Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chaotic Iterations Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program Analysis.

Published byDerrick Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "Chaotic Iterations Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program Analysis."— Presentation transcript:

1 Chaotic Iterations Mooly Sagiv http://www.cs.tau.ac.il/~msagiv/courses/pa16.html Tel Aviv University 640-6706 Textbook: Principles of Program Analysis F. Nielson, H. Nielson, C.L. Hankin Appendix A Caterina’s thesis

2 Content u Mathematical Background u Chaotic Iterations u Examples u Soundness, Precision and more examples next week

3 Mathematical Background u Declaratively define –The result of the analysis –The exact solution –Allow comparison

4 Posets u A partial ordering is a binary relation  : L  L  {false, true} –For all l  L : l  l (Reflexive) –For all l 1, l 2, l 3  L : l 1  l 2, l 2  l 3  l 1  l 3 (Transitive) –For all l 1, l 2  L : l 1  l 2, l 2  l 1  l 1 = l 2 (Anti-Symmetric) u Denoted by (L,  )

5 Posets u In program analysis –l 1  l 2  l 1 is more precise than l 2  l 1 represents fewer concrete states than l 2 u Examples –Total orders (N,  ) –Powersets (P(S),  ) –Powersets (P(S),  ) –Even/Odd –Constant propagation »Single variable »Multiple variables –Intervals u Bad examples –(N, <) –Non-transitive x  y  x = y  (x = 0  y=1)  (x=1  y=2) –Non anti-symmetric

6 Posets u More notations –l 1  l 2  l 2  l 1 –l 1  l 2  l 1  l 2  l 1  l 2 –l 1  l 2  l 2  l 1

7 Upper and Lower Bounds u Consider a poset (L,  ) u A subset L’  L has a lower bound l  L if for all l’  L’ : l  l’ u A subset L’  L has an upper bound u  L if for all l’  L’ : l’  u u A greatest lower bound of a subset L’  L is a lower bound l 0  L such that l  l 0 for any lower bound l of L’ u A lowest upper bound of a subset L’  L is an upper bound u 0  L such that u 0  u for any upper bound u of L’ u For every subset L’  L: –The greatest lower bound of L’ is unique if at all exists »  L’ (meet) a  b =  {a, b} –The lowest upper bound of L’ is unique if at all exists »  L’ (join) a  b =  {a, b}

8 Complete Lattices u A poset (L,  ) is a complete lattice if every subset has least and upper bounds u L = (L,  ) = (L, , , , ,  ) –  =   =  L –  =  L =   u Examples –Total orders (N,  ) –Powersets (P(S),  ) –Powersets (P(S),  ) –Constant propagation –Intervals

9 Complete Lattices u Lemma For every poset (L,  ) the following conditions are equivalent –L is a complete lattice –Every subset of L has a least upper bound –Every subset of L has a greatest lower bound

10 Cartesian Products u A complete lattice (L 1,  1 ) = (L 1, ,  1,  1,  1,  1 ) u A complete lattice (L 2,  2 ) = (, ,  2,  2,  2,  2 ) u Define a Poset L = (L 1  L 2,  ) where –(x 1, x 2 )  (y 1, y 2 ) if »x 1  y 1 and »x 2  y 2 u L is a complete lattice

11 Finite Maps u A complete lattice (L 1,  1 ) = (L 1, ,  1,  1,  1,  1 ) u A finite set V u Define a Poset L = (V  L 1,  ) where –e 1  e 2 if for all v  V »e 1 v  e 2 v u L is a complete lattice

12 Chains u A subset Y  L in a poset (L,  ) is a chain if every two elements in Y are ordered –For all l 1, l 2  Y: l 1  l 2 or l 2  l 1 u An ascending chain is a sequence of values –l 1  l 2  l 3  … u A strictly ascending chain is a sequence of values –l 1  l 2  l 3  … u A descending chain is a sequence of values –l 1  l 2  l 3  … u A strictly descending chain is a sequence of values –l 1  l 2  l 3  … u L has a finite height if every chain in L is finite u Lemma A poset (L,  ) has finite height if and only if every strictly decreasing and strictly increasing chains are finite

13 Monotone Functions u A poset (L,  ) u A function f: L  L is monotone if for every l 1, l 2  L: –l 1  l 2  f(l 1 )  f(l 2 )

14 Fixed Points u A monotone function f: L  L where (L, , , , ,  ) is a complete lattice u Fix(f) = { l: l  L, f(l) = l} u Red(f) = {l: l  L, f(l)  l} u Ext(f) = {l: l  L, l  f(l)} –l 1  l 2  f(l 1 )  f(l 2 ) u Tarski’s Theorem 1955: if f is monotone then: – lfp(f) =  Fix(f) =  Red(f)  Fix(f) – gfp(f) =  Fix(f) =  Ext(f)  Fix(f)   f(  ) f(  ) f2()f2() f2()f2() Fix(f) Ext(f) Red(f) gfp(f) lfp(f)

15 Chaotic Iterations u A lattice L = (L, , , , ,  ) with finite strictly increasing chains u L n = L  L  …  L u A monotone function f: L n  L n u Compute lfp(f) u The simultaneous least fixed of the system {x[i] = f i (x) : 1  i  n } x := ( , , …,  ) while (f(x)  x ) do x := f(x) for i :=1 to n do x[i] =  WL = {1, 2, …, n} while (WL   ) do select and remove an element i  WL new := f i (x) if (new  x[i]) then x[i] := new; Add all the indexes that directly depends on i to WL

16 Specialized Chaotic Iterations System of Equations S = df entry [s] =  df entry [v] =  {f(u, v) (df entry [u]) | (u, v)  E } F S :L n  L n F S (X)[s] =  F S (X)[v] =  {f(u, v)(X[u]) | (u, v)  E } lfp(S) = lfp(F S )

17 Specialized Chaotic Iterations Chaotic(G(V, E): Graph, s: Node, L: Lattice,  : L, f: E  (L  L) ){ for each v in V to n do df entry [v] :=  df[s] =  WL = {s} while (WL   ) do select and remove an element u  WL for each v, such that. (u, v)  E do temp = f(e)(df entry [u]) new := df entry (v)  temp if (new  df entry [v]) then df entry [v] := new; WL := WL  {v}

18 y :=z+4 Constant Propagation [x  ?, y  ?, z  3 ] 1 2 z :=3 7 z <=0 3 z >0 4 5 x==1 x!=1 6 y :=7 assert y==7 NValueWL 1 [x  ?, y  ?, z  ?] {2, 3, 4, 5, 6, 7} 2 [x  ?, y  ?, z  3] { 3, 4, 5, 6, 7} 3 [x  ?, y  ?, z  3] { 4, 5, 6, 7} 4 [x  1, y  7, z  3] {5, 6, 7} 5 [x  ?, y  7, z  3] {6, 7} 6 [x  ?, y  7, z  3] {7}

19 Example Constant Propagation 1 2  e.e[x  3]  e.e 3 DF(1) = [x  0] DF(2) = DF(1)[x  3]  DF(2) DF(3) = DF(2) 3t  e.e x :=3 skip DF[1]DF[2]DF[3] [x  0][x  3] [x  0][x  ?] [x  7][x  9][x  7] [x  ?][x  3]

20 Complexity of Chaotic Iterations u Parameters: –n the number of CFG nodes –k is the maximum outdegree of edges –A lattice of height h –c is the maximum cost of »applying f (e) »  »L comparisons u Complexity O(n * h * c * k)

21 Soundness u Every detected constant is indeed such u Every error will be detected u The least fixed points represents all occurring runtime states u Next week

22 Completeness u Every constant is indeed detected as such u Every detected error is real u Cannot be guaranteed in general

23 The Join-Over-All-Paths (JOP) u Let paths(v) denote the potentially infinite set paths from start to v (written as sequences of labels) u For a sequence of edges [e 1, e 2, …, e n ] define f [e 1, e 2, …, e n ]: L  L by composing the effects of basic blocks f [e 1, e 2, …, e n ](l) = f(e n ) (… (f(e 2 ) (f(e 1 ) (l)) …) u JOP[v] =  {f[e 1, e 2, …,e n ](  ) [e 1, e 2, …, e n ]  paths(v)}

24 JOP vs. Least Solution u The DF solution obtained by Chaotic iteration satisfies for every l: –JOP[v]  DF entry (v) u A function f is additive (distributive) if –f(  {x| x  X}) =  {f(x) |  X} u If every f l is additive (distributive) for all the nodes v –JOP[v] = DF entry (v)

25 Conclusions u Chaotic iterations is a powerful technique u Easy to implement u Rather precise u But expensive –More efficient methods exist for structured programs u Abstract interpretation relates runtime semantics and static information u The concrete semantics serves as a tool in designing abstractions –More intuition will be given in the sequel

26 Widening u Accelerate the termination of Chaotic iterations by computing a more conservative solution u Can handle lattices of infinite heights

27 Specialized Chaotic Iterations+  Chaotic(G(V, E): Graph, s: Node, L: lattice,  : L, f: E  (L  L) ){ for each v in V to n do df entry [v] :=  In[v] =  WL = {s} while (WL   ) do select and remove an element u  WL for each v, such that. (u, v)  E do temp = f(e)(df entry [u]) new := df entry (v)  temp if (new  df entry [v]) then df entry [v] := new; WL := WL  {v}

28 Example Interval Analysis u Find a lower and an upper bound of the value of a variable u Usages? u Lattice L = (Z  {- ,  }  Z  {- ,  }, , , , ,  ) –[a, b]  [c, d] if c  a and d  b –[a, b]  [c, d] = [min(a, c), max(b, d)] –[a, b]  [c, d] = [max(a, c), min(b, d)] –  = –  =

29 Example Program Interval Analysis [x := 1] 1 ; while [x  1000] 2 do [x := x + 1;] 3 IntEntry(1) = [minint,maxint] IntExit(1) = [1,1] IntEntry(2) = IntExit(1)  IntExit(3) IntExit(2) = IntEntry(2) [x:=1] 1 [x  1000] 2 [x := x+1] 3 [exit] 4 IntEntry(3) = IntExit(2)  [minint,1000] IntExit(3) = IntEntry(3)+[1,1] IntEntry(4) = IntExit(2)  [1001,maxint] IntExit(4) = IntEntry(4)

30 Widening for Interval Analysis u   [c, d] = [c, d] u [a, b]  [c, d] = [ if a  c then a else - , if b  d then b else  ]

31 Example Program Interval Analysis [x := 1] 1 ; while [x  1000] 2 do [x := x + 1;] 3 IntEntry(1) = [ - ,  ] IntExit(1) = [1,1] IntEntry(2) = InExit(2)  (IntExit(1)  IntExit(3)) IntExit(2) = IntEntry(2) [x:=1] 1 [x  1000] 2 [x := x+1] 3 [exit] 4 IntEntry(3) = IntExit(2)  [ - ,1000] IntExit(3) = IntEntry(3)+[1,1] IntEntry(4) = IntExit(2)  [1001,  ] IntExit(4) = IntEntry(4)

32 Requirements on Widening u For all elements l 1  l 2  l 1  l 2 u For all ascending chains l 0  l 1  l 2  … the following sequence is finite –y 0 = l 0 –y i+1 = y i  l i+1 u For a monotonic function f: L  L define –x 0 =  –x i+1 = x i  f(x i ) u Theorem: –There exits k such that x k+1 = x k –x k  Red(f) = {l: l  L, f(l)  l}

33 Narrowing u Improve the result of widening u y  x  y  (x  y)  x u For all decreasing chains x 0  x 1  … the following sequence is finite –y 0 = x 0 –y i+1 = y i  x i+1 u For a monotonic function f: L  L and x  Red(f) = {l: l  L, f(l)  l} define –y 0 = x –y i+1 = y i  f(y i ) u Theorem: –There exits k such that y k+1 =y k –y k  Red(f) = {l: l  L, f(l)  l}

34 Narrowing for Interval Analysis u [a, b]   = [a, b] u [a, b]  [c, d] = [ if a = -  then c else a, if b =  then d else b ]

35 Example Program Interval Analysis [x := 1] 1 ; while [x  1000] 2 do [x := x + 1;] 3 IntEntry(1) = [ - ,  ] IntExit(1) = [1,1] IntEntry(2) = InExit(2)  ( IntExit(1)  IntExit(3)) IntExit(2) = IntEntry(2) [x:=1] 1 [x  1000] 2 [x := x+1] 3 [exit] 4 IntEntry(3) = IntExit(2)  [ - ,1000] IntExit(3) = IntEntry(3)+[1,1] IntEntry(4) = IntExit(2)  [1001,  ] IntExit(4) = IntEntry(4)

36 Non Montonicity of Widening u [0,1]  [0,2] = [0,  ] u [0,2]  [0,2] = [0,2]

37 Widening and Narrowing Summary u Very simple but produces impressive precision u Sometimes non-monotonic u The McCarthy 91 function u Also useful in the finite case u Can be used as a methodological tool int f(x) [- ,  ] if x > 100 then [101,  ] return x -10 [91,  -10]; else [- , 100] return f(f(x+11)) [91, 91] ;

38 Conclusions u Chaotic iterations is a powerful technique u Easy to implement u Rather precise u But expensive –More efficient methods exist for structured programs

Download ppt "Chaotic Iterations Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program Analysis."

Similar presentations

Abstract Interpretation Part II

Abstract Interpretation Part II
Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.

Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
Tutorial on Widening (and Narrowing) Hongseok Yang Seoul National University.

Tutorial on Widening (and Narrowing) Hongseok Yang Seoul National University.
Foundations of Data-Flow Analysis. Basic Questions Under what circumstances is the iterative algorithm used in the data-flow analysis correct? How precise.

Foundations of Data-Flow Analysis. Basic Questions Under what circumstances is the iterative algorithm used in the data-flow analysis correct? How precise.
Programming Language Semantics Denotational Semantics Chapter 5.

Programming Language Semantics Denotational Semantics Chapter 5.
CSE 231 : Advanced Compilers Building Program Analyzers.

CSE 231 : Advanced Compilers Building Program Analyzers.
Worklist algorithm Initialize all d i to the empty set Store all nodes onto a worklist while worklist is not empty: –remove node n from worklist –apply.

Worklist algorithm Initialize all d i to the empty set Store all nodes onto a worklist while worklist is not empty: –remove node n from worklist –apply.
Programming Language Semantics Denotational Semantics Chapter 5 Based on a lecture by Martin Abadi.

Programming Language Semantics Denotational Semantics Chapter 5 Based on a lecture by Martin Abadi.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Control Flow Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber.

Control Flow Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
1 Iterative Program Analysis Part I Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program.

1 Iterative Program Analysis Part I Mooly Sagiv Tel Aviv University Textbook: Principles of Program.
Programming Language Semantics Denotational Semantics Chapter 5 Part II.

Programming Language Semantics Denotational Semantics Chapter 5 Part II.
From last time: Lattices A lattice is a tuple (S, v, ?, >, t, u ) such that: –(S, v ) is a poset – 8 a 2 S. ? v a – 8 a 2 S. a v > –Every two elements.

From last time: Lattices A lattice is a tuple (S, v, ?, >, t, u ) such that: –(S, v ) is a poset – 8 a 2 S. ? v a – 8 a 2 S. a v > –Every two elements.
Data Flow Analysis 2 15-411 Compiler Design Nov. 3, 2005.

Data Flow Analysis Compiler Design Nov. 3, 2005.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc08.html.

Program analysis Mooly Sagiv html://
1 Control Flow Analysis Mooly Sagiv Tel Aviv University 640-6706 Textbook Chapter 3

1 Control Flow Analysis Mooly Sagiv Tel Aviv University Textbook Chapter 3
1 Iterative Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program Analysis.

1 Iterative Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.
Data Flow Analysis 1 15-411 Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.

Data Flow Analysis Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.
Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.

Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.
Interprocedural Analysis Noam Rinetzky Mooly Sagiv Tel Aviv University 640-6706 Textbook Chapter 2.5.

Interprocedural Analysis Noam Rinetzky Mooly Sagiv Tel Aviv University Textbook Chapter 2.5.

Similar presentations

Ads by Google