AAA616: Program Analysis. Lecture 7 The Octagon Abstract Domain

Similar documents
The Octagon Abstract Domain

The Octagon Abstract Domain

A New Numerical Abstract Domain Based on Difference-Bound Matrices

Circles & Interval & Set Notation.notebook. November 16, 2009 CIRCLES. OBJECTIVE Graph a Circle given the equation in standard form.

COSE212: Programming Languages. Lecture 1 Inductive Definitions (1)

COSE212: Programming Languages. Lecture 1 Inductive Definitions (1)

A Few Graph-Based Relational Numerical Abstract Domains

An Abstract Domain to Infer Octagonal Constraints with Absolute Value

CVO103: Programming Languages. Lecture 2 Inductive Definitions (2)

Matrices and Vectors

Relations Graphical View

Chapter 9: Relations Relations

Notes. Relations. Introduction. Notes. Relations. Notes. Definition. Example. Slides by Christopher M. Bourke Instructor: Berthe Y.

Octagonal Domains for Continuous Constraints

BL-Functions and Free BL-Algebra

Natural Numbers: Also called the counting numbers The set of natural numbers is represented by the symbol,.

Section Summary. Relations and Functions Properties of Relations. Combining Relations

ICS141: Discrete Mathematics for Computer Science I

Exact Join Detection for Convex Polyhedra and Other Numerical Abstractions

Time(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA

Finite Automata and Formal Languages

EE263 Review Session 1

Equivalence, Order, and Inductive Proof

Regular Expressions. Definitions Equivalence to Finite Automata

Max-plus algebra. Max-plus algebra. Monika Molnárová. Technická univerzita Košice. Max-plus algebra.

Lesson 3-6: Compound Inequalities Name:

2-7 Solving Quadratic Inequalities. ax 2 + bx + c > 0 (a 0)

Design and Analysis of Algorithms

Static Program Analysis using Abstract Interpretation

COSE312: Compilers. Lecture 2 Lexical Analysis (1)


Countable and uncountable sets. Matrices.

Warshall s algorithm

Definition: A binary relation R from a set A to a set B is a subset R A B. Example:

2.5 Compound Inequalities

Automata Theory for Presburger Arithmetic Logic

Lecture #14: NP-Completeness (Chapter 34 Old Edition Chapter 36) Discussion here is from the old edition.

HW1 solutions. 1. α Ef(x) β, where Ef(x) is the expected value of f(x), i.e., Ef(x) = n. i=1 p if(a i ). (The function f : R R is given.

Discrete Mathematics. Chapter 4. Relations and Digraphs Sanguk Noh

9th and 10th Grade Math Proficiency Objectives Strand One: Number Sense and Operations

Generation of. Polynomial Equality Invariants. by Abstract Interpretation

1. Group Theory Permutations.

Math 42, Discrete Mathematics

Lecture 3. 1 Polynomial-time algorithms for the maximum flow problem

DECIDING CONDITIONAL TERMINATION

arxiv: v1 [math.co] 27 Jul 2015

Geometric Quantifier Elimination Heuristics for Automatically Generating Octagonal and Max-plus Invariants

AAA616: Program Analysis. Lecture 3 Denotational Semantics

COSE312: Compilers. Lecture 17 Intermediate Representation (2)

CS412: Lecture #17. Mridul Aanjaneya. March 19, 2015

West Windsor-Plainsboro Regional School District Algebra Grade 8

Content Standard 1: Numbers, Number Sense, and Computation Place Value

Math 354 Transition graphs and subshifts November 26, 2014

CHAPTER 1. Relations. 1. Relations and Their Properties. Discussion

COT3100 SI Final Exam Review

Timed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang

Chapter 2 Linear Equations and Inequalities in One Variable

Prentice Hall Algebra 1, Foundations Series 2011 Correlated to: Washington Mathematics Standards, Algebra 1 (2008)

WHAT IS AN SMT SOLVER? Jaeheon Yi - April 17, 2008

Computing (the smallest) fixed points of monotone maps arising in static analysis by AI

Linear equations The first case of a linear equation you learn is in one variable, for instance:

Patterns and Relations (Patterns)

AAA615: Formal Methods. Lecture 2 First-Order Logic

Square 2-designs/1. 1 Definition

Chapter 8 Dynamic Programming

Optimal Fractional Factorial Plans for Asymmetric Factorials

Honors Integrated Algebra/Geometry 3 Critical Content Mastery Objectives Students will:

Week 4-5: Binary Relations

7. Shortest Path Problems and Deterministic Finite State Systems

GRAPH ALGORITHMS Week 3 (16-21 October 2017)

Lecture 7: Shortest Paths in Graphs with Negative Arc Lengths. Reading: AM&O Chapter 5

Sets are one of the basic building blocks for the types of objects considered in discrete mathematics.

CS100: DISCRETE STRUCTURES. Lecture 3 Matrices Ch 3 Pages:

Math.3336: Discrete Mathematics. Chapter 9 Relations

Chapter 8 Dynamic Programming

correlated to the Sunshine State Standards for Mathematics Grades 9 12

Timed Automata: Semantics, Algorithms and Tools

5. Partitions and Relations Ch.22 of PJE.

NPDA, CFG equivalence

On the Exponent of the All Pairs Shortest Path Problem

An Abstract Domain Extending Difference-Bound Matrices with Disequality Constraints

b 1 b 2.. b = b m A = [a 1,a 2,...,a n ] where a 1,j a 2,j a j = a m,j Let A R m n and x 1 x 2 x = x n

Cours M.2-6 «Interprétation abstraite: applications à la vérification et à l analyse statique» Examen partiel. Patrick Cousot.

Ogden s Lemma for CFLs

Week 4-5: Binary Relations

Introduction to Kleene Algebras

CMPS 6610 Fall 2018 Shortest Paths Carola Wenk

9. Quantifier-free Equality and Data Structures

Learning Outcomes Framework

SECONDARY MATHEMATICS I

- Well-characterized problems, min-max relations, approximate certificates. - LP problems in the standard form, primal and dual linear programs

Dynamic Programming: Shortest Paths and DFA to Reg Exps

DFA to Regular Expressions

and e 2 ~ e 2 iff e 1

CME Project, Geometry 2009 Correlated to: Kentucky Core Content for Mathematics Assessment 4.1 (High School, Grade 11)

Chapter 0: Preliminaries

CSC 1700 Analysis of Algorithms: Warshall s and Floyd s algorithms

Temporal Constraint Networks

Solving the MWT. Recall the ILP for the MWT. We can obtain a solution to the MWT problem by solving the following ILP:

Temporal Constraint Networks

Transcription:

AAA616: Program Analysis Lecture 7 The Octagon Abstract Domain Hakjoo Oh 2016 Fall Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 1 / 30

Reference Antoine Miné. The Octagon Abstract Domain. Higher-Order and Symbolic Computation. Volume 19 Issue 1, March 2006 Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 2 / 30

Numerical Abstract Domains Infer numerical properties of program variables: e.g., division by zero, array index out of bounds, integer overflow, etc. Well-known numerical domains: interval domain: x [l, u] octagon domain: ±x ± y c polyhedron domain (affine inequalities): a 1 x 1 + + a n x n c Karr s domain (affine equalities): a 1 x 1 + + a n x n = c congruence domain: x az + b The octagon domain is a restriction of the polyhedron domain where each constraint involves at most two variables and unit coefficients. Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 3 / 30

Interval vs. Octagon Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 4 / 30

Example Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 5 / 30

Example Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 6 / 30

Example Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 7 / 30

Example Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 8 / 30

Example Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 9 / 30

Octagon A finite set V = {V 1,..., V n } of variables. An environment ρ (V I) (ρ I n ), where I can be Z, Q, or R. An octagonal constraint is a constraint of the form ±V i ± V j c. An octagon is the set of points satisfying a conjunction of octagonal constraints. Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 10 / 30

Potential Constraints A potential constraint (i.e., difference constraint): V i V j c. Let C be a set of potential constraints. C can be represented by a potential graph G = (V, ). ( ) V V I V i c V j (V j V i c) C Assume that, for every Vi, V j, there is at most one arc from V i to V j. A potential set of C is the set of points in I n that satisfy C. Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 11 / 30

Difference Bound Matrices (DBMs) A DBM m is a n n square matrix, where n is the number of program variables, with elements in Ī = I {+ }. { c (Vi V m ij = j c) C + o.w. DBM = Ī n n : the set of all DBMS. The potential set described by m: γ Pot (m) = {(v 1,..., v n ) I n i, j.v j v i m ij } Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 12 / 30

Example Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 13 / 30

Encoding Octagonal Constraints as Potential Constraints V = {V 1,..., V n }: the set of program variables. Define V = {V 1,..., V 2n }, where each V i V has both a positive form V 2n 1 and a negative form V 2n V 2n 1 = V i and V 2n = V n A conjunction of octagonal constraints on V can be represented as a conjunction of potential constraints on V. 2n 2n DBM with elements in Ī i, V 2i 1 = V 2i holds for any DBM that encodes octagonal constraints Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 14 / 30

Concretization Given a DBM m of dimension 2n, the octagon described by m is defined as follows: γ Oct : DBM (V I) γ Oct (m) = {(v 1,..., v n ) I n (v 1, v 1,..., v n, v n ) γ Pot (m)} Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 15 / 30

Coherence A DBM m must be coherent if it encodes a set of octagonal constraints: m is coherent i, j. m ij = m jī where switches between the positive and negative forms of a variable: { i + 1 if i is odd ī = i 1 if i is even Let CDBM be the set of all coherent DBMs. Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 16 / 30

Lattice Structure The set of DBMs forms a complete lattice (I Q): (CDBM,,,,, ) is a DBM such that ij = + is a new smallest element m. m m. m = m = m m. m = m = m m, n. m n i, j. m ij n ij (m, n ) m, n. (m n) ij = max(m ij, n ij ) (m, n ) m, n. (m n) ij = min(m ij, n ij ) (m, n ) Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 17 / 30

Galois Connection α Oct ( ) = ( α Oct (R) ) ij = γ Oct (V I) CDBM α Oct max{ρ(v l ) ρ(v k ) ρ R} i = 2k 1, j = 2l 1 or i = 2l, j = 2k max{ρ(v l ) + ρ(v k ) ρ R} i = 2k, j = 2l 1 max{ ρ(v l ) ρ(v k ) ρ R} i = 2k 1, j = 2l Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 18 / 30

Normalization Different, incomparable DBMs may represent the same potential set: Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 19 / 30

Shortest-Path Closure The shortest-path closure m of m is defined as follows: The closure m of m is the smallest DBM representing γ Pot (m): X DBM. γ Pot (m) = γ Pot (X) = m X Floyd-Warshall Algorithm: Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 20 / 30

Implicit Constraints Closuring a DBM makes implicit constraints explicit: V j V k c V k V l d = V j V i c + d Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 21 / 30

Strong Closure The closure m of m may not be the smallest DBM representing γ Oct (m): Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 22 / 30

Strong Closure The strong closure m of m is the smallest DBM representing γ Oct. m is strongly closed iff: i, j, k. m ij m ik + m kj i, j. m ij (m i ī + m jj )/2 i, m ii = 0 The encoding of octagonal constraints implies V j V j c V ī V i d = V j V i (c + d)/2 Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 23 / 30

Abstract Transfer Functions Abstract counterparts of concrete transfer functions: union, intersection assignment test (guard) Soundness condition: F γ γ ˆF Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 24 / 30

Union The union of two octagons may not be an octagon. gives a sound approximation. Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 25 / 30

Intersection The intersection of two octagons is always an octagon. gives the exact intersection of two octagons. Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 26 / 30

Assignment (the forget operator) Concrete semantics: Abstract semantics: Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 27 / 30

Assignment (the forget operator) When the argument is strongly closed, the result is exact: Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 28 / 30

Assignments Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 29 / 30

Variable Clustering A collection Π : ( (V)) of variable clusters such that The complete lattice: π Π π = V O Π = π Π where O π is the lattice of Octagon for variables in π. Challenge: How to choose a good Π? Heo et al. Learning a Variable-Clustering Strategy for Octagon from Labeled Data Generated by a Static Analysis. SAS 2016 O π Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 30 / 30

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback