Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing...
-
Upload
rodney-boyd -
Category
Documents
-
view
217 -
download
1
Transcript of Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing...
![Page 1: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/1.jpg)
Dagstuhl Seminar "Applied Deductive Verification" November 2003
www.cs.tau.ac.il/~gretay
Symbolically Computing Most-Precise Abstract
Operations for Shape Analysis
Greta YorshJoint work with
Thomas RepsMooly Sagiv
![Page 2: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/2.jpg)
2Dagstuhl Seminar "Applied Deductive Verification" November 2003
Why use theorem prover?
Guarantee the most-precise result w.r.t. the abstraction
Modular reasoning assume guarantee reasoning scalability
![Page 3: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/3.jpg)
3Dagstuhl Seminar "Applied Deductive Verification" November 2003
Outline
BackgroundThe “assume” OperationThe assume Algorithm
canonical abstraction
Main ResultsFuture Work
^
![Page 4: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/4.jpg)
4Dagstuhl Seminar "Applied Deductive Verification" November 2003
Shape Analysis
Static program analysisDetermine “shape invariants”
Verify programs (partially) Detect memory errors Prove properties about dynamically allocated data Detect logical errors Code optimizations
Abstract Interpretation [CC77] Galois Connection (, )
![Page 5: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/5.jpg)
5Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
Concretization Function
Concrete Domain Abstract Domain
(a)
![Page 6: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/6.jpg)
6Dagstuhl Seminar "Applied Deductive Verification" November 2003
C
Concrete Domain Abstract Domain
Abstraction Function
(C)
![Page 7: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/7.jpg)
7Dagstuhl Seminar "Applied Deductive Verification" November 2003
((C))
C
Concrete Domain Abstract Domain
Galois Connection (, )
(C)
![Page 8: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/8.jpg)
8Dagstuhl Seminar "Applied Deductive Verification" November 2003
(a')
((C))
C
Concrete Domain Abstract Domain
Most Precise Abstract Value
(C)
a'
![Page 9: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/9.jpg)
9Dagstuhl Seminar "Applied Deductive Verification" November 2003
New Approach
Use symbolic techniques in abstract interpretation For shape analysis For other abstract domains
What does it mean to employ decision procedure/theorem prover for shape analysis? symbolic concretization decision procedure for satisfiability
(a)
![Page 10: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/10.jpg)
10Dagstuhl Seminar "Applied Deductive Verification" November 2003
Concrete Domain Abstract Domain
Formulas
a2
(a1)a1
store ⊧ (a1)^
store ⊭ (a1)^
Symbolic Concretization (a)^
(a1)
(a2)
S (a) ⇔ S⊧ (a)
^
⊧
![Page 11: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/11.jpg)
11Dagstuhl Seminar "Applied Deductive Verification" November 2003
Outline
BackgroundThe “assume” OperationThe assume Algorithm
canonical abstraction
Main ResultsFuture Work
^
✔
![Page 12: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/12.jpg)
12Dagstuhl Seminar "Applied Deductive Verification" November 2003
Assume-Guarantee Reasoning
T bar();
void foo() {
T p;...
p = bar();
...
}
{prebar, postbar}
{prefoo, postfoo}
assume[prefoo];
assert[prebar];-----------assume[postbar];
assert[postfoo];
^Is (a) ⇒ valid?
assert[](a)assume[](a)
?
<top>
<a1>
<a2>
<a3><a4>
![Page 13: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/13.jpg)
13Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
X
Concrete Domain Abstract Domain
〚〛
The “assume[](a)” Operation
(a)
Formulas
![Page 14: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/14.jpg)
14Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
〚〛
X
Concrete Domain Abstract Domain
(a)
The “assume[](a)” Operation
assume[](a)(X)
![Page 15: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/15.jpg)
15Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
〚〛
X
Concrete Domain Abstract Domain
(a)
The “assume[](a)” Operation
assume[](a)
^assume[](a)
(X)
![Page 16: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/16.jpg)
16Dagstuhl Seminar "Applied Deductive Verification" November 2003
Outline
Shape Analysis
The “assume” OperationThe assume Algorithm
canonical abstraction
Main ResultsFuture Work
^
✔✔
![Page 17: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/17.jpg)
17Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
X
Concrete Domain Abstract Domain
〚〛
The assume[](a) Algorithm
(a)
^
![Page 18: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/18.jpg)
18Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
〚〛
The assume[](a) Algorithm
X
Concrete Domain Abstract Domain
(a)
^
![Page 19: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/19.jpg)
19Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
〚〛
The assume[](a) Algorithm
X
Concrete Domain Abstract Domain
(a)
^
![Page 20: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/20.jpg)
20Dagstuhl Seminar "Applied Deductive Verification" November 2003
assume[](a)
a
〚〛
The assume[](a) Algorithm
X
Concrete Domain Abstract Domain
(a)
^
(X)
![Page 21: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/21.jpg)
21Dagstuhl Seminar "Applied Deductive Verification" November 2003
Outline
Shape Analysis
The “assume” OperationThe assume Algorithm
canonical abstraction
Main ResultsFuture Work
^
✔✔
![Page 22: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/22.jpg)
22Dagstuhl Seminar "Applied Deductive Verification" November 2003
C
Concrete Domain Abstract Domain
Abstraction Function
(C)
(C) = { (S) | S C}
2-valuedlogical structures
sets of 3-valued logical structures
![Page 23: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/23.jpg)
23Dagstuhl Seminar "Applied Deductive Verification" November 2003
Describing Heap Using Logical Structure
Definition of linked list
Cyclic linked list of length 4 pointed to by variable x structure S = < U, x, n, rx>
universe U = {u1, u2, u3, u4},
unary relation x = {u1}
binary relation n = { < u1, u2>, < u2, u3 >, < u3, u4>, <u4,u1>}
unary relation rx = {u1, u2, u3, u4}
unary relation c = {u1, u2, u3, u4}
struct List {int d; struct List *n;
}
x
u1 u2 u3 u4
c,rxc, rxc, rxc, rx
n n n
![Page 24: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/24.jpg)
24Dagstuhl Seminar "Applied Deductive Verification" November 2003
3-Valued Logical Structures
Relation meaning over {0, 1, ½}Kleene
1: True 0: False
½: Unknown
A join semi-lattice: 0 ⊔ 1 = ½
½ Information
order
![Page 25: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/25.jpg)
25Dagstuhl Seminar "Applied Deductive Verification" November 2003
Canonical Abstraction
x
u1 u2 u3 u4
c,rxc,rxc,rxc,rx
xu1 u2
c,rx c,rx
u2 summary node
x
u1 u2 u3 u4
c,rxc,rxc,rxc,rx
![Page 26: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/26.jpg)
26Dagstuhl Seminar "Applied Deductive Verification" November 2003
Canonical Abstraction
x
u1 u2 u3 u4
c,rxc,rxc,rxc,rx
xu1 u2
c,rx c,rx
:
u2 summary node
Unary relations have definite values
x
![Page 27: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/27.jpg)
27Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
Concretization Function
Concrete Domain
Abstract Domain
(a)
(a)
a ≜
∃v1,v2:nodeu1(v1) node⋀ u2(v2)⋀∀w: nodeu1(w) node⋁ u2(w)
⋀ ∀w1,w2:nodeu1(w1) node⋀ u1(w2)
⇒(w1=w2)⋀⌝n(w1,w2)
(a) ≜ a ⋀ IR^
S (a) ⇔ S ⊧ (a) ^
Formulas
^x
u1 u2
c,rx c,rx
![Page 28: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/28.jpg)
28Dagstuhl Seminar "Applied Deductive Verification" November 2003
a
Concretization Function
Concrete Domain
Abstract Domain
(a)
(a) IR = unique[x] ⋀ function[n] ⋀ reachable[x] ⋀ cyclic[n]
reachable[x] ≜∀v:rx(v)⇔ v∃ 1: x(v1) n*(v⋀ 1,v)
cyclic[n] ≜∀v:c(v)⇔ v∃ 1:n(v,v1) n*(v⋀ 1,v)
(a) ≜ a ⋀ IR^
S (a) ⇔ S ⊧ (a) ^
Formulas
^
unique[x] ≜∀v1,v2:x(v1) x(v⋀ 2) v⇒ 1=v2
function[n] ≜∀v,v1,v2:n(v,v1) n(v,v⋀ 2) v⇒ 1=v2
![Page 29: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/29.jpg)
29Dagstuhl Seminar "Applied Deductive Verification" November 2003
Outline
Shape Analysis
The “assume” OperationThe assume Algorithm
canonical abstraction
Main ResultsFuture Work
^
✔✔
✔
![Page 30: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/30.jpg)
30Dagstuhl Seminar "Applied Deductive Verification" November 2003
Example
xu1 u2c,rx c,rx
y==x->n
≜ ∀v1:y(v1) ↔∃v2: x(v2) n(v⋀ 1, v2)
y,ry y,ry
xu1 uy
c,rx ry
xu1 u2
y
uy
yc,rx ry
c,rx ry c,rx ry c,rx ry
a:
assume[](a)^IR = unique[x] ⋀ unique[y] ⋀ reachable[x] ⋀ reachable[y] ⋀ cyclic[n] function[n] ⋀
![Page 31: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/31.jpg)
31Dagstuhl Seminar "Applied Deductive Verification" November 2003
The assume[](a) Algorithm
assume[](a) : set of 3-valued structures// initialization
for all S a∈if (S) ⋀ is satisfiable then WS
// phase 1: node materialization
while there is S W with p(u)=1/2 do∈duplicate nodes and deduce their unary
relations using calls to theorem prover
// phase 2: relation refinement
while there is S W with p(u1,u2)=1/2 do∈duplicate structures and deduce their binary relations using calls to theorem prover
return W
^^
^
![Page 32: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/32.jpg)
32Dagstuhl Seminar "Applied Deductive Verification" November 2003
Example - Materialization
materializationu2 uy, u2
y(uy) = 1, y(u2) =0
xu1 u2
c,rx c,rxy,ry y,ry
S
xu1 u2
c,rxc,rxy,ry y
y(u2)=0
S0
ry
S1
y(u2)=1
xu1 u2
c,rx c,rxy,ryyry
u2
xu1 uy
c,rx c,rxy,ryy rx y ryry
![Page 33: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/33.jpg)
33Dagstuhl Seminar "Applied Deductive Verification" November 2003
Example - Materialization
xu1 uy
c,rxc,rxy,ry y rx y
xu1 u2
c,rx ry c,rxryy
u2
xu1 u2
c,rx c,rxy,ryyry
ryry
xu1 uy
c,rx ry yu2
c,rx ryc,rx ry
![Page 34: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/34.jpg)
34Dagstuhl Seminar "Applied Deductive Verification" November 2003
Example – Refinement
xu1 uy
c,rx ry yu2
c,rxryc,rx ry
n(u2,uy)
xu1 uy
c,rx,ry yu2
c,rx ryc,rx,ry
S0
xu1 uy
c,rx,ry yu2
c,rx,ryc,rx ry
uy
n(u1,uy)
n(uy,uy)
n(u1,u2)
n(uy,u1)
![Page 35: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/35.jpg)
35Dagstuhl Seminar "Applied Deductive Verification" November 2003
Example
xu1 u2c,rx c,rx
y==x->n
≜ ∀v1:y(v1) ↔∃v2: x(v2) n(v⋀ 1, v2)
y,ry y,ry
xu1 uy
c,rx ry
xu1 u2
y
uy
yc,rx ry
c,rx ry c,rx ry c,rx ry
a:
assume[](a)^IR = unique[x] ⋀ unique[y] ⋀ reachable[x] ⋀ reachable[y] ⋀ cyclic[n] function[n] ⋀
![Page 36: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/36.jpg)
36Dagstuhl Seminar "Applied Deductive Verification" November 2003
Algorithm
assume[](a) : set of 3-valued structuresfor all S a∈
if (S)⋀ is satisfiable then WS
// phase 1: materialization
while there is S W with p(u)=1/2 do∈WW/S
if (S)⋀⋀p,u is satisfiable then WS'
if (S0)⋀ is satisfiable then WS0
if (S1)⋀ is satisfiable then WS1
// phase 2: relation refinement
while there is S W with p(u1,u2)=1/2 do∈ if (S)⋀⋀p,u1,u2 is not satisfiable then WW/S
if (S0)⋀ is satisfiable then WS0
if (S1)⋀ is satisfiable then WS1
return W
^
^
^^^
^^^
![Page 37: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/37.jpg)
37Dagstuhl Seminar "Applied Deductive Verification" November 2003
Theorem Prover
Satisfiability of FOTC
Calls to theorem prover need not terminateExperience with SPASSSolutions ?
![Page 38: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/38.jpg)
38Dagstuhl Seminar "Applied Deductive Verification" November 2003
SPASS Experience
Handles arbitrary FO formulasCan divergeConverges in our examples
Captures older shape analysis algorithms
How to handle FOTC? Overapproximations are not good enough
Lead to too many structures
![Page 39: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/39.jpg)
39Dagstuhl Seminar "Applied Deductive Verification" November 2003
Theorem Prover
Satisfiability of FOTC
Calls to theorem prover need not terminateExperience with SPASSSolutions
timeout and return ½ decidable logic
Bad news Even ∃∀TC is undecidable
Reduction to halting problem
![Page 40: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/40.jpg)
40Dagstuhl Seminar "Applied Deductive Verification" November 2003
∃∀DTC[E] Logic
Neil Immerman, Alexander Rabinovich∃∀DTC[E] is subset of FOTC
∃∀ form arbitrary unary relations single binary relation E deterministic transitive closure E*(v,w)
E-path through individuals with at most one successor
Decidable for satisfiability NEXPTIME-complete
![Page 41: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/41.jpg)
41Dagstuhl Seminar "Applied Deductive Verification" November 2003
Simulation Technique
Simulate regular data structures using ∃∀DTC[E] Singly linked list
shared/cyclic/nested
Doubly linked list (Shared) Trees
Preserved under mutations
![Page 42: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/42.jpg)
42Dagstuhl Seminar "Applied Deductive Verification" November 2003
Outline
Shape Analysis
The “assume” Operation
The assume Algorithmcanonical abstraction
Main ResultsFuture Work
^
✔✔
✔✔
![Page 43: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/43.jpg)
43Dagstuhl Seminar "Applied Deductive Verification" November 2003
Most-precise Operations
Most-precise abstract value
Best transformer statement loop-free fragment
() = assume[](<top>)^
BT(a,τ) = assume[τ](<a, top>)^
![Page 44: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/44.jpg)
45Dagstuhl Seminar "Applied Deductive Verification" November 2003
Most-precise Operations
Most-precise abstract value
Best transformer statement loop-free fragment
Meet operation
Assume guarantee reasoning procedure specifications
() = assume[](<top>)^
^ ^ ^m(a,a') = ((a) ⋀ (a'))^
BT(a,τ) = assume[τ](<a, top>)^
![Page 45: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/45.jpg)
46Dagstuhl Seminar "Applied Deductive Verification" November 2003
Conclusions
Employ decision procedure/theorem prover for shape analysis most precise modular - assume guarantee reasoning
![Page 46: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/46.jpg)
47Dagstuhl Seminar "Applied Deductive Verification" November 2003
Future Work
ImplementationAssume guarantee of “real” programs
specification language write procedure specifications
Extend to other domains
![Page 47: Dagstuhl Seminar "Applied Deductive Verification" November 2003 gretay Symbolically Computing Most-Precise Abstract Operations for Shape.](https://reader036.fdocuments.net/reader036/viewer/2022070407/56649e425503460f94b35426/html5/thumbnails/47.jpg)
Dagstuhl Seminar "Applied Deductive Verification" November 2003
www.cs.tau.ac.il/~gretay
THE ENDTHE END