logging in or signing up path sas04 Marcell Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 24 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: January 16, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions: Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California, Berkeley Slide2: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Example u := a-1; v := 3; Assert(t1=t2 Æ t1=1 Æ z=2); a=2? All 3 asserts are true a=2?Slide3: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Path-Insensitive Analysis u := a-1; v := 3; Assert(t1=t2 Æ t1=1 Æ z=2); * Most PTIME analyses treat conditionals as non-deterministic. They will verify only t1=t2 *Slide4: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Path-Sensitive Analysis u := a-1; v := 3; Assert(t1=t2 Æ t1=1 Æ z=2); c1 We can do better by doing a boolean abstraction of conditionals. Each atomic predicate is abstracted to a boolean variable This will also verify t1=1 This is still abstract though! z=2 not verified undecidable to reason completely c1Outline: Outline Existing approach (MVR) vs. our approach (FCED) FCEDs for linear arithmetic FCEDs for uninterpreted function termsSlide6: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Multi-Valued ROBDDs (MVRs) u := a-1; v := 3; Assert(t1=t2); Assert(t1=1); c1 c2 |MVR(t1)| = |MVR(y)| £ |MVR(u)| MVR(t1) does not share nodes with MVR(y) and MVR(u) Need a normal form for leavesSlide7: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Free Conditional Expression Diagrams (FCEDs) c1 2 a y = c2 1 a-1 u = - t1 = u := a-1; v := 3; Assert(t1=t2); Assert(t1=1); c1 c2 |FCED(t1)| = |FCED(y)| + |FCED(u)| FCED(t1) shares nodes with FCED(y) and FCED(u) No need for normal formOutline: Outline Existing approach (MVR) vs. our approach (FCEDs) FCEDs for linear arithmetic FCEDs for uninterpreted function termsProblem Definition: Problem Definition e = q | y | e1 § e2 | q £ e | if b then e1 else e2 b = c | b1 Æ b2 | b1 Ç b2 e: conditional linear arithmetic expression b: boolean formula y: rational variable c: boolean variable q: rational constant Construct FCED for an expression e, given FCEDs for its subexpressions. Check 2 FCEDs for equivalenceFCED: FCED An FCED f is a DAG with the following kind of nodes. f := y | q | Plus(f1,f2) | Minus(f1,f2) | Times(q,f) | Choose(f1,f2) | Guard(g,f) Choose(f1,f2) means f1 or f2 Guard(g,f) means if g then f Boolean expressions g are represented using ROBDDs g := true | false | c | If(c,g1,g2) Example: Example FormalizationExample: Example FormalizationFCED Construction: FCED Construction FCED(y) = Leaf(y) FCED(q) = Leaf(q) FCED(e1+e2) = Plus (FCED(e1), FCED(e2)) FCED(q £ e) = Times(q,FCED(e)) FCED(if b then e1 else e2) = Choose(Guard(R(b),e1), Guard(R(NOT(b)),e2) FCED Construction: FCED Construction FCED(y) = Leaf(y) FCED(q) = Leaf(q) FCED(e1+e2) = Plus (FCED(e1), FCED(e2)) FCED(q £ e) = Times(q,FCED(e)) FCED(if b then e1 else e2) = Choose(||R(b),FCED(e1)||, ||NOT R(b), FCED(e2)||) Normalize Guard Operator: Normalize Guard Operator Inputs: guard g, FCED f Output: FCED f’ s.t. f ´ f’ 8 guard nodes Guard(g,f’’) in f’, BV(g) < BV(f’’) ||g,f|| = Guard(g,f), if BV(g) < BV(f) ||g, Plus(f1,f2) = Plus(||g,f1||, ||g, f2||) ||g, Choose(f1,f2) = Choose(||g,f1||, ||g, f2||) ||g1, Guard(g2,f )|| = Guard(|| INTERSECT(g1,g2),f ||) …Example: Normalize Guard Operator: Example: Normalize Guard Operator plus Given f, construct ||R(c1),f|| chooseRandomized Equivalence Testing for FCEDs: Randomized Equivalence Testing for FCEDs Assign hash values to nodes of FCEDs in bottom-up manner V: FCED Node ! Integer V(Leaf(q)) = q V(Leaf(y)) = ry V(Plus(f1,f2)) = V(f1) + V(f2) V(Choose(f1,f2)) = V(f1) + V(f2) V(Guard(g,f)) = H(g) £ V(f) H: Guard ! Integer H(true) = 1, H(false) = 0 H(c) = rc H(If(c,g1,g2)) = rc £ H(g1) + (1-rc) £ H(g2)Randomized Equivalence Testing for FCEDs : Randomized Equivalence Testing for FCEDs Completeness f1 ´ f2 ) V(f1) = V(f2) Soundness f1 ´ f2 ) Pr[V(f1) = V(f2)] · s/t s: maximum # of nodes in a FCED t: size of set from which random values are chosen Proof: 9 1-1 Poly: FCED ! Polynomials such that V(f) is the value of Poly(f)Outline: Outline Existing approach (MVR) vs. our approach (FCEDs) FCEDs for linear arithmetic FCEDs for uninterpreted function termsProblem Definition: Problem Definition e = y | F(e1,e2) | if b then e1 else e2 b = c | b1 Æ b2 | b1 Ç b2 e: conditional uninterpreted function term b: boolean formula y: variable c: boolean variable Construct FCED for an expression e, given FCEDs for its subexpressions. Check 2 FCEDs for equivalenceFCED: FCED An FCED f is a DAG with the following kind of nodes. f := y | F(f1,f2) | Choose(f1,f2) | Guard(g,f) Choose(f1,f2) means f1 or f2 Guard(g,f) means if g then f Boolean expressions g are represented using ROBDDs g := true | false | c | If(c,g1,g2) FCED Construction: FCED Construction FCED(y) = Leaf(y) FCED(F(e1,e2)) = F(FCED(e1), FCED(e2)) FCED(if b then e1 else e2) = Choose(||R(b),FCED(e1)||, ||NOT R(b), FCED(e2)||) Randomized Equivalence Testing of FCEDs: Randomized Equivalence Testing of FCEDs Assign hash values to nodes of FCEDs in bottom-up manner V: FCED Node ! Tuple of k integers K ¸ depth of any FCED V(y) = [ry,…ry] V(Choose(f1,f2)) = V(f1) + V(f2) V(Guard(g,f)) = H(g) £ V(f) V(F(f1,f2)) = V(f1) £ M + V(f2) £ N M, N: random k £ k matrices Randomized Equivalence Testing for FCEDs : Randomized Equivalence Testing for FCEDs Completeness f1 ´ f2 ) V(f1) = V(f2) Soundness f1 ´ f2 ) Pr[V(f1) = V(f2)] · s: maximum # of nodes in a FCED t: size of set from which random values are chosen Proof: more involvedConclusion and Future Work: Conclusion and Future Work Randomization can help achieve simplicity and efficiency at the expense of making soundness probabilistic. Integrate randomized techniques with symbolic algorithms Few interesting possible extensions: Combination of uninterpreted functions with arithmetic Partially interpreted functions like commutative and/or associative functions Model memory You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
path sas04 Marcell Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 24 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: January 16, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions: Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California, Berkeley Slide2: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Example u := a-1; v := 3; Assert(t1=t2 Æ t1=1 Æ z=2); a=2? All 3 asserts are true a=2?Slide3: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Path-Insensitive Analysis u := a-1; v := 3; Assert(t1=t2 Æ t1=1 Æ z=2); * Most PTIME analyses treat conditionals as non-deterministic. They will verify only t1=t2 *Slide4: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Path-Sensitive Analysis u := a-1; v := 3; Assert(t1=t2 Æ t1=1 Æ z=2); c1 We can do better by doing a boolean abstraction of conditionals. Each atomic predicate is abstracted to a boolean variable This will also verify t1=1 This is still abstract though! z=2 not verified undecidable to reason completely c1Outline: Outline Existing approach (MVR) vs. our approach (FCED) FCEDs for linear arithmetic FCEDs for uninterpreted function termsSlide6: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Multi-Valued ROBDDs (MVRs) u := a-1; v := 3; Assert(t1=t2); Assert(t1=1); c1 c2 |MVR(t1)| = |MVR(y)| £ |MVR(u)| MVR(t1) does not share nodes with MVR(y) and MVR(u) Need a normal form for leavesSlide7: y := 2; z := a; y := a; z := 2; u := 1; v := 1+a; t1 := y-u; t2 := v-z; True True False False Free Conditional Expression Diagrams (FCEDs) c1 2 a y = c2 1 a-1 u = - t1 = u := a-1; v := 3; Assert(t1=t2); Assert(t1=1); c1 c2 |FCED(t1)| = |FCED(y)| + |FCED(u)| FCED(t1) shares nodes with FCED(y) and FCED(u) No need for normal formOutline: Outline Existing approach (MVR) vs. our approach (FCEDs) FCEDs for linear arithmetic FCEDs for uninterpreted function termsProblem Definition: Problem Definition e = q | y | e1 § e2 | q £ e | if b then e1 else e2 b = c | b1 Æ b2 | b1 Ç b2 e: conditional linear arithmetic expression b: boolean formula y: rational variable c: boolean variable q: rational constant Construct FCED for an expression e, given FCEDs for its subexpressions. Check 2 FCEDs for equivalenceFCED: FCED An FCED f is a DAG with the following kind of nodes. f := y | q | Plus(f1,f2) | Minus(f1,f2) | Times(q,f) | Choose(f1,f2) | Guard(g,f) Choose(f1,f2) means f1 or f2 Guard(g,f) means if g then f Boolean expressions g are represented using ROBDDs g := true | false | c | If(c,g1,g2) Example: Example FormalizationExample: Example FormalizationFCED Construction: FCED Construction FCED(y) = Leaf(y) FCED(q) = Leaf(q) FCED(e1+e2) = Plus (FCED(e1), FCED(e2)) FCED(q £ e) = Times(q,FCED(e)) FCED(if b then e1 else e2) = Choose(Guard(R(b),e1), Guard(R(NOT(b)),e2) FCED Construction: FCED Construction FCED(y) = Leaf(y) FCED(q) = Leaf(q) FCED(e1+e2) = Plus (FCED(e1), FCED(e2)) FCED(q £ e) = Times(q,FCED(e)) FCED(if b then e1 else e2) = Choose(||R(b),FCED(e1)||, ||NOT R(b), FCED(e2)||) Normalize Guard Operator: Normalize Guard Operator Inputs: guard g, FCED f Output: FCED f’ s.t. f ´ f’ 8 guard nodes Guard(g,f’’) in f’, BV(g) < BV(f’’) ||g,f|| = Guard(g,f), if BV(g) < BV(f) ||g, Plus(f1,f2) = Plus(||g,f1||, ||g, f2||) ||g, Choose(f1,f2) = Choose(||g,f1||, ||g, f2||) ||g1, Guard(g2,f )|| = Guard(|| INTERSECT(g1,g2),f ||) …Example: Normalize Guard Operator: Example: Normalize Guard Operator plus Given f, construct ||R(c1),f|| chooseRandomized Equivalence Testing for FCEDs: Randomized Equivalence Testing for FCEDs Assign hash values to nodes of FCEDs in bottom-up manner V: FCED Node ! Integer V(Leaf(q)) = q V(Leaf(y)) = ry V(Plus(f1,f2)) = V(f1) + V(f2) V(Choose(f1,f2)) = V(f1) + V(f2) V(Guard(g,f)) = H(g) £ V(f) H: Guard ! Integer H(true) = 1, H(false) = 0 H(c) = rc H(If(c,g1,g2)) = rc £ H(g1) + (1-rc) £ H(g2)Randomized Equivalence Testing for FCEDs : Randomized Equivalence Testing for FCEDs Completeness f1 ´ f2 ) V(f1) = V(f2) Soundness f1 ´ f2 ) Pr[V(f1) = V(f2)] · s/t s: maximum # of nodes in a FCED t: size of set from which random values are chosen Proof: 9 1-1 Poly: FCED ! Polynomials such that V(f) is the value of Poly(f)Outline: Outline Existing approach (MVR) vs. our approach (FCEDs) FCEDs for linear arithmetic FCEDs for uninterpreted function termsProblem Definition: Problem Definition e = y | F(e1,e2) | if b then e1 else e2 b = c | b1 Æ b2 | b1 Ç b2 e: conditional uninterpreted function term b: boolean formula y: variable c: boolean variable Construct FCED for an expression e, given FCEDs for its subexpressions. Check 2 FCEDs for equivalenceFCED: FCED An FCED f is a DAG with the following kind of nodes. f := y | F(f1,f2) | Choose(f1,f2) | Guard(g,f) Choose(f1,f2) means f1 or f2 Guard(g,f) means if g then f Boolean expressions g are represented using ROBDDs g := true | false | c | If(c,g1,g2) FCED Construction: FCED Construction FCED(y) = Leaf(y) FCED(F(e1,e2)) = F(FCED(e1), FCED(e2)) FCED(if b then e1 else e2) = Choose(||R(b),FCED(e1)||, ||NOT R(b), FCED(e2)||) Randomized Equivalence Testing of FCEDs: Randomized Equivalence Testing of FCEDs Assign hash values to nodes of FCEDs in bottom-up manner V: FCED Node ! Tuple of k integers K ¸ depth of any FCED V(y) = [ry,…ry] V(Choose(f1,f2)) = V(f1) + V(f2) V(Guard(g,f)) = H(g) £ V(f) V(F(f1,f2)) = V(f1) £ M + V(f2) £ N M, N: random k £ k matrices Randomized Equivalence Testing for FCEDs : Randomized Equivalence Testing for FCEDs Completeness f1 ´ f2 ) V(f1) = V(f2) Soundness f1 ´ f2 ) Pr[V(f1) = V(f2)] · s: maximum # of nodes in a FCED t: size of set from which random values are chosen Proof: more involvedConclusion and Future Work: Conclusion and Future Work Randomization can help achieve simplicity and efficiency at the expense of making soundness probabilistic. Integrate randomized techniques with symbolic algorithms Few interesting possible extensions: Combination of uninterpreted functions with arithmetic Partially interpreted functions like commutative and/or associative functions Model memory