abstract interpretation: concrete and abstract semanticsavp/08_avp_2013.pdf · abstract...
TRANSCRIPT
![Page 1: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/1.jpg)
Abstract Interpretation:
concrete and abstract semantics
![Page 2: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/2.jpg)
2
Concrete semantics
• We consider a very tiny language that manages arithmetic
operations on integers values.
• The (concrete) semantics of the languages cab be defined by the
funzcion m defined by:
m
m
m m m
1 2 1 2
|
:
( )
( ) ( ) ( )
e i e e
Exp Int
i i
e e e e
![Page 3: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/3.jpg)
3
Abstract Semantics
• Consider now an abstract semantics over the domain of signs
1 2 1 2
:Exp ,-,0
if 0 0( ) 0 if 0 0
if 0 0 0 0 0
( ) ( ) ( ) 0
i
i i
i
e e e e
![Page 4: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/4.jpg)
4
From a different perspective
• We can associate to each abstract value the set of concrete
elements it represents.
• The concretization function :
: { ,0, } 2
( ) | 0
(0) 0
( ) | 0
Int
i i
i i
![Page 5: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/5.jpg)
5
Concretization
• The concretization function maps an abstract value to a set of
concrete elements
• Let D denote the comncrete domain and A denote the abstract
domain. The correctness of the abstract semantics wrt the concrete
one can be expressed by:
m ( ) ( ( ))e e
m
Exp
A
2D
![Page 6: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/6.jpg)
6
Abstract Interpretation
• Abstract Interpretation is:
– Computing the semantics of a program in an abstract
domain
– In the case of signs, the domain so far is {+,0,-}.
• The abstract semantics should be correct
– it is an over approximation of the concrete semantics
• The relatrion between te two domains is given by a
concretization function
![Page 7: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/7.jpg)
7
Consider the unary operator -
• Let us add to our language the unary operator -
m m
( ) ( ) 0
0( ) ( )
e e
e e
![Page 8: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/8.jpg)
8
Consider the binary operation +
• Adding the addition operator focrces us to modify the domain, as the
previous one is not able to represent the result of adding numbers of
opposite sign
m m m
1 2 1 2
1 2 1 2
0
( ) ( ) ( ) ?
( ) ( ) ( ) 0 0
?
e e e e
e e e e
![Page 9: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/9.jpg)
9
So…
• We add to the domain a new element that represents all the integer
numbers (both positive and negative, and zero)
0 T
T T(T) Int 0 0 T
T T
T T T T T
![Page 10: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/10.jpg)
10
The operations should be revisited
0 T
0 T0 T
0 0 0 0 00 T
0 T
T T 0 T T
![Page 11: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/11.jpg)
11
Examples
m
m
((1 2) 3) 0
((1 2) 3) ( ) ( ) T
((5 5) 6) 31
((5 5) 6) ( )
Sometimes there is information loss due to the abstract operations
Sometimes there is no information loss, with respect to the abstraction
![Page 12: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/12.jpg)
12
Consider the division operator /
• Problem: what is the result of dividing by zero? No number!
• So we need a new element in our domain that represents the
empty set of integers (i.e. a failure state)
• But.. What’s wrong in the table below?
/ 0 T
0 T
0( ) 0 T
T T 0 T T
x
x
![Page 13: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/13.jpg)
13
The resulting abstract domain
• It is a finite complete lattice
• The partial order is coherent wrt the
concretization function:
0
T
( ) ( )x y x y
![Page 14: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/14.jpg)
14
The abstraction function
• The concretization function has an adjoint function, the abstraction
function a.
• Function a maps a set of concrete values into the best
representation of this set in the abstract domain (the smaller
element f the abstract domain that represents of of these elements)
• In our example:,
a
a
a
Int: 2 A
( ) lub | 0 , 0| 0 , | 0
( ) ({ })
S i i S S i i S
i i
![Page 15: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/15.jpg)
15
A general definition
• An Abstract Interpretation consists of:
– An abstract domain A and a concrete domain D
– A and D are complete lattices . Smaller means “more precise”
– Two monotone adjoint function that enjoy che formino una
inserzione di Galois.
– Abstract operations that are correct wrt the concrete ones
– A fixpoint algorithm
• Galois insertion:
a
a
2 . ( ( ))
. ( ( ))
Dx x x
a A x x
![Page 16: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/16.jpg)
16
Correctness revisited
• If case of Galois insertion, these correctness conditions
are equivalent (prove it !)
aExp
A
m 2D
m ( ) ( ( ))e e
a m( ) ({ ( )})e e
![Page 17: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/17.jpg)
17
Correctness
• We show that in order to ensure the correctness of the whole
analysis the following conditions are sufficient:
1. The function a and are monotone
2. The function a and form a Galois insertion
3. The abstract operations are locally correct, i.e.
• Notice that there is always a way to define a locally correct abstract
operation. It is sufficient to consider the operations that returns the
top element of the abstract domain.
1 1(op( ,..., )) op( ( ),..., ( ))n ns s s s
![Page 18: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/18.jpg)
18
Local correctness
1(op( ,..., ))ns s
1op( ( ),..., ( ))ns s
A A
2D
2D
op
op
![Page 19: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/19.jpg)
19
Correctness proof
• We show by structural induction on e that:
• Basic step:
m ( ) ( ( ))e e
m
a
m
def. di
inserzione di Ga
( )
{ }
( ({ }))
( (i)
lois
def di )
i
i
i
i
![Page 20: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/20.jpg)
20
Correctness proof
Inductive Step
m
m m
m
1 2
1 2
1 2
1 2
1 2
def. di
per ipotesi induttiva
correttezz
( )
( ) ( )
( ( ))
a locale
def
( ( ))
( ( ) (
di
))
( ( ))
e op e
e op e
e op e
e op e
e op e
m ( ) ( ( ))e e
![Page 21: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/21.jpg)
21
Adding an input
• We can extend our tiny language with the possibility to
get an input value from the user
• This means that we have a variable x in the expressions
| | | ... |e i e e e x
![Page 22: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/22.jpg)
22
Concrete semantics
• The semantic function m becomes
• And we may express it in terms of a family of functions, having
expressions as indeces and a single parameter (the input value)
m : Exp Int Int
m
m
m m m
m m m
1 2 1 2
1 2 1 2
( )
( )
( ) ( ) ( )
( ) ( ) ( )
... ...
i
x
e e e e
e e e e
j i
j j
j j j
j j j
![Page 23: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/23.jpg)
23
Abstract semantics
• The same holds for the abstract semantic function
• Also in this case we can express by a family of functions:
: Exp A A
a
1 2 1 2
1 2 1 2
( )
( )
( ) ( ) ( )
( ) ( ) ( )
... ...
({ })
i
x
e e e e
e e e e
j i
j j
j j j
j j j
i i
![Page 24: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/24.jpg)
24
Correctness
• The following conditions are equivalent
m a
m a
a m a
. ( ) ( ( ({ })))e e
e eD
e eA
i i i
e
em
a
A
2D
A
a
2D
![Page 25: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/25.jpg)
25
Local correctness
• We can express the local correntess condition by:
1 1
( ( )),..., ( ( )) ( ( ),..., ( ))n ne e e eop j j op j j
![Page 26: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/26.jpg)
26
Conditional statement
• Concrete semantics
• Abstract semantics
• Notice the role of the lub in the abstract domain
m m mm
m m m
3 1 2
1 2 3 4
1 24
3 41 2 3 4
if then else
if then else
(
... | if then else | .
) if ( ) ( )( )
( ) if ( ) ( )
( ) ( ) (
.
)
.
e e e
e e e ee e e
e ee e e e
i i ii
i i i
i
e e
i
e e
i
e
![Page 27: Abstract Interpretation: concrete and abstract semanticsavp/08_AVP_2013.pdf · Abstract Interpretation • Abstract Interpretation is: –Computing the semantics of a program in an](https://reader034.vdocuments.us/reader034/viewer/2022042605/5f59fc83bfa284054174edee/html5/thumbnails/27.jpg)
27
Correctness of the conditional statm.
m
3
3
3 4
3 4
1 2 3 4if then else
( )
( ( )) per induzione
( ( )) ( ( ))
( ) ( ) monotonia di
( ( ))
e
e
e e
e e
e e e e
i
i
i i
i i
i
• Assume that the condition is true (the other case is analogous)