Download
1 / 19
190 likes | 318 Vues
This lecture explores the principles of fixpoint interpretation using complete lattices. It details Tarski’s fixpoint theorem, which guarantees the existence of least fixpoints for monotonic functions in complete lattices. We discuss structural recursion, partial orders, and the critical concepts of least upper bounds (lub) and greatest lower bounds (glb). The lecture examines examples, such as natural numbers and trees, illustrating recursive definitions and inferencing properties of sets defined by functions. Related topics include approximations and Galois connections, providing a comprehensive understanding of fixpoint semantics.
E N D
Notation Partial order: Least upper bound: lub, sup, Greatest lower bound: glb, inf, Least fixpoint: lfp Complete lattice: always exist
Tarski’sfixpoint theorem (A, ) complete lattice G : A A monotonic function Postfixp = { x | G(x) x } Then G has least fixpoint, lfp(G) and it’s Postfixp So, if G(x) x then x Postfixp, so lfp(G) x Let G be also -continuous. Then { Gn ( ) | n 0 } = lfp(G)
Fixpoints for Recursive Definitions Given monotonic G in complete lattice, If G(P) P then lfp(G) P Natural numbers: lfp under adding successors: G(P) = {0} {x+1|x P} lfp(G) = {0,1,2, … } (natural numbers) Take a property PP(x), let P = {x | PP(x)}What does G(P) P mean?{0} U {x+1|x P} P 0 P x P x+1 P If so, we get that all natural numbers are in P
Structural Recursion Trees = lfp(G) where G(P) = { Leaf } U { Node(t1,x,t2) | t1P, t2P} To prove all trees satisfy property, prove for the set P of trees satisfying property that G(P) P. { Leaf } U { Node(t1,x,t2) | t1 P /\ t2 P} P Structural induction! Every inductively defined set is given as lfp(G) for some G, and this gives us an induction principle.
Concrete post Init,Good S r SxS Goal: show sp(Init,r*) Good Approach: find I S such that sp(Init,r*) I Good Define post : 2S2S post(P) = Init U sp(P,r) • post is monotonic function on complete lattice 2S so it has a least fixpoint. This is sp(Init,r*) • Consequence: if post(P) P, then sp(Init,r*) P • Remark: post is also -continuous and join morphism: post(UC)=U{post(x)|xC}so this is also equal to U{ postn({}) | n ≥ 0} Strategy: find P such that post(P) P and then check that P Good
Example k=1; while(k < 100) { k=k+3 }; assert(k <= 255) k=1; loop {assume(k < 100); k=k+3}; assume(k>=100); assert(k <= 255) r = {(k,k’) | (k < 100 /\ k’ = k + 3) } Approximating sp({1},r*) post(P) = {1} U sp(P,r) = {1} U {k+3|k P, k < 100} postn({}): {}, {1}, {1,4}, …, {1,…,97},{1,…,97,100}, {1,…,97,100}
Approximate post Let apost be approximation of post, that is, post(P) apost(P) for all sets P (e.g. take interval enclosing a set) If we find P such that apost(P) P, then post(P) apost(P) P Summary: all we need is • apost that approximes post • a postfix point P of apost, ideally as small as possible, hoping to be able to prove P Good
Domain: Representation of Invariants apost will work only on certain invariants (e.g. only intervals) Represent these invariants as another set A. Define concretization : A 2S post# : A A(post#(a)) = apost((a)) Then post(P) apost(P) becomes post((a)) (post#(a)) This is the soundness condition.
Postfixpoint in Abstract Domain We have found a postfixpoint(a) if (post#(a)) (a) How to effectively check if this inclusion holds? Define an ordering on domain that is computable and satisfies: a1 a2 (a1) (a2) If post#(a) a , then (post#(a)) (a) is monotonic. We need postfixpoint of Define such that it is ordering, the nicer ordering the better (e.g. complete lattice).
Interval Approximation post(P) = {1} U {k+3|k P /\ k < 100} post#() = [1,1] post#([a,b]) = [min(1,a+3),min(b+3,102)] Soundness: post([a,b]) post#([a,b]) {1}U{k+3|a ≤ k ≤ b, k <100} [min(1,a+3),min(b+3,102)] (post#)n(): , [1,1], [1,4], …, [1,97], lfp(post#) = [1,102] We proved automatically sp({1},r*) [1,102]
How to define post# ? One way: Galois comes to rescue Suppose s.t. (, ) is Galois connection. Then post((a)) (post#(a)) is equivalent to ( on right = on left) (post((a)) post#(a) So we can define: post#(a) = (post((a)) Note: such post# is monotonic
Finding fixpoint of post# Compute post# iteration: (post#)n() If for some n (post#)n()= (post#)n+1()then for this n lfp(post#) = (post#)n() To help make this happen • make post# monotonic • design domain so post# iteration terminates in finitely many steps
Interval Domain A A = , intervals w/ finite and infinite bounds Partial order a1, a2 A
Galois Connection: Monotonicity : A 2S ([L,U]) = {x | L ≤ x ≤ U} : 2S A (c) = [min(c),max(c)] Prove , are monotonic
Galois Connection Condition : A 2S ([L,U]) = {x | L ≤ x ≤ U} : 2S A (c) = [min(c),max(c)] Galois connection condition c(a) (c) a Prove it for case where c is bounded, a is [L,U]
Multiple variables Wish to track interval for each variable We track not [L,U] but ([L1,U1],[L2,U2]) If program state is (x,y), define (([L1,U1],[L2,U2])) = {(x,y) | } (p) = ([L1,U1],[L2,U2]) L1 = U1 = L2 = U2 =
Product of Partial Orders (Ai, ≤i) partial orders for iJ (A, ≤) given by A = {f : J UiJAi , i. f(i)Ai} f,gA ordered by f ≤ g i. f(i)≤ig(i) Then (A, ≤) is a partial order. Moreover: If (Ai, ≤i) all have lub, then so does (A, ≤). If (Ai, ≤i) all have glb, then so does (A, ≤).
