Basic Concepts of Abstract Interpretation

Transcription

1 Programming Research Laboratory Seoul National University Basic Concepts of Abstract Interpretation Soonho Kong soon/ May 25, 2007 Work of P. Cousot and R.Cousot Basic Concepts of Abstract Interpretation, 1 / 35

2 P. Cousot and R. Cousot. Basic Concepts of Abstract Interpretation. In Building the Information Society, R. Jacquard (Ed.), pages Kluwer Academic Publishers Basic Concepts of Abstract Interpretation, 2 / 35

3 Overview Goal To Understand basic concepts of abstract interpretation. Basic Concepts of Abstract Interpretation, 3 / 35

4 Overview Contents Overview Introduction Transition Systems Partial Trace Semantics The Reflexive Transitive Closure Semantics The Reachability Semantics The Interval Semantics Convergence Acceleration Conclusion Basic Concepts of Abstract Interpretation, 4 / 35

5 Introduction Introduction Abstract Interpretation: a theory of approximation of mathematical structures, in particular those involved in the semantic models of computer systems. Basic Concepts of Abstract Interpretation, 5 / 35

6 Transition Systems Transition Systems Programs are formalized as transition systems : = Σ, Σ i, t Σ : a set of states Σ i Σ : the set of initial states t Σ Σ : a transition relation between a state and its possible successors. Example, the transition system Z, {0}, { x, x x = x + 1} of program x := 0; while true do x := x + 1. Basic Concepts of Abstract Interpretation, 6 / 35

7 Partial Trace Semantics Partial Trace Semantics A finite partial execution trace : σ = s 0 s 1... s n s 0 Σ For all i < n, s i, s i+1 t Partial traces of length 0 : φ Partial traces of length 1 : Σ 1 = {s s Σ} Partial traces of length n + 1 : Σ n+1 = {σss σs Σ n s, s t} Collecting semantics of : all partial traces of all finite lengths Σ = n 0 Σ n Basic Concepts of Abstract Interpretation, 7 / 35

8 Partial Trace Semantics Partial Trace Semantics in Fixpoint Form For the function F Σ F (X) = {s s Σ} {σss σs X s, s t} is the least fixpoint of F, that is F (Σ ) = Σ For all X such that F (X) = X, Σ Therefore, Σ = lfp F = n 0 X F n (φ) Basic Concepts of Abstract Interpretation, 8 / 35

9 Partial Trace Semantics Partial Trace Semantics in Fixpoint Form - Proof I F (Σ ) = Σ The proof is as follows: F (Σ ) = F ( Σ n ) n 0 = {s s Σ} {σss σs ( n 0 Σ n ) s, s t} def.σ def. F = {s s Σ} n 0{σss σs (Σ n ) s, s t} set theory = Σ 1 n 0 = n 1 Σ n+1 def. Σ 1 and Σ n+1 Σ n = n 0 Σ n by letting n = n + 1 and since Σ n = φ Basic Concepts of Abstract Interpretation, 9 / 35

10 Partial Trace Semantics Partial Trace Semantics in Fixpoint Form - Proof II For all X such that F (X) = X, Σ X We prove by induction that n 0 : Σ n X 1. Base Case : Σ 0 = φ X 2. Inductive Hypothesis : Σ n X Since σs Σ n σs X, {σss σs Σ n s, s t} {σss σs X s, s t} Therefore, Σ n+1 F (Σ n ) F (X) = X Basic Concepts of Abstract Interpretation, 10 / 35

11 The Reflexive Transitive Closure Semantics The Reflexive Transitive Closure Semantics as an Abstraction Abstraction of the partial trace semantics α (X) = { α (σ) σ X} where α (s 0 s 1... s n ) = s 0, s n α (Σ ) is the reflexive transitive closure t of the transition relation t. Concretization γ (Y) = {σ α (σ) Y} = {s 0 s 1... s n s 0, s n Y} X γ (α (X)) Basic Concepts of Abstract Interpretation, 11 / 35

12 The Reflexive Transitive Closure Semantics Answering Concrete Questions in the Abstract Answering concrete question about X using a simpler abstract question on α (X). Example : s... s... s X? s, s α (X)? Basic Concepts of Abstract Interpretation, 12 / 35

13 The Reflexive Transitive Closure Semantics Galois Connections Given any set X of partial traces and Y of pair of states, α (X) Y X γ (Y) which is a characteristic property of Galois connections. Proof. α (X) Y { α (σ) σ X} Y σ X : α (σ) Y X {σ α (σ) Y} X γ (Y) def. α def. def. γ Basic Concepts of Abstract Interpretation, 13 / 35

14 The Reflexive Transitive Closure Semantics Galois Connections Galois connections preserve joins. α ( X i ) = α (X i ) i I i I Proof. α ( X i ) = { α (σ) σ X i } i I i I = i I{ α (σ) σ X i } = i I α (X i ) Basic Concepts of Abstract Interpretation, 14 / 35

15 The Reflexive Transitive Closure Semantics The Reflexive Transitive Closure Semantics in Fixpoint Form * General Principle in Abstract Interpretation. 1. The concrete(partial trace) semantics is expressed in fixpoint form. Σ = lfp F 2. The abstract(reflexive transitive closure) semantics is an abstraction of the concrete semantics by a Galois connections and it can be expressed in fixpoint form, too. α (Σ ) = lfp F 3. 2 can be generalized to order theory, and is known as the fixpoint transfer theorem. Basic Concepts of Abstract Interpretation, 15 / 35

16 The Reflexive Transitive Closure Semantics The Reflexive Transitive Closure Semantics in Fixpoint Form - Propositions & Definitions 1. Proposition 1. α (φ) = φ φ γ (φ) α (φ) φ. Therefore α (φ) = φ. 2. Propostion 2. Commutation Property: α (F (X)) = F(α (X)) 2.1 Definition 1. I Σ = { s, s s Σ} 2.2 Definition 2. F(Y) = I Σ Y t α (F (X)) = α ({s s Σ} {σss σs X s, s t}) def. F = { α (s) s Σ} { α (σss ) σs X s, s t}) def. α = { s, s s Σ} { σ 0, s s : σs X s, s t}) def. α = I Σ { σ 0, s s : σ 0, s α (X) s, s t}) def.i Σ,α = I Σ α (X) t = F (α (X)) Basic Concepts of Abstract Interpretation, 16 / 35

17 The Reflexive Transitive Closure Semantics The Reflexive Transitive Closure Semantics in Fixpoint Form - Proof Showing is equivalent to prove that Using induction on α ( n 0 α (Σ ) = lfp F F n (φ)) = n 0 F n (φ) n : α (F n (φ)) = F n (φ) Basic Concepts of Abstract Interpretation, 17 / 35

18 The Reflexive Transitive Closure Semantics The Reflexive Transitive Closure Semantics in Fixpoint Form - Proof n : α (F n (φ)) = F n (φ) 1. Base Case: α (F 0 (φ)) = φ = F 0 (φ) 2. Inductive Hypothesis: α (F n (φ)) = F n (φ) α (F n+1 (φ)) = α (F (F n (φ))) = F(α (F n (φ))) commutative = FF n (φ) inductive hypothesis = F n+1 (φ) Basic Concepts of Abstract Interpretation, 18 / 35

19 The Reachability Semantics The Reachability Semantics as an Abstraction The reachability semantics of the transition system = Σ, Σ i, t {s s Σ i : s, s t } is the set of states that are reachable from the initial states Σ i. Basic Concepts of Abstract Interpretation, 19 / 35

20 The Reachability Semantics The Reachability Semantics as an Abstraction Definition post[r]z: The right-image of the set Z by relation r post[r]z = {s s Z : s, s r} Basic Concepts of Abstract Interpretation, 20 / 35

21 The Reachability Semantics The Reachability Semantics as an Abstraction Abstraction of the reflexive transitive closure semantics Y is defined as α (Y) = {s s Σ i : s, s Y} = post[y]σ i Concretization of the reachability semantics Z is defined as γ (Z) = { s, s s Σ i = s Z} Basic Concepts of Abstract Interpretation, 21 / 35

22 The Reachability Semantics Galois Connection We have the Galois Connection: α (Y) Z Y γ (Z) Proof. α (Y) Z {s s Σ i : s, s Y} Z def. α s : s Σ i : s, s Y = s Z def. s, s Y : s Σ i = s Z} def. = Y { s, s s Σ i = s Z} def. Y γ (Z) def. γ Basic Concepts of Abstract Interpretation, 22 / 35

23 The Reachability Semantics The Reachability Semantics in fixpoint form 1. Define F (Z) = Σ i post[t]z. 2. Establish commutation property α (F (Y)) = α (F (Y)) α (F (Y)) = {s s Σ i : s, s (I Σ Y t)} def. α &F = {s s Σ i : s = s} {s s Σ i : s : s, s Y s, s t} def. I Σ & = Σ i {s s α (Y) s, s t} def. α = α (F (Y)) def F (Z) 3. By the fixpoint transfer theorem, α (t ) = α (lfp F ) = lfp F Basic Concepts of Abstract Interpretation, 23 / 35

24 The Interval Semantics The Interval Semantics as an Abstraction The set of states of a transtion system = Σ, Σ i, t is totally ordered Σ, < with extrema and +, the interval semantics α H (α (t )) of provides bounds on its reachable states α (t ): α H (Z) = [min Z, max Z] Concretization: min(φ) = max(φ) = Abstract implication: γ H ([l, h]) = {s Σ l s h} [l, h] [l, h ] (l l h h ) Basic Concepts of Abstract Interpretation, 24 / 35

25 The Interval Semantics Galois Connection We have the Galois Connection: α H (Z) [l, h] Z γ H ([l, h]) Proof. α H (Z) [l, h] [min Z, max Z] [l, h] def. α H l min Z max Z h def. Z {s Σ l s h} def. min&max Z γ H ([l, h]) def. γ H By defining [l i, h i ] = [min i I l i, max i I h i ] i I, Galois connection preserves least upper bounds α H ( Z i ) = i ) ı I i I(Z Basic Concepts of Abstract Interpretation, 25 / 35

26 The Interval Semantics The Interval Semantics in Fixpoint Form 1. Define [min Σ i, max Σ i ] α H post[t] γ H (I) F H (I) 2. Establish semi-commutation property α H (F (Z)) F H (α H (Z)) α H (F (Z)) = α H (Σ i post[t]z) def F = α H (Σ i ) α H (post[t][z]) Galois Connection [min Σ i, max Σ i ] α H (post[t](γ H (α H (Z)))) F H (α H (Z)) 3. By the fixpoint approximation: α H (F (t )) = α H (lfp F ) lfp F H Basic Concepts of Abstract Interpretation, 26 / 35

27 Convergence Acceleration Convergence Acceleration In general, lfp F H = n 0 FH (φ = [+, ]) diverge. Example, the transition system Z, {0}, { x, x x = x + 1} of program x := 0; while true do x := x + 1. F H ([l, h]) = [0, 0] [l + 1, h + 1] It diverges: [+, ], [0, 0], [0, 1], [0, 2],... Basic Concepts of Abstract Interpretation, 27 / 35

28 Convergence Acceleration Widening To accelerate convergence, introduce a widening such that, (X X Y) (Y X Y) I 0 = φ = [+, ] I n+1 = I n if F H (I n ) I n = I n F H (I n ) otherwise. limit I λ is finite(λ N) and is a fixpoint overapproximation lfp F H I λ Basic Concepts of Abstract Interpretation, 28 / 35

29 Convergence Acceleration Example of Widening An example of interval widening 1. choosing finite sequence = r 0 < r 1 < < r k = + 2. [+, ] [l, h] = [l, h] [l, h] [l, h ] = [if l > l then max{r i r i l } else l, if h < h then min{r i h r i } else h] Basic Concepts of Abstract Interpretation, 29 / 35

30 Convergence Acceleration Example of Widening Example, the transition system Z, {0}, { x, x x = x + 1} of program x := 0; while x < 100 do x := x + 1. F H ([l, h]) = [0, 0] [l + 1, min(99, h) + 1] 1. Sequence r = < 1 < 0 < 1 < 2. I 0 = [+, ] I 1 = [0, 0] [1, 1] = [0, 1] I 2 = [0, 1] [0, 2] = [0, + ] I 3 = [0, + ] Basic Concepts of Abstract Interpretation, 30 / 35

31 Convergence Acceleration Narrowing The limit of an iteration with widening can be improved by a narrowing, such that X Y = X (X Y) Y All terms in the iterates with narrowing J 0 = I λ J n+1 = J n F H (J 0 ) improve the result obtained by widening. lfp F H J n I λ Basic Concepts of Abstract Interpretation, 31 / 35

32 Convergence Acceleration Example of Narrowing [l, h] [l, h ] = [if i : l = r i then l else l, if j : h = r j then h else h] Example, the transition system Z, {0}, { x, x x = x + 1} of program x := 0; while x < 100 do x := x + 1. J 0 = [0, + ] J 1 = [0, + ] [0, 100] = [0, 100] J 2 = [0, 100] [0, 100] = [0, 100] Basic Concepts of Abstract Interpretation, 32 / 35

33 Conclusion Composition of Abstractions The design of three abstractions of the partial trace semantics Σ of a transition system was compositional. Composition of Galois connections is a Galois connection so the successive arguments on sound approximation do compose nicely. α H α α, γ γ γ H Basic Concepts of Abstract Interpretation, 33 / 35

34 Conclusion Hierarchy of Semantics The four semantics of a transition system = Σ, Σ i, t form a hierarchy 1. Partial traces Σ 2. Reflexive transitive closure α (Σ ) 3. Reachability α α (Σ ) 4. Interval semantics α H α α (Σ ) Basic Concepts of Abstract Interpretation, 34 / 35

35 Conclusion Thanks Thank you for listening. Basic Concepts of Abstract Interpretation, 35 / 35