Combining Abstract Interpreters

1. Combining Abstract Interpreters Mooly Sagiv

2. Combining Data Flow Analyzes • Develop new algorithms from old • If I know how to conservatively represent • Pointers • Integers • Do I know how to handle C programs with integers and pointers?

3. Combining Data Flow Analyzes • Develop new algorithms from old • If I know how to conservatively represent • Pointers • Integers • Do I know how to handle C programs with integers and pointers? • Improve the precision of an analysis • Obtain a more efficient analysis

4. Combining Data Flow Analyzers • Lattice constructors • L1 L2 • S  L1 • … • Galois connection constructors • Constructing the abstract effect of elementary statements • Model the “relevant” parts of the program • Abstract “irrelevant” parts of the program

5. Cartesian Products • A complete lattice (L1, 1) = (L1, , 1, 1, 1, 1) • A complete lattice (L2, 2) = (, , 2, 2, 2, 2) • Define a Poset L = (L1 L2 ,) where • (x1, x2)  (y1, y2) if • x1  y1 and • x2  y2 • L is a complete lattice • But what does an element in L represent?

6. Cartesian Products (cont) • A complete lattice (L1, 1) = (L1, , 1, 1, 1, 1) • A complete lattice (L2, 2) = (, , 2, 2, 2, 2) • Complete lattice L = (L1 L2 ,) • A concrete lattice C (usually a powerset) • A Galois connection (C, 1 , 1, L1) • A Galois connection (C, 2 , 2, L2) • Define :C L1 L2 and : L1 L2C ? • Example: Parity  Sign

7. Cartesian Products (cont) • A Galois connection (C, 1 , 1, L1) • A Galois connection (C, 2 , 2, L2) • A Galois connection (C,  , ,L1 L2) • (c) = <1(c), 2(c)> • (<a1, a2>) = 1(a1)  2(a2) • Define • L1st#: L1 L1 • L2st#: L2 L2 • How to define L1 L2 st#: L1 L2 L1 L2 • Preserve soundness • Preserve relative optimality (induced) • Reasonable • Example: Parity  Sign

8. Semantic Reduction • Consider a Galois connection(C,  , , A) • An operation op: A  A is a semantic reduction if • For all a  A: op(a)  a and (op(a)) = (a)

9. Component-wise combinations • Combine several analyses into a single analysis • Cartesian products (Direct product) • Independent attribute method • Relational attribute method • Total function space • Monotone function space • Direct tensor product

10. Independent Attribute Method • A Galois connection (C1, 1 , 1, L1) • A Galois connection (C2, 2 , 2, L2) • A Galois connection (C1C2,  , ,L1 L2) • (<c1, c2>) = <1(c1), 2(c2)> • (<a1, a2>) = <1(a1) ,2(a2)> • Define • L1st#: L1 L1 • L2st#: L2 L2 • How to define L1 L2 st#: L1 L2 L1 L2 • Preserve soundness • Preserve relative optimality (induced)

11. Relational Attribute Method • A Galois connection (P(C1), 1 , 1, P(L1)) where 1: C1L1 • 1 (X) = {1(c) | c  X} • A Galois connection (P(C2), 2 , 2, P(L2)) where 2: C2L2 • 2 (X) = {2(c) | c  X} • A Galois connection (P(C1C2),  , , P(L1 L2)) • (<X1, X2>) = {<1(c1), 2(c2)> | c1 X1, c2  X2} • (<Y1,Y2>) = {<c1 , c2> | 1(c1)  Y1 2(c2)  Y2 } • But how about transformers?

12. Component-wise combinations • Combine several analyses into a single analysis • Cartesian products (Direct product) • Independent attribute method • Relational attribute method • Total function space • Monotone function space • Direct tensor product