Principles of Program Analysis: Abstract Interpretation

Size: px

Start display at page:

Download "Principles of Program Analysis: Abstract Interpretation"

Oswin Fox
6 years ago
Views:

1 Principles of Program Analysis: Abstract Interpretation Transparencies based on Chapter 4 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag c Flemming Nielson & Hanne Riis Nielson & Chris Hankin. PPA Chapter 4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 1

2 A Mundane Approach to Semantic Correctness Semantics: p v 1 v 2 where v 1, v 2 V. Program analysis: where l 1, l 2 L. p l 1 l 2 Note: might be deterministic. Note: should be deterministic: f p (l 1 ) = l 2. What is the relationship between the semantics and the analysis? Restrict attention to analyses where properties directly describe sets of values i.e. first-order analyses (rather than second-order analyses). PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 2

3 Example: Data Flow Analysis Structural Operational Semantics: Values: V = State Transitions: Constant Propagation Analysis: Properties: L = Transitions: State CP = (Var Z ) S σ 1 σ 2 iff S σ 1 σ 2 S, σ 1 σ 2 iff σ 1 = ι σ 2 = {CP (l) l final(s )} (CP, CP ) = CP = (S ) PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 3

4 Example: Control Flow Analysis Structural Operational Semantics: Values: V = Val Transitions: Pure 0-CFA Analysis: Properties: L = Env Val Transitions: e ( ρ 1, v 1 ) ( ρ 2, v 2 ) iff e v 1 v 2 iff Ĉ(l 1 ) = v 1 [ ] (e v l 1 1 ) l 2 v l 2 2 Ĉ(l 2 ) = v 2 ρ 1 = ρ 2 = ρ (Ĉ, ρ) = (e c l 1) l 2 for some place holder constant c PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 4

5 Correctness Relations R : V L {true, false} Idea: v R l means that the value v is described by the property l. Correctness criterion: R is preserved under computation: p v 1 v 2. R R... logical relation: (p ) (R R) (p ) p l 1 l 2 PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 5

6 Admissible Correctness Relations v R l 1 l 1 l 2 v R l 2 ( l L L : v R l) v R ( L ) ({l v R l} is a Moore family) Two consequences: v R v R l 1 v R l 2 v R (l 1 l 2 ) Assumption: (L, ) is a complete lattice. PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 6

7 Example: Data Flow Analysis Correctness relation is defined by R CP : State State CP {true, false} σ R CP σ iff x FV(S ) : ( σ(x) = σ(x) = σ(x)) PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 7

8 Example: Control Flow Analysis Correctness relation is defined by where V is given by: R CFA : Val ( Env Val) {true, false} v R CFA ( ρ, v) iff v V ( ρ, v) v V ( ρ, v) iff { true if v = c t v x dom(ρ) : ρ(x) V ( ρ, ρ(x)) if v = close t in ρ PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 8

9 Representation Functions β : V L Idea: β maps a value to the best property describing it. Correctness criterion: p v 1 v 2 β β p l 1 l 2 PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 9

10 Equivalence of Correctness Criteria Given a representation function β we define a correctness relation R β by v R β l iff β(v) l Given a correctness relation R we define a representation function β R by Lemma: β R (v) = {l v R l} (i) Given β : V L, then the relation R β : V L {true, false} is an admissible correctness relation such that β Rβ = β. (ii) Given an admissible correctness relation R : V L {true, false}, then β R is well-defined and R βr = R. PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 10

11 Equivalence of Criteria: R is generated by β v V R β β(v) L PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 11

12 Example: Data Flow Analysis Representation function is defined by β CP : State State CP β CP (σ) = λx.σ(x) R CP is generated by β CP : σ R CP σ iff β CP (σ) CP σ PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 12

13 Example: Control Flow Analysis Representation function is defined by β CFA : Val Env Val β CFA (v) = { (λx., ) if v = c (βcfa E (ρ), {t}) if v = close t in ρ βcfa E (ρ)(x) = { ρ y (x) β CFA (ρ(y)) = ( ρ y, v y ) and y dom(ρ)} { { v x } if x dom(ρ) and β CFA (ρ(x)) = ( ρ x, v x ) otherwise R CFA is generated by β CFA : v R CFA ( ρ, v) iff β CFA (v) CFA ( ρ, v) PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 13

14 A Modest Generalisation Semantics: p v 1 v 2 where v 1 V 1, v 2 V 2 Program analysis: p l 1 l 2 where l 1 L 1, l 2 L 2 p v 1 v 2.. R 1. R 2. logical relation: (p ) (R 1 R 2 ) (p ) p l 1 l 2 PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 14

15 Higher-Order Formulation Assume that R 1 is an admissible correctness relation for V 1 and L 1 that is generated by the representation function β 1 : V 1 L 1 R 2 is an admissible correctness relation for V 2 and L 2 that is generated by the representation function β 2 : V 2 L 2 Then the relation R 1 R 2 is an admissible correctness relation for V 1 V 2 and L 1 L 2 that is generated by the representation function β 1 β 2 defined by (β 1 β 2 )( ) = λl 1. {β 2 (v 2 ) β 1 (v 1 ) l 1 v 1 v 2 } PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 15

16 Example: Semantics: plus (z 1, z 2 ) z 1 + z 2 where z 1, z 2 Z Program analysis: plus ZZ {z 1 + z 2 (z 1, z 2 ) ZZ } where ZZ Z Z Correctness relations Representation functions result R Z β Z (z) = {z} argument R Z Z β Z Z (z 1, z 2 ) = {(z 1, z 2 )} plus (plus ) (R Z Z R Z ) (plus ) (β Z Z β Z )(plus ) (plus ) PPA Section 4.1 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 16

17 Approximation of Fixed Points Fixed points Widening Narrowing Example: lattice of intervals for Array Bound Analysis PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 17

18 The complete lattice Interval = (Interval, ) [-, ] [-,-1] [-2,1] [-1,2] [-2,0] [-1,1] [0,2] [-1,0] [0,1] [-1,-1] [0,0] [1,1] [-2,2] [0, ] [-,0] [-2,-2] [-,1] [-2,-1] [-1, ] [1,2] [2,2] [1, ] PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 18

19 Fixed points Let f : L L be a monotone function on a complete lattice L = (L,,,,, ). l is a fixed point iff f(l) = l Fix(f) = {l f(l) = l} f is reductive at l iff f(l) l Red(f) = {l f(l) l} f is extensive at l iff f(l) l Ext(f) = {l f(l) l} Tarski s Theorem ensures that lfp(f) = Fix(f) = Red(f) Fix(f) Red(f) gfp(f) = Fix(f) = Ext(f) Fix(f) Ext(f) PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 19

20 Fixed points of f Red(f) f n ( ) nf n ( ) gfp(f) Fix(f) lfp(f) Ext(f) n f n ( ) f n ( ) PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 20

21 Widening Operators Problem: We cannot guarantee that (f n ( )) n eventually stabilises nor that its least upper bound necessarily equals lfp(f). Idea: We replace (f n ( )) n by a new sequence (f n ) n that is known to eventually stabilise and to do so with a value that is a safe (upper) approximation of the least fixed point. The new sequence is parameterised on the widening operator : upper bound operator satisfying a finiteness condition. an PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 21

22 Upper bound operators ˇ : L L L is an upper bound operator iff for all l 1, l 2 L. l 1 l 1 ˇ l 2 l 2 Let (l n ) n be a sequence of elements of L. Define the sequence (lˇ n ) n by: lˇ n = l n if n = 0 lˇ n 1 ˇ l n if n > 0 Fact: If (l n ) n is a sequence and ˇ is an upper bound operator then (lˇ n) n is an ascending chain; furthermore lˇ n {l 0, l 1,, l n } for all n. PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 22

23 Example: Let int be an arbitrary but fixed element of Interval. An upper bound operator: { int 1 ˇ int int1 int int 2 = 2 if int 1 int int 2 int 1 [, ] otherwise Example: [1, 2]ˇ [0,2] [2, 3] = [1, 3] and [2, 3]ˇ [0,2] [1, 2] = [, ]. Transformation of: [0, 0], [1, 1], [2, 2], [3, 3], [4, 4], [5, 5], If int = [0, ]: [0, 0], [0, 1], [0, 2], [0, 3], [0, 4], [0, 5], If int = [0, 2]: [0, 0], [0, 1], [0, 2], [0, 3], [, ], [, ], PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 23

24 Widening operators An operator : L L L is a widening operator iff it is an upper bound operator, and for all ascending chains (l n ) n the ascending chain (l n ) n eventually stabilises. PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 24

25 Widening operators Given a monotone function f : L L and a widening operator define the sequence (f n ) n by f n = if n = 0 f n 1 f n 1 if n > 0 f(f n 1 ) f n 1 f(f n 1 ) otherwise One can show that: (f n ) n is an ascending chain that eventually stabilises it happens when f(f m ) f m for some value of m Tarski s Theorem then gives f m lfp(f) lfp (f) = f m PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 25

26 The widening operator applied to f Red(f) f m = f m+1 f m 1 = lfp (f) lfp(f).. f 2 f 1 f 0 = PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 26

27 Example: Let K be a finite set of integers, e.g. the set of integers explicitly mentioned in a given program. We shall define a widening operator based on K. Idea: [z 1, z 2 ] [z 3, z 4 ] is where [ LB(z 1, z 3 ), UB(z 2, z 4 ) ] LB(z 1, z 3 ) {z 1 } K { } is the best possible lower bound, and UB(z 2, z 4 ) {z 2 } K { } is the best possible upper bound. The effect: a change in any of the bounds of the interval [z 1, z 2 ] can only take place finitely many times corresponding to the cardinality of K. PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 27

28 Example (cont.) formalisation: Let z i Z = Z {, } and write: LB K (z 1, z 3 ) = UB K (z 2, z 4 ) = z 1 if z 1 z 3 k if z 3 < z 1 k = max{k K k z 3 } if z 3 < z 1 k K : z 3 < k z 2 if z 4 z 2 k if z 2 < z 4 k = min{k K z 4 k} if z 2 < z 4 k K : k < z 4 int 1 int 2 = if int 1 = int 2 = [ LB K (inf(int 1 ), inf(int 2 )), UB K (sup(int 1 ), sup(int 2 )) ] otherwise PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 28

29 Example (cont.): Consider the ascending chain (int n ) n and assume that K = {3, 5}. [0, 1], [0, 2], [0, 3], [0, 4], [0, 5], [0, 6], [0, 7], Then (int n ) n is the chain which eventually stabilises. [0, 1], [0, 3], [0, 3], [0, 5], [0, 5], [0, ], [0, ], PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 29

30 Narrowing Operators Status: Widening gives us an upper approximation lfp (f) of the least fixed point of f. Observation: f(lfp (f)) lfp (f) so the approximation can be improved by considering the iterative sequence (f n (lfp (f))) n. It will satisfy f n (lfp (f)) lfp(f) for all n so we can stop at an arbitrary point. The notion of narrowing is one way of encapsulating a termination criterion for the sequence. PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 30

31 Narrowing An operator : L L L is a narrowing operator iff l 2 l 1 l 2 (l 1 l 2 ) l 1 for all l 1, l 2 L, and for all descending chains (l n ) n the sequence (l n ) n eventually stabilises. Recall: The sequence (l n ) n is defined by: l n = l n if n = 0 l n 1 l n if n > 0 PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 31

32 Narrowing We construct the sequence ([f] n ) n [f] n = lfp (f) if n = 0 [f] n 1 f([f]n 1 ) if n > 0 One can show that: ([f] n ) n is a descending chain where all elements satisfy lfp(f) [f] n the chain eventually stabilises so [f] m = [f]m +1 for some value m lfp (f) = [f]m PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 32

33 The narrowing operator applied to f [f] 0 =lfp (f) [f] 1 Red(f).. lfp(f) [f] m 1 [f] m = [f] m +1 = lfp PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 33

34 Example: The complete lattice (Interval, ) has two kinds of infinite descending chains: those with elements of the form [, z], z Z those with elements of the form [z, ], z Z Idea: Given some fixed non-negative number N the narrowing operator N will force an infinite descending chain [z 1, ], [z 2, ], [z 3, ], (where z 1 < z 2 < z 3 < ) to stabilise when z i > N Similarly, for a descending chain with elements of the form [, z i ] the narrowing operator will force it to stabilise when z i < N PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 34

35 Example (cont.) formalisation: Define = N by where int 1 int 2 = { if int1 = int 2 = [z 1, z 2 ] otherwise { inf(int1 ) if N < inf(int z 1 = 2 ) sup(int 2 ) = inf(int 2 ) otherwise z 2 = { sup(int1 ) if inf(int 2 ) = sup(int 2 ) < N sup(int 2 ) otherwise PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 35

36 Example (cont.): Consider the infinite descending chain ([n, ]) n and assume that N = 3. [0, ], [1, ], [2, ], [3, ], [4, ], [5, ], Then the narrowing operator N will give the sequence ([n, ] ) n [0, ], [1, ], [2, ], [3, ], [3, ], [3, ], PPA Section 4.2 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 36

37 Galois Connections Galois connections and adjunctions Extraction functions Galois insertions Reduction operators PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 37

38 Galois connections L γ α M α: abstraction function γ: concretisation function is a Galois connection if and only if α and γ are monotone functions that satisfy γ α λl.l α γ λm.m PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 38

39 Galois connections γ(m) l L γ α m α(l) M γ α λl.l α γ λm.m PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 39

40 Example: Galois connection (P(Z), α ZI, γ ZI, Interval) with concretisation function γ ZI (int) = {z Z inf(int) z sup(int)} and abstraction function α ZI (Z) = { if Z = [inf (Z), sup (Z)] otherwise Examples: γ ZI ([0, 3]) = {0, 1, 2, 3} γ ZI ([0, ]) = {z Z z 0} α ZI ({0, 1, 3}) = [0, 3] α ZI ({2 z z > 0}) = [2, ] PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 40

41 Adjunctions L γ α M is an adjunction if and only if α : L M and γ : M L are total functions that satisfy α(l) m iff l γ(m) for all l L and m M. Proposition: (α, γ) is an adjunction iff it is a Galois connection. PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 41

42 Galois connections from representation functions A representation function β : V L gives rise to a Galois connection (P(V ), α, γ, L) where for V V and l L. α(v ) = {β(v) v V } γ(l) = {v V β(v) l} This indeed defines an adjunction: α(v ) l {β(v) v V } l v V : β(v) l V γ(l) PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 42

43 Galois connections from extraction functions An extraction function η : V D maps the values of V to their best descriptions in D. It gives rise to a representation function β η : V P(D) (corresponding to L = (P(D), )) defined by β η (v) = {η(v)} The associated Galois connection is where (P(V ), α η, γ η, P(D)) α η (V ) = {β η (v) v V } = {η(v) v V } γ η (D ) = {v V β η (v) D } = {v η(v) D } PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 43

44 Example: Extraction function sign : Z Sign specified by sign(z) = Galois connection with - if z < 0 0 if z = 0 + if z > 0 (P(Z), α sign, γ sign, P(Sign)) α sign (Z) = {sign(z) z Z} γ sign (S) = {z Z sign(z) S} {-, 0, +} {-,0} {-,+} {0,+} {-} {0} {+} PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 44

45 Properties of Galois Connections Lemma: If (L, α, γ, M) is a Galois connection then: α uniquely determines γ by γ(m) = {l α(l) m} γ uniquely determines α by α(l) = {m l γ(m)} α is completely additive and γ is completely multiplicative In particular α( ) = and γ( ) =. Lemma: If α : L M is completely additive then there exists (an upper adjoint) γ : M L such that (L, α, γ, M) is a Galois connection. If γ : M L is completely multiplicative then there exists (a lower adjoint) α : L M such that (L, α, γ, M) is a Galois connection. Fact: If (L, α, γ, M) is a Galois connection then α γ α = α and γ α γ = γ PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 45

46 Example: Define γ IS : P(Sign) Interval by: γ IS ({-, 0, +}) = [, ] γ IS ({-, 0}) = [, 0] γ IS ({-, +}) = [, ] γ IS ({0, +}) = [0, ] γ IS ({-}) = [, 1] γ IS ({0}) = [0, 0] γ IS ({+}) = [1, ] γ IS ( ) = Does there exist an abstraction function α IS : Interval P(Sign) such that (Interval, α IS, γ IS, P(Sign)) is a Galois connection? PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 46

47 Example (cont.): Is γ IS completely multiplicative? if yes: then there exists a Galois connection if no: then there cannot exist a Galois connection Lemma: If L and M are complete lattices and M is finite then γ : M L is completely multiplicative if and only if the following hold: γ : M L is monotone, γ( ) =, and γ(m 1 m 2 ) = γ(m 1 ) γ(m 2 ) whenever m 1 m 2 m 2 m 1 We calculate γ IS ({-, 0} {-, +}) = γ IS ({-}) = [, 1] γ IS ({-, 0}) γ IS ({-, +}) = [, 0] [, ] = [, 0] showing that there is no Galois connection involving γ IS. PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 47

48 Galois Connections are the Right Concept We use the mundane approach to correctness to demonstrate this for: Admissible correctness relations Representation functions PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 48

49 The mundane approach: correctness relations Assume R : V L {true, false} is an admissible correctness relation (L, α, γ, M) is a Galois connection Then S : V M {true, false} defined by v S m iff v R (γ(m)) is an admissible correctness relation between V and M p v 1 v 2. R R.. p l 1 l 2 γ p m 1 m 2. γ PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 49

50 The mundane approach: representation functions Assume R : V L {true, false} is generated by β : V L (L, α, γ, M) is a Galois connection Then S : V M {true, false} defined by v S m iff v R (γ(m)) is generated by α β : V M p v 1 v 2 β p l 1 l 2 α p m 1 m 2 β α PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 50

51 Galois Insertions γ(α(l)) γ l α(l) L α M Monotone functions satisfying: γ α λl.l α γ = λm.m PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 51

52 Example (1): (P(Z), α sign, γ sign, P(Sign)) where sign : Z Sign is specified by: sign(z) = - if z < 0 0 if z = 0 + if z > 0 {-, 0, +} {-,0} {-,+} {0,+} {-} {0} {+} Is it a Galois insertion? PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 52

53 Example (2): (P(Z), α signparity, γ signparity, P(Sign Parity)) where Sign = {-, 0, +} and Parity = {odd, even} and signparity : Z Sign Parity: signparity(z) = { (sign(z), odd) if z is odd (sign(z), even) if z is even Is it a Galois insertion? PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 53

54 Properties of Galois Insertions Lemma: For a Galois connection (L, α, γ, M) the following claims are equivalent: (i) (L, α, γ, M) is a Galois insertion; (ii) α is surjective: m M : l L : α(l) = m; (iii) γ is injective: m 1, m 2 M : γ(m 1 ) = γ(m 2 ) m 1 = m 2 ; and (iv) γ is an order-similarity: m 1, m 2 M : γ(m 1 ) γ(m 2 ) m 1 m 2. Corollary: A Galois connection specified by an extraction function η : V D is a Galois insertion if and only if η is surjective. PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 54

55 Example (1) reconsidered: (P(Z), α sign, γ sign, P(Sign)) sign(z) = - if z < 0 0 if z = 0 + if z > 0 is a Galois insertion because sign is surjective. Example (2) reconsidered: (P(Z), α signparity, γ signparity, P(Sign Parity)) signparity(z) = { (sign(z), odd) if z is odd (sign(z), even) if z is even is not a Galois insertion because signparity is not surjective. PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 55

56 Reduction Operators Given a Galois connection (L, α, γ, M) it is always possible to obtain a Galois insertion by enforcing that the concretisation function γ is injective. Idea: remove the superfluous elements from M using a reduction operator defined from the Galois connection. ς : M M Proposition: Let (L, α, γ, M) be a Galois connection and define the reduction operator ς : M M by ς (m) = {m γ(m) = γ(m )} Then ς [M] = ({ ς (m) m M}, M ) is a complete lattice and (L, α, γ, ς [M]) is a Galois insertion. PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 56

57 The reduction operator ς : M M γ(α(l)) l L γ α m α(l) M ς PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 57

58 Reduction operators from extraction functions Assume that the Galois connection (P(V ), α η, γ η, P(D)) is given by an extraction function η : V D. Then the reduction operator ς η is given by ς η (D ) = D η[v ] where η[v ] = {d D v V : η(v) = d}. Since ς η [P(D)] is isomorphic to P(η[V ]) the resulting Galois insertion is isomorphic to (P(V ), α η, γ η, P(η[V ])) PPA Section 4.3 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 58

59 Systematic Design of Galois Connections The functional composition (or sequential composition ) of two Galois connections is also a Galois connection: γ 1 γ 2 γ 3 γ k L 0 L 1 L 2 L k α 1 α 2 α 3 α k A catalogue of techniques for combining Galois connections: independent attribute method relational method direct product direct tensor product reduced product reduced tensor product total function space monotone function space PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 59

60 Running Example: Array Bound Analysis Approximation of the difference in magnitude between two numbers (typically the index and the bound): a Galois connection for approximating pairs (z 1, z 2 ) of integers by their difference z 1 z 2 a Galois connection for approximating integers using a finite lattice {<-1, -1, 0, +1, >+1} a Galois connection for their functional composition PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 60

61 Example: Difference in Magnitude (P(Z Z), α diff, γ diff, P(Z)) where the extraction function diff : Z Z Z calculates the difference in magnitude: diff(z 1, z 2 ) = z 1 z 2 The abstraction and concretisation functions are for ZZ Z Z and Z Z. α diff (ZZ) = { z 1 z 2 (z 1, z 2 ) ZZ} γ diff (Z) = {(z 1, z 2 ) z 1 z 2 Z} PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 61

62 Example: Finite Approximation (P(Z), α range, γ range, P(Range)) where Range = {<-1, -1, 0, +1, >+1} and the extraction function range : Z Range is range(z) = <-1 if z < 1-1 if z = 1 0 if z = 0 +1 if z = 1 >+1 if z > 1 The abstraction and concretisation functions are for Z Z and R Range. α range (Z) = {range(z) z Z} γ range (R) = {z range(z) R} PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 62

63 Example: Functional Composition (P(Z Z), α R, γ R, P(Range)) where α R = α range α diff γ R = γ diff γ range The explicit formulae for the abstraction and concretisation functions α R (ZZ) = {range( z 1 z 2 ) (z 1, z 2 ) ZZ} γ R (R) = {(z 1, z 2 ) range( z 1 z 2 ) R} correspond to the extraction function range diff. PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 63

64 Approximation of Pairs Independent Attribute Method Let (L 1, α 1, γ 1, M 1 ) and (L 2, α 2, γ 2, M 2 ) be Galois connections. The independent attribute method gives a Galois connection (L 1 L 2, α, γ, M 1 M 2 ) where α(l 1, l 2 ) = (α 1 (l 1 ), α 2 (l 2 )) γ(m 1, m 2 ) = (γ 1 (m 1 ), γ 2 (m 2 )) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 64

65 Example: Detection of Signs Analysis Given using the extraction function sign. (P(Z), α sign, γ sign, P(Sign)) The independent attribute method gives (P(Z) P(Z), α SS, γ SS, P(Sign) P(Sign)) where α SS (Z 1, Z 2 ) = ({sign(z) z Z 1 }, {sign(z) z Z 2 }) γ SS (S 1, S 2 ) = ({z sign(z) S 1 }, {z sign(z) S 2 }) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 65

66 Motivating the Relational Method The independent attribute method often leads to imprecision! Semantics: The expression (x,-x) may have a value in {(z, z) z Z} Analysis: When we use P(Z) P(Z) to represent sets of pairs of integers we cannot do better than representing {(z, z) z Z} by (Z, Z) Hence the best property describing it will be α SS (Z, Z) = ({-, 0, +}, {-, 0, +}) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 66

67 Relational Method Let (P(V 1 ), α 1, γ 1, P(D 1 )) and (P(V 2 ), α 2, γ 2, P(D 2 )) be Galois connections. The relational method will give rise to the Galois connection (P(V 1 V 2 ), α, γ, P(D 1 D 2 )) where α(vv ) = {α 1 ({v 1 }) α 2 ({v 2 }) (v 1, v 2 ) VV } γ(dd) = {(v 1, v 2 ) α 1 ({v 1 }) α 2 ({v 2 }) DD} Generalisation to arbitrary complete lattices: use tensor products. PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 67

68 Relational Method from Extraction Functions Assume that the Galois connections (P(V i ), α i, γ i, P(D i )) are given by extraction functions η i : V i D i as in α i (V i ) = {η i(v i ) v i V i } γ i (D i ) = {v i η i (v i ) D i } Then the Galois connection (P(V 1 V 2 ), α, γ, P(D 1 D 2 )) has α(vv ) = {(η 1 (v 1 ), η 2 (v 2 )) (v 1, v 2 ) VV } γ(dd) = {(v 1, v 2 ) (η 1 (v 1 ), η 2 (v 2 )) DD} which also can be obtained directly from the extraction function η : V 1 V 2 D 1 D 2 defined by η(v 1, v 2 ) = (η 1 (v 1 ), η 2 (v 2 )) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 68

69 Example: Detection of Signs Analysis Using the relational method we get a Galois connection (P(Z Z), α SS, γ SS, P(Sign Sign)) where α SS (ZZ) = {(sign(z 1 ), sign(z 2 )) (z 1, z 2 ) ZZ} γ SS (SS) = {(z 1, z 2 ) (sign(z 1 ), sign(z 2 )) SS} corresponding to an extraction function twosigns : Z Z Sign Sign defined by twosigns(z 1, z 2 ) = (sign(z 1 ), sign(z 2 )) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 69

70 Advantages of the Relational Method Semantics: The expression (x,-x) may have a value in {(z, z) z Z} In the present setting {(z, z) z Z} is an element of P(Z Z). Analysis: The best relational property describing it is α SS ({(z, z) z Z}) = {(-, +), (0, 0), (+, -)} whereas the best independent attribute property was α SS (Z, Z) = ({-, 0, +}, {-, 0, +}) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 70

71 Function Spaces Total Function Space Let (L, α, γ, M) be a Galois connection and let S be a set. The Galois connection for the total function space is defined by (S L, α, γ, S M) α (f) = α f γ (g) = γ g Do we need to assume that S is non-empty? PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 71

72 Monotone Function Space Let (L 1, α 1, γ 1, M 1 ) and (L 2, α 2, γ 2, M 2 ) be Galois connections. The Galois connection for the monotone function space is defined by (L 1 L 2, α, γ, M 1 M 2 ) α(f) = α 2 f γ 1 γ(g) = γ 2 g α 1 f γ(g) L 1 L 2 L 1 L 2 γ 1 α 2 α 1 γ 2 M 1 M 2 M 1 M 2 α(f) g PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 72

73 Performing Analyses Simultaneously Direct Product Let (L, α 1, γ 1, M 1 ) and (L, α 2, γ 2, M 2 ) be Galois connections. The direct product is the Galois connection (L, α, γ, M 1 M 2 ) defined by α(l) = (α 1 (l), α 2 (l)) γ(m 1, m 2 ) = γ 1 (m 1 ) γ 2 (m 2 ) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 73

74 Example: Combining the detection of signs analysis for pairs of integers with the analysis of difference in magnitude. We get the Galois connection (P(Z Z), α SSR, γ SSR, P(Sign Sign) P(Range)) where α SSR (ZZ) = ({(sign(z 1 ), sign(z 2 )) (z 1, z 2 ) ZZ}, {range( z 1 z 2 ) (z 1, z 2 ) ZZ}) γ SSR (SS, R) = {(z 1, z 2 ) (sign(z 1 ), sign(z 2 )) SS} {(z 1, z 2 ) range( z 1 z 2 ) R} PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 74

75 Motivating the Direct Tensor Product The expression (x, 3*x) may have a value in {(z, 3 z) z Z} which is described by α SSR ({(z, 3 z) z Z}) = ({(-, -), (0, 0), (+, +)}, {0, <-1}) But any pair described by (0, 0) will have a difference in magnitude described by 0 any pair described by (-, -) or (+, +) will have a difference in magnitude described by <-1 and the analysis cannot express this. PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 75

76 Direct Tensor Product Let (P(V ), α 1, γ 1, P(D 1 )) and (P(V ), α 2, γ 2, P(D 2 )) be Galois connections. The direct tensor product is the Galois connection (P(V ), α, γ, P(D 1 D 2 )) defined by α(v ) = {α 1 ({v}) α 2 ({v}) v V } γ(dd) = {v α 1 ({v}) α 2 ({v}) DD} PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 76

77 Direct Tensor Product from Extraction Functions Assume that the Galois connections (P(V ), α i, γ i, P(D i )) are given by extraction functions η i : V D i as in α i (V ) = {η i (v) v V } γ i (D i ) = {v η i(v) D i } The Galois connection (P(V ), α, γ, P(D 1 D 2 )) has α(v ) = {(η 1 (v), η 2 (v)) v V } γ(dd) = {v (η 1 (v), η 2 (v)) DD} corresponding to the extraction function η : V D 1 D 2 defined by η(v) = (η 1 (v), η 2 (v)) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 77

78 Example: Using the direct tensor product to combine the detection of signs analysis for pairs of integers with the analysis of difference in magnitude. is given by (P(Z Z), α SSR, γ SSR, P(Sign Sign Range)) α SSR (ZZ) = {(sign(z 1 ), sign(z 2 ), range( z 1 z 2 )) (z 1, z 2 ) ZZ} γ SSR (SSR) = {(z 1, z 2 ) (sign(z 1 ), sign(z 2 ), range( z 1 z 2 )) SSR} corresponding to twosignsrange : Z Z Sign Sign Range given by twosignsrange(z 1, z 2 ) = (sign(z 1 ), sign(z 2 ), range( z 1 z 2 )) PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 78

79 Advantages of the Direct Tensor Product The expression (x,3*x) may have a value in {(z, 3 z) z Z} which in the direct tensor product can be described by α SSR ({(z, 3 z) z Z}) = {(-, -, <-1), (0, 0, 0), (+, +, <-1)} compared to the direct product that gave α SSR ({(z, 3 z) z Z}) = ({(-, -), (0, 0), (+, +)}, {0, <-1}) Note that the Galois connection is not a Galois insertion because γ SSR ( ) = = γ SSR ({(0, 0, <-1)}) so γ SSR is not injective and hence we do not have a Galois insertion. PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 79

80 From Direct to Reduced Reduced Product Let (L, α 1, γ 1, M 1 ) and (L, α 2, γ 2, M 2 ) be Galois connections. The reduced product is the Galois insertion (L, α, γ, ς[m 1 M 2 ]) defined by α(l) = (α 1 (l), α 2 (l)) γ(m 1, m 2 ) = γ 1 (m 1 ) γ 2 (m 2 ) ς(m 1, m 2 ) = {(m 1, m 2 ) γ 1(m 1 ) γ 2 (m 2 ) = γ 1 (m 1 ) γ 2(m 2 )} PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 80

81 Reduced Tensor Product Let (P(V ), α 1, γ 1, P(D 1 )) and (P(V ), α 2, γ 2, P(D 2 )) be Galois connection. The reduced tensor product is the Galois insertion (P(V ), α, γ, ς[p(d 1 D 2 )]) defined by α(v ) = {α 1 ({v}) α 2 ({v}) v V } γ(dd) = {v α 1 ({v}) α 2 ({v}) DD} ς(dd) = {DD γ(dd) = γ(dd )} PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 81

82 Example: Array Bounds Analysis The superfluous elements of P(Sign Sign Range) will be removed when we use a reduced tensor product: The reduction operator ς SSR amounts to ς SSR (SSR) = {SSR γ SSR (SSR) = γ SSR (SSR )} where SSR, SSR Sign Sign Range. The singleton sets constructed from the following 16 elements (-, 0, <-1), (-, 0, -1), (-, 0, 0), (0, -, 0), (0, -, +1), (0, -, >+1), (0, 0, <-1), (0, 0, -1), (0, 0, +1), (0, 0, >+1), (0, +, 0), (0, +, +1), (0, +, >+1), (+, 0, <-1), (+, 0, -1), (+, 0, 0) will be mapped to the empty set (as they are useless). PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 82

83 Example (cont.): Array Bounds Analysis The remaining 29 elements of Sign Sign Range are (-, -, <-1), (-, -, -1), (-, -, 0), (-, -, +1), (-, -, >+1), (-, 0, +1), (-, 0, >+1), (-, +, <-1), (-, +, -1), (-, +, 0), (-, +, +1), (-, +, >+1), (0, -, <-1), (0, -, -1), (0, 0, 0), (0, +, <-1), (0, +, -1), (+, -, <-1), (+, -, -1), (+, -, 0), (+, -, +1), (+, -, >+1), (+, 0, +1), (+, 0, >+1), (+, +, <-1), (+, +, -1), (+, +, 0), (+, +, +1), (+, +, >+1) and they describe disjoint subsets of Z Z. Any collection of properties can be descibed in 4 bytes. PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 83

84 Summary The Array Bound Analysis has been designed from three simple Galois connections specified by extraction functions: (i) an analysis approximating integers by their sign, (ii) an analysis approximating pairs of integers by their difference in magnitude, and (iii) an analysis approximating integers by their closeness to 0, 1 and 1. These analyses have been combined using: (iv) the relational product of analysis (i) with itself, (v) the functional composition of analyses (ii) and (iii), and (vi) the reduced tensor product of analyses (iv) and (v). PPA Section 4.4 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 84

85 Induced Operations Given: Galois connections (L i, α i, γ i, M i ) so that M i is more approximate than (i.e. is coarser than) L i. Aim: Replace an existing analysis over L i with an analysis making use of the coarser structure of M i. Methods: Inducing along the abstraction function: from L i to M i. move the computations Application to Data Flow Analysis. Inducing along the concretisation function: move a widening from M i to L i. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 85

86 Inducing along the Abstraction Function Given Galois connections (L i, α i, γ i, M i ) so that M i is more approximate than L i. Replace an existing analysis f p : L 1 L 2 with a new and more approximate analysis g p : M 1 M 2 : take g p = α 2 f p γ 1. L 1 L 2 f p γ 1 α 2 M 1 M 2 α 2 f p γ 1 The analysis α 2 f p γ 1 is induced from f p and the Galois connections. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 86

87 Example: A very precise analysis for plus based on P(Z) and P(Z Z): f plus (ZZ ) = {z 1 + z 2 (z 1, z 2 ) ZZ } Two Galois connections (P(Z), α sign, γ sign, P(Sign)) (P(Z Z), α SS, γ SS, P(Sign Sign)) An approximate analysis for plus based on P(Sign) and P(Sign Sign): g plus = α sign f plus γ SS PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 87

88 Example (cont.): We calculate g plus (SS) = α sign (f plus (γ SS (SS))) = α sign (f plus ({(z 1, z 2 ) Z Z (sign(z 1 ), sign(z 2 )) SS})) = α sign ({z 1 + z 2 z 1, z 2 Z, (sign(z 1 ), sign(z 2 )) SS}) = {sign(z 1 + z 2 ) z 1, z 2 Z, (sign(z 1 ), sign(z 2 )) SS} = {s 1 s 2 (s 1, s 2 ) SS} where : Sign Sign P(Sign) is the addition operator on signs (so e.g. + + = {+} and + - = {-, 0, +}). PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 88

89 The Mundane Correctness of f p carries over to g p The correctness relation R i for V i and L i : R i : V i L i {true, false} is generated by β i : V i L i Correctness of f p means (p ) (R 1 R 2 ) f p (with R 1 R 2 being generated by β 1 β 2 ). The correctness relation S i for V i and M i : S i : V i M i {true, false} is generated by α i β i : V i M i One can prove that (p ) (R 1 R 2 ) f p α 2 f p γ 1 g p (p ) (S 1 S 2 ) g p with S 1 S 2 being generated by (α 1 β 1 ) (α 2 β 2 ). PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 89

90 Fixed Points in the Induced Analysis Let f p = lfp(f ) for a monotone function F : (L 1 L 2 ) (L 1 L 2 ). The Galois connections (L i, α i, γ i, M i ) give rise to a Galois connection (L 1 L 2, α, γ, M 1 M 2 ). Take g p = lfp(g) where G : (M 1 M 2 ) (M 1 M 2 ) is an upper approximation to F : we demand that α F γ G. Then for all m M 1 M 2 : G(m) m F (γ(m)) γ(m) and lfp(f ) γ(lfp(g)) and α(lfp(f )) lfp(g) PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 90

91 Application to Data Flow Analysis A generalised Monotone Framework consists of: the property space: a complete lattice L = (L, ); the set F of monotone functions from L to L. An instance A of a generalised Monotone Framework consists of: a finite flow, F Lab Lab; a finite set of extremal labels, E Lab; an extremal value, ι L; and a mapping f. from the labels Lab of F and E to monotone transfer functions from L to L. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 91

92 Application to Data Flow Analysis Let (L, α, γ, M) be a Galois connection. Consider an instance B of the generalised Monotone Framework M that satisfies the mapping g. from the labels Lab of F and E to monotone transfer functions of M M satisfies g l α f l γ for all l; and the extremal value j satisfies γ(j) = ι ; and otherwise B is as A. One can show that a solution to the B-constraints gives rise to a solution to the A-constraints: (B, B ) = B implies (γ B, γ B ) = A PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 92

93 The Mundane Approach to Semantic Correctness Here F = flow(s ) and E = {init(s )}. Correctness of every solution to A amounts to: Assume (A, A ) = A and S, σ 1 σ 2. Then β(σ 1 ) ι implies β(σ 2 ) {A (l) l final(s )}. where β : State L. One can then prove the correctness result for B: Assume (B, B ) = B and S, σ 1 σ 2. Then (α β)(σ 1 ) j implies (α β)(σ 2 ) {B (l) l final(s )}. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 93

94 Sets of States Analysis Generalised Monotone Framework over (P(State), ). Instance SS for S : the flow F is flow(s ); the set E of extremal labels is {init(s )}; the extremal value ι is State; and the transfer functions are given by f SS. : [x := a] l fl SS (Σ) = {σ[x A[[a]]σ] σ Σ} [skip] l fl SS(Σ) = Σ [b] l where Σ State. f SS l (Σ) = Σ Correctness: Assume (SS, SS ) = SS and S, σ 1 σ 2. Then σ 1 State implies σ 2 {SS (l) l final(s )}. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 94

95 Constant Propagation Analysis Generalised Monotone Framework over Instance CP for S : State CP = ((Var Z ), ). the flow F is flow(s ); the set E of extremal labels is {init(s )}; the extremal value ι is λx. ; and the transfer functions are given by the mapping f CP [x := a] l : f CP l ( σ) = [skip] l : [b] l : f CP l ( σ) = σ f CP l ( σ) = σ. : { if σ = σ[x A CP [[a]] σ] otherwise PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 95

96 Galois Connection The representation function β CP : State β CP (σ) = σ State CP is defined by This gives rise to a Galois connection (P(State), α CP, γ CP, State CP ) where α CP (Σ) = {β CP (σ) σ Σ} and γ CP ( σ) = {σ β CP (σ) σ}. One can show that for all labels l f CP l α CP f SS l γ CP as well as γ CP (λx. ) = State It follows that CP is an upper approximation to the analysis induced from SS and the Galois connection; therefore it is correct. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 96

97 Inducing along the Concretisation Function Given an upper bound operator M : M M M and a Galois connection (L, α, γ, M). Define an upper bound operator by L : L L L l 1 L l 2 = γ( α(l 1 ) M α(l 2 ) ) It defines a widening operator if one of the following conditions holds: (i) M satisfies the Ascending Chain Condition, or (ii) (L, α, γ, M) is a Galois insertion and M : M M M is a widening. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 97

98 Precision of the Induced Widening Operator Lemma: Let (L, α, γ, M) be a Galois insertion such that γ( M ) = L and let M : M M M be a widening operator. Then the widening operator L : L L L defined by l 1 L l 2 = γ(α(l 1 ) M α(l 2 )) satisfies lfp L (f) = γ(lfp M (α f γ)) for all monotone functions f : L L. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 98

99 Precision of the Induced Widening Operator Corollary: Let M be of finite height, let (L, α, γ, M) be a Galois insertion (such that γ( M ) = L ), and let M equal the least upper bound operator M. Then the above lemma shows that lfp L (f) = γ(lfp(α f γ)). This means that lfp L (f) equals the result we would have obtained if we decided to work with α f γ : M M instead of the given f : L L; furthermore the number of iterations needed turn out to be the same. However, for all other operations the increased precision of L is available. PPA Section 4.5 c F.Nielson & H.Riis Nielson & C.Hankin (Dec. 2004) 99

Abstract Interpretation: Fixpoints, widening, and narrowing

Abstract Interpretation: Fixpoints, widening, and narrowing CS252r Spring 2011 Slides from Principles of Program Analysis by Nielson, Nielson, and Hankin http://www2.imm.dtu.dk/~riis/ppa/ppasup2004.html