unification in assertion checking over logical lattices
play

Unification in Assertion Checking Over Logical Lattices Ashish - PowerPoint PPT Presentation

Sep 05, 2022 •304 likes •536 views

Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com Computer Science Laboratory SRI International Menlo Park CA 94025 http://www.csl.sri.com/tiwari Joint work with Sumit Gulwani

  1. ✬ ✩ Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com Computer Science Laboratory SRI International Menlo Park CA 94025 http://www.csl.sri.com/˜tiwari Joint work with Sumit Gulwani ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 1

  2. ✬ ✩ Assertion Checking Problem Given: P : Program φ An assertion over program variables at point π in P : Problem: Is φ an invariant at π ? In contrast, assertion generation problem seeks to synthesize all invariants at point π . ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 2

  3. ✬ ✩ Language and Theory Restrictions Assume the symbols used for specifying the program P and the assertion φ come from some Σ : signature Th : theory General programs are abstracted to the chosen language by abstracting each assignment and conditional in the program (preserving its control flow) Skipped Detail: How do we go from general program to such an abstraction. ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 3

  4. ✬ ✩ Example x :=0; y := 0; x := c; y := c; x :=0; y := 0; u := 0; v := 0; u := c; v := c; u := 0; v := 0; while (*) { while (*) { while (*) { x := u + 1; x := G(u, 1); x := u + 1; y := 1 + v; y := G(1, v); y := 1 + v; u := F(x); u := F(x); u := *; v := F(y); v := F(y); v := *; } } } assert( x = y ) assert( x = y ) assert( x = y ) Σ = Σ LA ∪ Σ UF S Σ = Σ UF S Σ = Σ LA Th = Th LA + Th UF S Th = Th UF S Th = Th LA ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 4

  5. ✬ ✩ Outline of this Talk • Abstract interpretation for assertion generation+checking over logical lattices • Link between unification and assertion checking • Two consequences: ◦ NP-hardness of assertion checking (for loop-free programs) over UFS+LA language ◦ decidability of assertion checking for UFS+LA language ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 5

  6. ✬ ✩ Abstract Interpretation • Fix a lattice • Map sets of state φ of the program onto lattice elements α ( φ ) • Compute transfer functions: { φ 1 } x := e { φ 2 } �→ α ( φ 1 ) → α ( φ 2 ) { φ 1 } if ( c ) then { φ 2 } else { φ 3 } �→ α ( φ 1 ) → α ( φ 1 ) ∧ α ( c ); α ( φ 1 ) → α ( φ 1 ) ∧ α ( ¬ c ); �→ conditionals meet in the lattice �→ merges join in the lattice �→ loop fixpoint in the lattice ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 6

  7. ✬ ✩ Logical Lattices Lattice defined over conjunction φ of atomic formulas in Th by �→ meet in the lattice logical and �→ { φ : Th | = ( φ 1 ∨ φ 2 ) ⇒ φ } join in the lattice Question 1. Is this a well-defined lattice? Answer. Depends on the theory. • Linear arithmetic with equality (Karr 1976) • Linear arithmetic with inequalities (Cousot and Halbwachs 1978) • Nonlinear (polynomial) equations (Rodriguez-Carbonell and Kapur 2004) • UFS + injectivity/acyclicity (Gulwani, T. and Necula 2004) . . ✫ ✪ . Ashish Tiwari, SRI Unification and Assertion Checking: 7

  8. ✬ ✩ UFS does not define a logical lattice The join of two finite sets of facts need not be finitely presented. [Gulwani, T. and Necula 2004] ≡ a = b φ 1 ≡ fa = a ∧ fb = b ∧ ga = gb φ 2 � gf i a = gf i b φ 1 ⊔ φ 2 ≡ i i gf i a = gf i b can not be represented by finite set of ground The formula � equations. Proof. It induces infinitely many congruence classes with more than one signature. Ex: Complete the proof. ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 8

  9. ✬ ✩ Example: Abstract Intprtn over acyclic UFS lattice With additional acyclicity restriction, UFS can be used to define a logical lattice. u := c; v := c; [ u = c ∧ v = c ] while (*) { u := F(u); v := F(v); [ ( u = F ( c ) ∧ v = F ( c )) ⊔ ( u = c ∧ v = c ) ] } [ u = v ] We generate the invariant u = v this way. ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 9

  10. ✬ ✩ Known Results Assertion checking over lattices defined by: • Acyclic UFS theory: Polynomial time [Gulwani and Necula 2004] • Linear arithmetic with equality. Polynomial time [Karr 1976] Question. What about the combination? ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 10

  11. ✬ ✩ Outline of this Talk • Abstract interpretation for assertion generation+checking over logical lattices • Link between unification and assertion checking • Two consequences for UFS+LA combination: ◦ NP-hardness of assertion checking (for loop-free programs) over above language ◦ decidability of assertion checking for above language ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 11

  12. ✬ ✩ Unification in Assertion Checking Assume that all assignments in program P are of the form x := e An assertion e 1 = e 2 holds at point π in P iff the assertion Unif ( e 1 = e 2 ) hold at π in P . This also extends to arbitrary assertion φ . If { σ 1 , . . . , σ k } is a complete set of Th -unifiers for e 1 = e 2 , then k � � Unif ( e 1 = e 2 ) = ( x = xσ i ) x i =1 ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 12

  13. ✬ ✩ Proof of Main Result First, if Th | = Unif ( e 1 = e 2 ) then Th | = e 1 = e 2 . Conversely, let θ : substitution that maps x to a symbolic value of x at point π (along some exectution path) (Symbolic value is in terms of input variables) If assertion e 1 = e 2 holds at π , then, Th | = θ ⇒ e 1 = e 2 , Th | = e 1 θ = e 2 θ i.e., Since { σ 1 , . . . , σ k } is a complete set of Th -unifiers, ∴ θ = T h σ j θ ′ for some j We will show Th | = θ ⇒ x = xσ j , Th | = xθ = xσ j θ i.e., But = ( xθ = xσ j θ ′ = xσ j σ j θ ′ = xσ j θ ) Th | ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 13

  14. ✬ ✩ coNP-hardness of Assertion Checking for Combination Key Idea: Disjunctive assertion can be encoded in the combination. x = a ∨ x = b ⇔ F ( a ) + F ( b ) = F ( x ) + F ( a + b − x ) Using this recursively, we can write an assertion (atomic formula) which holds iff x = 0 ∨ x = 1 ∨ · · · ∨ x = m − 1 holds. For e.g., encoding for x = 0 ∨ x = 1 ∨ x = 2 is obtained by encoding Fx = F 2 ∨ Fx = F 0 + F 1 − F (1 − x ) : F ( F 0+ F 1 − F (1 − x ))+ FF 2 = FFx + F ( F 0+ F 1+ F 2 − F (1 − x ) − Fx ) ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 14

  15. ✬ ✩ coNP-hardness of Assertion Checking ψ : boolean 3-SAT instance with m clauses x i := 0 , for i = 1 , 2 , . . . , m for i = 1 to k do if (*) then x j := 1 , ∀ j : variable i occurs positively in clause j else x j := 1 , ∀ j : variable i occurs negatively in clause j sum := x 1 + · · · + x m assert( sum = 0 ∨ · · · ∨ sum = m − 1 ) Assertion is valid IFF ψ is unsatisfiable ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 15

  16. ✬ ✩ coNP-hardness of Assertion Checking This procedure checks whether x ∈ { 0 , . . . , m − 1 } . h 0 := F ( x ) ; for j = 0 to m − 1 do h 0 ,j := F ( j ) ; for i = 1 to m − 1 do s i − 1 := h i − 1 , 0 + h i − 1 ,i ; h i := F ( h i − 1 ) + F ( s i − 1 − h i − 1 ) ; for j = 0 to m − 1 do h i,j := F ( h i − 1 ,j ) + F ( s i − 1 − h i − 1 ,j ) ; Assert( h m − 1 = h m − 1 , 0 ); The assertion holds iff x ∈ { 0 , . . . , m − 1 } . Assertion checking on combination lattice is coNP-hard. ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 16

  17. ✬ ✩ Assertion Checking Algorithm Backward analysis: • Starting with the assertion, use weakest precondition computation • At each step, replace the formula ψ computed at any program point by Unif ( ψ ) This method is both sound and complete due to • correctness of WP computation • main result of this talk Question. Does it terminate (reach fixpoint across loops)? ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 17

  18. ✬ ✩ Why it need not terminate? Forward analysis will not terminate since the lattice has infinite height: x := 0; while (*) do x := x + 1; Assert( x = 0 ∨ x = 1 ∨ · · · ∨ x = m ); But due to the unifier computations, backward analysis terminates ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 18

  19. ✬ ✩ Termination of Algorithm At each program point, the proof obligation formula is of the form m � � ( x = xσ l ) x l =1 In backward analysis across a loop, in each successive iteration, this formula will become stronger But this can not happen indefinitely: Assign the following measure to the abovw formula � { n − || ( x = xσ ) ||} x This measure decreases in the well-founded ordering > m . ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 19

  20. ✬ ✩ Assertion Checking and Unification UFS unitary PTime LA unitary PTime UFS+LA finitary* coNP-hard for loop-free, decidable in general *Skipped detail: Unification in Abelian Groups + free function symbols follows from general combination result • Schmidt-Schuass 1989 • Baader-Schulz 1992 ✫ ✪ Ashish Tiwari, SRI Unification and Assertion Checking: 20

Recommend

Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices

Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices

Unification on Subvarieties of Pseudocomple- mented lattices L.M. Cabrer Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices Fragments of Heyting algebras P-Lattices Definition Duality

570 views • 33 slides
Classifying Unification Problems in Preliminaries Algebraic Unifiers Distributive Lattices and

Classifying Unification Problems in Preliminaries Algebraic Unifiers Distributive Lattices and

Classifying Unification Problems in Distributive Lattices and Kleene Algebras L.M. Cabrer Classifying Unification Problems in Preliminaries Algebraic Unifiers Distributive Lattices and Kleene Algebras Unification types Unifiers through

866 views • 48 slides
assertion-driven analyses from compile-time checking to runtime error recovery sarfraz khurshid

assertion-driven analyses from compile-time checking to runtime error recovery sarfraz khurshid

assertion-driven analyses from compile-time checking to runtime error recovery sarfraz khurshid the university of texas at austin state of the art in software testing and analysis day, 2008 rutgers university overview programmers have long

648 views • 27 slides
Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June

Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June

Run-Time Assertion Checking and Monitoring Java Programs Envisage Bertinoro Summer School June 2014 June 19, 2014 Your Lecturers Today Frank en Stijn What This Talk Is All About Formal Methods in Practice: Theorie ist, wenn man alles weiss

764 views • 40 slides
8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

Fachgebiet Rechnersysteme Technische Universitt Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 1 8. Assertion-Based Design and Assertion Languages 3 Fachgebiet Rechnersysteme 8. Assertion Based Design

815 views • 13 slides
Introduction Unification problem in a logical system L Given a formula ( x 1 , . . . , x n )

Introduction Unification problem in a logical system L Given a formula ( x 1 , . . . , x n )

Unification in modal logic Alt 1 Philippe Balbiani 1 and Tinko Tinchev 2 1 Institut de recherche en informatique de Toulouse CNRS Universit e de Toulouse 2 Department of Mathematical Logic and Applications Sofia University Introduction

491 views • 35 slides
Unification in modal logic Philippe Balbiani CNRS Toulouse University Institut de recherche

Unification in modal logic Philippe Balbiani CNRS Toulouse University Institut de recherche

Unification in modal logic Philippe Balbiani CNRS Toulouse University Institut de recherche en informatique de Toulouse ICLA 2019 Indian Institute of Technology Delhi Introduction Unification problem in a logical system L Given a

1.65k views • 106 slides
Logical agents 5 AI Slides (5e) c Lin Zuoquan@PKU 2003-2019 5 1 5 Logical Agents 5.1

Logical agents 5 AI Slides (5e) c Lin Zuoquan@PKU 2003-2019 5 1 5 Logical Agents 5.1

Logical agents 5 AI Slides (5e) c Lin Zuoquan@PKU 2003-2019 5 1 5 Logical Agents 5.1 Knowledge-based agents 5.2 Propositional logic 5.3 Theorem proving 5.4 Resolution 5.5 Model checking 5.6 SAT problem AI Slides (5e) c Lin

1.07k views • 90 slides
Unification in the Description Logic EL EL - unification Minimal unifiers Franz Baader and

Unification in the Description Logic EL EL - unification Minimal unifiers Franz Baader and

Unification in EL Baader & Morawska Introduction Unification in the Description Logic EL EL - unification Minimal unifiers Franz Baader and Barbara Morawska Decision Procedure Conclusion TU Dresden, Germany UNIF 2009 Unification in

359 views • 25 slides
unification 2016 unification strategic roadmap succession unification strategic roadmap

unification 2016 unification strategic roadmap succession unification strategic roadmap

unification 2016 unification strategic roadmap succession unification strategic roadmap succession Board rd CE CEO Committe ttees unification strategic roadmap succession Global Member Value Centre Advocacy & Education

347 views • 30 slides
An Integrated Framework for Margin-based Sequential Discriminative Training over Lattices using

An Integrated Framework for Margin-based Sequential Discriminative Training over Lattices using

Overview Background Unification of Margin-modified MPE and MMI An Integrated Framework for Margin-based Sequential Discriminative Training over Lattices using differenced Maximum Mutual Information (dMMI) Erik McDermott - Google Inc.

621 views • 31 slides
8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion-Based Design and Assertion Languages 1 Fachgebiet Rechnersysteme 8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1 Assertion-Based Design 8.2 Introduction to ITL 8.3 Introduction to SVA

856 views • 51 slides
A logical framework for incremental type-checking Matthias Puech 1 , 2 egis-Gianas 2 Yann R 1

A logical framework for incremental type-checking Matthias Puech 1 , 2 egis-Gianas 2 Yann R 1

A logical framework for incremental type-checking Matthias Puech 1 , 2 egis-Gianas 2 Yann R 1 Dept. of Computer Science, University of Bologna 2 University Paris 7, CNRS, and INRIA, PPS, team r 2 May 2011 CEA LIST 1 / 28 A paradoxical

1.03k views • 90 slides
Efficient Query Containment Checking Using Logical Reasoning Engines Sergey Paramonov Technical

Efficient Query Containment Checking Using Logical Reasoning Engines Sergey Paramonov Technical

Efficient Query Containment Checking Using Logical Reasoning Engines Sergey Paramonov Technical University of Vienna EMCL Workshop 2012 Vienna Historical perspective Query completeness problem has roots in the development of school system

397 views • 17 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
The unification type of Workshop on Admissible Rules and Unification

The unification type of Workshop on Admissible Rules and Unification

The unication type The unification type of Workshop on Admissible Rules and Unification http://logica.dmi.unisa.it/lucaspada University of Salerno Department of Mathematics Luca Spada Based on a joint work with V. Marra ukasiewicz logic

1.83k views • 145 slides
Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

3/25/2014 Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING Timers, watchdog processors, error model, control flow checking, memory access and assertion Kewal K.Saluja checking Re-execution for

209 views • 5 slides
Outline Motivation 1 Unification problems 2 Formalisation of a nominal C-unification algorithm

Outline Motivation 1 Unification problems 2 Formalisation of a nominal C-unification algorithm

Outline N OMINAL C- UNIFICATION on , Washington L. R. de Carvalho Segundo , Mauricio Ayala-Rinc andez and Daniele Nantes Sobrinho Maribel Fern K ING S C OLLEGE L ONDON U NIVERSIDADE DE B RAS ILIA 27 th Int.

679 views • 39 slides
Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist, Health & Wellbeing Service From Newcastle. For the world. What is assertion? Assertiveness enables us to act in our own best interests, to stand up

368 views • 16 slides
LOGICAL INFERENCE & PROOFs Debdeep Mukhopadhyay Dept of CSE, IIT Madras Defn A theorem

LOGICAL INFERENCE & PROOFs Debdeep Mukhopadhyay Dept of CSE, IIT Madras Defn A theorem

LOGICAL INFERENCE & PROOFs Debdeep Mukhopadhyay Dept of CSE, IIT Madras Defn A theorem is a mathematical assertion which can be shown to be true. A proof is an argument which establishes the truth of a theorem. Nature &

625 views • 43 slides
Introduction to Unification Theory Syntactic Unification Temur Kutsia RISC, Johannes Kepler

Introduction to Unification Theory Syntactic Unification Temur Kutsia RISC, Johannes Kepler

Introduction to Unification Theory Syntactic Unification Temur Kutsia RISC, Johannes Kepler University Linz kutsia@risc.jku.at What is Unification Goal: Identify two symbolic expressions. Method: Replace certain subexpressions

1.86k views • 142 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written

Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written

Metal, Continued Reading: Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich Assertion Side-Effects Flags error if assert() has side effects

422 views • 13 slides
Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Recall Cycle-Free Codes and Lattices Lattices from Codes Codes from Lattices Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems Engineering Monash University amin.sakzad@monash.edu Oct. 2013

851 views • 55 slides

More recommend