1 / 75

Spring 2014 Program Analysis and Verification Lecture 9: Abstract Interpretation I

Spring 2014 Program Analysis and Verification Lecture 9: Abstract Interpretation I. Roman Manevich Ben-Gurion University. Syllabus. Previously. Another static analysis example – constant propagation Basic concepts in static analysis Control flow graphs Equation systems

navid
Télécharger la présentation

Spring 2014 Program Analysis and Verification Lecture 9: Abstract Interpretation I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spring 2014Program Analysis and Verification Lecture 9: Abstract Interpretation I Roman Manevich Ben-Gurion University

  2. Syllabus

  3. Previously • Another static analysis example – constant propagation • Basic concepts in static analysis • Control flow graphs • Equation systems • Collecting semantics • (Trace semantics)

  4. Annotating programs Annotate(P, S) = caseS is x:=aexpr return {P} x:=aexpr {F*[x:=aexpr] P} caseSisS1; S2 let Annotate(P, S1) be {P} A1 {Q1} let Annotate(Q1, S2) be {Q1} A2 {Q2} return {P} A1; {Q1} A2 {Q2} caseSisifbexprthenS1elseS2 letPt = F[assumebexpr]P letPf = F[assumebexpr]P let Annotate(Pt, S1) be {Pt} A1 {Q1} let Annotate(Pf, S2) be {Pf} A2 {Q2} return {P} ifbexprthen {Pt} A1 {Q1}else {Pf} A2 {Q2} {Q1 Q2} caseSiswhilebexprdoS N := Nc := P // Initialize repeatletPt = F[assumebexpr] Nc let Annotate(Pt, S) be {Nc} Abody{N}Nc := Nc N untilN = Nc return{P} INV= {N} whilebexprdo {Pt} Abody {F[assumebexpr](N)}

  5. Collecting semantics example: input 1 label0: if x <= 0 goto label1 x := x – 1goto label0label1: 1 2 … [x3] [x2] [x1] entry 3 4 5 2 if x > 0 [x-1] [x0] [x1] [x-1] exit x := x - 1 [x0] [x1] 3

  6. Collecting semantics example: input 2 label0: if x <= 0 goto label1 x := x – 1goto label0label1: 1 2 … [x3] [x2] [x1] entry 3 4 5 2 if x > 0 [x2] [x-1] [x0] [x1] [x-1] exit x := x - 1 [x0] [x1] 3 [x2]

  7. Collecting semantics example: input 3 label0: if x <= 0 goto label1 x := x – 1goto label0label1: 1 2 … [x3] [x2] [x1] entry 3 4 5 2 if x > 0 [x3] [x2] [x2] [x-1] [x0] [x1] [x-1] exit x := x - 1 [x0] [x1] 3 [x3] [x2]

  8. ad infinitum – fixed point label0: if x <= 0 goto label1 x := x – 1goto label0label1: 1 2 … [x3] [x2] [x1] entry 3 4 5 … 2 if x > 0 [x3] [x2] [x2] [x-1] [x0] [x1] … [x-2] [x-1] exit x := x - 1 [x1] 3 [x3] [x2] …

  9. Predicates at fixed point label0: if x <= 0 goto label1 x := x – 1goto label0label1: 1 2 {true} entry 3 4 5 {true} 2 if x > 0 exit x := x - 1 {x0} {x>0} {x0} 3

  10. Equational definition example Semantic function for assume x>0 Semantic function for x:=x-1 lifted to sets of states entry R[0] R[1] if x > 0 R[3] R[2] R[4] exit x := x-1 A vector of variables R[0, 1, 2, 3, 4] R[0] = {xZ} // established inputR[1] = R[0]  R[4]R[2] = R[1]  {s | s(x) > 0}R[3] = R[1]  {s | s(x)  0}R[4] = x:=x-1 R[2] A (recursive) system of equations

  11. General definition entry R[0] R[1] if x > 0 R[3] R[2] R[4] exit x := x-1 • A vector of variables R[0, …, k] one per input/output of a node • R[0] is for entry • For node n with multiple predecessors add equationR[n] = {R[k] | k is a predecessor of n} • For an atomic operation node R[m] S R[n] add equationR[n] = S R[m] • Transform if bthenS1elseS2to (assumeb; S1) or (assumeb; S2)

  12. Current lecture Appendix A. • Semantic domains • Preorders • Partial orders (posets) • Pointed posets • Ascending/descending chains • The height of a poset • Join and Meet operators • Complete lattices • Constructing new lattices from old

  13. Abstractinterpretation Theory[1977] By Rama (Own work) [CC-BY-SA-2.0-fr (http://creativecommons.org/licenses/by-sa/2.0/fr/deed.en)], via Wikimedia Commons

  14. Abstract Interpretation [CC77] • A very general mathematical frameworkfor approximating semantics • Generalizes Hoare Logic • Generalizes weakest precondition calculus • Allows designing sound static analysis algorithms • Usually compute by iterating to a fixed-point • Not specific to any programming language style • Results of an abstract interpretation are (loop) invariants • Can be interpreted as axiomatic verification assertions and used for verification

  15. Annotating programs Approximates concrete semantics sp(x:=aexpr, P)  F*[x:=aexpr] Approximates disjunction { P’ } S { Q’ } { P } S { Q } [consp] if PP’ and Q’Q Annotate(P, S) = caseS is x:=aexpr return {P} x:=aexpr {F*[x:=aexpr] P} caseSisS1; S2 let Annotate(P, S1) be {P} A1 {Q1} let Annotate(Q1, S2) be {Q1} A2 {Q2} return {P} A1; {Q1} A2 {Q2} caseSisifbexprthenS1elseS2 letPt = F[assumebexpr]P letPf = F[assumebexpr]P let Annotate(Pt, S1) be {Pt} A1 {Q1} let Annotate(Pf, S2) be {Pf} A2 {Q2} return {P} ifbexprthen {Pt} A1 {Q1}else {Pf} A2 {Q2} {Q1Q2} caseSiswhilebexprdoS N := Nc := P // Initialize repeatletPt = F[assumebexpr]Nc let Annotate(Pt, S) be {Nc} Abody{N}Nc := NcN untilN = Nc return{P} INV= {N} whilebexprdo {Pt} Abody {F[assumebexpr](N)}

  16. The big picture abstract representationof sets of states abstract representationof sets of states statement S abstract semantics meaning meaning abstraction abstraction set of states set of states set of states statement S  collecting semantics Use semantic domains to define both concrete semantics and abstract semantics Relate semantics in a sound way Interpret program over abstract semantics

  17. A theoryof semantic domains 1. Approximating elements 2. Approximating sets of elements By Brett Jordan David Macdonald [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons

  18. Overall idea • A semantic domain can be used to define properties (representations of predicates) • Also called abstract states • Common representations • Logical formulas • Automata • Specialized graphs

  19. A taxonomy of semantic domain types Complete Lattice(D, , , , , ) Lattice(D, , , , , ) Join semilattice(D, , , ) Meet semilattice(D, , , ) Complete partial order (CPO)(D, , ) Partial order (poset)(D, ) Preorder(D, )

  20. preorders

  21. Preorder • Let D be a set of elements • We say that a binary order relation  over Dis a preorder if the following conditions hold for every d, d’, d’’  D • Reflexive: d  d • Transitive: d  d’ and d’  d’’ implies d  d’’ • There may exist d, d’ such that d  d’ and d’  d yet d  d’

  22. Preorder examples • SAV-predicates • SAV-factoids = { x = y | x, y Var }  { x = y + z | x, y, z Var } • SAV-predicates  = 2 • Order relation 1: P1 set P2iffP1  P2 • Order relation 2: P1 imp P2iffP1  P2 • Which order relation is stronger(contains more pairs)? • Which order relation is easier to check? • What if both P1 and P2 are in the image of explicate?

  23. SAV preorder 1: P1 set P2iffP1  P2 Var = {x, y} {} {x=y} {y=x} {x=x+x} {y=y+y} {y=x+y} {y=y+x} {x=x+y} {x=y+x} … {x=y, y=x} {x=y, x=x+x} {x=x+y, x=y+x} … {x=y, x=x+x, x=x+y} {x=y, x=x+x, x=x+y} {x=y, y=x, x=x+x, y=y+y, y=x+y, y=y+x, x=x+y, x=y+x}

  24. SAV preorder 2: P1 imp P2iffP1  P2 Var = {x, y} {} {x=y} {y=x} {x=x+x} {y=y+y} {y=x+y} {y=y+x} {x=x+y} {x=y+x} … {x=y, y=x} {x=x+y, x=y+x} {x=y, x=x+x} … … {x=y, x=x+x, x=x+y} {x=y, x=x+x, x=x+y} {x=y, y=x, x=x+x, y=y+y, y=x+y, y=y+x, x=x+y, x=y+x}

  25. Preorder examples • CP-predicates • CP-factoids = { x = c | x Var, c  Z } • CP-predicates  = 2 • Order relation 1: P1 set P2iffP1  P2 • Order relation 2: P1 imp P2iffP1  P2 • Is there a difference? • {x=5, x=7, x=9}  {x=5, x=7} • {x=5, x=7, x=9}{x=5, x=7} • {x=5, x=7}{x=5, x=7, x=9}

  26. CP preorder example {} … … {x=-3} {x=-2} {x=-1} {x=0} {x=1} {x=2} {x=3} Var = {x}

  27. CP preorder example {} … … … {x=-3} {x=0} {x=3} {y=-5} {y=0} {y=36} {x=-3, y=-5} {x=0, y=0} {x=3, y=36} Var = {x, y}

  28. The problem with preorders • Equivalent elements have different representations • {x=y, x=a+b} S {Q} • {x=y, y=a+b} S {Q’} • Leads to unpredictability • Which result should our static analysis give?

  29. The problem with preorders • Equivalent elements have different representations • {x=y, x=a+b} assume ya+b {x=y, x=a+b} • {x=y, y=a+b} assume ya+b {false} • Leads to unpredictability • Which result should our static analysis give?

  30. The problem with preorders In practice many static analyses still use preorders • Equivalent elements have different representations • {x=y, x=a+b} assume xa+b {false} • {x=y, y=a+b} assume xa+b {x=y, x=a+b} • Leads to unpredictability • Which result should our static analysis give?

  31. Partial orders

  32. Partially ordered sets (partial orders) Makes it easier to choose the best element • A partially ordered set (Poset for short)is a pair (D , ) • D is a set of elements – a semantic domain •  is a partial order between pairs of elements from D. That is  : D D with the following properties, for all d, d’, d’’ in D • Reflexive: d  d • Transitive: d  d’ and d’  d’’ implies d  d’’ • Anti-symmetric: d  d’ and d’  d implies d = d’ • If d  d’ and d  d’ we write d  d’

  33. Partially ordered sets (partial orders) • A partially ordered set (Poset for short)is a pair (D , ) • D is a set of elements – a semantic domain •  is a partial order between pairs of elements from D. That is  : D D with the following properties, for all d, d’, d’’ in D • Reflexive: d  d • Transitive: d  d’ and d’  d’’ implies d  d’’ • Anti-symmetric: d  d’ and d’  d implies d = d’ • If d  d’ and d  d’ we write d  d’

  34. SAV partial order • SAV-predicates • SAV-factoids = { x = y | x, y Var }  { x = y + z | x, y, z Var } • SAV-predicates  = 2 • Order relation 1: P1 set P2iffP1  P2Is this a partial order? • Order relation 2: P1 imp P2iffP1  P2that is models(P1) models(P2)Is this a partial order? • Order relation 3: P1 set* P2 iffExplicate(P1) setExplicate(P2)Is this a partial order?

  35. CP partial order Can we define a more precise partial order? • CP-predicates • CP-factoids = { x = c | x Var, c  Z } • CP-predicates  = 2 • Order relation 1: P1 set P2iffP1  P2Is it a partial order? • Order relation 2: P1 imp P2iffP1  P2Is it a partial order?

  36. CP partial order • CP-predicates • CP-factoids false = { x = c | x Var, c  Z } • CP-predicates  = 2  {false} • Define reduce : 2  2reduce(P) = if exists {x=c1, x=c2}P then {false} else P • false = { P2 | P=reduce(P) }  {false} • Order relation: P1 P2 if P1 P2 or P1={false}

  37. Pointed poset • A poset (D, ) with a least element  is called a pointed poset • For all dD we have that   d • The pointed poset is denoted by (D , , ) • We can always transform a poset (D, ) into a pointed poset by adding a special bottom element(D  {},   {d | dD}, ) • Example: false = { P2 | P=reduce(P) }  {false}

  38. chains

  39. Chains • If d  d’ and d  d’ we write d  d’ • Similarly define d  d’ • Let (D, ) be a poset • An ascending chain is a sequencex1 x2 …  xk… • A descending chain is a sequencex1 x2 …  xk… • The height of a poset is the length of the maximal ascending chain • What is the height of the SAV poset? • What is the height of the CP poset?

  40. Ascending chain example true x0 x0 x<0 x=0 x>0 false

  41. Joining elements By Viviana Pastor (originally posted to Flickr as Harbour Bridge 1) [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons

  42. Bounds Let (D , ) be a poset Let X  D be a set of elements from D An element dD is an upper bound (ub) of Xiff for every xD we have that xd An element dD is a lower bound (lb) of Xiff for every xD we have that dx An element dD is the least upper bound (lub) of Xiffd is the minimal of all upper bounds of X An element dD is the greatest lower bound (glb) of Xiffd is the maximal of all lower bounds of X

  43. Bounds example the signs lattice(for variable x) true x0 x0 x<0 x=0 x>0 false

  44. x0 and true are upper bounds true x0 x0 x<0 x=0 x>0 false

  45. x0 is the least upper bound true x0 x0 x<0 x=0 x>0 false

  46. Join (confluence) operator • Assume a poset (D, ) • Let X  D be a subset of D (finite/infinite) • The join of X is defined as • X = the least upper bound (LUB) of all elements in X if it exists • X = min{ b | forallxX we have that xb} • The supremum of the elements in X • A kind of abstract union (disjunction) operator • Properties of a join operator • Commutative: x  y = y  x • Associative: (x  y)  z = x  (y  z) • Idempotent: x  x = x • xy = yiffx  y

  47. Properties of join Can be used to define partial orderxy = yiffx  y Monotone: if y  z then (xy)  (xz) x = x x = 

  48. Meet operator • Assume a poset (D, ) • Let X  D be a subset of D (finite/infinite) • The meet of X is defined as • X = the greatest lower bound (GLB) of all elements in X if it exists • X = max{ b | forallxX we have that bx} • The infimum of the elements in X • A kind of abstract intersection (conjunction) operator • Properties of a join operator • Commutative: x  y = y  x • Associative: (x  y)  z = x  (y  z) • Idempotent: x  x = x

  49. Complete partial orders

  50. Complete partial order (CPO) A CPO is a partial order where each ascending chain has a supremum

More Related