1 / 19

Lecture 10 Abstract Interpretation using Fixpoints

Lecture 10 Abstract Interpretation using Fixpoints. Notation. Partial order: Least upper bound: lub , sup, Greatest lower bound: glb , inf , Least fixpoint : lfp Complete lattice: always exist. Tarski’s fixpoint theorem. (A , ) complete lattice

octavius-michael
Download Presentation

Lecture 10 Abstract Interpretation using Fixpoints

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 10 Abstract Interpretation usingFixpoints

  2. Notation Partial order: Least upper bound: lub, sup, Greatest lower bound: glb, inf, Least fixpoint: lfp Complete lattice: always exist

  3. Tarski’sfixpoint theorem (A, ) complete lattice G : A  A monotonic function Postfixp = { x | G(x) x } Then G has least fixpoint, lfp(G) and it’s Postfixp So, if G(x) x then x Postfixp, so lfp(G) x Let G be also -continuous. Then { Gn ( ) | n 0 } = lfp(G)

  4. Fixpoints for Recursive Definitions Given monotonic G in complete lattice, If G(P) P then lfp(G) P Natural numbers: lfp under adding successors: G(P) = {0} {x+1|x P} lfp(G) = {0,1,2, … } (natural numbers) Take a property PP(x), let P = {x | PP(x)}What does G(P) P mean?{0} U {x+1|x P} P 0 P x P  x+1 P If so, we get that all natural numbers are in P

  5. Structural Recursion Trees = lfp(G) where G(P) = { Leaf } U { Node(t1,x,t2) | t1P, t2P} To prove all trees satisfy property, prove for the set P of trees satisfying property that G(P)  P. { Leaf } U { Node(t1,x,t2) | t1  P /\ t2 P}  P Structural induction! Every inductively defined set is given as lfp(G) for some G, and this gives us an induction principle.

  6. Concrete post Init,Good S r  SxS Goal: show sp(Init,r*)  Good Approach: find I  S such that sp(Init,r*)  I  Good Define post : 2S2S post(P) = Init U sp(P,r) • post is monotonic function on complete lattice 2S so it has a least fixpoint. This is sp(Init,r*) • Consequence: if post(P)  P, then sp(Init,r*)  P • Remark: post is also -continuous and join morphism: post(UC)=U{post(x)|xC}so this is also equal to U{ postn({}) | n ≥ 0} Strategy: find P such that post(P)  P and then check that P  Good

  7. Example k=1; while(k < 100) { k=k+3 }; assert(k <= 255) k=1; loop {assume(k < 100); k=k+3}; assume(k>=100); assert(k <= 255) r = {(k,k’) | (k < 100 /\ k’ = k + 3) } Approximating sp({1},r*) post(P) = {1} U sp(P,r) = {1} U {k+3|k  P, k < 100} postn({}): {}, {1}, {1,4}, …, {1,…,97},{1,…,97,100}, {1,…,97,100}

  8. Approximate post Let apost be approximation of post, that is, post(P) apost(P) for all sets P (e.g. take interval enclosing a set) If we find P such that apost(P)  P, then post(P) apost(P)  P Summary: all we need is • apost that approximes post • a postfix point P of apost, ideally as small as possible, hoping to be able to prove P  Good

  9. Domain: Representation of Invariants apost will work only on certain invariants (e.g. only intervals) Represent these invariants as another set A. Define concretization  : A  2S post# : A  A(post#(a)) = apost((a)) Then post(P) apost(P) becomes post((a)) (post#(a)) This is the soundness condition.

  10. Postfixpoint in Abstract Domain We have found a postfixpoint(a) if (post#(a)) (a) How to effectively check if this inclusion holds? Define an ordering on domain that is computable and satisfies: a1 a2  (a1) (a2) If post#(a) a , then (post#(a)) (a)  is monotonic. We need postfixpoint of  Define such that it is ordering, the nicer ordering the better (e.g. complete lattice).

  11. Interval Approximation post(P) = {1} U {k+3|k P /\ k < 100} post#() = [1,1] post#([a,b]) = [min(1,a+3),min(b+3,102)] Soundness: post([a,b])  post#([a,b]) {1}U{k+3|a ≤ k ≤ b, k <100}  [min(1,a+3),min(b+3,102)] (post#)n(): , [1,1], [1,4], …, [1,97], lfp(post#) = [1,102] We proved automatically sp({1},r*)  [1,102]

  12. How to define post# ? One way: Galois comes to rescue Suppose s.t. (, ) is Galois connection. Then post((a)) (post#(a)) is equivalent to ( on right =  on left) (post((a)) post#(a) So we can define: post#(a) = (post((a)) Note: such post# is monotonic

  13. Finding fixpoint of post# Compute post# iteration: (post#)n() If for some n (post#)n()= (post#)n+1()then for this n lfp(post#) = (post#)n() To help make this happen • make post# monotonic • design domain so post# iteration terminates in finitely many steps

  14. Partial Order on Intervals

  15. Interval Domain A A = , intervals w/ finite and infinite bounds Partial order a1, a2  A

  16. Galois Connection: Monotonicity  : A  2S ([L,U]) = {x | L ≤ x ≤ U} : 2S A (c) = [min(c),max(c)] Prove , are monotonic

  17. Galois Connection Condition  : A  2S ([L,U]) = {x | L ≤ x ≤ U} : 2S A (c) = [min(c),max(c)] Galois connection condition c(a)  (c) a Prove it for case where c is bounded, a is [L,U]

  18. Multiple variables Wish to track interval for each variable We track not [L,U] but ([L1,U1],[L2,U2]) If program state is (x,y), define (([L1,U1],[L2,U2])) = {(x,y) | } (p) = ([L1,U1],[L2,U2]) L1 = U1 = L2 = U2 =

  19. Product of Partial Orders (Ai, ≤i) partial orders for iJ (A, ≤) given by A = {f : J  UiJAi ,  i. f(i)Ai} f,gA ordered by f ≤ g   i. f(i)≤ig(i) Then (A, ≤) is a partial order. Moreover: If (Ai, ≤i) all have lub, then so does (A, ≤). If (Ai, ≤i) all have glb, then so does (A, ≤).

More Related