Generating Precise and Concise Procedure Summaries

1
Generating Precise and Concise Procedure
Summaries

• Greta Yorsh
• Eran Yahav
• Satish Chandra

2
Our Framework
Summary Generator
function from input to output abstract values
3
Our Framework
Summary Generator
summary of foo
4
Our Framework
(restricted)

client
client
Summary Generator
client
Summaries

• precise
• efficient
• concise

5
Example
class DataReader FileComp f ... void
setComponent(FileComp p) this.f p
FileComp getComponent() return this.f ...
void nop() FileComp t t
getComponent() setComponent(t)
A1 A2 A3

• Composition of transformers tr13 ? tr12 ? tr23

6
Main Challenge

• Composition of transformers
• Finite representation of iterated composition of
  transformers

calling contexts
loop iterations

7
Our Approach

• Express constraints on intermediate states in
  terms of initial and final states
• Restrict the representation of transformers
• covers all basic statements
• closed under composition
• finite language

8
Our Contributions

• Framework for generating precise, efficient and
  concise summaries
• language of transformers
• composition algorithm
• Instances of the framework include
• known classes IFDS, IDE
• modular constant propagation with aliasing
• modular typestate verification with aliasing
• Prototype and evaluation for typestate

9
Key Ideas

• Transformers are defined using conditional
  micro-transformers
• partition values into finite number of classes
  with uniform behavior
• compose using case-splitting
• restrict the way partitions defined
• e.g., no quantifiers
• Lift to aggregate domains
• powerset, product, union
• transformers follow domain structure
• dependencies between components

10
Simple Example Tracking Nullness

• Abstract value is a set of access paths
• e.g., x.f, y must have null value
• Abstract transformer tr operates pointwise on
  individual access paths using trAPtr(X) ???X
  trAP(?)
• Conditional micro-transformer trAP maps an
  access path ? to a set of access paths

11
Example Conditional Micro-Transformer
t this.f
12
Example Composition Algorithm
class DataReader FileComp f ... void
setComponent(FileComp p) this.f p
FileComp getComponent() return this.f ...
void nop() FileComp t t
getComponent() setComponent(t)
A1 A2 A3
13
Example Composition Algorithm
t getComponent() setComponent(t)
?
?this.f
??t ? ??this.f
t getComponent()
?this.f
this.f
?
t
substitution
?this.f
? ?
? t
setComponent(t)
14
Example Composition Algorithm
t getComponent() setComponent(t)
?
??t ? ??this.f
?this.f
?this.f
?this.f
?t
??
this.f?this.f ? this.f ?t
??this.f? ??t
t?this.f ? t?t
?t
this.ft
tt
?t
this.ft
tt
?
t
this.f
this.f
this.f
t
t
t
this.f
?
?
?
?
?
?
?
?
?
t?this.f
15
Example Composition Algorithm
t getComponent() setComponent(t)
?
??t ? ??this.f
?this.f
??this.f? ??t
tt
tt
?
t
this.f
?
?
?
16
Basic Ingredients of Composition

• Case splitting
• Substitution
• Consistency checking
• Simplification
• Invert operation
• (details in the paper)

17
Related Work

• Static determination of dynamic properties of
  recursive procedures Cousot-Cousot 79
• Functional approach Sharir-Pnueli 81
• IFDS problems Reps-Horwitz-Sagiv POPL95
• IDE problems Sagiv-Reps-Horwitz TCS 96
• Relevant Context Inference Chatterjee-Ryder-Land
  i POPL99

18
Summary

• Language of transformers
• Composition algorithm
• The language is closed under composition
• The language is expressive
• Precise and concise procedure summaries