Parametric Shape Analysis via 3-Valued Logic

1
Parametric Shape Analysisvia 3-Valued Logic

• Mooly Sagiv
• Thomas Reps
• Reinhard Wilhelm

2
Goals

• Capture storage invariants
• x points to a list, tree, dag, etc.
• May-alias information
• Sharing of structures
• x and y point to structures that do not share
  cells
• Parametric
• Framework for a collection of analyses
• Basis for an analysis-generation tool

3
The Shape-Analysis Problem
For every program point, compute a finite
characterization of the possible shapes of the
heap-allocated data structures.
4
Formalizing . . .
Informal
x
y
5
Formalizing . . .
Informal
x
y
6
Formalizing . . .
Informal
t1
x
y
t2
7
Formalizing . . .
Informal
t1
x
y
t2
Formal
t1
x
t1,x
t1,x
x
x
y
t2
t2,y
t2,y
y
y
8
Abstract Interpretation
f(a,b) (16 b 3) (2 a 1)
9
Abstract Interpretation
f(a,b) (16 b 3) (2 a 1)
O
O
O
E
O
O
E
?
E
E
?
f _ ? _ ? O
10
Abstract Interpretation
Concrete
11
Outline

• Using logic to describe stores
• Using logic to express store transformations
• Forming abstractions of stores
• Three-valued logic
• Using three-valued logic to express
  transformations of abstract stores

12
Logic (Syntax)

• Vocabulary
• Predicate symbols p1, p2, . . ., pn
• Constant symbols c1, c2, . . ., cm
• Function symbols f1, f2, . . ., fk
• Formulas
• Variables
• Equality-predicate symbol
• Logical constant symbols 0, 1
• Connectives ?, ?, ?
• Quantifiers ?, ?

13
Using Logic to Describe Stores

• Predicate Symbols
• Whether variable x points to location u
• x(u)
• Pointer fields
• n(u1, u2)
• car(u1, u2)
• cdr(u1, u2)

14
Using Logic to Describe Stores

• Formulas Other Properties of Locations

un(v) ? ? v1,v2 n(v1,v) ? n(v2,v) ? v1 v2
15
Logic (Semantics)

• Truth values 0, 1
• Logical Structures
• Individuals U u1, u2, . . ., un
• Predicates ?pi ? U arity(pi) ? 0, 1

16
An Example
u1
u2
u3
Individuals U u1, u2, u3
Predicates
17
Logic (Semantics)

• Assignments
• Z free variables ? individuals
• Meaning of a formula ???(Z)

18
Meaning of a Formula
u1
u2
u3
? (v,v1,v2) n(v1,v) ? n(v2,v) ? v1 v2
Z v ? u2, v1 ? u1, v2 ? u3
???(Z) ???
19
Meaning of a Formula ???(Z)

• ?0? (Z) 0
• ?1? (Z) 1
• ?pi(v1, , vk) ?(Z) ?pi ?(Z(v1), , Z(vk))
• ??1 ? ?2?(Z) ??1 ?(Z) ? ??2?(Z)
• ??1 ? ?2?(Z) ??1 ?(Z) ? ??2?(Z)
• ??1 ? ?2?(Z) ??1 ?(Z) ? ??2?(Z)

20
Meaning of a Formula
? (v,v1,v2) n(v1,v) ? n(v2,v) ? v1 v2
Z v ? u2, v1 ? u1, v2 ? u3
???(Z) ?n(v1,v) ? n(v2,v) ?(Z) ? ?v1 v2?(Z)
?n?(u1, u2) ? ?n?(u3, u2) ? u1 u3
1 ? 1 ? 0
0
21
Outline

• Using logic to describe stores
• Using logic to express store transformations
• Forming abstractions of stores
• Three-valued logic
• Using three-valued logic to express
  transformations of abstract stores

22
Using Logic to Change Stores
x null
23
Predicate-Alteration Formulas for x null
?xx null(v) ? 0
24
Predicate-Alteration Formulas for x null
?yx null(v) ? y(v)
25
Predicate-Alteration Formulas for x null
?zx null(v) ? z(v)
26
Predicate-Alteration Formulas for x null
New
y
u1
u2
z
u3
27
Predicate-Alteration Formulas for x null
New
y
u1
u2
z
u3
?nx null(v1,v2) ? n(v1,v2)
28
Predicate-Alteration Formulas for x null
New
y
u1
u2
z
u3
29
Predicate-Alteration Formulas for x null
New
y
u1
u2
z
u3
30
Outline

• Using logic to describe stores
• Using logic to express store transformations
• Forming abstractions of stores
• Three-valued logic
• Using three-valued logic to express
  transformations of abstract stores

31
Abstraction Principle
32
Abstraction Principle
un(v) ? ? v1,v2 n(v1,v) ? n(v2,v) ? v1 v2
33
Outline

• Using logic to describe stores
• Using logic to express store transformations
• Forming abstractions of stores
• Three-valued logic
• Using three-valued logic to express
  transformations of abstract stores

34
Two- vs. Three-Valued Logic
35
Two- vs. Three-Valued Logic
Two-valued logic
Three-valued logic
36
Outline

• Using logic to describe stores
• Using logic to express store transformations
• Forming abstractions of stores
• Three-valued logic
• Using three-valued logic to express
  transformations of abstract stores