Satisfiability Modulo Abstraction for Separation Logic with Linked Lists

Slide Note
Embed
Share

This study explores the application of satisfiability modulo abstraction in separation logic with linked lists. It presents a technique using abstract interpretation concepts to handle separation logic formulas beyond previous methods, specifically focusing on over-approximating heaps that satisfy the logic. The approach employs tools like ITVLA and abstract domains of shape graphs, demonstrating effectiveness in handling complex formulas.

laer813
laer813 Follow

Uploaded on Sep 10, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Satisfiability Modulo Abstraction for Separation Logic with Linked Lists Aditya Thakur, Jason Breck, and Thomas Reps UNIVERSITY OF WISCONSIN-MADISON

  2. Satisfiability Modulo Abstraction for Separation Logic with Linked Lists

  3. Satisfiability Modulo Abstraction for Separation Logic with Linked Lists (program P, property Q) ? Satisfiability Solver If ? is unsatisfiable then P has property Q

  4. Satisfiability Modulo Abstraction for Separation Logic with Linked Lists (program P, property Q) using linked lists ? ? Satisfiability Solver If ? is unsatisfiable then P has property Q

  5. Satisfiability Modulo Abstraction for Separation Logic with Linked Lists (program P, property Q) using linked lists ? ? ?? Satisfiability Solver ? If ? is unsatisfiable then P has property Q

  6. Satisfiability Modulo Abstraction for Separation Logic with Linked Lists (program P, property Q) using linked lists ? ?? Satisfiability Solver using concepts from abstract interpretation If ? is unsatisfiable then P has property Q

  7. Contributions We check the unsatisfiability of separation logic formulas using concepts and tools (ITVLA) from abstract interpretation We use an abstract domain of sets of shape graphs to over-approximate the set of heaps that satisfy a separation logic formula Our technique can handle some formulas that cannot be handled by previous techniques

  8. Separation Logic Store Heap x y z

  9. Separation Logic atom ::= ? ? | ??(?,?) | ??? |???? | ? = ? Store Heap x y z ? ::= atom | atom |? ? |? ? |? ? |? ?

  10. Separation Logic atom ::= ? ? | ??(?,?) | ??? |???? | ? = ? Store Heap x y z ? ::= atom | atom |? ? |? ? |? ? |? ?

  11. Separation Logic atom ::= ? ? | ??(?,?) | ??? |???? | ? = ? Store Heap x y z ? ::= atom | atom |? ? |? ? |? ? |? ?

  12. Separation Logic atom ::= ? ? | ??(?,?) | ??? |???? | ? = ? Store Heap x y z ? ::= atom | atom |? ? |? ? |? ? |? ?

  13. Separation Logic atom ::= ? ? | ??(?,?) | ??? |???? | ? = ? Store Heap x y z ? ::= atom | atom |? ? |? ? |? ? |? ?

  14. Separation Logic atom ::= ? ? | ??(?,?) | ??? |???? | ? = ? Store Heap x y z ? ::= atom | atom |? ? |? ? |? ? |? ?

  15. Separation Logic heap ?1 ?2iff there exists a partition 1and 2 of such that 1 ?1and h2 ?2 h ?1 ?2 2 ?2 ?1 1 Example: ??(?,?) ??(?,?) ? ? ? ?

  16. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? Abstract domain element that over-approximates the set of heaps that satisfy ??(?,?) If this is the bottom element, the formula is unsatisfiable

  17. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ?

  18. Shape Graphs y x r[x] r[x] r[x] h ??(?,?) Abstract y Concrete x y x r[x] r[x] r[x] r[x] r[x] r[x] r[x] r[x] y x r[x] r[x] r[x] r[x]

  19. Shape Graphs x y ??(?,?) r[x] y x r[x] r[x] y x r[x] r[x] r[x]

  20. Shape Graphs x y ??(?,?) h r[x] y x h h r[x] r[x] y x h r[x] h h r[x] r[x]

  21. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? x y h x y h y x h

  22. Shape Graphs ? ? x y h h r[x] r[x]

  23. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? x y x y h h x y h y x h

  24. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? x y x x y y h h h x y h y x h

  25. Shape Graphs (? ?) x is not in the sub-heap the sub-heap is empty h x y y x h h r[x] h h r[x] successor to x is not y sub-heap has >1 node

  26. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? x y x x y y h h h x y x y y x h h y x h

  27. Meet: Inputs ??(?,?) (? ?) x y h r[x] h x y y x y x h h r[x] h h r[x] h h r[x] r[x] y x h r[x] h h r[x] r[x]

  28. Meet: Outputs ??(?,?) (? ?) x y h r[x] h x y y x y x h h r[x] h h r[x] h h r[x] r[x] y x h r[x] h h r[x] r[x]

  29. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? x x y y x y h h y x

  30. Separating Conjunction x x y y h h h r[x] h r[x] r[x] r[x]

  31. Separating Conjunction x x y y h1 r[x] h h1 r[x] h r[x] r[x]

  32. Separating Conjunction x x y y h1 r[x] h2 r[x] h1 r[x] h2 r[x]

  33. Separating Conjunction h is the disjoint union of h1 and h2 h1 h2 h h1 h2 h h1 h2 h h1 h2 h

  34. Separating Conjunction x x y y h1 r[x] h2 r[x] h1 r[x] h2 r[x] h1 h2 h h1 h2 h h1 h2 h h1 h2 h

  35. Separating Conjunction x x y y h1 r[x] h2 r[x] h1 r[x] h2 r[x] h1 h2 h h1 h2 h h1 h2 h h1 h2 h Result: the empty set of shape graphs

  36. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? x y y x

  37. Strategy: Bottom-Up Evaluation ?? ?,? ? ? (? ? ? ?) ??(?,?) (? ?) ? ? ? ? x y y x Final result: the formula is unsatisfiable

  38. Experiments Designed to investigate: Speed Precision Formulas not handled by other tools Setup Three groups of unsatisfiable formulas Group 1 23 formulas Included some not handled by other tools Groups 2, 3 64 and 512 formulas Built from templates taken from the literature

  39. Experiments: Group 1 9 8 Running Time (s) (a1 a2 ls(e1,e2)) (a2 a3 emp) (a3 a1 (a5 a6) true) 7 6 5 4 3 2 1 0 Formula

  40. Experiments: Groups 2 and 3 Formula templates based on Hou et al., POPL14: a emp (a b) 64 formulas Mean: 0.56 sec, Max: 10.31 sec emp a (b (c (emp a))) 512 Formulas Mean: 0.12 sec, Max: 9.51 sec

  41. Summary We implemented a tool called SMASLTOV (based on ITVLA) https://www.github.com/smasltov-team/SMASLTOV SMASLTOV checks the unsatisfiability of separation logic formulas using concepts from abstract interpretation SMASLTOV uses an abstract domain of sets of shape graphs to over-approximate the set of heaps that satisfy a separation logic formula SMASLTOV can handle some formulas that cannot be handled by previous techniques Thank you! Any questions?

Related


Understanding Satisfiability Modulo Theories: Lecture Insights

Understanding Satisfiability Modulo Theories: Lecture Insights

rtorm
Accelerating Lemma Learning Using Joins in Satisfiability Modulo Theories

Accelerating Lemma Learning Using Joins in Satisfiability Modulo Theories

kelila
SMT-LIB: The Satisfiability Modulo Theories Library Overview

SMT-LIB: The Satisfiability Modulo Theories Library Overview

gwend
Understanding List ADT and Linked Lists

Understanding List ADT and Linked Lists

rosc_617
Understanding Game Abstraction and Equilibrium

Understanding Game Abstraction and Equilibrium

khek381
Understanding Sex-Linked Inheritance in Genetics

Understanding Sex-Linked Inheritance in Genetics

sailor
Bounded Satisfiability Checking for Early Legal Compliance Verification

Bounded Satisfiability Checking for Early Legal Compliance Verification

nicksongi
Inserting a Number into a Sorted List Using Linked Lists

Inserting a Number into a Sorted List Using Linked Lists

icke_v
Understanding Arrays and Linked Lists in Computer Science

Understanding Arrays and Linked Lists in Computer Science

vira_69
Understanding Arithmetic Operators in C Programming

Understanding Arithmetic Operators in C Programming

kamaria
Logic Families

Logic Families

eilonwy
Comparison between Array and Linked List Data Structures

Comparison between Array and Linked List Data Structures

kmarn
Understanding Logic Circuits in Aircraft Systems

Understanding Logic Circuits in Aircraft Systems

ailani
Understanding Sex-Linked Inheritance: Key Concepts and Examples

Understanding Sex-Linked Inheritance: Key Concepts and Examples

wade
Understanding Linked Data: Building a Semantic Web Ecosystem

Understanding Linked Data: Building a Semantic Web Ecosystem

ella779
Introduction to Linked Lists: An Overview of LinkedIntList

Introduction to Linked Lists: An Overview of LinkedIntList

atro956
Understanding Linked Lists in Data Structures and Algorithms

Understanding Linked Lists in Data Structures and Algorithms

ais_m
Understanding Basic Data Structures and Recursion in Programming

Understanding Basic Data Structures and Recursion in Programming

forseth_m
Understanding Linked Lists in Computer Science

Understanding Linked Lists in Computer Science

leven
Understanding Java Generics and Linked Lists

Understanding Java Generics and Linked Lists

caey700
Understanding Doubly Linked Lists in Data Structures

Understanding Doubly Linked Lists in Data Structures

sukhma
Automating Separation Logic with Trees and Data

Automating Separation Logic with Trees and Data

spee_jna
Understanding Abstract Data Types: Lists Exploration

Understanding Abstract Data Types: Lists Exploration

hish_2
Understanding Propositional Logic and Mathematical Logic in Computer Science

Understanding Propositional Logic and Mathematical Logic in Computer Science

leov452

More Related Content