Inter-procedural Two-Variable Herbrand Equalities

We prove that all valid Herbrand equalities can be interprocedurally inferred for programs where all assignments are taken into account whose right-hand sides depend on at most one variable. The analysis is based on procedure summaries representing the weakest preconditions for finitely many generic post-conditions with template variables. In order to arrive at effective representations for all occurring weakest pre-conditions, we show for almost all values possibly computed at run-time, that they can be uniquely factorized into tree patterns and a terminating ground term. Moreover, we introduce an approximate notion of subsumption which is effectively decidable and ensures that finite conjunctions of equalities may not grow infinitely. Based on these technical results, we realize an effective fixpoint iteration to infer all inter-procedurally valid Herbrand equalities for these programs. How can we infer that an equality such as x . = y holds at some program point, if the operators by which the program variables x and y are computed, do not satisfy obvious algebraic laws? This is the case, e.g., when either very high-level operations such as sqrt, or very low-level operations such as bit-shift are involved or, generally, for floating-point calculations. Still, the equality x . = y can be inferred, if x and y are computed by means of syntactically identical terms of operator applications. The equality then is called Herbrand equality. The problem of inferring valid Herbrand equalities dates back to [1] where it was introduced as the famous value numbering problem. Since quite a while, algorithms are known which, in absence of procedures, infer all valid Herbrand equalities [11,21]. These algorithms can even be tuned to run in polynomial time, if only invariants of polynomial size are of interest [7]. Surprisingly little is known about Herbrand equalities if recursive procedure calls are allowed. In [17] it has been observed that the intra-procedural techniques can be extended to programs with local variables and functions – but without global variables. The ideas there are strong enough to generally infer all Herbrand constants in programs with procedures and both local and global variables, i.e., invariants of the form x . = t where t is ground. Another tractable case of invariants is obtained if only assignments are taken into account whose right-hand sides have at most one occurrence of a variable [18]. Thus, assignment x = f(y, a); is considered while assignments such as x = f(y,y); or x = f(y, z); are approximated with x = ?;, i.e., by an assignment of an unknown value to x. The idea is to encode ground terms as numbers. Then Herbrand equalities can be represented as polynomial equalities with a fixed number of variables and of bounded degree. Accordingly, techniques from linear algebra are sufficient to infer all valid Herbrand equalities for such programs. As a special case, Petter’s class of programs from [18] subsumes those programs where only unary operators are involved. Such programs have been considered by [8]. Interestingly, the latter paper arrives at decidability by a completely different line of argument, namely, by exploiting properties of the free monoid generated from the unary operators. Another avenue to decidability is to restrict the control structure of programs to be analyzed. In [5], the restricted class of Sloopy Programs is introduced where the format of loop as well as recursion is drastically restricted. For this class an algorithm is not only provided to decide arbitrary equalities between variables but also disequalities. On the other hand, when only affine numerical expressions as well as affine program invariants are of concern, the set of valid invariants at a program point form a vector space which can be effectively represented. This observation is exploited in [14] to apply methods from linear algebra to infer all valid affine program invariants. These methods later have been adapted to the case where values of variables are not from a field, but where integers will overflow at some power of 2, i.e., are taken from a modular ring. Note that in the latter structure, some number different from 0 may be a zero divisor and thus does not have a multiplicative inverse [15]. For some applications, an analysis of general equalities is not necessary. In applications such as coalescing of registers [16] or detection of local variables in low-level code [4], it suffices to infer equalities involving two variables only. In the affine case, algorithms for inferring all two-variable equalities can be constructed which have better complexities as the corresponding algorithms for general equalities [4]. The question whether or not all inter-procedurally valid Herbrand equalities can be inferred, is still open. Here, we consider the case of Herbrand equalities containing two variables only. These are equalities such as x . = f(g(y),y, a), i.e., right-hand sides of equalities may contain only a single variable, but this multiple times. Accordingly, in programs only assignments are taken into account whose right-hand sides contain (arbitrarily many) occurrences of at most one variable. Our main result is that under this provision, all inter-procedurally valid two-variable Herbrand equalities can be inferred. Our novel analysis is based on calculating weakest pre-conditions for all occurring post-conditions. Since there may be infinitely many potential postconditions for a called procedure, we rely on generic post-conditions to obtain finite representations of procedure summaries. In a generic post-condition secondorder variables are used as place-holders for yet unknown relationships between program variables. In the generic post-condition