Program Analysis via 3 Valued Logic Thomas Reps
- Slides: 125
Program Analysis via 3 -Valued Logic Thomas Reps University of Wisconsin Joint work with Mooly Sagiv and Reinhard Wilhelm
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t NULL y 1 2 x 3 NULL
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x Materialization
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; } t y NULL x
Original Problem: Shape Analysis • Characterize dynamically allocated data – x points to an acyclic list, tree, dag, etc. – data-structure invariants • Identify may-alias relationships • Establish “disjointedness” properties – x and y point to structures that do not share cells
Formalizing “. . . ” Informal: x Formal: x Summary node
Why is Shape Analysis Difficult? • Destructive updating through pointers – p next = q – Produces complicated aliasing relationships • Dynamic storage allocation – No bound on the size of run-time data structures • Data-structure invariants typically only hold at the beginning and end of operations – Need to verify that data-structure invariants are re-established
Applications: Code Optimization • Machine-independent optimizations – constant propagation – loop-invariant code motion – common subexpression elimination • Machine-dependent optimizations – register allocation – parallelization – software prefetching • Insert storage-reclamation operations • Eliminate or move “checking code”
Applications: Software Tools • Static detection of memory errors (cleanness) – dereferencing NULL pointers – dereferencing dangling pointers – memory leaks • Static detection of logical errors – Is a shape invariant restored? • What is in the heap? – list? doubly-linked list? tree? DAG? – disjoint? intertwined?
Properties of reverse(x) • On entry: x points to an acyclic list • On exit: y points to an acyclic list • On exit: x = = NULL • On each iteration, x and y point to disjoint acyclic lists • All the pointer dereferences are safe • No memory leaks
A ‘Yacc’ for Shape Analysis: TVLA • Parametric framework – Some instantiations known analyses – Other instantiations new analyses
A ‘Yacc’ for Shape Analysis: TVLA • Parametric framework – Some instantiations known analyses – Other instantiations new analyses • Applications beyond shape analysis – Partial correctness of sorting algorithms – Safety of mobile code – Deadlock detection in multi-threaded programs – Partial correctness of mark-and-sweep gc alg.
A ‘Yacc’ for Static Analysis: TVLA • Parametric framework – Some instantiations known analyses – Other instantiations new analyses • Applications beyond shape analysis – Partial correctness of sorting algorithms – Safety of mobile code – Deadlock detection in multi-threaded programs – Partial correctness of mark-and-sweep gc alg.
A ‘Yacc’ for Static Analysis (Using Logic) • Correctness proofs via inductive-assertion method • Proof derivation via weakest-precondition calculus • “Annotate your loops with invariants!”
A ‘Yacc’ for Static Analysis (Using Logic) “I learned many things – and equally important – I unlearned many things. ” — S. K. Allison WP • Correctness proofs via inductive-assertion method • Proof derivation via weakest-precondition calculus • “Annotate your loops with invariants!”
A ‘Yacc’ for Static Analysis (Using Logic) • First-order structures (= predicate tables) – hold recorded information – model-theoretic approach, not proof-theoretic • Formulae – means for observing information • Predicate-update formulae – operational semantics – update recorded information
Recorded Information (for reverse)
Recorded Information (for reverse) x y u 1 u 2 u 3 u 4
Formulae for Observing Properties • Are x and y pointer aliases? v: x(v) y(v) • Does x point to a cell with a self cycle? v : x(v) n(v, v) • Is cell v heap-shared? v 1, v 2 : n(v 1, v) n(v 2, v) v 1 v 2
Are x and y Pointer Aliases? Yes v: x(v) y(v) 1 = x y u 1 u 2 u 3 u 4
Predicate-Update Formulae for ‘y = NULL’ • • x’(v) = x(v) y’(v) = 0 t’(v) = t(v) n’(v 1, v 2) = n(v 1, v 2)
Predicate-Update Formulae for ‘y = NULL’ y’(v) = 0 x y u 1 0 u 2 u 3 u 4
Predicate-Update Formulae for ‘y = x’ • • x’(v) = x(v) y’(v) = x(v) t’(v) = t(v) n’(v 1, v 2) = n(v 1, v 2)
Predicate-Update Formulae for ‘y = x’ y’(v) = x(v) x y u 1 1 u 2 u 3 u 4
Predicate-Update Formulae for ‘x = x n’ • • x’(v) = v 1: x(v 1) n(v 1, v) y’(v) = y(v) t’(v) = t(v) n’(v 1, v 2) = n(v 1, v 2)
Predicate-Update Formulae for ‘x = x n’ x’(v) = v 1: x(v 1) n(v 1, v) x y 0 1 u 2 u 3 u 4
Predicate-Update Formulae for ‘y n = t’ • • x’(v) = x(v) y’(v) = y(v) t’(v) = t(v) n’(v 1, v 2) = y(v 1) n(v 1, v 2) y(v 1) t(v 2)
Outline • • Logic and box/arrow diagrams Kleene’s 3 -valued logic The abstraction principle Using 3 -valued structures to represent sets of stores • Conservative extraction of store properties • Abstract interpretation • More precise abstract interpretation
Two- vs. Three-Valued Logic Two-valued logic 0 1 Three-valued logic {0, 1} {0} {1} {0} {0, 1} {1} {0, 1}
Two- vs. Three-Valued Logic Two-valued logic Three-valued logic
Two- vs. Three-Valued Logic Two-valued logic 0 1 Three-valued logic {0, 1} {0} {1}
Two- vs. Three-Valued Logic Two-valued logic 0 Three-valued logic 1 ½ 0 1 0 3½ 1 3½
Boolean Connectives [Kleene]
Three-Valued Logic • : 1 True • 0: False • 1/2: Unknown • A join semi-lattice: 0 1 = 1/2 Information order
Outline • • Logic and box/arrow diagrams Kleene’s 3 -valued logic The abstraction principle Using 3 -valued structures to represent sets of stores • Conservative extraction of store properties • Abstract interpretation • More precise abstract interpretation
Why is Shape Analysis Difficult? • Destructive updating through pointers – p next = q – Produces complicated aliasing relationships • Dynamic storage allocation – No bound on the size of run-time data structures • Data-structure invariants typically only hold at the beginning and end of operations – Need to verify that data-structure invariants are re-established
The Abstraction Principle x u 1 u 2 u 3 u 4 0 1 0 0 0 x u 1 u 234
What Stores Does a 3 -Valued Structure Represent? • Example 3 -valued structure – individuals: {u 1} – predicates: • graphical presentation x u 1 • concrete stores represented x 8 x 3 x 37
What Stores Does a 3 -Valued Structure Represent? • Example 3 -valued structure • graphical presentation x u 1 u • concrete stores x 31 71 91
What Stores Does a 3 -Valued Structure Represent? • Example 3 -valued structure • graphical presentation x u 1 u • concrete stores x 31 71 91
Property-Extraction Principle • Questions about store properties can be answered conservatively by evaluating formulae in three-valued logic • Formula evaluates to 1 formula always holds in every store • Formula evaluates to 0 formula never holds in any store • Formula evaluates to 1/2 don’t know
Are x and y Pointer Aliases? Yes x y u 1 u v: x(v) y(v) 1 1 1
Is Cell u Heap-Shared? Maybe x y u u 1 v 1, v 2: n(v 1, u) n(v 2, u) v 1 v 2 1/2 1/2 1
Outline • • Logic and box/arrow diagrams Kleene’s 3 -valued logic The abstraction principle Using 3 -valued structures to represent sets of stores • Conservative extraction of store properties • Abstract interpretation • More precise abstract interpretation
Abstract Interpretation f (a, b) = (16 * b + 3) * (2 * a + 1) * + 3 * 16 + 0 0 0 1 1 2 2 3 3 1 1 2 3 4 2 2 3 4 5 + b 3. . . 4. . . 5. . . 6. . . 1 * 2 a * 0 0 0 1 0 2 0 3 0 1 2 3 2 0 2 4 6 3. . . 0. . . 3. . . 6. . . 9. . .
Abstract Interpretation f (a, b) = (16 * b + 3) * (2 * a + 1) O O E + O E 3 * E 16 * b ? E + O 1 * 2 O a ? f: _ _ O
Shape Analysis via Abstract Interpretation • Iteratively compute a set of 3 -valued structures for every program point • Every statement transforms structures according to the predicate-update formulae – use 3 -valued logic instead of 2 -valued logic – use exactly the predicate-update formulae of the concrete semantics!!
Predicate-Update Formulae for “y = x” y’(v) = x(v) Old: New: x x y u 1 u 1 u
Predicate-Update Formulae for “x = x n” x’(v) = v 1: x(v 1) n(v 1, v) New: Old: x y u u 1 0 1/2 y u 1 x u
Abstract Interpretation T T# Concrete Sets of stores Abstract Descriptors of sets of stores
Abstract Interpretation T T# Abstract Concrete Ordinarily: Must define both T and T#
Abstract Interpretation T T# Abstract Concrete Ordinarily: Complicated proof of correctness!
Abstract Interpretation T T# Abstract Concrete Our approach: Same formula for T and T#
Abstract Interpretation T T# Abstract Concrete Our approach: No proof! We did it for you!
The Embedding Theorem x No y v: x(v) y(v) No No Maybe u 1 y u 3, 4 u 2 x u 1 x u 4 u 3 u 2 x u 2, 3, 4 y u 1, 2, 3, 4
How Are We Doing? • Conservative • Convenient • But not very precise – Advancing a pointer down a list loses precision – Cannot distinguish an acyclic list from a cyclic list
Cyclic versus Acyclic Lists x 31 x u 1 71 u 91
Outline • • Logic and box/arrow diagrams Kleene’s 3 -valued logic The abstraction principle Using 3 -valued structures to represent sets of stores • Conservative extraction of store properties • Abstract interpretation • More precise abstract interpretation
The Instrumentation Principle • Increase precision by storing the truthvalue of some chosen formulae • Introduce predicate-update formulae to update the extra predicates
Example: Heap Sharing is(v) = v 1, v 2: n(v 1, v) n(v 2, v) v 1 v 2 x 31 71 91 is = 0 x u 1 is = 0 u is = 0
Example: Heap Sharing is(v) = v 1, v 2: n(v 1, v) n(v 2, v) v 1 v 2 x 31 71 91 is = 0 is = 10 is = 0 x u 1 u is = 0 is = 1 is = 0
Is Cell u Heap-Shared? is = 0 x y No! is = 0 u u 1 v 1, v 2: n(v 1, u) n(v 2, u) v 1 v 2 1/2 1/2 1 Maybe
Predicate-Update Formulae for ‘y = NULL’ • • • x’(v) = x(v) y’(v) = 0 t’(v) = t(v) n’(v 1, v 2) = n(v 1, v 2) is’(v) = is(v)
Predicate-Update Formulae for ‘y = x’ • • • x’(v) = x(v) y’(v) = x(v) t’(v) = t(v) n’(v 1, v 2) = n(v 1, v 2) is’(v) = is(v)
Predicate-Update Formulae for ‘x = x n’ • • • x’(v) = v 1: x(v 1) n(v 1, v) y’(v) = y(v) t’(v) = t(v) n’(v 1, v 2) = n(v 1, v 2) is’(v) = is(v)
Predicate-Update Formulae for ‘y n = t’ • • • x’(v) = x(v) y’(v) = y(v) t’(v) = t(v) n’(v 1, v 2) = y(v 1) n(v 1, v 2) y(v 1) t(v 2) is’(v) = v 1, v 2: (is(v) n’(v 1, v) n’(v 2, v) v 1 v 2) (t(v) n(v 1, v) y(v 1((
Materialization Formal: x y x x = x n y Informal: x y x x = x n y Formal: x y x x = x n y
The Focusing Principle • “Bring the structure into better focus” – Selectively force 1/2 to 0 or 1 – Avoid indefiniteness • Then apply the predicate-update formulae
(1)Focus on v 1: x(v 1) n(v 1, v) x y u 1 u x y x y u 1 u. 0
(2)Evaluate Predicate-Update Formulae x’ (v) = v 1: x(v 1) n(v 1, v) x y u 1 y u u 1 u x x y u 1 y u u u 1 x x y u 1 u. 0
(3)Apply Constraint Solver y y u 1 y u x x y u u 1 x u. 1 u. 0 y u 1 u. 0
(3)Apply Constraint Solver x y u 1 u. 0 n(v 1, v ) n(v 2, v) v 1 v 2 is(v) n(v 1, v) v 1 v 2 n(v 2, v) is(v) v) 1 1 1 0
(3)Apply Constraint Solver x y u 1 u. 0
(3)Apply Constraint Solver x y u 1 u. 0 n(v 1, v ) n(v 2, v) v 1 v 2 is(v) n(v 1, v) v 1 v 2 n(v 2, v) 1 1 1 0
(3)Apply Constraint Solver x y u 1 u. 0 x(v 1) x(v 2) v 1 = v 2 1 1 1
(3)Apply Constraint Solver x y u 1 u. 0
Formalizing “. . . ” Informal: x y Formal: x y Summary node
Formalizing “. . . ” Informal: t 1 x y Formal: t 2 x t 1 y t 2
Formalizing “. . . ” Informal: x y Formal: reachable from variable x reachable from variable y x r[x] r[y] y
Formalizing “. . . ” Informal: t 1 x y t 2 Formal: x r[x] r[y] t 1 r[x], r[t 1] r[y], r[t 2] y t 2
A ‘Yacc’ for Shape Analysis %%pointer-field predicates n(v 1, v 2) %%instrumentation-predicate definitions is(v) = v 1, v 2: n(v 1, v) n(v 2, v) v 1 v 2 %%predicate-update formulae stmt : $x = NULL { is’(v) = is(v); } | $x = $t n { is’(v) = is(v); } | $x n = $t { is’(v= ( v 1, v 2: (is(v) n’(v 1, v) n’(v 2, v) v 1 v 2) (t(v) n(v 1, v) y(v 1)); } | $x = malloc(INT) { is’(v) = is(v) NEW(v); } ;
Why is Shape Analysis Difficult? • Destructive updating through pointers – p next = q – Produces complicated aliasing relationships – Track aliasing on 3 -valued structures • Dynamic storage allocation – No bound on the size of run-time data structures – Abstraction principle finite-sized 3 -valued structures • Data-structure invariants typically only hold at the beginning and end of operations – Need to verify that data-structure invariants are reestablished – Evaluate formulas over 3 -valued structures
Example: In-Situ List Reversal typedef struct list_cell { int val; struct list_cell *next; } *List; Run Demo List reverse (List x) { List y, t; y = NULL; while (x != NULL) { t = y; y = x; x = x next; y next = t; } return y; }
Example: Mark and Sweep void Mark(Node root) { if (root != NULL) { pending = pending {root} marked = while (pending ) { x = Select. And. Remove(pending) marked = marked {x} t = x left if (t NULL) if (t marked) pending = pending {t} t = x right if (t NULL) if (t marked) pending = pending {t} } } assert(marked = = Reachset(root)) } void Sweep() { unexplored = Universe collected = while (unexplored ) { x = Select. And. Remove(unexplored) if (x marked) collected = collected {x} } assert(collected = = Universe – Reachset(root) ) } Run Demo
TVLA vs. Model Checking TVLA • Determine properties of a transition system • State-space exploration • State labels: 1 st-order structures • 3 -valued structures represent commonalities • Properties checked: Formulas in FO+TC Model checking • Determine properties of a transition system • State-space exploration • State labels: Propositions • BDDs represent commonalities • Properties checked: Formulas in temporal logic
Summary • 1/2 arises from abstraction – One-sided analyses (e. g. , 1 means “true”, 0 means “don’t know”) conflate 0 and 1/2 – 1/2 essential; conflation not essential • For program analysis, 3 -valued logic allows: – Materialization – Conservative extraction of properties
- Composite attribute example
- Thomas reps
- Tarjan+xxx
- Representatives per state
- Sistema reps
- Via crucis via lucis
- Via negativa
- Vía lucis para niños
- Lesion primera y segunda motoneurona
- Palavras convergentes
- Socially valued resources
- Multivalued dependency
- Multivalued dependency definition
- Communication and employability
- Chapter 8 thinking language and intelligence
- Which of these are valued as a special zero-growth case
- Find the domain of the vector valued function
- Real valued function
- First order logic vs propositional logic
- First order logic vs propositional logic
- Third order logic
- Combinational logic circuit vs sequential
- Cryptarithmetic problem logic+logic=prolog
- Project management plan example
- Majority circuit
- Combinational logic sequential logic 차이
- If x = 0 and y = 1, which output line is enabled?
- Forensic pathologist vs forensic anthropologist
- Program logic control
- It uses a condensed form of english to convey program logic
- Program logic model examples
- Logic formulation
- Program logic model examples
- What does a dot mean when placed on a pld circuit diagram
- Combinational logic analysis
- Aoi logic analysis
- Totem by thomas king symbolism
- Signs of the times thomas carlyle
- Loves farewell analysis
- Sequential program and an event-driven program
- Perangkat lunak pada komputer disebut juga
- Program tahunan adalah
- Microsoft excel merupakan program aplikasi … *
- Mengenal aplikasi pengolah angka
- Ms word
- Mars exploration program analysis group
- Nsa director's summer program
- Program contribution analysis
- Bsa risk assessment tool
- Asea via source
- Villa doria dangri
- Sistema anterolateral y dorsal lemnisco
- Medicamento via nasal
- Alineacion de ejes intubacion
- Cascada de coagulacion
- Valores normales de bilirrubina
- Bilis
- Vía mesolimbica
- Direct shipping network
- Torre milano via stresa
- Receptor sensorial
- Paraplegia spastica ereditaria
- Centro per limpiego torino
- Partes del sistema respiratorio
- Via alternativa complemento
- Reflejos primitivos
- Do que miranda, amiga de via, chamava august?
- Residenza borsellino torino
- Via eminentia
- Regression shrinkage and selection via the lasso.
- Vía mesolimbica
- Ictericia obstructiva
- Vía aferente y eferente
- Odonto system 2 via
- Enols and enolates organic chemistry
- Circuito diretto e indiretto gangli della base
- Via comunale maranda napoli
- Liceo danilo dolci orario scolastico
- Via pettinati 46 padova
- Moody sdr menu
- Esteban garcia la casa de los espiritus
- Uretrotomia interna
- Ic via roma spirito santo
- Diametro de la via lactea en notacion cientifica
- Fases de intoxicacion por paracetamol
- Lemnisco laterale via acustica
- Npi via monginevro
- Via alternativa complemento
- Idrocentro casale monferrato
- Ics madre teresa di calcutta milano
- Areas of the screen that behave as if they were independent
- Cefotaxima via oral
- Materiali per acquedottistica modena
- Via de embden meyerhof
- Training gaussian mixture models at scale via coresets
- Nuclei della base
- Engångsunderlägg blöjbyte
- Vía paleoespinotalámica
- Via lucis corto
- Universo
- Ofc cerebro
- Via tortona spazio eventi
- Data exposure via rest api
- Dependability via redundancy
- Via topica
- Speechvoice
- Tipo ii
- Collaborating via social networks in cloud computing
- Http://www.singlewindow.cn
- Localização do sol na via lactea
- Neurologia ospedale bellaria
- Vias extrapiramidales
- Vie parenterali
- Apprenticeship learning via inverse reinforcement learning
- Apprenticeship learning via inverse reinforcement learning
- Evolução funcional via não acadêmica
- Amadeus bmp
- Zona ventroglútea
- Via sacra de maria
- Via piramidal y extrapiramidal
- Via carpathia
- Etapas de la respiración
- Differenza tra vas e via
- Via crucis josefa menendez
- Que es el sistema piramidal y extrapiramidal
- Lensectomia via pars plana