finite differencing of logical formulas for static analysis thomas reps university of wisconsin...
Post on 20-Dec-2015
218 views
TRANSCRIPT
Finite Differencing of Logical Formulasfor Static Analysis
Thomas RepsUniversity of Wisconsin
Joint work with M. Sagiv and A. Loginov
Dynamic Algorithms
• This meeting, this community, . . .– Dynamic algorithms for better efficiency
• This talk– Dynamic updates expressed via logical
formulas• DB maintenance of materialized views• Dynamic descriptive complexity
– Dyn-FO [Patnaik & Immerman]– FOIES [Dong & Su]
– Dynamic algorithms for greater precision (avoid loss of information)
• The administrator of the U.S.S. Yorktown’s Standard Monitoring Control System entered 0 into a data field for the Remote Data Base Manager program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units.
• The Yorktown was dead in the water for about two hours and 45 minutes.
• A sailor on the U.S.S. Yorktown entered a 0 into a data field in a kitchen-inventory program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units.
• The Yorktown was dead in the water for about two hours and 45 minutes.
Analysis musttrack numericinformation
x = 3;y = 1/(x-3);
x = 3;px = &x;y = 1/(*px-3);
x = 3;p = (int*)malloc(sizeof int);*p = x;q = p;y = 1/(*q-3);
need to track valuesother than 0
need to track pointers
need to track dynamically allocated storage
Static Analysis
• Determine information about the possible situations that can arise at execution time, without actually running the program on particular inputs
• Typically:– Run the program on “aggregate values”,
which describe many stores all at once– For each point in the program, find a
descriptor that represents (a superset of) the stores that could possibly arise at that point
Static Analysis
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
Bad
Actual
Static Analysis
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
Bad
Actual
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Materialization
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
Example: In-Situ List Reversal
List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y;}
typedef struct list_cell { int val; struct list_cell *next;} *List;
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
return y
t = y
ynext = t
y = x
x = xnext
x != NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
x
yt
x
yt
pointer analysis?points-to analysis?
alias analysis?shape analysis?
Dynamic storage allocationDestructive updating through pointers
Why is Shape Analysis Difficult?
• Destructive updating through pointers– p next = q– Produces complicated aliasing relationships
• Dynamic storage allocation– No bound on the size of run-time data
structures
Using Relations to Represent Linked Lists
Relation Intended Meaning
x(v) Does pointer variable x point to cell v?
y(v) Does pointer variable y point to cell v?
t(v) Does pointer variable t point to cell v?
n(v1,v2) Does the n field of v1 point to v2?
n u1 u2 u3 u4
u1 0 1 0 0u2 0 0 1 0u3 0 0 0 1u4 0 0 0 0
x(u) y(u) t(u)u1 1 1 0u2 0 0 0u3 0 0 0u4 0 0 0
u1 u2 u3 u4
xy
Using Relations to Represent Linked Lists
n u1 u2 u3 u4
u1 0 1 0 0u2 0 0 1 0u3 0 0 0 1u4 0 0 0 0
Canonical Abstraction
u1 u2 u3 u4
xu1
xu234
x(u) y(u)u1 1 0u2 0 0u3 0 0u4 0 0
n u1 u234
u1 0
u234 0 1/2
x(u) y(u)u1 1 0
u234 0 0
n u1 u2 u3 u4
u1 0 1 0 0u2 0 0 1 0u3 0 0 0 1u4 0 0 0 0
Canonical Abstraction
u1 u2 u3 u4
xu1
xu234
x(u) y(u)u1 1 0u2 0 0u3 0 0u4 0 0
n u1 u234
u1 0
u234 0 1/2
x(u) y(u)u1 1 0
u234 0 0
= u1 u2 u3 u4 u1 1 0 0 0 u2 0 1 0 0 u3 0 0 1 0 u4 0 0 0 1
Canonical Abstraction
u1 u2 u3 u4
xu1
xu234
x(u) y(u)u1 1 0u2 0 0u3 0 0u4 0 0
= u1 u234 u1 1
u234 0 1/2
x(u) y(u)u1 1 0
u234 0 0
x
yt
NULL
return y
t = y
ynext = t
y = x
x = xnext
x != NULL
x
yt
NULL
x
yt
NULL
u1 u
x
x(u) y(u) t(u)u1 1 0 0u 0 0 0
n u1 u
u1 0 1/2
u 0 1/2
yu1 u
x
x(u) y(u) t(u) u1 1 1 0 u 0 0 0
n u1 u
u1 0 1/2
u 0 1/2
y’(v) = x(v)
10
x
yt
NULL
x
yt
NULL
x
yt
return y
t = y
ynext = t
y = x
x = xnext
x != NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
NULL
x
yt
x
yt
x
yt
Formalizing “. . .”• Informally x …
• Formally u1x u2
y
y
• Really: tables for x, y, and n
v2v1
u1 u2
u1 0 ½
u2 0 ½
n(v1,v2)x(v)v
u1
1
u2
0
y(v)v
u1 1
u2 0
Formalizing “. . .”
• Informally
• Formally
x
y
…
…
t
t’
rxrxx
ryy ry ry,rt’
t’
trx,rt
ry,rt’
rx,rtu4
u8u7u6u5
u1 u2 u3
…
…
Formalizing “. . .”
• Really
• Formally
p (relation) p (definition)
var(v) core
n(v1,v2),
eq(v1,v2)core
rvar(v) v ’ : (var(v’) n*(v’,v))
rxrxx
ryy ry ry,rt’
t’
trx,rt
ry,rt’
rx,rtu4
u8u7u6u5
u1 u2 u3
Formalizing “. . .”
• Really
• Formally
v2v1
u1 u2 u3
u4
u1 0 ½ 0 0
u2 0 ½ ½ 0
u3 0 0 0 ½
u4 0 0 0 ½
v u1 u2 u3 u4
u5
u6 u7
u8
0 0 1 0 0 0 0 0n(v1,v2)
t(v)
rt(v)v u1 u2 u3 u
4
u5
u6 u7
u8
0 0 1 1 0 0 0 0
rxrxx
ryy ry ry,rt’
t’
trx,rt
ry,rt’
rx,rtu4
u8u7u6u5
u1 u2 u3
Need for Update Formulas
x = xnrx
x
rx
rx
x
rx
rx
• Re-evaluating formulas can be impreciserx(v) = v’ : (x(v’) n*(v’,v))
Need for Update Formulas
• Re-evaluating formulas can be imprecise
rx
rx
x
rx = ½
rx
x
rx = 1
x = xn
rx(v) = v’ : (x(v’) n*(v’,v))
F[rx](v) = rx(v) ¬ x(v)
Goal: Create Update Formulas Automatically
• Originally: users provided all update formulas– A lot of work – Error prone
• Idea: finite differencing of formulas pnew(v) = p(v) ? ¬ :
= F[p, st](v)
negative differencepositive difference
[p, st](v) +[p, st](v)
update formula
Finite Differencing of Formulas
– core update• S’ - updated core
structure p – instrumentation
relation formula• p – instrumentation
relation
S S’
p p
pp
p’
DB
DB’U
V’V
Maintenance of Materialized DB Views
• U – database update• DB’ – updated database - view query• V – view value
UV
DB: efficiencyStatic analysis: avoid loss of precision (½)
TC Maintenance for Single Edge Addition in Arbitrary Graphs
• Let tn(v1,v2) = n*(v1,v2)
• F[tn(v1,v2)] = tn(v1,v2)
v1’,v2’: tn(v1,v1’) +[n(v1’,v2’)] tn(v2’,v2)
TC Maintenance in FO Logic
• 3 special cases [Dong&Su, Immerman]– Acyclic relations– Relations with all nodes of outdegree at most
1– Undirected relationsFor a single edge addition or deletion (not both)
Suspicious Pairs
a b
• Suspicious tn pairs: (a,b)
S(v1,v2) =
v1’,v2’: tn(v1,v1’) [n(v1’,v2’)] tn(v2’,v2)
Suspicious Pairs (cont.)
• Suspicious tn pairs: (a,b) but not (c,d)
S(v1,v2) =
v1’,v2’: tn(v1,v1’) [n(v1’,v2’)] tn(v2’,v2)
a b
c d
Trusty Pairs
• Trusty pairs: (c,d) but not (a,b)– non-suspicious tn pairs (not using the deleted edge).
T(v1,v2) = tn(v1,v2) ¬S(v1,v2)
a b
c d
TC Maintenance for Single Edge Deletion in Acyclic Graphs (cont.)
• Future tn pairs:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
TC Maintenance for Single Edge Deletion in Acyclic Graphs
(cont.)• Future tn pairs:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
a b
TC Maintenance for Single Edge Deletion in Acyclic Graphs (cont.)
• Future tn pairs:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
TC Maintenance for Single Edge Deletion in Acyclic Graphs (cont.)
• Future tn paths:
F[tn(v1,v2)] = equal(v1,v2)
v1’,v2’: T(v1,v1’) F[n(v1,v2)] T(v2’,v2)
a b
c d
Measure of Success
Fraction of automatically generated update formulas that are as precise as existing hand-crafted update
formulas
Evaluation
Data Structure Sample properties
Singly linked list
• Partial correctness of sorting• Absence of insecure information flow• Merge preserves ADT and loses no elements of either list
Doubly linked list Append and Delete preserve ADT
Binary tree Deutsch-Schorr-Waite preserves ADT
Binary-search tree
Insert and Delete preserve ADT
Results
• 100% success (acyclic relations)– Cyclic relations correctly detected in 3 programs
• Performance effect was modest − 4% (decrease) to 44% average: ‹ 15%– Can be improved (e.g., caching of results)
• Optimization of set-theoretic expressions– Paige 79, Paige and Koenig 82
– Fong & Ullman (late 70s)
• DB: view maintenance; enforce integrity
constraints– Stonebraker 75; Paige 81; Horwitz & Teitelbaum 86
– Large body of DB literature in the 90s
• Dynamic descriptive complexity (Dyn-FO, FOIES)– Patnaik & Immerman 94; Dong & Su 93
• “Incrementalizing” functional programs– Liu 95; Liu & Teitelbaum 95
Related Work
For More Information
• Reps, T., Sagiv, M., and Loginov, A., Finite differencing of logical formulas for static analysis. In Proc. European Symp. on Programming, LNCS Vol. 2618, 2003.
• Sagiv, M., Reps, T., and Wilhelm, R., Parametric shape analysis via 3-valued logic. ACM TOPLAS 24, 3 (2002).
• Homepage for the TVLA system: http://www.math.tau.ac.il/~rumster/TVLA/