27. Consumable Resources Let’s assume that resources are a commutative, ordered monoid.

  28. a c b d Separation Logic with Consumable Resources list ( n , x ) ≡ x = null ∧ emp �→ z ] ∗ R n ∗ list ( n , z ) ∨ ∃ yz . [ x data �→ y ] ∗ [ x next H r R R R R r , H | = list (1 , x )

  29. a c b d Separation Logic with Consumable Resources list ( n , x ) ≡ x = null ∧ emp �→ z ] ∗ R n ∗ list ( n , z ) ∨ ∃ yz . [ x data �→ y ] ∗ [ x next H 1 H 2 r 1 r 2 R R R R r 1 · r 2 , H 1 ⊎ H 2 | = [ x data �→ a ] ∗ [ x next �→ y ] ∗ R ∗ list (1 , y )

  30. c A b d Separation Logic with Consumable Resources list ( n , x ) ≡ x = null ∧ emp �→ z ] ∗ R n ∗ list ( n , z ) ∨ ∃ yz . [ x data �→ y ] ∗ [ x next H 1 H 2 r 2 R R R After some mutation and resource consumption.

  31. Specifying Resources and Heap Shape queue ( x ) ≡ ∃ yz . [ x front �→ y ] ∗ [ x back �→ z ] ∗ list (0 , y ) ∗ list (1 , z ) { queue ( x ) ∗ R ∗ R } enqueue { queue ( x ) } { queue ( x ) ∗ R } dequeue { queue ( x ) } Precondition specifies: Heap shape required } Two may be intertwined Resources required

  32. It’s all intertwingly Reasoning follows Innumerate Shepherd model ▶ Numbers and arithmetic are abstract nonsense! ▶ Structure matters Resources are made available as they are needed to process the data they are attached to. Integrates well with the local reasoning of Separation Logic.

  33. f Assertion Language t 1 ▷ ◁ t 2 | ⊤ | ϕ 1 ∧ ϕ 2 | ϕ 1 ∨ ϕ 2 | ϕ 1 → ϕ 2 ::= ϕ | emp | ϕ 1 ∗ ϕ 2 | ϕ 1 — ∗ ϕ 2 | ∀ x .ϕ | ∃ x .ϕ | [ t 1 �→ t 2 ] | R r | . . .

  34. Semantic Domains Logic is defined over pairs x = ( H , r ) . Use a ternary relation to define how resources and heaps are combined: Rxyz ⇔ H 1 # H 2 ∧ H 1 ⊎ H 2 = H 3 ∧ r 1 · r 2 ⊑ r 3 where x = ( H 1 , r 1 ) , y = ( H 2 , r 2 ) , z = ( H 3 , r 3 ) Extend the order on resources to pairs of heaps and resources by ( H 1 , r 1 ) ⊑ ( H 2 , r 2 ) iff H 1 = H 2 and r 1 ⊑ r 2 .

  35. f emp Semantics of Assertions x = ( H , r ) η, x | = ⊤ iff always η, x | = t 1 { = , ̸ = } t 2 iff � t 1 � η { = , ̸ = } � t 2 � η η, x | = iff x = ( H , r ) and H = {} η, x | = [ t 1 �→ t 2 ] iff x = ( H , r ) and H = { ( � t 1 � η , f ) �→ � t 2 � η } η, x | = R r i iff x = ( H , r ) and r i ⊑ r and H = {} η, x | = iff η, x | = ϕ 1 and η, x | = ϕ 2 ϕ 1 ∧ ϕ 2 η, x | = iff η, x | = ϕ 1 or η, x | = ϕ 2 ϕ 1 ∨ ϕ 2 η, x | = iff exists y , z . st. Ryzx ϕ 1 ∗ ϕ 2 and η, y | = ϕ 1 and η, z | = ϕ 2 η, x | = iff for all y . if x ⊑ y and η, y | = ϕ 1 ϕ 1 → ϕ 2 then η, y | = ϕ 2 η, x | = ϕ 1 — iff for all y , z . if Rxyz and η, y | = ϕ 1 ∗ ϕ 2 then η, z | = ϕ 2 η, x | = ∀ v .ϕ iff for all a , η [ v �→ a ] , x | = ϕ η, x | = ∃ v .ϕ iff exists a , η [ v �→ a ] , x | = ϕ

  36. Doubly-linked lists: dlseg n p x y x y x next z prev p R n z x dlseg n x z y Trees: tree n x x null right z x left y R n y z x tree y tree z emp emp Examples of Inductive Predicates List segments: lseg ( n , x , y ) ≡ x = y ∧ emp �→ z ] ∗ R n ∗ lseg ( n , z , y ) ∨ ∃ d , z . [ x data �→ d ] ∗ [ x next

  37. Trees: tree n x x null right z x left y R n y z x tree y tree z emp prev Examples of Inductive Predicates List segments: lseg ( n , x , y ) ≡ x = y ∧ emp �→ z ] ∗ R n ∗ lseg ( n , z , y ) ∨ ∃ d , z . [ x data �→ d ] ∗ [ x next Doubly-linked lists: dlseg ( n , p , x , y ) ≡ x = y ∧ emp �→ p ] ∗ R n ∗ dlseg ( n , x , z , y ) ∨ ∃ z . [ x next �→ z ] ∗ [ x

  38. prev right Examples of Inductive Predicates List segments: lseg ( n , x , y ) ≡ x = y ∧ emp �→ z ] ∗ R n ∗ lseg ( n , z , y ) ∨ ∃ d , z . [ x data �→ d ] ∗ [ x next Doubly-linked lists: dlseg ( n , p , x , y ) ≡ x = y ∧ emp �→ p ] ∗ R n ∗ dlseg ( n , x , z , y ) ∨ ∃ z . [ x next �→ z ] ∗ [ x Trees: tree ( n , x ) ≡ x = null ∧ emp �→ z ] ∗ R n ∗ tree ( y ) ∗ tree ( z ) ∨ ∃ y , z . [ x left �→ y ] ∗ [ x

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Amortised analysis of heap consumption Olha Shkaravska Institut of Informatics, LMU Munich,

Amortised analysis of heap consumption Olha Shkaravska Institut of Informatics, LMU Munich,

Amortised analysis of heap consumption Olha Shkaravska Institut of Informatics, LMU Munich, Germany Amortised analysisof heap consumption p.1/27 Motivation and Structure of this talk Hofmann-Jost inference system: inference of linear

597 views • 27 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

789 views • 63 slides
Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St January 14, 2020 1 LSV, CNRS, ENS Paris-Saclay 2 I3S, Universit e C ote dAzur Separation Logic 99 Logic of Bunched Implication ( BI ) [P.

310 views • 27 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max Kanovich 2 1 Imperial College London 2 Queen Mary University of London LICS-25, University of Edinburgh, 12 July 2010 Separation logic (Reynolds,

1.11k views • 31 slides
Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

1.14k views • 91 slides
Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri CNRS Marie Curie Fellow Yorktown Heights, March 2015 In Memoriam: Morgan Deters 2 Overview Separation Logic in a Nutshell 1 2 Expressive

915 views • 55 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Oracle Labs, Brisbane, 4 December 2015 1/ 19

291 views • 27 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa, Aquinas Hobor and John Wickerson IRIS Day OScience, Coronavirus Lockdown Edition Tuesday 7th April, 2020 1/ 13 Concurrent separation logic (

164 views • 13 slides
On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18 Warsaw, October 2018 The blossom of separation logics Separation logic: extension of Hoare-Floyd logic for (concurrent) programs with mutable data

642 views • 48 slides
Selection of summary statistics for approximate Bayesian computation David Balding and Matt Nunes

Selection of summary statistics for approximate Bayesian computation David Balding and Matt Nunes

Selection of summary statistics for approximate Bayesian computation David Balding and Matt Nunes Institute of Genetics University College London COMPSTAT Paris, 26 August 2010 Research funded by UK EPSRC Mathematics underpinning the life

540 views • 27 slides
Robert Meadowcroft Chief Executive Findacure Conference Our Journey: The Translarna Milestone

Robert Meadowcroft Chief Executive Findacure Conference Our Journey: The Translarna Milestone

Robert Meadowcroft Chief Executive Findacure Conference Our Journey: The Translarna Milestone 12 June 2015 Case study of Translarna Translarna targets nonsense mutations affecting between 11-13% of boys with Duchenne muscular

388 views • 12 slides
GePhCARD & BioMIMS: a combined platform that support research on hereditary diseases October

GePhCARD & BioMIMS: a combined platform that support research on hereditary diseases October

GePhCARD & BioMIMS: a combined platform that support research on hereditary diseases October 14th NETTAB 2011 1 Marina Mordenti Rizzoli Orthopaedic Institute Difficulty & No data delay in exchange diagnosis Partial data

646 views • 32 slides
Tame quivers have finitely many m-maximal green sequences Kiyoshi Igusa 1 Ying Zhou 2 1 Department

Tame quivers have finitely many m-maximal green sequences Kiyoshi Igusa 1 Ying Zhou 2 1 Department

Background Our Result Summary Tame quivers have finitely many m-maximal green sequences Kiyoshi Igusa 1 Ying Zhou 2 1 Department of Mathematics Brandeis University 2 Department of Mathematics Brandeis University Maurice Auslander

966 views • 75 slides
2012-08-07 CSE 332 Data Abstractions: Data Races and Memory, Reordering, Deadlock,

2012-08-07 CSE 332 Data Abstractions: Data Races and Memory, Reordering, Deadlock,

2012-08-07 CSE 332 Data Abstractions: Data Races and Memory, Reordering, Deadlock, Readers/Writer Locks, and Condition Variables (oh my!) *ominous music* THE FINAL EXAM Kate Deibel Summer 2012 August 6, 2012 CSE 332 Data Abstractions,

339 views • 14 slides
Summer 2012 August 6, 2012 CSE 332 Data Abstractions, Summer 2012 1 *ominous music* THE FINAL

Summer 2012 August 6, 2012 CSE 332 Data Abstractions, Summer 2012 1 *ominous music* THE FINAL

CSE 332 Data Abstractions: Data Races and Memory, Reordering, Deadlock, Readers/Writer Locks, and Condition Variables (oh my!) Kate Deibel Summer 2012 August 6, 2012 CSE 332 Data Abstractions, Summer 2012 1 *ominous music* THE FINAL EXAM

826 views • 80 slides
Testing and Fuzzing Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security *

Testing and Fuzzing Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security *

Testing and Fuzzing Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some slides adapted from those by Trent Jaeger Our Goal Develop techniques to detect vulnerabilities automatically before they are exploited

1.17k views • 61 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.23k views • 95 slides

More recommend