Dataflw Analysis and Abstract Interpretatin Cmputer Science and Artificial Intelligence Labratry MIT Nvember 9, 2015
Recap Last time we develped frm first principles an algrithm t derive invariants. Key idea: - Define a lattice f pssible invariants - Define a fixpint equatin whse slutin will give yu the invariants Tday we fllw a mre histrical develpment and will present a frmalizatin that will allw us t better reasn abut this kind f analysis algrithms 2
Dataflw Analysis First develped by Gary Kildall in 1973 - This was 4 years after Hare presented aximatic semantics in 1969, which itself was based n the wrk f Flyd in 1967 - The tw appraches were nt seen as being cnnected t each ther Framewrk defined in terms f pls f facts - Observes that these pls f facts frm a lattice, allwing fr a simple fixpint algrithm t find them. - General framewrk defined in terms f facts that are created and destryed at every prgram pint. - Meet peratr is very natural as the intersectin f facts cming frm different edges. 3
Frward Dataflw Analysis Simulates executin f prgram frward with flw f cntrl Fr each nde n, have - in n value at prgram pint befre n - ut n value at prgram pint after n - f n transfer functin fr n (given in n, cmputes ut n ) Require that slutin satisfy - n. ut n = f n (in n ) - n n 0. in n = { ut m. m in pred(n) } - in n0 = I - Where I summarizes infrmatin at start f prgram 4
Dataflw Equatins Cmpiler prcesses prgram t btain a set f dataflw equatins ut n := f n (in n ) in n := { ut m. m in pred(n) } Cnceptually separates analysis prblem frm prgram 5
Wrklist Algrithm fr Slving Frward Dataflw Equatins fr each n d ut n := f n ( ) in n0 := I; ut n0 := f n0 (I) wrklist := N - { n 0 } //N is the set f all ndes while wrklist d remve a nde n frm wrklist in n := { ut m m in pred(n) } ut n := f n (in n ) if ut n changed then wrklist := wrklist succ(n) 6
Crrectness Argument Why result satisfies dataflw equatins? Whenever a nde n is prcessed, ut n := f n (in n ) Algrithm ensures that ut n = f n (in n ) Whenever ut n changes, put succ(n) n wrklist. Cnsider any nde m succ(n). When it cmes ff the wrklist, the algrithm will set in n := { ut m. m in pred(n) } t ensure that in n = { ut m. m in pred(n) } S final slutin will satisfy dataflw equatins 7
Terminatin Argument Why des algrithm terminate? Sequence f values taken n by in n r ut n is a chain. If values stp increasing, wrklist empties and algrithm terminates. If lattice has finite chain prperty, algrithm terminates - Algrithm terminates fr finite lattices 8
Abstract Interpretatin 15
Histry POPL 77 paper by Patrick Cust and Radhia Cust - Brings tgether ideas frm the cmpiler ptimizatin cmmunity with ideas in verificatin - Prvides a clean and general recipe fr building analyses and reasning abut their crrectness 16
Cllecting Semantics We are interested in the states a prgram may have at a given prgram pint - Can x ever be null at prgram pint i - Can n be greater than 1000 at pint j Given a labeling f prgram pints, we are interested in a functin - C: Labels P Σ - Fr each prgram label, we want t knw the set f pssible states the prgram may have at that pint. This is the cllecting semantics - Instead f defining the state f the prgram at a given pint, define the set f all states up t that given pint. 17
Defining the Cllecting Semantics x := n L1 L2 C L2 = σ x n σ C L1 Lt t e L1 f Lf C Lt = C Lf = σ σ C L1, e σ = true σ σ C L1, e σ = false L1 L2 C L3 = C L1 C L2 L3 18
Cmputing the cllecting semantics Cmputing the cllecting semantics is undecidable - Just like cmputing weakest precnditins Hwever, we can cmpute an apprximatin A - Apprximatin is sund as lng as C[Li] A Li. 20
Abstract Dmain An abstract dmain is a lattice *Sme analysis relax this restrictin. - Elements in the lattice are called Abstract Values Need t relate elements in the lattice with states in the prgram - Abstractin Functin: α: P(V) Abs Maps a value in the prgram t the best abstract value - Cncretizatin Functin: γ: Abs P(V) Maps an abstract value t a set f values in the prgram Example: - Parity Lattice 21
Galis Cnnectins Defines the relatinship between P V and Abs - In general define relatinship between tw cmplete lattices Galis Cnnectin: A pair f functins (Abstractin) α: P V Abs a and (Cncretizatin) γ: Abs P(V) such that Abs, V P V. V γ a α(v) a 22
Galis Cnnectins γ a V α P(V) Abs 23
Galis Cnnectins: Prperties Bth abstractin and cncretizatin functins are mntnic. V V α(v) α(v ) a a γ(a) γ(a ) Lemma: α(γ a ) a 24
Crrectness Cnditins What is the relatinship between γ a1 p a2 γ a1 p γ a2 Abstractin Functin: - α: P V Abs, α(s) = s S β(s) We can define - a1 p a2 = α(γ a1 p γ a2 ) 25
Abstract Dmains: Examples - Cnstant dmain - Sign dmain - Interval dmain 26
Abstract Interpretatin Simple recipe fr arguing crrectness f an analysis - Define an abstract dmain Abs - Define α and γ and shw they frm a Gallis Cnnectin - Define the semantics f prgram cnstructs fr the abstract dmain and shw that they are crrect 27
Sme useful dmains Ranges - Useful fr detecting ut-f-bunds errrs, ptential verflws Linear relatinships between variables - a 1 x 1 + a 2 x 2 + + a k x k c Prblem: Bth f these dmains have infinite chains! 28
Widening Key idea: - Yu have been running yur analysis fr a while - A value keeps getting bigger and bigger but refuses t cnverge - Just declare it t be (r sme ther big value) This lses precisin - but it s always sund Widening peratr: : Abs Abs Abs - a1 a2 a1, a2 29
MIT OpenCurseWare http://cw.mit.edu 6.820 Fundamentals f Prgram Analysis Fall 2015 Fr infrmatin abut citing these materials r ur Terms f Use, visit: http://cw.mit.edu/terms.