Lecture 7 The Octagon Abstract Domain - Korea...
Transcript of Lecture 7 The Octagon Abstract Domain - Korea...
![Page 1: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/1.jpg)
AAA616: Program Analysis
Lecture 7 — The Octagon Abstract Domain
Hakjoo Oh2016 Fall
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 1 / 30
![Page 2: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/2.jpg)
Reference
Antoine Mine. The Octagon Abstract Domain. Higher-Order andSymbolic Computation. Volume 19 Issue 1, March 2006
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 2 / 30
![Page 3: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/3.jpg)
Numerical Abstract Domains
Infer numerical properties of program variables: e.g.,
division by zero,
array index out of bounds,
integer overflow, etc.
Well-known numerical domains:
interval domain: x ∈ [l, u]
octagon domain: ±x± y ≤ cpolyhedron domain (affine inequalities): a1x1 + · · ·+ anxn ≤ cKarr’s domain (affine equalities): a1x1 + · · ·+ anxn = c
congruence domain: x ∈ aZ + b
The octagon domain is a restriction of the polyhedron domain where eachconstraint involves at most two variables and unit coefficients.
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 3 / 30
![Page 4: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/4.jpg)
Interval vs. Octagon
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 4 / 30
![Page 5: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/5.jpg)
Example
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 5 / 30
![Page 6: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/6.jpg)
Example
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 6 / 30
![Page 7: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/7.jpg)
Example
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 7 / 30
![Page 8: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/8.jpg)
Example
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 8 / 30
![Page 9: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/9.jpg)
Example
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 9 / 30
![Page 10: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/10.jpg)
Octagon
A finite set V = {V1, . . . , Vn} of variables.
An environment ρ ∈ (V→ I) (ρ ∈ In), where I can be Z,Q, or R.
An octagonal constraint is a constraint of the form ±Vi ± Vj ≤ c.
An octagon is the set of points satisfying a conjunction of octagonalconstraints.
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 10 / 30
![Page 11: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/11.jpg)
Potential Constraints
A potential constraint (i.e., difference constraint): Vi − Vj ≤ c.
Let C be a set of potential constraints. C can be represented by apotential graph G = (V, ↪→).
I (↪→) ⊆ V × V × I
Vi ↪→c Vj ⇐⇒ (Vj − Vi ≤ c) ∈ C
I Assume that, for every Vi, Vj , there is at most one arc from Vi to Vj .
A potential set of C is the set of points in In that satisfy C.
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 11 / 30
![Page 12: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/12.jpg)
Difference Bound Matrices (DBMs)
A DBM m is a n× n square matrix, where n is the number of programvariables, with elements in I = I ∪ {+∞}.
mij =
{c (Vi − Vj ≤ c) ∈ C+∞ o.w.
DBM = In×n: the set of all DBMS.
The potential set described by m:
γPot(m) = {(v1, . . . , vn) ∈ In | ∀i, j.vj − vi ≤ mij}
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 12 / 30
![Page 13: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/13.jpg)
Example
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 13 / 30
![Page 14: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/14.jpg)
Encoding Octagonal Constraints as Potential Constraints
V = {V1, . . . , Vn}: the set of program variables.
Define V′ = {V ′1 , . . . , V ′2n}, where each Vi ∈ V has both a positiveform V ′2n−1 and a negative form V ′2n
I V ′2n−1 = Vi and V ′2n = −Vn
A conjunction of octagonal constraints on V can be represented as aconjunction of potential constraints on V′.
I 2n× 2n DBM with elements in II ∀i, V ′2i−1 = −V ′2i holds for any DBM that encodes octagonal
constraints
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 14 / 30
![Page 15: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/15.jpg)
Concretization
Given a DBM m of dimension 2n, the octagon described by m is definedas follows:
γOct : DBM→ ℘(V→ I)
γOct(m) = {(v1, . . . , vn) ∈ In | (v1,−v1, . . . , vn,−vn) ∈ γPot(m)}
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 15 / 30
![Page 16: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/16.jpg)
Coherence
A DBM m must be coherent if it encodes a set of octagonalconstraints:
m is coherent ⇐⇒ ∀i, j. mij = mji
where · switches between the positive and negative forms of avariable:
i =
{i+ 1 if i is oddi− 1 if i is even
Let CDBM be the set of all coherent DBMs.
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 16 / 30
![Page 17: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/17.jpg)
Lattice Structure
The set of DBMs forms a complete lattice (I 6= Q):
(CDBM,v,t,u,⊥,>)
> is a DBM such that >ij = +∞⊥ is a new smallest element
I ∀m. ⊥ v mI ∀m. ⊥ tm = m t ⊥ = mI ∀m. ⊥ um = m u ⊥ = m
∀m, n. m v n ⇐⇒ ∀i, j. mij ≤ nij (m, n 6= ⊥)
∀m, n. (m t n)ij = max(mij, nij) (m, n 6= ⊥)
∀m, n. (m u n)ij = min(mij, nij) (m, n 6= ⊥)
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 17 / 30
![Page 18: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/18.jpg)
Galois Connection
℘(V→ I) −−−−→←−−−−αOct
γOct
CDBM
αOct(∅) = ⊥
(αOct(R)
)ij
=
max{ρ(Vl)− ρ(Vk) | ρ ∈ R} i = 2k − 1, j = 2l− 1
or i = 2l, j = 2kmax{ρ(Vl) + ρ(Vk) | ρ ∈ R} i = 2k, j = 2l− 1max{−ρ(Vl)− ρ(Vk) | ρ ∈ R} i = 2k − 1, j = 2l
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 18 / 30
![Page 19: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/19.jpg)
Normalization
Different, incomparable DBMs may represent the same potential set:
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 19 / 30
![Page 20: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/20.jpg)
Shortest-Path Closure
The shortest-path closure m∗ of m is defined as follows:
The closure m∗ of m is the smallest DBM representing γPot(m):
∀X ∈ DBM. γPot(m) = γPot(X) =⇒ m∗ v X
Floyd-Warshall Algorithm:
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 20 / 30
![Page 21: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/21.jpg)
Implicit Constraints
Closuring a DBM makes implicit constraints explicit:
Vj − Vk ≤ c ∧ Vk − Vl ≤ d =⇒ Vj − Vi ≤ c+ d
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 21 / 30
![Page 22: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/22.jpg)
Strong Closure
The closure m∗ of m may not be the smallest DBM representing γOct(m):
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 22 / 30
![Page 23: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/23.jpg)
Strong Closure
The strong closure m• of m is the smallest DBM representing γOct . m isstrongly closed iff:
∀i, j, k. mij ≤ mik + mkj
∀i, j. mij ≤ (mii + mjj)/2
∀i, mii = 0
The encoding of octagonal constraints implies
V ′j − V′j≤ c ∧ V ′
i− V ′i ≤ d =⇒ V ′j − V
′i ≤ (c+ d)/2
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 23 / 30
![Page 24: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/24.jpg)
Abstract Transfer Functions
Abstract counterparts of concrete transfer functions:
union, intersection
assignment
test (guard)
Soundness condition:F ◦ γ v γ ◦ F
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 24 / 30
![Page 25: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/25.jpg)
Union
The union of two octagons may not be an octagon. t gives a soundapproximation.
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 25 / 30
![Page 26: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/26.jpg)
Intersection
The intersection of two octagons is always an octagon. u gives the exactintersection of two octagons.
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 26 / 30
![Page 27: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/27.jpg)
Assignment (the forget operator)
Concrete semantics:
Abstract semantics:
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 27 / 30
![Page 28: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/28.jpg)
Assignment (the forget operator)
When the argument is strongly closed, the result is exact:
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 28 / 30
![Page 29: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/29.jpg)
Assignments
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 29 / 30
![Page 30: Lecture 7 The Octagon Abstract Domain - Korea Universityprl.korea.ac.kr/~pronto/home/courses/aaa616/2016/slides/... · 2020-01-30 · Reference Antoine Min e. The Octagon Abstract](https://reader033.fdocuments.in/reader033/viewer/2022042322/5f0c08757e708231d4336b51/html5/thumbnails/30.jpg)
Variable Clustering
A collection Π : ℘(℘(V)) of variable clusters such that⋃π∈Π
π = V
The complete lattice:
OΠ =∏π∈Π
Oπ
where Oπ is the lattice of Octagon for variables in π.
Challenge: How to choose a good Π?I Heo et al. “Learning a Variable-Clustering Strategy for Octagon from
Labeled Data Generated by a Static Analysis”. SAS 2016
Hakjoo Oh AAA616 2016 Fall, Lecture 7 November 3, 2016 30 / 30