Tentative Schedule - PowerPoint PPT Presentation

About This Presentation
Title:

Tentative Schedule

Description:

May 15, 14-16 Orna Grumberg 14-16 309. May 12 Yom Hatzamaut. May 19, 20 TVLA. May 22 TAU verification day ... op is idempotent, i.e., op(op(X)) = op(X) ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 34
Provided by: Dor103
Category:

less

Transcript and Presenter's Notes

Title: Tentative Schedule


1
Tentative Schedule
  • Today Theory of abstract interpretation
  • May 5 Procedures
  • May 15, 14-16 Orna Grumberg 14-16 309
  • May 12 Yom Hatzamaut
  • May 19, 20 TVLA
  • May 22 TAU verification day (optional)
  • May 27 Yom Hastudent
  • June 2, Advanced Topics

2
Program AnalysisSystematic Domain Design
  • Mooly Sagiv
  • http//www.cs.tau.ac.il/msagiv/courses/pa05.html
  • Tel Aviv University
  • 640-6706
  • Textbook Principles of Program Analysis
  • Chapter 4, CC79, CC92

3
Outline
  • Domains with infinite heights
  • More on Galois Connections
  • Systematic construction of Galois connection
  • Precision

4
Specialized Chaotic Iterations
Chaotic(G(V, E) Graph, s Node, L lattice, ?
L, f E ?(L ?L) ) for each v in V to n do
dfentryv ? Inv ? WL s
while (WL ? ? ) do select and remove an
element u ? WL for each v, such that. (u,
v) ?E do temp f(e)(dfentryu)
new dfentry(v)? temp if
(new ? dfentryv) then
dfentryv new
WL WL ?v
5
Widening
  • Accelerate the termination of Chaotic iterations
    by computing a more conservative solution
  • Can handle lattices of infinite heights

6
Specialized Chaotic Iterations ?
Chaotic(G(V, E) Graph, s Node, L lattice, ?
L, f E ?(L ?L) ) for each v in V to n do
dfentryv ? Inv ? WL s
while (WL ? ? ) do select and remove an
element u ? WL for each v, such that. (u,
v) ?E do temp f(e)(dfentryu)
new dfentry(v) ? temp if
(new ? dfentryv) then
dfentryv new
WL WL ?v
7
Example Interval Analysis
  • Find a lower and an upper bound of the value of a
    variable
  • Usages?
  • Lattice L (Z?-?, ??Z ?-?, ?, ?, ?, ?, ?,?)
  • a, b ? c, d if c ? a and d ? b
  • a, b ? c, d min(a, c), max(b, d)
  • a, b ? c, d max(a, c), min(b, d)
  • ?
  • ?
  • Galois connection

8
Example ProgramInterval Analysis
  • x 11 while x ? 10002 do x x
    13

IntEntry(1) minint,maxint IntExit(1) 1,1
IntEntry(2) IntExit(1) ? IntExit(3) IntExit(2)
IntEntry(2)
IntEntry(3) IntExit(2) ? minint,1000 IntExit(3
) IntEntry(3)1,1
IntEntry(4) IntExit(2) ? 1001,maxint IntExit(4
) IntEntry(4)
9
Widening for Interval Analysis
  • ?? c, d c, d
  • a, b ? c, d if a ? c then a else
    -?, if b ? d then b else ?

10
Example ProgramInterval Analysis
  • x 11 while x ? 10002 do x x
    13

IntEntry(1) -?, ? IntExit(1) 1,1
IntEntry(2) InExit(2) ? (IntExit(1) ?
IntExit(3)) IntExit(2) IntEntry(2)
IntEntry(3) IntExit(2) ? -?,1000 IntExit(3)
IntEntry(3)1,1
IntEntry(4) IntExit(2) ? 1001, ? IntExit(4)
IntEntry(4)
11
Requirements on Widening
  • For all elements l1 ? l2 ? l1 ? l2
  • For all ascending chains l0 ? l1 ? l2 ? the
    following sequence is finite
  • y0 l0
  • yi1 yi ? li1
  • For a monotonic function f L ? Ldefine
  • x0 ?
  • xi1 xi ? f(xi )
  • Theorem
  • There exits k such that xk1 xk
  • xk ?Red(f) l l ? L, f(l) ? l

12
Narrowing
  • Improve the result of widening
  • y ? x ? y ? (x ?y) ? x
  • For all decreasing chains x0 ? x1 ?the
    following sequence is finite
  • y0 x0
  • yi1 yi ? xi1
  • For a monotonic function f L ? L and x ?Red(f)
    l l ? L, f(l) ? ldefine
  • y0 x
  • yi1 yi ? f(yi )
  • Theorem
  • There exits k such that yk1 yk
  • yk ?Red(f) l l ? L, f(l) ? l

13
Narrowing for Interval Analysis
  • a, b ? ? a, b
  • a, b ? c, d if a -? then
    c else a, if b ? then d else b

14
Example ProgramInterval Analysis
  • x 11 while x ? 10002 do x x
    13

IntEntry(1) -? , ? IntExit(1) 1,1
IntEntry(2) InExit(2) ?( IntExit(1) ?
IntExit(3)) IntExit(2) IntEntry(2)
IntEntry(3) IntExit(2) ? -?,1000 IntExit(3)
IntEntry(3)1,1
IntEntry(4) IntExit(2) ? 1001, ? IntExit(4)
IntEntry(4)
15
Non Montonicity of Widening
16
Example Lattice Octagon (Shaham00, Mine02)
  • Inequalities between variables
  • Constraint graph G(V, E, w)
  • V includes a vertex for every variable
  • Additional zero node
  • weight function w E ? Z
  • Constraints
  • x ? y w(x, y)
  • Lattice
  • Abstraction
  • Concretization
  • Widening
  • Relationships to intervals

17
Widening and Narrowing Summary
  • Very simple but produces impressive precision
  • Sometimes non-monotonic
  • The McCarthy 91 function
  • Also useful in the finite case
  • Can be used as a methodological tool
  • But not uniformly accepted

int f(x) -? , ? if x gt 100 then 101, ?
return x -10 91, ?-10 else -?, 100
return f(f(x11)) 91, 91
18
Galois Insertions
  • For
  • A complete lattice (L1, ?1) (L1, ?, ?1, ?1,
    ?1, ?1)
  • A complete lattice (L2, ?2) (, ?, ?2, ?2, ?2,
    ?2)
  • ?L1?L2
  • ? L2?L1
  • We say that (L1, ?, ?, L2) is a Galois insertion
  • ? and ? are monotone
  • For all c ? L1 ?(?(c)) ? c
  • For all a? L2 ?(?(a)) a

19
Galois Insertions
?(?(l))
?(l)
l
20
Upper Closure
  • An operator op P(?) ?P(?) is an upper closure if
  • op is monotonic
  • op is inflationary, i.e., op(X) ? X
  • op is idempotent, i.e., op(op(X)) op(X)
  • Every Galois connection (insertion) defines an
    upper closure on the set of concretization

21
Properties of Galois connections
  • Uniquely determine each other
  • Compose
  • Abstraction is additive
  • Concretization is multiplicative
  • Abstraction is strict in ?
  • Concretization is co-strict in ?

22
Combining Data Flow Analyzes
  • Develop new algorithms from old
  • If I know how to conservatively represent
  • Pointers
  • Integers
  • Do I know how to handle C programs with integers
    and pointers?

23
Combining Data Flow Analyzes
  • Develop new algorithms from old
  • If I know how to conservatively represent
  • Pointers
  • Integers
  • Do I know how to handle C programs with integers
    and pointers?
  • Improve the precision of an analysis
  • Obtain a more efficient analysis

24
Combining Data Flow Analyzers
  • Lattice constructors
  • L1 ? L2
  • S ? L1
  • Galois connection constructors
  • Constructing the abstract effect of elementary
    statements
  • Model the relevant parts of the program
  • Abstract irrelevant parts of the program

25
Galois Connections
  • For
  • A complete lattice (L1, ?1) (L1, ?, ?1, ?1,
    ?1, ?1)
  • A complete lattice (L2, ?2) (, ?, ?2, ?2, ?2,
    ?2)
  • ?L1?L2
  • ? L2?L1
  • We say that (L1, ?, ?, L2) is a Galois
    connection
  • ? and ? are monotone
  • For all c ? L1 ?(?(c)) ? c
  • For all a? L2 ?(?(a)) ? a

26
Cartesian Products
  • A complete lattice (L1, ?1) (L1, ?, ?1, ?1,
    ?1, ?1)
  • A complete lattice (L2, ?2) (, ?, ?2, ?2, ?2,
    ?2)
  • Define a Poset L (L1 ? L2 ,? ) where
  • (x1, x2) ? (y1, y2) if
  • x1 ? y1 and
  • x2 ? y2
  • L is a complete lattice
  • But what does an element in L represent?

27
Cartesian Products (cont)
  • A complete lattice (L1, ?1) (L1, ?, ?1, ?1,
    ?1, ?1)
  • A complete lattice (L2, ?2) (, ?, ?2, ?2, ?2,
    ?2)
  • Complete lattice L (L1 ? L2 ,? )
  • A concrete lattice C (usually a powerset)
  • A Galois connection (C, ?1 , ?1, L1)
  • A Galois connection (C, ?2 , ?2, L2)
  • Define ?C? L1 ? L2 and ? L1 ? L2 ? C ?
  • Example Parity ? Sign

28
Cartesian Products (cont)
  • A Galois connection (C, ?1 , ?1, L1)
  • A Galois connection (C, ?2 , ?2, L2)
  • A Galois connection (C, ? , ?, L1 ? L2 )
  • ?(c) lt?1(c), ?2(c)gt
  • ?(lta1, a2gt) ?1(a1) ? ?2(a2)
  • Define
  • L1?st? L1? L1
  • L2?st? L2? L2
  • How to define L1 ? L2 ?st? L1 ? L2 ? L1 ? L2
  • Preserve soundness
  • Preserve relative optimality (induced)
  • Example Parity ? Sign

29
Component-wise combinations
  • Combine several analyses into a single analysis
  • Cartesian products (Direct product)
  • Independent attribute method
  • Relational attribute method
  • Total function space
  • Monotone function space
  • Direct tensor product

30
Independent Attribute Method
  • A Galois connection (C1, ?1 , ?1, L1)
  • A Galois connection (C2, ?2 , ?2, L2)
  • A Galois connection (C1?C2, ? , ?, L1 ? L2 )
  • ?(ltc1, c2gt) lt?1(c1), ?2(c2)gt
  • ?(lta1, a2gt) lt?1(a1) , ?2(a2)gt
  • Define
  • L1?st? L1? L1
  • L2?st? L2? L2
  • How to define L1 ? L2 ?st? L1 ? L2 ? L1 ? L2
  • Preserve soundness
  • Preserve relative optimality (induced)

31
Relational Attribute Method
  • A Galois connection (P(C1), ?1 , ?1, P(L1))
    where ?1 C1?L1
  • ?1 (X) ??1(c) c ? X
  • A Galois connection (P(C2), ?2 , ?2, P(L2))
    where ?2 C2?L2
  • ?2 (X) ??2(c) c ? X
  • A Galois connection (P(C1?C2), ? , ?, P(L1 ? L2))
  • ?(X) lt?1(c1), ?2(c2)gt ltc1, c2 gt X
  • ?(ltY1,Y2gt) ltc1 , c2gt ?1(c1) ? Y1 ?2(c2)
    ? Y2
  • But how about transformers?

32
Conclusions(1)
  • Good static analysis
  • Precise enough (for the client)
  • Efficient enough
  • Good static analysis
  • Good domain
  • Abstract non-important details
  • Represent relevant concrete information
  • Precise and efficient abstract meaning of
    abstract interpreters
  • Efficient join implementation
  • Small height or widening

33
Conclusions(2)
  • The Theory of Static Analysis is well founded
  • Abstraction
  • Soundness
  • Chaotic iterations
  • Elimination methods
  • Modular methods
  • Weak Parts
  • Transformations
  • Predictable approximations
  • System
Write a Comment
User Comments (0)
About PowerShow.com