Presentation is loading. Please wait.

Presentation is loading. Please wait.

Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 6: Abstract Interpretation 1 Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav.

Similar presentations


Presentation on theme: "Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 6: Abstract Interpretation 1 Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav."— Presentation transcript:

1 Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 6: Abstract Interpretation 1 Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav

2 Abstract Interpretation [Cousot’77] Mathematical foundation of static analysis 2

3 Abstract Interpretation [Cousot’77] Mathematical foundation of static analysis – Abstract (semantic) domains(“abstract states”) – Transformer functions (“abstract steps”) – Chaotic iteration (“abstract computation”) 3

4 Abstract Interpretation [CC77] A very general mathematical framework for approximating semantics – Generalizes Hoare Logic – Generalizes weakest precondition calculus Allows designing sound static analysis algorithms – Usually compute by iterating to a fixed-point – Not specific to any programming language style Results of an abstract interpretation are (loop) invariants – Can be interpreted as axiomatic verification assertions and used for verification 4

5 Abstract Interpretation in 5 Slides Disclaimer – Do not worry if you feel that you do not understand the next 5 slides You are not expected to … – This is just to give you a view of the land …

6 Collecting semantics For a set of program states State, we define the collecting lattice (2 State, , , , , State) The collecting semantics accumulates the (possibly infinite) sets of states generated during the execution – Not computable in general 6

7 “Proof” 7 if x>0 x := x-1 entry x:= x + 1 xZxZ xZxZ { x <=0} { x >0} x := x-1 { x <-1} { x <0} xZxZ { x >1}

8 Abstract (conservative) interpretation 8 set of states operational semantics (concrete semantics) statement S set of states  abstract representation abstract semantics statement S abstract representation concretization

9 Abstract (conservative) interpretation 9 {x ↦ 1, x ↦ 2, …}{x ↦ 0, x ↦ 1, …} operational semantics (concrete semantics) x=x-1 {x ↦ 0, x ↦ 1, …}  0 < x abstract semantics x = x -1 0 ≤ x concretization

10 Abstract (conservative) interpretation 10 {x ↦ 1, x ↦ 2, …}{…, x ↦ 0, …} operational semantics (concrete semantics) x=x-1 {x ↦ 0, x ↦ 1, …}  0 < x abstract semantics x = x -1  concretization

11 Abstract (non-conservative) interpretation 11 {x ↦ 1, x ↦ 2, …}{ x ↦ 1, …} operational semantics (concrete semantics) x=x-1 {x ↦ 0, x ↦ 1, …} ⊈ 0 < x abstract semantics x = x -1 0 < x concretization

12 Abstract Interpretation by Example

13 Available Expressions Analysis A static analysis that infers for every program point a set of facts of the form AV = { x = y | x, y  Var }  { x = - y | x, y  Var }  { x = y op z | y, z  Var, op  {+, -, *, <=} } For every program with n=|Var| variables number of possible facts is finite: |AV|=O(n 3 ) – Yields a trivial algorithm … but, is it efficient? 13

14 What do we need to prove? 14 { true } C 1 x := a op b C 2 { x = a op b } y := a op b C 3 { true } C 1 x := a op b C 2 { x = a op b } y := x C 3 CSE

15 Developing a theory of approximation Formulae are suitable for many analysis-based proofs but we may want to represent predicates in other ways: – Sets of “facts” – Automata – Linear (in)equalities – … ad-hoc representation Wanted: a uniform theory to represent semantic values and approximations 15

16 Preorder We say that a binary order relation  over a set D is a preorder if the following conditions hold for every d, d’, d’’  D – Reflexive: d  d – Transitive: d  d’ and d’  d’’ implies d  d’’ There may exist d, d’ such that d  d’ and d’  d yet d  d’ 16

17 Partial order A binary order relation  over a set D is a partial order if –  is a preorder –  is anti-symmetric For any d, d’ if d  d’ and d’  d then d = d’ Notation: if d  d’ and d  d’ we write d  d’ 17

18 Some posets-related terminology If x  y we can say – x is lower than y – x is more precise than y – x is more concrete than y – x under-approximates y – y is greater than x – y is less precise than x – y is more abstract than x – y over-approximates x 18

19 Intuition {x > 0}  x  Z

20 Pointed poset A poset (D,  ) with a least element  is called a pointed poset, and denoted by (D, ,  ) For all d  D we have that   d We can always transform a poset (D,  ) into a pointed poset by adding a special bottom element (D  {  },   {  d | d  D},  ) 20

21 Join operator Assume a poset (D,  ) Let X  D be a subset of D (finite/infinite) The join of X is defined as –  X = the least upper bound (LUB) of all elements in X if it exists –  X = min  { b | forall x  X we have that x  b} – The supremum of the elements in X – A kind of abstract union (disjunction) operator Properties of a join operator – Commutative: x  y = y  x – Associative: (x  y)  z = x  (y  z) – Idempotent: x  x = x 21

22 Join operator Assume a poset (D,  ) Let X  D be a subset of D (finite/infinite) The join of X is defined as –  X = the least upper bound (LUB) of all elements in X if it exists –  X = min  { b | forall x  X we have that x  b} – The supremum of the elements in X – A kind of abstract union (disjunction) operator Properties of a join operator – Commutative: x  y = y  x – Associative: (x  y)  z = x  (y  z) – Idempotent: x  x = x 22

23 Meet operator Assume a poset (D,  ) Let X  D be a subset of D (finite/infinite) The meet of X is defined as –  X = the greatest lower bound (GLB) of all elements in X if it exists –  X = max  { b | forall x  X we have that b  x} – The infimum of the elements in X – A kind of abstract intersection (conjunction) operator Properties of a join operator – Commutative: x  y = y  x – Associative: (x  y)  z = x  (y  z) – Idempotent: x  x = x 23

24 Meet operator Assume a poset (D,  ) Let X  D be a subset of D (finite/infinite) The meet of X is defined as –  X = the greatest lower bound (GLB) of all elements in X if it exists –  X = max  { b | forall x  X we have that b  x} – The infimum of the elements in X – A kind of abstract intersection (conjunction) operator Properties of a join operator – Commutative: x  y = y  x – Associative: (x  y)  z = x  (y  z) – Idempotent: x  x = x 24

25 Complete lattices A complete lattice (D, , , , ,  ) is A set of elements D A partial order x  y A join operator  A meet operator  A bottom element  =   =  D A top element  =  D =   25

26 Transfer Functions Mathematical foundations

27 Towards an automatic proof Goal: automatically compute an annotated program proving as many facts of the form x = y + z as possible Decision 1: develop a forward-going proof Decision 2: draw predicates from a finite set D – “looking under the light of the lamp” – A compromise that simplifies problem by focusing attention – possibly miss some facts that hold Challenge 1: handle straight-line code Challenge 2: handle conditions Challenge 3: handle loops 27

28 Domain for SAV Define atomic facts (for SAV) as  = { x = y | x, y  Var }  { x = y + z | x, y, z  Var } – For n=|Var| number of atomic facts is O(n 3 ) Define sav-predicates as  = 2  For D  , Conj(D) =  D – Conj({a=b, c=b+d, b=c}) = (a=b)  (c=b+d)  (b=c) Note: – Conj(D 1  D 2 ) = Conj(D 1 )  Conj(D 1 ) – Conj({})  true 28

29 Visualizing ordering for SAV 29 {false} {x=y  y=z+a} * {x=y  p=q} * {y=z+a  p=q} * {x=y} * {y=z+a} * {p=q} * {true} Greater Lower D={x=y, y=x, p=q, q=p, y=z+a, y=a+z, z=y+z, x=z+a}

30 An algorithm for annotating SLP Annotate(P, x:=a) = {P} x:=a F * [x:=a](P) Annotate(P, S 1 ; S 2 ) = {P} S 1 ; {Q 1 } S 2 {Q 2 – Annotate(P, S 1 ) = {P} S 1 {Q 1 } – Annotate(Q 1, S 2 ) = {Q 1 } S 2 {Q 2 } 30

31 handling conditions: Goal Annotate a program if b then S 1 else S 2 with predicates from  Assumption 1: P is given (otherwise use true) Assumption 2: b is a simple binary expression e.g., x=y, x  y, x<y (why?) 31 { P } if b then { b  P } S 1 { Q 1 } else {  b  P } S 2 { Q 2 } { Q }

32 handling conditions: Goal Annotate a program if b then S 1 else S 2 with predicates from  Assumption 1: P is given (otherwise use true) Assumption 2: b is a simple binary expression e.g., x=y, x  y, x<y (why?) 32 { P } if b then { b  P } S 1 { Q 1 } else {  b  P } S 2 { Q 2 } { Q }

33 Annotating conditions 1.Start with P or {b  P} and annotate S 1 (yielding Q 1 ) 2.Start with P or {  b  P} and annotate S 2 (yielding Q 2 ) 3.How do we infer a Q such that Q 1  Q and Q 2  Q? Q 1 =Conj(D 1 ), Q 2 =Conj(D 2 ) Define: Q = Q 1  Q 2 = Conj(D 1  D 2 ) 33 { P } if b then { b  P } S 1 { Q 1 } else {  b  P } S 2 { Q 2 } { Q } Possibly an SAV-fact

34 Joining predicates 1.Start with P or {b  P} and annotate S 1 (yielding Q 1 ) 2.Start with P or {  b  P} and annotate S 2 (yielding Q 2 ) 3.How do we infer a Q such that Q 1  Q and Q 2  Q? Q 1 =Conj(D 1 ), Q 2 =Conj(D 2 ) Define: Q = Q 1  Q 2 = Conj(D 1  D 2 ) 34 { P } if b then { b  P } S 1 { Q 1 } else {  b  P } S 2 { Q 2 } { Q } The join operator for SAV

35 Joining predicates Q 1 =Conj(D 1 ), Q 2 =Conj(D 2 ) We want to soundly approximate Q 1  Q 2 in  Define: Q = Q 1  Q 2 = Conj(D 1  D 2 ) Notice that Q 1  Q and Q 2  Q meaning Q 1  Q 2  Q 35

36 Handling conditional expressions Let D be a set of facts and b be an expression Goal: Elements in  that soundly approximate – D  bexpr – D   bexpr Technique: Add statement assume bexpr  assume bexpr, s   sos s if B  bexpr  s = tt Find a function F[ assume bexpr] :    Conj(D)  bexpr  Conj(F[ assume bexpr]) 36

37 Handling conditional expressions F[ assume bexpr] :    such that Conj(D)  bexpr  Conj(F[ assume bexpr])  (bexpr) = if bexpr is an SAV-fact then {bexpr} else {} – Notice bexpr   (bexpr) – Examples  (y=z) = {y=z}  (y<z) = {} F[ assume bexpr](D) = D   (bexpr) 37

38 Example 38 { } if (x = y) { x=y, y=x } a := b + c { x=y, y=x, a=b+c, a=c+b } d := b – c { x=y, y=x, a=b+c, a=c+b } else { } a := b + c { a=b+c, a=c+b } d := b + c { a=b+c, a=c+b, d=b+c, d=c+b, a=d, d=a } { a=b+c, a=c+b }

39 Example 39 { } if (x = y) { x=y, y=x } a := b + c { x=y, y=x, a=b+c, a=c+b } d := b – c { x=y, y=x, a=b+c, a=c+b } else { } a := b + c { a=b+c, a=c+b } d := b + c { a=b+c, a=c+b, d=b+c, d=c+b, a=d, d=a } { a=b+c, a=c+b }

40 Handling assumes Meet or join?

41 Another Example

42 Constant Propagation (CP) Goal: infers facts of the form x = c 42

43 Motivation: Constant folding Optimization: constant folding – Example: x:=7; y:=x*9 transformed to: x:=7; y:=7*9 and then to: x:=7; y:=63 43 { x = c } y := aexpr y := eval(aexpr[c/x]) constant folding simplifies constant expressions

44 CP semantic domain 44 ?

45 CP semantic domain Define CP-factoids:  = { x = c | x  Var, c  Z } – How many factoids are there? Define predicates as  = 2  – How many predicates are there? – Do all predicates make sense? (x=5)  (x=7) Treat conjunctive formulas as sets of factoids {x=5, y=7} ~ (x=5)  (y=7) 45

46 CP abstract transformer Goal: define a function F CP [x:=aexpr] :    such that if F CP [x:=aexpr] P = P’ then sp(x:=aexpr, P)  P’ 46 ?

47 CP abstract transformer Goal: define a function F CP [x:=aexpr] :    such that if F CP [x:=aexpr] P = P’ then sp(x:=aexpr, P)  P’ 47 { x=c } x:=aexpr { } [kill] { y=c, z=c’ } x:=y op z { x=c op c’ } [gen-2] { } x:=c { x=c } [gen-1] { y=c } x:=aexpr { y=c } [preserve]

48 Gen-kill formulation of transformers Suited for analysis propagating sets of factoids – Available expressions, – Constant propagation, etc. For each statement, define a set of killed factoids and a set of generated factoids F[S] P = (P \ kill(S))  gen(S) F CP [x:=aexpr] P = (P \ {x=c}) aexpr is not a constant F CP [x:=k] P = (P \ {x=c})  {x=k} Used in dataflow analysis – a special case of abstract interpretation 48

49 Does this still work? Annotate(P, S 1 ; S 2 ) = let Annotate(P, S 1 ) be {P} A 1 {Q 1 } let Annotate(Q 1, S 2 ) be {Q 1 } A 2 {Q 2 } return {P} A 1 ; {Q 1 } A 2 {Q 2 } 49

50 Handling conditional expressions We want to soundly approximate D  bexpr and D   bexpr in  Define an artificial statement assume bexpr  assume bexpr, s   sos s if B  bexpr  s = tt Define  (bexpr) = if bexpr is CP-factoid {bexpr} else {} Define F[ assume bexpr](D) = D   (bexpr) 50

51 Does this still work? let P t = F[ assume bexpr] P let P f = F[ assume  bexpr] P let Annotate(P t, S 1 ) be {P t } S 1 {Q 1 } let Annotate(P f, S 2 ) be {P f } S 2 {Q 2 } return {P} if bexpr then {P t } S 1 {Q 1 } else {P f } S 2 {Q 2 } {Q 1  Q 2 } 51 How do we define join for CP?

52 Join example {x=5, y=7}  {x=3, y=7, z=9} = 52

53 Does this still work? What about correctness? What about termination? 53 Annotate(P, while bexpr do S) = N’ := N c := P // Initialize repeat let P t = F[ assume bexpr] N c let Annotate(P t, S) be {N c } A body {N’} N c := N c  N’ until N’ = Nc return {P} INV= {N’} while bexpr do {P t } A body {F[ assume  bexpr](N)}

54 Does this still work? What about correctness? – If loop terminates then is N’ a loop invariant? What about termination? 54 Annotate(P, while bexpr do S) = N’ := N c := P // Initialize repeat let P t = F[ assume bexpr] N c let Annotate(P t, S) be {N c } A body {N’} N c := N c  N’ until N’ = Nc return {P} INV= {N’} while bexpr do {P t } A body {F[ assume  bexpr](N)}

55 What were the common elements? Two static analyses – Available Expressions (extended with equalities) – Constant Propagation Semantic domain – An approximation relation  A weaker one given by set inclusion – Join operator Abstract transformers for basic statements – Assignments – assume statements Initial precondition 55

56 Abstract Interpretation [Cousot’77] More Formally … Mathematical foundation of static analysis 56

57 Abstract Interpretation [Cousot’77] Mathematical framework for approximating semantics (aka abstraction) – Allows designing sound static analysis algorithms Usually compute by iterating to a fixed-point – Computes (loop) invariants Can be interpreted as axiomatic verification assertions Generalizes Hoare Logic & WP / SP calculus 57

58 Abstract Interpretation [Cousot’77] Mathematical foundation of static analysis – Abstract domains Abstract states ~ Assertions Join (  ) ~ Weakening – Transformer functions Abstract steps ~ Axioms – Chaotic iteration Structured Programs ~ Control-flow graphs Abstract computation ~ Loop invariants 58

59

60 Introduction to Domain Theory 60

61 Motivation Let “isone” be a function that must return “1$” when the input string has at least a 1 and “0$” otherwise – isone(00…0$) = 0$ – isone(xx…1…$) =1$ – isone(0…0) =? Monotonicity: in terms of information – Output is never retracted More information about the input is reflected in more information about the output – How do we express monotonicity precisely? 61

62 Montonicity Define a partial order x  y – A partial order is reflexive, transitive, and anti-symmetric – y is a refinement of x “more precise” For streams of bits x  y when x is a prefix of y For programs, a typical order is: – No output (yet)  some output 62

63 Montonicity A set equipped with a partial order is a poset Definition: – D and E are postes – A function f: D  E is monotonic if  x, y  D: x  D y  f(x)  E f(y) – The semantics of the program ought to be a monotonic function More information about the input leads to more information about the output 63

64 Montonicity Example Consider our “isone” function with the prefix ordering Notation: – 0 k is the stream with k consecutive 0’s – 0  is the infinite stream with only 0’s Question (revisited): what is isone(0 k )? – By definition, isone(0 k $) = 0$ and isone(0 k 1$) = 1$ – But 0 k  0 k $ and 0 k  0 k 1$ – “isone” must be monotone, so: isone( 0 k )  isone( 0 k $) = 0$ isone( 0 k )  isone( 0 k 1$) = 1$ – Therefore, monotonicity requires that isone(0 k ) is a common prefix of 0$ and 1$, namely  64

65 Motivation Are there other constraints on “isone”? Define “isone” to satisfy the equations – isone(  )=  – isone(1s)=1$ – isone(0s)=isone(s) – isone($)=0$ What about 0  ? Continuity: finite output depends only on finite input (no infinite lookahead) – Intuition: A program that can produce observable results can do it in a finite time 65

66 Chains A chain is a countable increasing sequence = {x i  X | x 0  x 1  … } An upper bound of a set if an element “bigger” than all elements in the set The least upper bound is the “smallest” among upper bounds: – x i   for all i  N –   y for all upper bounds y of and it is unique if it exists 66

67 Complete Partial Orders Not every poset has an upper bound – with   n and n  n for all n  N – {1, 2} does not have an upper bound Sometimes chains have no upper bound 0 1 2 …  210210 The chain 0  1  2  … does not have an upper bound 67

68 Complete Partial Orders It is convenient to work with posets where every chain (not necessarily every set) has a least upper bound A partial order P is complete if every chain in P has a least upper bound also in P We say that P is a complete partial order (cpo) A cpo with a least (“bottom”) element  is a pointed cpo (pcpo) 68

69 Examples of cpo’s Any set P with the order x  y if and only if x = y is a cpo It is discrete or flat If we add  so that  x for all x  P, we get a flat pointed cpo The set N with  is a poset with a bottom, but not a complete one The set N  {  } with n  is a pointed cpo The set N with  is a cpo without bottom Let S be a set and P(S) denotes the set of all subsets of S ordered by set inclusion – P(S) is a pointed cpo 69

70 Constructing cpos If D and E are pointed cpos, then so is D × E (x, y)  D×E (x’, y’) iff x  D x’ and y  E y’  D×E = (  D,  E )  (x i, y i ) = (  D x i,  E y i ) 70

71 Constructing cpos (2) If S is a set of E is a pcpos, then so is S  E m  m’ iff  s  S: m(s)  E m’(s)  S  E = s.  E  (m, m’ ) = s.m(s)  E m’(s) 71

72 Continuity A monotonic function maps a chain of inputs into a chain of outputs: x 0  x 1  …  f(x 0 )  f(x 1 )  … It is always true that:  i  f(  i ) But f(  i )   i is not always true 72

73 A Discontinuity Example 32103210 11 f(  i )   i 73

74 Continuity Each f(x i ) uses a “finite” view of the input f(  ) uses an “infinite” view of the input A function is continuous when f(  ) =  i The output generated using an infinite view of the input does not contain more information than all of the outputs based on finite inputs 74

75 Continuity Each f(x i ) uses a “finite” view of the input f(  ) uses an “infinite” view of the input A function is continuous when f(  ) =  i The output generated using an infinite view of the input does not contain more information than all of the outputs based on finite inputs Scott’s thesis: The semantics of programs can be described by a continuous functions 75

76 Examples of Continuous Functions For the partial order ( N  {  },  ) – The identity function is continuous id(  n i ) =  id(n i ) – The constant function “five(n)=5” is continuous five(  n i ) =  five(n i ) – If isone(0  ) =  then isone is continuos For a flat cpo A, any monotonic function f: A   A  such that f is strict is continuous Chapter 8 of the Wynskel textbook includes many more continuous functions 76

77 Fixed Points Solve equation: where W:∑   ∑  ; W= S  while b do S  W(S  s   ) if B  b  (  )=true W(  ) =  if B  b  (  )=false  if B  b  (  )=  77 {

78 Fixed Points Solve equation: where W:∑   ∑  ; W= S  while be do s  Alternatively, W = F(W) where: F(W) = . W(S  s   ) if B  b  (  )=true W(  ) =  if B  b  (  )=false  if B  b  (  )=  78 { W(S  s   ) if B  b  (  )=true  if B  b  (  )=false  if B  b  (  )=  {

79 Fixed Point (cont) Thus we are looking for a solution for W = F( W) – a fixed point of F Typically there are many fixed points We may argue that W ought to be continuous W  [∑   ∑  ] Cut the number of solutions We will see how to find the least fixed point for such an equation provided that F itself is continuous 79

80 Fixed Point Theorem Define F k = x. F( F(… F( x)…)) (F composed k times) If D is a pointed cpo and F : D  D is continuous, then – for any fixed-point x of F and k  N F k (  )  x – The least of all fixed points is  k F k (  ) Proof: i.By induction on k. Base: F 0 (  ) =   x Induction step: F k+1 (  ) = F( F k (  ))  F( x) = x ii.It suffices to show that  k F k (  ) is a fixed-point F(  k F k (  )) =  k F k+1 (  ) =  k F k (  ) 80

81 Fixed-Points (notes) If F is continuous on a pointed cpo, we know how to find the least fixed point All other fixed points can be regarded as refinements of the least one – They contain more information, they are more precise – In general, they are also more arbitrary 81

82 Fixed-Points (notes) If F is continuous on a pointed cpo, we know how to find the least fixed point All other fixed points can be regarded as refinements of the least one – They contain more information, they are more precise – In general, they are also more arbitrary – They also make less sense for our purposes 82

83 Denotational Semantics Meaning of programs

84 Denotational Semantics of While ∑  is a flat pointed cpo – A state has more information on non-termination – Otherwise, the states must be equal to be comparable (information- wise) We want strict functions ∑   ∑  – therefore, continuous functions The partial order on ∑   ∑  f  g iff f(x) =  or f(x) = g(x) for all x  ∑  – g terminates with the same state whenever f terminates – g might terminate for more inputs 84

85 Denotational Semantics of While Recall that W is a fixed point of F:[[∑   ∑  ]  [∑   ∑  ]] F is continuous Thus, we set S  while b do c  =  F k (  ) – Least fixed point Terminates least often of all fixed points Agrees on terminating states with all fixed point w(S  s  (  )) if B  b  (  )=true F(w) = .  if B  b  (  )=false  if B  b  (  )=  85 {

86 Denotational Semantics of While S  skip  = .  S  X := exp  = .  [X  A  exp   ] S  s 0 ; s 1  = . S  s 1  (S  s 0   ) S  if b then s 0 else s 1  = . if B  b   then S  s 0   else S  s 1   S  while b do s  =  F k (  ) – k=0, 1, … – F = w. . if B  b  (  )=true w(S  s  (  )) else  86

87 Example(1) while true do skip F:[[∑   ∑  ]  [∑   ∑  ]] w(S  s  (  )) if B  b  (  )=true F = w. .  if B  b  (  )=false  if B  b  (  )=  B  true  =.true S  skip  =.  F = w. .w(  ) F 0 (  )=   F 1 (  ) =   F 2 (  ) =  = =  87 {

88 Example(2) while false do s F:[[∑   ∑  ]  [∑   ∑  ]] B  false  =.false F = w. .  F 0 (  )=   F 1 (  ) = .   F 2 (  ) = .  = .  88 w(S  s  (  )) if B  b  (  )=true F = w. .  if B  b  (  )=false  if B  b  (  )=  {

89 Example(3)  while x  3 do x = x -1  =  F k (  ) k=0, 1, … where F = w. . if  (x)  3 w(  [x   (x) -1]) else  F0()F0()  F1()F1() if  (x)  3  (  [x   (x) -1]) else  if  (x)  3 then  else  F2()F2() if  (x)  3 then F 1 (  [x   (x) -1] ) else  if  (x)  3 then (if  [x   (x) -1] x  3 then  else  [x   (x) -1] ) else  if  (x)  3 (if  (x)  4 then  else  [x   (x) -1] ) else  if  (x)  {3, 4} then  [x  3] else  F k (  ) lfp(F) if  (x)  {3, 4, …k} then  [x  3] else  if  (x)  3 then  [x  3] else  89

90 Complete Lattice Let (D,  ) be a partial order D is a complete lattice if every subset has both greatest lower bounds and least upper bounds 90

91 Knaster-Tarski Theorem Let f: L  L be a monotonic function on a complete lattice L The least fixed point lfp(f) exists – lfp(f) =  {x  L: f(x)  x} 91

92 Fixed Points A monotone function f: L  L where (L, , , , ,  ) is a complete lattice Fix(f) = { l: l  L, f(l) = l} Red(f) = {l: l  L, f(l)  l} Ext(f) = {l: l  L, l  f(l)} – l 1  l 2  f(l 1 )  f(l 2 ) Tarski’s Theorem 1955: if f is monotone then: – lfp(f) =  Fix(f) =  Red(f)  Fix(f) – gfp(f) =  Fix(f) =  Ext(f)  Fix(f)   f(  ) f(  ) f2()f2() f2()f2() Fix(f) Ext(f) Red(f) gfp(f) lfp(f) 92

93 Constant Propagation - Again

94 Constant Propagation Optimization: constant folding – Example: x:=7; y:=x*9 transformed to: x:=7; y:=7*9 and then to: x:=7; y:=63 Analysis: constant propagation (CP) – Infers facts of the form x = c 94 { x = c } y := aexpr y := eval(aexpr[c/x]) constant folding simplifies constant expressions

95 CP semantic domain Define CP-factoids:  = { x = c | x  Var, c  Z } – How many factoids are there? Define predicates as  = 2  – How many predicates are there? – Do all predicates make sense? (x=5)  (x=7) Treat conjunctive formulas as sets of factoids {x=5, y=7} ~ (x=5)  (y=7) 95

96 One lattice per variable 96 true false x=0 x0x0 x<0x>0 x0x0 true false y=0 y0y0 y<0y>0 y0y0 How can we compose them?

97 Cartesian product of complete lattices For two complete lattices L 1 = (D 1,  1,  1,  1,  1,  1 ) L 2 = (D 2,  2,  2,  2,  2,  2 ) Define the poset L cart = (D 1  D 2,  cart,  cart,  cart,  cart,  cart ) as follows: – (x 1, x 2 )  cart (y 1, y 2 ) iff x 1  1 y 1 x 2  2 y 2 –  cart = ?  cart = ?  cart = ?  cart = ? Lemma: L is a complete lattice Define the Cartesian constructor L cart = Cart(L 1, L 2 ) 97

98 Cartesian product example 98  =( ,  ) x<0,y<0x<0,y=0x 0x=0,y<0x=0,y=0x=0,y>0x>0,y<0x>0,y=0x>0,y>0 x  0,y< 0 x  0,y< 0 x  0,y= 0 x  0,y= 0 x  0,y> 0 x  0,y> 0 x>0,y  0 … … x  0,y  0 x  0,y  0 x  0,y  0 x  0,y  0 x0x0 x0x0 y0y0 y0y0 … ( false, false ) How does it represent (x 0  y>0)?  =( ,  )

99 Disjunctive completion For a complete lattice L = (D, , , , ,  ) Define the powerset lattice L  = (2 D,  ,  ,  ,  ,   )   = ?   = ?   = ?   = ?   = ? Lemma: L  is a complete lattice L  contains all subsets of D, which can be thought of as disjunctions of the corresponding predicates Define the disjunctive completion constructor L  = Disj(L) 99

100 The base lattice CP 100 {x=0}  {x=-1}{x=-2}{x=1}{x=2} …… 

101 The disjunctive completion of CP 101 {x=0} true {x=-1}{x=-2}{x=1}{x=2} …… false {x=-2  x=-1}{x=-2  x=0}{x=-2  x=1}{x=1  x=2} ……… {x=0  x=1  x=2}{x=-1  x=1  x=-2} ……… … What is the height of this lattice?

102 Relational product of lattices L 1 = (D 1,  1,  1,  1,  1,  1 ) L 2 = (D 2,  2,  2,  2,  2,  2 ) L rel = (2 D 1  D 2,  rel,  rel,  rel,  rel,  rel ) as follows: – L rel = ? 102

103 Relational product of lattices L 1 = (D 1,  1,  1,  1,  1,  1 ) L 2 = (D 2,  2,  2,  2,  2,  2 ) L rel = (2 D 1  D 2,  rel,  rel,  rel,  rel,  rel ) as follows: – L rel = Disj(Cart(L 1, L 2 )) Lemma: L is a complete lattice What does it buy us? 103

104 Cartesian product example 104 true false x<0,y<0x<0,y=0x 0x=0,y<0x=0,y=0x=0,y>0x>0,y<0x>0,y=0x>0,y>0 x  0,y< 0 x  0,y< 0 x  0,y= 0 x  0,y= 0 x  0,y> 0 x  0,y> 0 x>0,y  0 … … x  0,y  0 x  0,y  0 x  0,y  0 x  0,y  0 x0x0 x0x0 y0y0 y0y0 … How does it represent (x 0  y>0)? What is the height of this lattice?

105 Relational product example 105 true false (x 0  y>0) x0x0 x0x0 y0y0 y0y0 How does it represent (x 0  y>0)? (x 0  y=0)(x<0  y  0)  (x<0  y  0) … What is the height of this lattice?


Download ppt "Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 6: Abstract Interpretation 1 Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav."

Similar presentations


Ads by Google