Pointer Logic Daniel Kroening and Ofer Strichman Decision
- Slides: 25
Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure 1/25 Pointer Logic PSWLAB Changki Hong @
Why pointer logic? �A pointer is a program variable whose sole purpose is to refer to some other program construct. � Other program construct - variable, procedures, or another pointer �A Pointer is useful but common source of programming errors. � Aliasing � Null 2/25 pointer dereference error Pointer Logic Changki Hong @ PSWLAB
Table of Contents �Introduction �Pointer logic �Modeling Heap-Allocated Data Structures �A Decision Procedure �Conclusion 3/25 Pointer Logic Changki Hong @ PSWLAB
Memory model � The implementation of pointer relies on the fact that the memory cells of a computer have addresses, i. e. , each cell has a unique number. � Definition � 1. Memory model A memory model describes the assumptions that are made about the way memory cells are addressed. We assume that the architecture provides a continuous, uniform address space. Each address corresponds to a memory cell that is able to store one data word. A memory valuation M: A D is a mapping from a set of address A into the domain D of data words. 4/25 Pointer Logic Changki Hong @ PSWLAB
Memory layout � The compiler assigns a particular memory location to each static variable. � The mapping is called memory layout. � Definition 2. Memory layout A memory layout L: V A is a mapping from each variable v ∊ V to an address a ∊ A, where V denote the set of variables and A denote the set of addresses. � Memory layout is nonoverlapping which means that the memory locations of the statically allocated variables are distinct. � How about dynamic memory allocation? � 5/25 Pointer Logic Changki Hong @ PSWLAB
Dynamic memory allocation � Dynamic data structures are created at the run time of the program. A runtime library maintains a list of the memory regions that are unused. � A function, which is part of this library, allocates a region of given size and returns a pointer to the beginning of the region. ( malloc(), …) � The memory layout changes during the runtime of the program. � The lifetime of a dynamic object is the time between its allocation and its deallocation. � 6/25 Pointer Logic Changki Hong @ PSWLAB
Analysis of programs with pointers � Aliasing � a situation in which a data location in memory can be accessed through different symbolic names in the program. � Modifying the data through one name implicitly modifies the values associated to all aliased names, which is not expected by the programmer. � Dereferencing a situation which a pointer doesn’t point to a proper object. � Example � 7/25 Pointer Logic Changki Hong @ PSWLAB
Table of Contents �Introduction �Pointer logic �Modeling Heap-Allocated Data Structures �A Decision Procedure �Conclusion 8/25 Pointer Logic Changki Hong @ PSWLAB
Syntax � The syntax of a formula in pointer logic is defined by the following rules: pointer-identifier is of pointer type � identifier is of integers or an array of integers � 9/25 Pointer Logic Changki Hong @ PSWLAB
Semantics � Define � the semantics by referring to memory layout L � L: � (1/2) V A is a mapping from each variable v ∊ V to an address a ∊ A memory valuation M A D, mapping from a set of address A into the domain D of data words � M: � Pointer logic formulas are predicates on M, L pairs and the definition of semantics uses a reduction to integer arithmetic and array logic. � We treat M and L as array types. 10/25 Pointer Logic Changki Hong @ PSWLAB
Semantics � Definition (2/2) 3. Semantics of pointer logic Let LP denote the set of pointer logic expressions, and let LD denote the set of expressions permitted by the logic for the data words. � The function [⋅] is defined [⋅] : LP LD for e ∊ LP. The function [e] is defined recursively. The expression e∊ LP is valid if and only if [e] is valid. � 11/25 Pointer Logic Changki Hong @ PSWLAB
Example is an array identifier. � The semantic definition of the expression expands as follows: �a � Last equation is obviously valid, and thus so is original expression. 12/25 Pointer Logic Changki Hong @ PSWLAB
Table of Contents �Introduction �Pointer logic �Modeling Heap-Allocated Data Structures �A Decision Procedure �Conclusion 13/25 Pointer Logic Changki Hong @ PSWLAB
Lists (1/2) � The simplest dynamically allocated data structure is the linked list. Structure type � contains fields for a next pointer and the data. � � So, How to model linked list in pointer logic formulas? 14/25 Pointer Logic Changki Hong @ PSWLAB
Lists � We � (2/2) need to model the field for a next pointer. Recursive definition � We need to add the property that the last element of the acyclic list should point a NULL. � Add another definition 15/25 Pointer Logic Changki Hong @ PSWLAB
Table of Contents �Introduction �Pointer logic �Modeling Heap-Allocated Data Structures �A Decision Procedure �Conclusion 16/25 Pointer Logic Changki Hong @ PSWLAB
Applying the semantic translation � The semantic translation assigns meaning to the pointer logic formulas � gives rise to a simple decision procedure � The formula generated by semantic translation contain � � array read operator (recall that memory layout L and memory valuation M are considered as array read operation) � linear arithmetic for the index. � equality over the type for modeling the contents of the memory cells � Decision 1. 2. procedure for pointer logic Apply the semantic translation to a pointer formula to obtain a formula in the combined logic of linear arithmetic and array. Pass the formula to the decision procedure for the combined logic. 17/25 Pointer Logic Changki Hong @ PSWLAB
Examples � We want to check validity of following pointer logic formula: � The semantic translation expands as follows: � A decision procedure for array logic and equality logic easily concludes that the formula above is valid. 18/25 Pointer Logic Changki Hong @ PSWLAB
Pure variables (1/2) � Sometimes the semantic translation can place an undue burden on the underlying decision procedure, as illustrated by the following example: A decision procedure for array logic and equality logic is certainly able to deduce that the original formula is valid. � Therefore, the semantic translation process is not required in this kind of situation. � 19/25 Pointer Logic Changki Hong @ PSWLAB
Pure variables � Definition � 4. Pure variables Given a formula with a set of variables V, let denote the subset of ’s variables that are not used within an argument of the “&” operator within. These variables are called pure. � Definition � (2/2) 5. [∙]P A new translation function [e]P is identical to the definition [e] unless e denotes a variable. The new definition is: 20/25 Pointer Logic Changki Hong @ PSWLAB
Example � This no longer burdens the decision procedure for array logic: 21/25 Pointer Logic Changki Hong @ PSWLAB
Reachability predicate � Definition � 6. This stands for the pointer that is obtained by starting from q and following the field f, n times: � Definition � (1/2) 7. reachability predicate, We call a predicate as reachability predicate which satisfies following two conditions: � There exists some n such that q is reachable from p by following f for n times. � x is not reachable in fewer than n steps from p following f. � 22/25 Pointer Logic Changki Hong @ PSWLAB
Reachability predicate (2/2) � We say that a formula is a reachability predicate formula if it contains the reachability predicate. Reachability predicate formulas often have quantifiers, which make decision problems much harder. � There is no automatic decision procedure for a logic that includes a reachability predicate. � 23/25 Pointer Logic Changki Hong @ PSWLAB
Table of Contents �Introduction �Pointer logic �Modeling Heap-Allocated Data Structures �A Decision Procedure �Conclusion 24/25 Pointer Logic Changki Hong @ PSWLAB
Conclusion � The semantic translation not only assigns meaning to the pointer logic formulas, but also gives rise to a simple decision procedure. � Deciding pointer logic including reachability predicate is still an open problem. 25/25 Pointer Logic Changki Hong @ PSWLAB
Constant pointer and pointer to constant
Pointer of pointer in c
Constant pointer and pointer to constant
Pointer constant in c
Display the address of intval using cout and intptr.
Pointer expressions and pointer arithmetic in c
Ofer aharony
Pointer pointer
Pointer pointer
No decision snap decision responsible decision
Slidetodoc.com
Daniel pointer
Python decision structures
Decision tree and decision table examples
First order logic vs propositional logic
First order logic vs propositional logic
First order logic vs propositional logic
Combinational logic circuit vs sequential
Tw
Project management plan example
Is it x y or y x
Combinational logic sequential logic 차이
Logic chapter three
Decision logic table
Modeling logic with decision tables
Modeling logic with decision tables
