automated inference of shape specifications
play

Automated Inference of Shape Specifications L Q Loc, Gherghina - PowerPoint PPT Presentation

Sep 03, 2023 •98 likes •620 views

Automated Inference of Shape Specifications L Q Loc, Gherghina (Google), Qin (Teesside), W-N Chin Dept of Computer Science - National University of Singapore December 16, 2014 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 1 / 51

  1. Automated Inference of Shape Specifications L Q Loc, Gherghina (Google), Qin (Teesside), W-N Chin Dept of Computer Science - National University of Singapore December 16, 2014 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 1 / 51

  2. Overview 1 get data Example 2 sll2dll Example 3 tll Example 4 Implementation and Experiments 5 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 2 / 51

  3. Related Work Shape analysis: discover invariants that describe the data structures in a program Given pre-shapes, infer post-shapes TVLA: T. Reps et. al. [POPL ’99]. Xisa: Rival et. al. [ POPL ’08]. More Automatic Bi-abduction: Calcagno et.al. [POPL ’09, J.ACM’11], Predator [CAV’11]. infer both pre- and post-shapes bottom-up, verify Linux kernel 2.6.25.4 with 2.473MLOC in 1739.28 seconds √ Forestor: Vojnar et.al. [CAV’13]. top-down Cycle proof: James et.al. [SAS’14]. Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 3 / 51

  4. Bi-Abduction [POPL ’09,J.ACM’11] Frame Inference ∆ ante � ∆ conseq ∗ ?∆ frame Example struct nnode { struct nnode ∗ next } . x �→ nnode ( n 1 ) ∗ y �→ nnode ( n 1 ) � y �→ nnode ( n 2 ) ∗ ?∆ frame ∆ frame = x �→ nnode ( n 1 ) ∧ x � = y ∧ y � = NULL ∧ n 1 = n 2 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 4 / 51

  5. Bi-Abduction [POPL ’09,J.ACM’11] Abduction ?∆ pre ∗ ∆ ante � ∆ conseq Example: ?∆ pre ∧ true � y �→ nnode ( n 2 ) ∆ pre = y �→ nnode ( n 2 ) Do not infer trivial precondition, i.e. false Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 5 / 51

  6. Bi-Abduction [POPL ’09,J.ACM’11] Abduction + Frame Inference = Bi-Abduction ?∆ pre ∗ ∆ ante � ∆ conseq ∗ ?∆ frame Example: ?∆ pre ∗ x �→ nnode ( n 1 ) ∧ x � = y � y �→ nnode ( n 2 ) ∗ ?∆ frame ∆ pre = y �→ nnode ( n 2 ) ∆ frame = x �→ nnode ( n 1 ) ∧ x � = y ∧ y � = NULL Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 6 / 51

  7. Bi-Abduction [POPL ’09,J.ACM’11] Bi-Abduction (Calcagno et. al. [J.ACM’11]) 1 void free_list(struct snode *x){ struct snode *t; 2 while(x!=0){ 3 t=x; 4 x=x->next; 5 free(t); 6 } 7 8 } UNSOUND! Aims: scalability √ 1 expressive data structures { lists,.. ? } 2 soundness ? 3 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 7 / 51

  8. Second-Order Bi-Abduction Unknown Predicates as Second-Order Variables R ∧ ∆ ante � ∆ conseq ∗ ∆ frame R is a set of relational assumptions R = � n i = 1 (∆ i @ ∆ g ⇒ Φ i ) Entailment syntax: ∆ ante ⊢ ∆ conseq ❀ ( R , ∆ frame ) Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 8 / 51

  9. Second-Order Bi-Abduction Examples: Abductive Unfold H ( y ) ∗ x �→ nnode ( n 1 ) ⊢ y �→ nnode ( n 2 ) ❀ ( R , ∆ frame ) R ≡ H ( y ) ⇒ y �→ nnode ( n 2 ) ∗ U ( n 2 ) ∆ frame = x �→ nnode ( n 1 ) ∗ U ( n 2 ) Abductive Fold x �→ nnode ( NULL ) ∗ y �→ nnode ( NULL ) ⊢ G ( x ) ❀ ( x �→ nnode ( NULL ) ⇒ G ( x ) , y �→ nnode ( NULL )) Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 9 / 51

  10. from Verification to Inference Research Problem: Given a program, find pre-shape and post-shape such that the program is absence of memory-errors (null dereference)? Solution: Assume pre-shape is P(..), post-shape is Q(..) 1 Transform requirement to relational assumptions on P ,Q. 2 Denote proof obligations to be met Solve 3 Our framework: Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 10 / 51

  11. Overview 1 get data Example 2 sll2dll Example 3 tll Example 4 Implementation and Experiments 5 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 11 / 51

  12. Shape Inference: get next Example Method Specification: ptr �→ node � d , p � requires ptr �→ node � d , p �∧ res = p ; ensures Verification 1 struct node ∗ get next ( struct node ∗ ptr ) { //α 1 : ptr �→ node � d , p � // ( binding ) E 1 : α 1 ⊢ ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 � 2 > next ; return ptr - //α 2 : ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 �∧ d 1 = d ∧ p 1 = p ∧ res = p 1 // ( post ) E 2 : α 2 ⊢ ptr �→ node � d , p �∧ res = p 3 } Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 12 / 51

  13. Shape Inference: get next Example Method Specification: requires H ( ptr ) ensures G ( ptr , res ); Verification to Inference 1 struct node ∗ get next ( struct node ∗ ptr ) { //α ′ 1 : H ( ptr ) // ( binding ) E ′ 1 : α ′ 1 ⊢ ... > next ; 2 return ptr - //α ′ 2 : ... // ( post ) E ′ 2 : α ′ 2 ⊢ G ( ptr , res ) Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 13 / 51

  14. Shape Inference: get next Example Method Specification: requires H ( ptr ) ensures G ( ptr , res ); Verification to Inference 1 struct node ∗ get next ( struct node ∗ ptr ) { //α ′ 1 : H ( ptr ) // ( binding ) E ′ 1 : α ′ 1 ⊢ ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 � > next ; 2 return ptr - //α ′ 2 : ... // ( post ) E ′ 2 : α ′ 2 ⊢ G ( ptr , res ) 3 } Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 14 / 51

  15. Shape Inference: get next Example Method Specification: requires H ( ptr ) ensures G ( ptr , res ); Verification to Inference 1 struct node ∗ get next ( struct node ∗ ptr ) { //α ′ 1 : H ( ptr ) // ( binding ) E ′ 1 : α ′ 1 ⊢ ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 � > next ; 2 return ptr - //α ′ 2 : ... // ( post ) E ′ 2 : α ′ 2 ⊢ G ( ptr , res ) 3 } ❀ ( R 1 , ∆ 1 E 1 ′ frame ) ∆ 1 R 1 ≡ H ( ptr ) ⇒ ptr �→ node ( , p 1 ) ∗ U ( p 1 ) frame = ptr �→ node ( p 1 ) ∗ U ( p 1 ) Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 15 / 51

  16. Shape Inference: get next Example Method Specification: requires H ( ptr ) ensures G ( ptr , res ); Verification to Inference R 1 ≡ H ( ptr ) ⇒ ptr �→ node ( , p 1 ) ∗ U ( p 1 ) 1 struct node ∗ ( struct node ∗ ptr ) { //α ′ 1 : H ( ptr ) // ( binding ) E ′ 1 : α ′ 1 ⊢ ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 � 2 > next ; return ptr - //α ′ 2 : ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 �∗ U ( p 1 ) ∧ res = p 1 // ( post ) E ′ 2 : α ′ 2 ⊢ G ( ptr , res ) 3 } Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 16 / 51

  17. Shape Inference: get next Example Method Specification: requires H ( ptr ) ensures G ( ptr , res ); Verification to Inference 1 struct node ∗ ( struct node ∗ ptr ) { //α ′ 1 : H ( ptr ) // ( binding ) E ′ 1 : α ′ 1 ⊢ ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 � 2 return ptr - > next ; //α ′ 2 : ∃ d 1 , p 1 · ptr �→ node � d 1 , p 1 �∗ U ( p 1 ) ∧ res = p 1 // ( post ) E ′ 2 : α ′ 2 ⊢ G ( ptr , res ) 3 } ❀ ( R 2 , ∆ 2 E 2 ′ frame ) ∆ 2 R 2 ≡ ptr �→ node ( , p 1 ) ∗ U ( p 1 ) ∧ res = p 1 ⇒ G ( ptr , res ) frame = U ( p 1 ) Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 17 / 51

  18. Shape Inference: get next Example Method Specification: requires H ( ptr ) ensures G ( ptr , res ); Relational Assumptions derived: R 1 ≡ H ( ptr ) ⇒ ptr �→ node ( , p 1 ) ∗ U ( p 1 ) R 2 ≡ ptr �→ node ( , p 1 ) ∗ U ( p 1 ) ∧ res = p 1 ⇒ G ( ptr , res ) Dangling Predicates, such as U ( p 1 ) : Uninstantiated predicates Can link pre/post specification Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 18 / 51

  19. Shape Inference: get next Example Method Specification: requires H ( ptr ) ensures G ( ptr , res ); Weakest Pre-Predicate: H ( ptr ) ≡ ptr �→ node ( , DP ) Strongest Post-Predicate: G ( ptr , res ) ≡ ptr �→ node ( , DP ) ∧ res = DP Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 19 / 51

  20. Overview 1 get data Example 2 sll2dll Example 3 tll Example 4 Implementation and Experiments 5 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 20 / 51

  21. Shape Inference: sll2dll Example 1 struct node{struct node* prev ;struct node* next ;} 2 void node* sll2dll (struct node *x, struct node *q) { if(x==NULL) return; 3 4 else{ x->prev=q; 5 sll2dll(x->next ,x); 6 } 7 8 } sll ( x ) dll ( x , q ) requires ensures Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 21 / 51

  22. Shape Inference: sll2dll Example 1 struct node{struct node* prev ;struct node* next ;} 2 void node* sll2dll (struct node *x, struct node *q) { if(x==NULL) return; 3 else{ 4 x->prev=q; 5 sll2dll(x->next ,x); 6 } 7 8 } Unknown Predicates as Second-Order Variables: H ( x , q # ) G ( x , q ) requires ensures Infer Relational Assumptions via Second-Order Bi-abduction 1 Derive Predicate Definitions 2 Normalize Predicate Definitions 3 Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 22 / 51

  23. Shape Inference: sll2dll Example. Step 1 void sll2dll ( struct node ∗ x , struct node ∗ q ) { ( α 1 ) H ( x , q # ) if ( x == NULL ) ( α 2 ) H ( x , q # ) ∧ x = NULL return ; > prev = q ; x - sll2dll ( x - > next , x ); } Post Proving at α 2 H ( x , q # ) ∧ x = NULL ⊢ G ( x , q ) ❀ (( A1 ) : H ( x , q # ) ∧ x = NULL ⇒ G ( x , q ) , emp ∧ x = NULL ) Loc, Gherghina, Qin, Chin (NUS) Shape Inference Tut 2b 23 / 51

Recommend

Where is ML type inference headed? Constraint solving meets local shape inference Franc ois

Where is ML type inference headed? Constraint solving meets local shape inference Franc ois

1 Where is ML type inference headed? Constraint solving meets local shape inference Franc ois Pottier September 2005 Franc ois Pottier Where is ML type inference headed? 2 Types are good A type is a concise description of the behavior

779 views • 60 slides
Automated Inference of Atomic Sets for Safe Concurrent Execution Gul Agha University of Illinois

Automated Inference of Atomic Sets for Safe Concurrent Execution Gul Agha University of Illinois

Automated Inference of Atomic Sets for Safe Concurrent Execution Gul Agha University of Illinois at Urbana-Champaign Joint work with Peter Dinges and Karl Palmskog Gul Agha Automated Inference of Atomic Sets 1 / 100 Introduction Part I:

1.64k views • 116 slides
Strategic Automated Software Testing in the Absence of Specifications Tao Xie Dept. of Computer

Strategic Automated Software Testing in the Absence of Specifications Tao Xie Dept. of Computer

Strategic Automated Software Testing in the Absence of Specifications Tao Xie Dept. of Computer Science & Engineering University of Washington Parasoft Co. Nov. 2004 1 Motivation How do we generate useful tests automatically?

714 views • 42 slides
Achievements and Challenges in Automated Parameter, Shape and Topology Optimization for

Achievements and Challenges in Automated Parameter, Shape and Topology Optimization for

Achievements and Challenges in Automated Parameter, Shape and Topology Optimization for Divertor Design M. Baelmans a , M. Blommaert b,a , W. Dekeyser a,b , T. Van Oevelen a , D. Reiter b a Dept. Mechanical Engineering, KU Leuven, Belgium b

450 views • 32 slides
PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A.

PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A.

PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A. Manerkar , Daniel Lustig*, Margaret Martonosi, and Aarti Gupta Princeton University *NVIDIA MICRO-51 http:/ ://check.cs.p .princeton.edu/ Memory

1.36k views • 80 slides
Automated and Accurate Geometry Extraction and Shape Optimisation of 3D Topology Optimisation

Automated and Accurate Geometry Extraction and Shape Optimisation of 3D Topology Optimisation

Automated and Accurate Geometry Extraction and Shape Optimisation of 3D Topology Optimisation Results London 15 th of October 2019 Femto Engineering Marco Swierstra www.nafems.org Introduction Topology optimisation Design

458 views • 22 slides
Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 , Cristina David 2 , Shengchao Qin 3 , and Wei-Ngan Chin 1 , 2 1 Computer Science Programme, Singapore-MIT Alliance 2 Department of Computer Science, National

222 views • 18 slides
Automated Bayesian Inference for PDE-constrained Inverse Problems Ivan Yashchuk VTT Technical

Automated Bayesian Inference for PDE-constrained Inverse Problems Ivan Yashchuk VTT Technical

Automated Bayesian Inference for PDE-constrained Inverse Problems Ivan Yashchuk VTT Technical Research Centre of Finland, Materials Modeling group Aalto University, Probabilistic Machine Learning group July 9, 2019 1 Model + Simulation + Data

474 views • 8 slides
Automated Documentation Inference to Explain Failed Tests Sai Zhang University of Washington

Automated Documentation Inference to Explain Failed Tests Sai Zhang University of Washington

Automated Documentation Inference to Explain Failed Tests Sai Zhang University of Washington Joint work with: Cheng Zhang, Michael D. Ernst

791 views • 44 slides
CS 671 Automated Reasoning Tactical Theorem Proving in NuPRL 1. Basic Tactics 2. Tacticals 3.

CS 671 Automated Reasoning Tactical Theorem Proving in NuPRL 1. Basic Tactics 2. Tacticals 3.

CS 671 Automated Reasoning Tactical Theorem Proving in NuPRL 1. Basic Tactics 2. Tacticals 3. Advanced Tactics Chaining, Induction, Case Analysis Tactics: User-defined inference rules Meta-level programs built using Basic inference rules

427 views • 8 slides
A Tool for Automated Inference of Executable Rule- Based Biological Models Chelsea Voss, Jean

A Tool for Automated Inference of Executable Rule- Based Biological Models Chelsea Voss, Jean

A Tool for Automated Inference of Executable Rule- Based Biological Models Chelsea Voss, Jean Yang, Walter Fontana Static Analysis in Systems Biology, 2017 The need for biological models executable models for in silico experimentation

969 views • 72 slides
Computer Vision Statistical Shape Analysis Shape Shape is the geometric information that

Computer Vision Statistical Shape Analysis Shape Shape is the geometric information that

Computer Vision Statistical Shape Analysis Shape Shape is the geometric information that remains when translation, rotation, and scale are factored out. Landmark points. D'Arcy Thompson. David George Kendall Fred Bookstein.

248 views • 9 slides
Automated Error Diagnosis Using Abductive Inference Isil Dillig 1 Thomas Dillig 1 Alex Aiken 2 1

Automated Error Diagnosis Using Abductive Inference Isil Dillig 1 Thomas Dillig 1 Alex Aiken 2 1

Automated Error Diagnosis Using Abductive Inference Isil Dillig 1 Thomas Dillig 1 Alex Aiken 2 1 Department of Computer Science College of William & Mary, Virginia, USA 2 Department of Computer Science Stanford University, CA, USA PLDI 2012

659 views • 45 slides
AUTOMATED REASONING substantially simplifying the proofs. Also, when using refutation as a proof

AUTOMATED REASONING substantially simplifying the proofs. Also, when using refutation as a proof

Properties of Inference Systems: 4ai Slides 4 include some material on the properties of inference systems, including material on first order structures. The notion of a Herbrand interpretation, a first order structure with a very particular

523 views • 4 slides
Shape Features WangRuchen CVBIOUC http://vision.ouc.edu.cn/~zhenghaiyong How to Convex hull

Shape Features WangRuchen CVBIOUC http://vision.ouc.edu.cn/~zhenghaiyong How to Convex hull

Shape Similarity describe a shape? Matching with shape contexts Inner-distance shape context calculation Shape context Methods Hausdorfg distance Shape Features WangRuchen CVBIOUC http://vision.ouc.edu.cn/~zhenghaiyong How to

853 views • 59 slides
Statistical Shape Models Eigenpatches model regions Assume shape is fixed What if it

Statistical Shape Models Eigenpatches model regions Assume shape is fixed What if it

Statistical Shape Models Eigenpatches model regions Assume shape is fixed What if it isn t? Faces with expression changes, organs in medical images etc Need a method of modelling shape and shape variation Shape Models

271 views • 24 slides
A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas State] John Hatcliff Work on specification patterns by Matthew Dwyer, Jay Corbett, and George Avrunin http://www.cis.ksu.edu/santos/bandera

303 views • 29 slides
Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications Reach Lift System Seat height 9-33 Wheel brakes, Handles 100kg Sliding bearings without tipping Safety and stability Weight Hydraulic jack 1500N

298 views • 13 slides
AUTOMATED REASONING particular domain, is introduced and it is explained why Herbrand

AUTOMATED REASONING particular domain, is introduced and it is explained why Herbrand

Properties of Infrence Systems: 4ai Slides 4 include some material on the properties of inference systems, including material on first order structures. The notion of a Herbrand interpretation, a first order structure with a very AUTOMATED

192 views • 4 slides
Automated Reasoning: Some Successes and New Challenges Predrag Jani ci c

Automated Reasoning: Some Successes and New Challenges Predrag Jani ci c

What is this talk about? What is automated reasoning? Automated reasoning in propositional logic Automated reasoning in first-order logic Automated reasoning in higher-order logic Automated reasoning in geometry Conclusions Automated

806 views • 52 slides
EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com http://www.elizabethcastro.com/epub Specifications Specifications Specifications Specifications Specifications Specifications Specifications Specifications

712 views • 58 slides
Shape Contexts Newton Petersen 4/25/2008 "Shape Matching and Object Recognition Using

Shape Contexts Newton Petersen 4/25/2008 "Shape Matching and Object Recognition Using

Shape Contexts Newton Petersen 4/25/2008 "Shape Matching and Object Recognition Using Shape Contexts", Belongie et al. PAMI April 2002 Agenda Study Matlab code for computing shape context Look at limitations of descriptor

615 views • 26 slides
Exact Inference Inference Basic task for inference: Compute

Exact Inference Inference Basic task for inference: Compute

Exact Inference Inference Basic task for inference: Compute a posterior distribu8on for some query variables given some observed evidence Sum out

699 views • 30 slides
Sparks CH301 WHY IS EVERYTHING SO DIFFERENT? Think About Shape UNIT 3 Day 2 What are we going

Sparks CH301 WHY IS EVERYTHING SO DIFFERENT? Think About Shape UNIT 3 Day 2 What are we going

Sparks CH301 WHY IS EVERYTHING SO DIFFERENT? Think About Shape UNIT 3 Day 2 What are we going to learn today? Molecular Shape is an Important Predictor of Physical and Chemical Properties Shape Predict Polarity Properties Determine

211 views • 20 slides

More recommend