Automatic Abstraction for Congruences A Story of Beauty and the - PowerPoint PPT Presentation
Automatic Abstraction for Congruences A Story of Beauty and the Beast Andy King and Harald Sndergaard Portcullis Computer Security University of Melbourne Andy King and Harald Sndergaard Automatic Abstraction for Congruences Structure of
Automatic Abstraction for Congruences A Story of Beauty and the Beast Andy King and Harald Søndergaard Portcullis Computer Security University of Melbourne Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Structure of this talk ◮ Related work: ◮ Philippe Granger: Static Analysis of Linear Congruence Equalities among Variables of a Program, TAPSOFT, 1991! ◮ Markus M¨ uller-Olm and Helmut Seidl: Analysis of Modular Arithmetic, TOPLAS, 2007 ◮ David Monniaux: Automatic Modular Abstractions for Linear Constraints, POPL, 2009 ◮ Bj¨ orn Wachter and Lijun Zhang: Best Probabilistic Transformers, VMCAI, 2010? ◮ Heart of the technique: ◮ describe (abstract) a Boolean function with a system of congruences ◮ technique interleaves SAT solving and merge for congruences Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Describing a function with congruence constraints ◮ Consider the function f = ( c ′ 0 ⊕ c 0 ) ∧ ( c ′ 1 ↔ ( c 1 ⊕ c 0 )) where ⊕ denotes exclusive or. ◮ Observe that f is described by the congruence constraints: � � � � c 0 + c ′ 0 ≡ 4 1 c 0 + c ′ 0 ≡ 4 1 s = = 2 c 1 + 2 c ′ 0 + 2 c ′ 1 ≡ 4 2 c 0 + 2 c 1 + 1 ≡ 4 c ′ 0 + 2 c ′ 1 ◮ s describes f since every solution of f is a solution of s : c ′ c ′ c 0 + c ′ 0 ≡ 4 1 2 c 1 + 2 c ′ 0 + 2 c ′ 1 ≡ 4 2 c 0 c 1 s f 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 1 0 1 1 1 1 0 0 1 1 1 0 0 0 0 1 0 0 0 1 0 0 0 1 0 1 0 0 0 0 0 1 1 0 1 0 0 0 . . . . . . . . . . . . . . . . . . . . . . . . Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Finding a congruence system s that describes f 1.1 Find a solution to f , namely, the satisfying assignment: m 1 = { c 0 �→ 1 , c 1 �→ 0 , c ′ 0 �→ 0 , c ′ 1 �→ 1 } 1.2 Represent m 1 as a triangular system of congruences: c 0 ≡ 4 1 ≡ 4 0 c 1 s 1 = c ′ ≡ 4 0 0 c ′ 1 ≡ 4 1 ← 1.3 Construct a function g 1 that holds iff c ′ 1 ≡ 4 1 does not hold: g 1 = ( c ′ 1 ⊕ 1) Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Finding a congruence system s that describes f (cont’) 2.1 Find a solution to f ∧ g 1 , namely, the satisfying assignment: m 2 = { c 0 �→ 1 , c 1 �→ 1 , c ′ 0 �→ 0 , c ′ 1 �→ 0 } 2.2 Represent m 2 as a system of congruence constraints s ′ 2 : c 0 ≡ 4 1 c 0 ≡ 4 1 c 1 ≡ 4 1 c 1 ≡ 4 0 s ′ 2 = and recall s 1 = c ′ 0 ≡ 4 0 c ′ 0 ≡ 4 0 c ′ c ′ 1 ≡ 4 0 1 ≡ 4 1 ≡ 4 1 c 0 2.3 Merge s ′ 2 and s 1 to obtain s 2 = c 1 + c ′ 1 ≡ 4 1 c ′ ≡ 4 0 ← 0 2.4 Construct a function g 2 that holds iff c ′ 0 ≡ 4 0 does not hold: g 2 = ( c ′ 0 ⊕ 0) Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Finding a congruence system s that describes f (cont’) 3.1 Find a solution to f ∧ g 2 , namely, the satisfying assignment: m 3 = { c 0 �→ 0 , c 1 �→ 0 , c ′ 0 �→ 1 , c ′ 1 �→ 0 } 3.2 Represent m 3 as a system of congruence constraints s ′ 3 : c 0 ≡ 4 0 c 0 ≡ 4 1 c 1 ≡ 4 0 s ′ c 1 + c ′ 3 = and recall s 2 = 1 ≡ 4 1 c ′ 0 ≡ 4 1 c ′ 0 ≡ 4 0 c ′ 1 ≡ 4 0 3.3 Merge s ′ 3 and s 2 to obtain � c 0 � + c ′ ≡ 4 1 0 s 3 = + c ′ + c ′ 1 ≡ 4 1 ← c 1 0 3.4 Construct g 3 that holds iff c 1 + c ′ 0 + c ′ 1 ≡ 4 1 does not hold: g 3 = ( t 0 ↔ c 1 ⊕ c ′ 0 ) ∧ ( t 1 ↔ c 1 ∧ c ′ 0 ) ∧ ( t ′ 0 ↔ c ′ 1 ⊕ t 0 ) ∧ ( t ′ 1 ↔ ( c ′ 1 ∧ t 0 ) ⊕ t 1 ) ∧ ( ¬ t ′ 0 ∨ t ′ 1 ) Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Finding a congruence system s that describes f (cont’) 4.1 Find a solution to f ∧ g 3 , namely, the satisfying assignment: m 4 = { c 0 �→ 0 , c 1 �→ 1 , c ′ 0 �→ 1 , c ′ 1 �→ 1 } 4.2 Represent m 4 as a system of congruence constraints s ′ 4 : c 0 ≡ 4 0 c 1 ≡ 4 0 s ′ 4 = c ′ 0 ≡ 4 1 c ′ 1 ≡ 4 0 4.3 Merge s 3 and s ′ 4 to obtain s 4 : � c 0 � + c ′ ≡ 4 1 0 s 4 = + 2 c ′ + 2 c ′ 2 c 1 1 ≡ 4 2 ← 0 4.4 Construct g 4 that holds iff c 1 + c ′ 0 + c ′ 1 ≡ 2 1 does not hold: g 4 = ( c 1 ⊕ c ′ 0 ⊕ c ′ 1 ) ⊕ 1 Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Finding a congruence system s that describes f (cont’) 5.1 Detect that f ∧ g 4 does not have a solution � c 0 � + c ′ ≡ 4 1 ← 0 √ s 4 = + 2 c ′ + 2 c ′ 2 c 1 1 ≡ 4 2 0 5.2 Construct g 5 that holds iff c 0 + c ′ 0 ≡ 4 1 does not hold: g 5 = ( t 0 ↔ c 1 ⊕ c ′ 0 ) ∧ ( t 1 ↔ c 1 ∧ c ′ 0 ) ∧ ( ¬ t 0 ∨ t 1 ) 5.3 Detect that f ∧ g 5 does not have a solution √ � c 0 + c ′ � ≡ 4 1 0 √ s 4 = 2 c 1 + 2 c ′ + 2 c ′ 1 ≡ 4 2 0 Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Summary of story so far ◮ The systems s 1 , s 2 , s 3 , s 4 constitute an increasing chain of congruence constraints: ◮ The system s i +1 has strictly more solutions than s i ; ◮ The maximal number of systems in chain is pn + 1 where 2 p = 4 is the modulo [TOPLAS, 2007] ◮ But does it scale? ◮ Depends on hardness of the SAT/SMT instance ◮ Depends on the join algorithm (needs to be inplace) Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Parity example ℓ 0 : p := 0; y := x ; ℓ 1 : while ( y � = 0) y := y & ( y − 1); p := 1 - p ; ℓ 2 : skip Then t ′ 1 = � ℓ 0 , ℓ 1 , c 1 � , t ′ 2 = � ℓ 1 , ℓ 1 , c 2 � and t ′ 3 = � ℓ 1 , ℓ 2 , c 3 � where ( ∧ 15 i =0 p ′ i ≡ 2 0) ∧ ( ∧ 15 c 1 = i =0 y ′ i ≡ 2 x i ) ∧ ( ∧ 15 i =0 x ′ i ≡ 2 x i ) ( ∧ 15 i =0 p ′ i ≡ 2 p i ) ∧ ( ∧ 15 i =0 x ′ i ≡ 2 x i ) ∧ p 0 + p ′ 0 ≡ 2 1 ∧ c 3 = ( ∧ 15 i =0 y i ≡ 2 0) ∧ ( ∧ 15 i =1 p i ≡ 2 p ′ i ) ∧ ( ∧ 15 i =0 y ′ i ≡ 2 0) ( ∧ 15 i =0 x i ≡ 2 x ′ c 2 = i ) ∧ y ′ 0 ≡ 2 0 ∧ 1 + � 15 � 15 i =1 y ′ i ≡ 2 i =0 y i Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Bit reversal example ℓ 0 : y := x ; y := (( y ≫ 1) & 0x5555) | (( y & 0x5555) ≪ 1); y := (( y ≫ 2) & 0x3333) | (( y & 0x3333) ≪ 2); y := (( y ≫ 4) & 0x0F0F) | (( y & 0x0F0F) ≪ 4); y := ( y ≫ 8) | ( y ≪ 8); ℓ 1 : skip Then t ′ = � ℓ 0 , ℓ 1 , c � where c = � 15 i =0 ( x ′ i ≡ 2 16 x i ∧ y ′ 15 − i ≡ 2 16 x i ) Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Bonus tracks ◮ Presented a new algorithm for congruence closure; ◮ Show how inequalities can be traced (see paper); ℓ 0 : assume(0 < n ); ℓ 0 : assume(0 < n ); x := 0; y := 0; x := 0; y := 0; δ := n − x ; ℓ 1 : while ( x < n ) ℓ 1 : while (0 < δ ) y := y + 2; ⇒ y := y + 2; x := x + 1; x := x + 1; ℓ 2 : skip δ := n − x ; ℓ 2 : skip ◮ Formulate the ideas with an unrestricted flowchart language with non-linear, bit-manipulating operations (see paper) Andy King and Harald Søndergaard Automatic Abstraction for Congruences
Recommend
More recommend
Explore More Topics
Stay informed with curated content and fresh updates.
Sambuz