View-Augmented Abstractions Matt Elder 1 Denis Gopan 2 Thomas Reps 12 - - PowerPoint PPT Presentation

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

View-Augmented Abstractions

Matt Elder1 Denis Gopan2 Thomas Reps12

1Computer Sciences Department

University of Wisconsin-Madison

2GrammaTech, Inc.

Second International Workshop on Numeric and Symbolic Abstract Domains

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

View-Augmented Abstraction

View-Augmented Abstraction improves the precision

• f any numeric abstract domain

with few changes to that domain.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Example in Collecting Semantics

Example

1 assume(-2 <= x <= 2)

1 2 3 4

• 1
• 2

x

2 if x*x >= 4 then

1 2 3 4

• 1
• 2

x

3

x = x+1

1 2 3 4

• 1
• 2

x

4

assert(x*x <= 0)

1 2 3 4

• 1
• 2

x

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Example in Interval Domain

Example

1 assume(-2 <= x <= 2)

1 2 3 4

• 1
• 2

x

2 if x*x >= 4 then

1 2 3 4

• 1
• 2

x

3

x = x+1

1 2 3 4

• 1
• 2

x

4

assert(x*x <= 0)

1 2 3 4

• 1
• 2

x

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

The Challenge

How can we augment a numeric abstract domain to improve its characterization of a given expression?

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Desirable Properties

Parsimony:

The augmented domain tracks only a small amount of additional information.

Delegation:

Augmented operations are made from core operations.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

How Might One Augment?

Instrumentation Principle:

If, in an abstract domain, we explicitly store the value of expression expr, then that information about expr can be more precise than reevaluating expr.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

How Do We Augment?

Add abstract views to the core domain.

Abstract View:

An abstract view is an extra variable interpreted to hold the value of a selected expression.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Example in Augmented Interval Domain

Example

1 assume(-2 <= x <= 2)

1 2 3 4

• 1
• 2

x x2

2 if x*x >= 4 then

1 2 3 4

• 1
• 2

x x2

3

x = x+1

1 2 3 4

• 1
• 2

x x2

4

assert(x*x <= 0)

1 2 3 4

• 1
• 2

x x2

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Augmented Numeric Abstract Domains

A view-augmented abstract domain uses the core domain’s representation, adds a variable for each view, delegates join and widen to the core domain, and calls to the semantics of assignment and assumption.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

We Must Update Views

Assignments to core variables change view expression values. We must update abstract views. How?

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Naive Method

We could recompute the view from core variables.

Example

x = x+1; vx*x = x*x

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Naive Method

We could recompute the view from core variables.

Example

x = x+1; vx*x = x*x But this ignores the information in the view!

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Finite-Differencing Method

Compute the change in the view symbolically. Use the resulting expression abstractly.

Example

(x, vx*x) = (x+1, vx*x + 2*x + 1)

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Computing Finite Differences

Update vexpr with vexpr + ∆[expr].

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Computing Finite Differences

Update vexpr with vexpr + ∆[expr].

∆[expr] :

∆[a + b] = ∆[a] + ∆[b] ∆[ab] = b∆[a] + a∆[b] + ∆[a]∆[b] ∆[k] = 0 if k is a constant. ∆[x] is based on the core assignment if x is a variable.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Using Views in Core Expressions

For finite differencing to help, vexpr must first become more precise than recomputing expr.

Example

if x*x >= 4 becomes if vx*x >= 4 assert(x*x <= 0) becomes assert(vx*x <= 0)

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Need to Reduce Values

View augmentation demands semantic reduction.

Example

x → [0, 5] y → [0, 5] vx+y → [0, 2]

1 2 3 4 1 2 3 4 5 5 x y 6 6

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

How to Reduce Values

Coerce repeatedly assumes symbolically-derived relations until it reaches a fixed point.

Coerce:

1 Write the defining formula for each view. 2 Solve for each core variable in each formula. 3 Assume these relations until reaching fixpoint.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

How to Reduce Values

Example

1 Write: vx+y = x + y 2 Solve: y = vx+y − x and x = vx+y − y. 3 assume(x = vx+y - y) and assume(y = vx+y - x).

x → [0, 2] y → [0, 2] vx+y → [0, 2]

1 2 3 4 1 2 3 4 5 5 x y 6 6

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Implementation

We built our experiments from INRIA’s Interproc and Fixpoint which uses Apron’s numeric domains. Many test cases came from StInG.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Selected Results

Proved Program Analysis Time (s) Assertions Berkeley intervals 0.02 2

• ctagons

0.12 2 intervals + views 14.50 3 Seesaw

• ctagons

0.09

• ctagons + views

7.74 2 Sqrt intervals 0.01 polyhedra 0.03 intervals + views 0.62 2

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Future Work

We’d like to make coerce faster (or needless!), replace finite differencing, and automate selecting views.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps

Motivation Abstract Views Updating Views Coercion Experiments Conclusion

Conclusion

View-augmented abstraction with parsimony and delegation improves the precision

• f any numeric domain.

View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps