1 / 23

Basic abstract interpretation theory

Basic abstract interpretation theory. The general idea. a semantics any definition style, from a denotational definition to a detailed interpreter assigning meanings to programs on a suitable concrete domain (concrete computations domain)

bernad
Download Presentation

Basic abstract interpretation theory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic abstract interpretation theory

  2. The general idea • a semantics • any definition style, from a denotational definition to a detailed interpreter assigning meanings to programs on a suitable concrete domain (concrete computations domain) • an abstract domain modeling some properties of concrete computations and forgetting about the remaining information (abstract computations domain) • we derive an abstract semantics, which allows us to “execute” the program on the abstract domain to compute its abstract meaning, i.e., the modeled property

  3. Concrete and Abstract Domains • two complete partial orders • the partial orders reflect precision • smaller is better • concrete domain (P(C),,,C, , ) • has the structure of a powerset • we will see later why • abstract domain(A,,bottom,top, lub, glb) • each abstract value is a description of “a set of” concrete values

  4. The Sign Abstract Domain • concrete domain (P(Z),,,C, ,  ) sets of integers • abstract domain(Sign,,bot,top, lub, glb)

  5. Concretization • concrete domain (P(C),,,C, , ) • abstract domain(A,,bottom,top, lub, glb) • the meaning of abstract values is defined by a concretization function : AP(C) a A,(a) is the set of concrete computations described by a • that’s why the concrete domain needs to be a powerset • the concretization function must be monotonic a1,a2  A,a1 a2 implies (a1) (a2) • concretization preserves relative precision

  6. Abstraction • concrete domain (P(C),, ,C, , ) • abstract domain(A, , bottom,top, lub, glb) • every element of P(C) should have a unique “best” (most precise) description in A • this is possible if and only if A is a Moore family • closed under glb • in such a case, we can define an abstraction function a:P(C) A c P(C),a(c) is the best abstract description of c • the abstraction function must be monotonic c1,c2  P(C),c1 c2 implies a(c1) a(c2) • abstraction preserves relative precision

  7. The example ofSign Sign(x) = • , if x= bot • {y|y>0}, if x= + • {y|y0}, if x= 0+ • {0}, if x= 0 • {y|y0}, if x= 0- • {y|y<0}, if x= - • Z, if x= top Sign (y) = glb of • bot , if y=  • - , if y {y|y<0} • 0- , if y {y|y0} • 0 , if y ={0} • 0+ , if y {y|y 0} • + , if y {y|y>0} • top , if y Z

  8. Galois connection • (P(C),,,C, ,  ) • (A,,bottom,top, lub, glb) • : AP(C) (concretization) • a:P(C) A(abstraction)  , monotonic • there may be loss of information (approximation) in describing an element of P(C) by an element of A • Galois connection (insertion) c P(C). c ((c)) a A.((a)) a(a A.((a)) =a)  , mutually determine each other

  9. Concrete semantics • the concrete semantics is defined as the least or (greatest) fixpont of a concrete semantic evaluation function F defined on the domain C • this does not necessarily mean that the semantic definition style is denotational! • F is defined in terms of primitive semantic operations fionC • the abstract semantic evaluation function is obtained by replacing in F each concrete operation fi by a suitable abstract operation • however, since the actual concrete domain is P(C), we need first to lift the concrete semantics lfpF to a collecting semantics defined onP(C)

  10. Collecting semantics • liftinglfpFto the powerset (to get the collecting semantics) is simply a conceptual operation • collecting semantics = {lfpF} • we don’t need to define a brand new collecting semantic evaluation function on P(C) • we just need to reason in terms of liftings of all the primitive operations (and ofF), while designing the abstract operations and establishing their properties • in the following, by abuse of notation, we will use the same notation for the standard and the collecting (“conceptually” lifted) operations

  11. Abstract operations: local correctness • an abstract operator fidefined onAis locally correct wrt a concrete operator fiif x1,..,xn P(C). fi(x1,..,xn) (fi((x1),..,(xn))) • the concrete computation step is more precise than the concretization of the “corresponding” abstract computation step • a very weak requirement, which is satisfied, for example, by an abstract operator which always computes the worst abstract value top • the real issue in the design of abstract operations is therefore precision

  12. Abstract operations: optimality and completeness • correctness x1,..,xn P(C). fi(x1,..,xn) (fi((x1),..,(xn))) • optimality y1,..,yn A. fi(y1,..,yn) = a(fi(g(y1),..,g(yn))) • the most precise abstract operator ficorrect wrt fi • a theoretical bound and basis for the design, rather then an implementable definition • completeness (exactness or absolute precision) x1,..,xn P(C). a(fi(x1,..,xn)) = fi((x1),..,(xn)) • no loss of information,the abstraction of the concrete computation step is exactly the same as the result of the corresponding abstract computation step

  13. Abstract operations on Sign: TimesSign

  14. Abstract operations on Sign: PlusSign

  15. The Sign example • TimesandPlusare the usual operations lifted toP(Z) • bothTimesSignandPlusSignare optimal (hence correct) • TimesSignis also complete (no approximation) • PlusSignis necessarily incomplete • Sign(Times({2},{-3})) = TimesSign(Sign({2}),Sign({-3})) • Sign(Plus({2},{-3}))  PlusSign(Sign({2}),Sign({-3}))

  16. From local to global correctness • the composition of locally correct abstract operations is locally correct wrt the composition of concrete operations • composition does not preserve optimality, i.e., the composition of optimal operators may be less precise than the optimal abstract version of the composition • if we obtainF(abstract semantic evaluation function) by replacing inFevery concrete semantic operation by a corresponding (locally correct) abstract operation, the local correctness property still holds x  P(C).F(x) (F((x))) • local correctness implies global correctness, i.e., correctness of the abstract semantics wrt the concrete one lfpF(lfpF) gfpF (gfpF) a(lfpF)lfpF a(gfpF)gfpF • the abstraction of the concrete semantics is more precise than the abstract semantics

  17. lfpFcannot be computed in finitely many steps  steps are in general required lfpFcan be computed in finitely many steps, if the abstract domain is finite or at leastnoetherian does not contain infinite increasing chains interesting for static program analysis, where the fixpoint computation must terminate most program properties considered in static analysis are undecidable we accept a loss of precision (safe approximation) in order to make the analysis feasible a(lfpF) lfpF:why computing lfpF?

  18. Where does the approximation come from? • incomplete abstract operators • more execution paths in the abstract semantics • the abstract state has no information to allow deterministic choices • conditionals, pattern matching, etc. • the set of resulting abstract states is transformed into a single abstract state by an abstract lub operation

  19. Approximation in abstract Sign computations • abstract state [x=+] • if x>2 then y:=3 else y:=-5; • the abstract guard “can be both true and false” • we need to abstractly execute both paths • the resulting abstract states are “merged” by performing a lub on Sign • abstract state [x=+,y=top] • concrete state [x={3}] • if x>2 then y:=3 else y:=-5; • concrete state [x={3}, y={3}]

  20. Approximation in type analysis • the following ML expression is not typed by the ML’s type inference algorithm, because it always performs a lub operation in the conditional if true then 3 else true even when the guard is valid or unsatisfiable in the abstract state

  21. comparative semantics a technique to reason about semantics at different level of abstraction non-noetherian abstract domain abstraction without approximation (completeness) (lfpF)=lfpF static analysis = effective computation of the abstract semantics if the abstract domain is noetherian and the abstract operations are computationally feasible if the abstract domain is non-noetherian or if the fixpoint computation is too complex use widening operators which effectively compute an (upper) approximation oflfpF one example later Applications of Abstract Interpretation

  22. (P(C),, ,C, ,  )(concrete domain) (A,,bottom,top, lub, glb) (abstract domain) :AP(C)monotonic(concretization function) a:P(C)Amonotonic(abstraction function) xP(C). x ((x)) y A.((y)) y(Galois connection) fi $fi| x1,..,xn P(C). fi(x1,..,xn) (fi((x1),..,(xn)))(local correctness) critical choices the abstract domain to model the property the (possibly optimal) correct abstract operations The abstract interpretation framework

  23. there exist weaker versions of abstract interpretation without Galois connections (e.g., concretization function only) based on approximation operators (widening, narrowing) without explicit abstract domain (closure operators) the theory provides also several results on abstract domain design how to combine domains how to improve the precision of a domain how to transform an abstract domain into a complete one …... we will look at some of these results in the last lecture Other approaches and extensions

More Related