Motivation Abstract Views Updating Views Coercion Experiments Conclusion View-Augmented Abstractions Matt Elder 1 Denis Gopan 2 Thomas Reps 12 1 Computer Sciences Department University of Wisconsin-Madison 2 GrammaTech, Inc. Second International Workshop on Numeric and Symbolic Abstract Domains View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion View-Augmented Abstraction View-Augmented Abstraction improves the precision of any numeric abstract domain with few changes to that domain. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Example in Collecting Semantics Example 1 assume(-2 <= x <= 2) x -2 -1 0 1 2 3 4 2 if x*x >= 4 then x -2 -1 0 1 2 3 4 x = x+1 x 3 -2 -1 3 0 1 2 4 assert(x*x <= 0) x 4 -2 -1 0 1 2 3 4 View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Example in Interval Domain Example 1 assume(-2 <= x <= 2) x -2 -1 0 1 2 3 4 2 if x*x >= 4 then x -2 -1 0 1 2 3 4 x = x+1 x 3 -2 -1 3 0 1 2 4 assert(x*x <= 0) x 4 -2 -1 0 1 2 3 4 View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion The Challenge How can we augment a numeric abstract domain to improve its characterization of a given expression? View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Desirable Properties Parsimony: The augmented domain tracks only a small amount of additional information. Delegation: Augmented operations are made from core operations. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion How Might One Augment? Instrumentation Principle: If, in an abstract domain, we explicitly store the value of expression expr , then that information about expr can be more precise than reevaluating expr . View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion How Do We Augment? Add abstract views to the core domain. Abstract View : An abstract view is an extra variable interpreted to hold the value of a selected expression. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Example in Augmented Interval Domain Example x 1 assume(-2 <= x <= 2) x 2 -2 -1 0 1 2 3 4 x 2 if x*x >= 4 then x 2 -2 -1 0 1 2 3 4 x x = x+1 3 x 2 -2 -1 3 0 1 2 4 x assert(x*x <= 0) 4 x 2 -2 -1 0 1 2 3 4 View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Augmented Numeric Abstract Domains A view-augmented abstract domain uses the core domain’s representation, adds a variable for each view, delegates join and widen to the core domain, and calls to the semantics of assignment and assumption. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion We Must Update Views Assignments to core variables change view expression values. We must update abstract views. How? View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Naive Method We could recompute the view from core variables. Example x = x+1; v x*x = x*x View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Naive Method We could recompute the view from core variables. Example x = x+1; v x*x = x*x But this ignores the information in the view! View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Finite-Differencing Method Compute the change in the view symbolically. Use the resulting expression abstractly. Example (x, v x*x ) = (x+1, v x*x + 2*x + 1) View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Computing Finite Differences Update v expr with v expr + ∆[ expr ]. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Computing Finite Differences Update v expr with v expr + ∆[ expr ]. ∆[ expr ] : ∆[ a + b ] = ∆[ a ] + ∆[ b ] ∆[ ab ] = b ∆[ a ] + a ∆[ b ] + ∆[ a ]∆[ b ] ∆[ k ] = 0 if k is a constant. ∆[ x ] is based on the core assignment if x is a variable. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Using Views in Core Expressions For finite differencing to help, v expr must first become more precise than recomputing expr . Example becomes if x*x >= 4 if v x*x >= 4 becomes assert(x*x <= 0) assert(v x*x <= 0) View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Need to Reduce Values View augmentation demands semantic reduction. Example x �→ [0 , 5] 6 5 y �→ [0 , 5] 4 v x + y �→ [0 , 2] 3 y 2 1 0 0 1 2 3 4 5 6 x View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion How to Reduce Values Coerce repeatedly assumes symbolically-derived relations until it reaches a fixed point. Coerce: 1 Write the defining formula for each view. 2 Solve for each core variable in each formula. 3 Assume these relations until reaching fixpoint. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion How to Reduce Values Example 1 Write: v x + y = x + y 2 Solve: y = v x + y − x and x = v x + y − y . 3 assume(x = v x+y - y) and assume(y = v x+y - x) . �→ [0 , 2] x 6 5 �→ [0 , 2] y 4 �→ [0 , 2] v x + y 3 y 2 1 0 0 1 2 3 4 5 6 x View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Implementation We built our experiments from INRIA’s Interproc and Fixpoint which uses Apron’s numeric domains. Many test cases came from StInG. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Selected Results Proved Program Analysis Time (s) Assertions intervals 0.02 2 Berkeley octagons 0.12 2 intervals + views 14.50 3 octagons 0.09 0 Seesaw octagons + views 7.74 2 intervals 0.01 0 Sqrt polyhedra 0.03 0 intervals + views 0.62 2 View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Future Work We’d like to make coerce faster (or needless!), replace finite differencing, and automate selecting views. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Motivation Abstract Views Updating Views Coercion Experiments Conclusion Conclusion View-augmented abstraction with parsimony and delegation improves the precision of any numeric domain. View-Augmented Abstractions Matt Elder, Denis Gopan, Thomas Reps
Recommend
More recommend
