Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 10 Abstract Interpretation using Fixpoints.

Published byClarissa Chandler Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 10 Abstract Interpretation using Fixpoints."— Presentation transcript:

1 Lecture 10 Abstract Interpretation using Fixpoints

2 Notation Partial order: Least upper bound: lub, sup, Greatest lower bound: glb, inf, Least fixpoint: lfp Complete lattice: always exist

3 Tarski’s fixpoint theorem (A, ) complete lattice G : A  A monotonic function Postfixp = { x | G(x) x } Then G has least fixpoint, lfp(G) and it’s Postfixp So, if G(x) x then x Postfixp, so lfp(G) x Let G be also -continuous. Then { G n ( ) | n 0 } = lfp(G)

4 Fixpoints for Recursive Definitions Given monotonic G in complete lattice, If G(P) P then lfp(G) P Natural numbers: lfp under adding successors: G(P) = {0} {x+1|x P} lfp(G) = {0,1,2, … }(natural numbers) Take a property PP(x), let P = {x | PP(x)} What does G(P) P mean? {0} U {x+1|x P} P 0 P x P  x+1 P If so, we get that all natural numbers are in P

5 Structural Recursion Trees = lfp(G) where G(P) = { Leaf } U { Node(t1,x,t2) | t1  P, t2  P} To prove all trees satisfy property, prove for the set P of trees satisfying property that G(P)  P. { Leaf } U { Node(t1,x,t2) | t1  P /\ t2  P}  P Structural induction! Every inductively defined set is given as lfp(G) for some G, and this gives us an induction principle.

6 Concrete post Init,Good  S r  SxS Goal: show sp(Init,r*)  Good Approach: find I  S such that sp(Init,r*)  I  Good Define post : 2 S  2 S post(P) = Init U sp(P,r) – post is monotonic function on complete lattice 2 S so it has a least fixpoint. This is sp(Init,r*) – Consequence: if post(P)  P, then sp(Init,r*)  P – Remark: post is also  -continuous and join morphism: post(UC)=U{post(x)|x  C} so this is also equal to U{ post n ({}) | n ≥ 0} Strategy: find P such that post(P)  P and then check that P  Good

7 Example k=1; while(k < 100) { k=k+3 }; assert(k <= 255) k=1; loop {assume(k =100); assert(k <= 255) r = {(k,k’) | (k < 100 /\ k’ = k + 3) } Approximating sp({1},r*) post(P) = {1} U sp(P,r) = {1} U {k+3|k  P, k < 100} post n ({}): {}, {1}, {1,4}, …, {1,…,97},{1,…,97,100}, {1,…,97,100}

8 Approximate post Let apost be approximation of post, that is, post(P)  apost(P) for all sets P (e.g. take interval enclosing a set) If we find P such that apost(P)  P, then post(P)  apost(P)  P Summary: all we need is – apost that approximes post – a postfix point P of apost, ideally as small as possible, hoping to be able to prove P  Good

9 Domain: Representation of Invariants apost will work only on certain invariants (e.g. only intervals) Represent these invariants as another set A. Define concretization  : A  2 S post# : A  A  (post#(a)) = apost(  (a)) Then post(P)  apost(P) becomes post(  (a))   (post#(a)) This is the soundness condition.

10 Postfixpoint in Abstract Domain We have found a postfixpoint  (a) if  (post#(a))   (a) How to effectively check if this inclusion holds? Define an ordering on domain that is computable and satisfies: a1 a2   (a1)   (a2) If post#(a) a, then  (post#(a))   (a)  is monotonic. We need postfixpoint of  Define such that it is ordering, the nicer ordering the better (e.g. complete lattice).

11 Interval Approximation post(P) = {1} U {k+3|k  P /\ k < 100} post#(  ) = [1,1] post#([a,b]) = [min(1,a+3),min(b+3,102)] Soundness: post([a,b])  post#([a,b]) {1}U{k+3|a ≤ k ≤ b, k < 100}  [min(1,a+3),min(b+3,102)] (post#) n (  ): , [1,1], [1,4], …, [1,97], lfp(post#) = [1,102] We proved automatically sp({1},r*)  [1,102]

12 How to define post# ? One way: Galois comes to rescue Suppose  s.t. ( ,  ) is Galois connection. Then post(  (a))   (post#(a)) is equivalent to (  on right =  on left)  (post(  (a)) post#(a) So we can define: post#(a) =  (post(  (a)) Note: such post# is monotonic

13 Finding fixpoint of post# Compute post# iteration: (post#) n (  ) If for some n (post#) n (  )= (post#) n+1 (  ) then for this n lfp(post#) = (post#) n (  ) To help make this happen make post# monotonic design domain so post# iteration terminates in finitely many steps

14 Partial Order on Intervals

15 Interval Domain A A = , intervals w/ finite and infinite bounds Partial order a1, a2  A

16 Galois Connection: Monotonicity  : A  2 S  ([L,U]) = {x | L ≤ x ≤ U}  : 2 S  A  (c) = [min(c),max(c)] Prove ,  are monotonic

17 Galois Connection Condition  : A  2 S  ([L,U]) = {x | L ≤ x ≤ U}  : 2 S  A  (c) = [min(c),max(c)] Galois connection condition c   (a)   (c) a Prove it for case where c is bounded, a is [L,U]

18 Multiple variables Wish to track interval for each variable We track not [L,U] but ([L1,U1],[L2,U2]) If program state is (x,y), define  (([L1,U1],[L2,U2])) = {(x,y) | }  (p) = ([L1,U1],[L2,U2]) L1 = U1 = L2 = U2 =

19 Product of Partial Orders (A i, ≤ i ) partial orders for i  J (A, ≤) given by A = {f : J  U i  J A i,  i. f(i)  A i } f,g  A ordered by f ≤ g   i. f(i) ≤ i g(i) Then (A, ≤) is a partial order. Moreover: If (A i, ≤ i ) all have lub, then so does (A, ≤). If (A i, ≤ i ) all have glb, then so does (A, ≤).

Download ppt "Lecture 10 Abstract Interpretation using Fixpoints."

Similar presentations

Completeness and Expressiveness

Completeness and Expressiveness
Abstract Interpretation Part II

Abstract Interpretation Part II
Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.

Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
1 A simple abstract interpreter to compute Sign s.

1 A simple abstract interpreter to compute Sign s.
Lecture 11: Datalog Tuesday, February 6, 2001. Outline Datalog syntax Examples Semantics: –Minimal model –Least fixpoint –They are equivalent Naive evaluation.

Lecture 11: Datalog Tuesday, February 6, Outline Datalog syntax Examples Semantics: –Minimal model –Least fixpoint –They are equivalent Naive evaluation.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN 2006 -

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Tutorial on Widening (and Narrowing) Hongseok Yang Seoul National University.

Tutorial on Widening (and Narrowing) Hongseok Yang Seoul National University.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
CSE 231 : Advanced Compilers Building Program Analyzers.

CSE 231 : Advanced Compilers Building Program Analyzers.
Worklist algorithm Initialize all d i to the empty set Store all nodes onto a worklist while worklist is not empty: –remove node n from worklist –apply.

Worklist algorithm Initialize all d i to the empty set Store all nodes onto a worklist while worklist is not empty: –remove node n from worklist –apply.
Programming Language Semantics Denotational Semantics Chapter 5 Based on a lecture by Martin Abadi.

Programming Language Semantics Denotational Semantics Chapter 5 Based on a lecture by Martin Abadi.
Abstractions. Outline Informal intuition Why do we need abstraction? What is an abstraction and what is not an abstraction A framework for abstractions.

Abstractions. Outline Informal intuition Why do we need abstraction? What is an abstraction and what is not an abstraction A framework for abstractions.
Discrete Mathematics Lecture 4: Sequences and Mathematical Induction

Discrete Mathematics Lecture 4: Sequences and Mathematical Induction
Discrete Mathematics Lecture 4 Harper Langston New York University.

Discrete Mathematics Lecture 4 Harper Langston New York University.
From last time: reaching definitions For each use of a variable, determine what assignments could have set the value being read from the variable Information.

From last time: reaching definitions For each use of a variable, determine what assignments could have set the value being read from the variable Information.
Discrete Structures Chapter 2 Part B Mathematical Induction

Discrete Structures Chapter 2 Part B Mathematical Induction
Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.

Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.

Similar presentations

Ads by Google