Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 6: Abstract Interpretation 1...
-
Upload
claire-mckenzie -
Category
Documents
-
view
222 -
download
1
Transcript of Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 6: Abstract Interpretation 1...
Program Analysis and Verification
0368-4479
Noam Rinetzky
Lecture 6: Abstract Interpretation
1
Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav
2
Abstract Interpretation [Cousot’77]
• Mathematical foundation of static analysis
3
Abstract Interpretation [Cousot’77]
• Mathematical foundation of static analysis
– Abstract (semantic) domains (“abstract states”)– Transformer functions (“abstract steps”)– Chaotic iteration (“abstract computation”)
4
Abstract Interpretation [CC77]
• A very general mathematical framework for approximating semantics– Generalizes Hoare Logic– Generalizes weakest precondition calculus
• Allows designing sound static analysis algorithms– Usually compute by iterating to a fixed-point– Not specific to any programming language style
• Results of an abstract interpretation are (loop) invariants– Can be interpreted as axiomatic verification assertions and
used for verification
Abstract Interpretation in 5 Slides
• Disclaimer– Do not worry if you feel that you do not
understand the next 5 slides • You are not expected to …
– This is just to give you a view of the land …
6
Collecting semantics
• For a set of program states State, we define the collecting lattice
(2State, , , , , State)
• The collecting semantics accumulates the (possibly infinite) sets of states generated during the execution– Not computable in general
7
“Proof”
if x>0
x := x-1
entry
x:= x + 1
xZ
xZ
{x<=0}{x>0}
x := x-1
{x<-1}
{x<0}
xZ
{x>1}
8
Abstract (conservative) interpretation
set of states set of statesoperational semantics(concrete semantics)
statement Sset of states
abstract representation abstract semantics
statement S abstract representation
concretization concretization
9
Abstract (conservative) interpretation
{x 1, x 2, …}↦ ↦ {x 0, x 1, …}↦ ↦operational semantics(concrete semantics)
x=x-1{x 0, x 1, …}↦ ↦
0 < x abstract semantics
x = x -10 ≤ x
concretization concretization
10
Abstract (conservative) interpretation
{x 1, x 2, …}↦ ↦ {…, x 0, …}↦operational semantics(concrete semantics)
x=x-1{x 0, x 1, …}↦ ↦
0 < x abstract semantics
x = x -1
concretization concretization
11
Abstract (non-conservative) interpretation
{x 1, x 2, …}↦ ↦ { x 1, …}↦operational semantics(concrete semantics)
x=x-1{x 0, x 1, …}↦ ↦ ⊈
0 < x abstract semantics
x = x -10 < x
concretization concretization
Abstract Interpretation by Example
13
Available Expressions Analysis
• A static analysis that infers for every program point a set of facts of the formAV = { x = y | x, y Var }
{ x = - y | x, y Var } { x = y op z | y, z Var, op {+, -, *, <=} }
• For every program with n=|Var| variables number of possible facts is finite: |AV|=O(n3)– Yields a trivial algorithm … but, is it efficient?
14
What do we need to prove?
{ true }C1
x := a op bC2
{ x = a op b }y := a op bC3
{ true }C1
x := a op bC2
{ x = a op b }y := xC3
CSE
15
Developing a theory of approximation
• Formulae are suitable for many analysis-based proofs but we may want to represent predicates in other ways:– Sets of “facts”– Automata– Linear (in)equalities– … ad-hoc representation
• Wanted: a uniform theory to represent semantic values and approximations
16
Preorder
• We say that a binary order relation over a set D is a preorder if the following conditions hold for every d, d’, d’’ D– Reflexive: d d– Transitive: d d’ and d’ d’’ implies d d’’
• There may exist d, d’ such thatd d’ and d’ d yet d d’
17
Partial order
• A binary order relation over a set D is a partial order if – is a preorder – is anti-symmetric
• For any d, d’ ifd d’ and d’ d then d = d’
• Notation: if d d’ and d d’ we write d d’
18
Some posets-related terminology
• If x y we can say– x is lower than y – x is more precise than y – x is more concrete than y – x under-approximates y
– y is greater than x – y is less precise than x – y is more abstract than x – y over-approximates x
Intuition
• {x > 0} x Z
20
Pointed poset
• A poset (D, ) with a least element is called a pointed poset, and denoted by (D , , )
• For all dD we have that d
• We can always transform a poset (D, ) into a pointed poset by adding a special bottom element
(D {}, {d | dD}, )
21
Join operator
• Assume a poset (D, )• Let X D be a subset of D (finite/infinite)• The join of X is defined as
– X = the least upper bound (LUB) of all elements in X if it exists– X = min{ b | forall xX we have that xb}– The supremum of the elements in X– A kind of abstract union (disjunction) operator
• Properties of a join operator– Commutative: x y = y x– Associative: (x y) z = x (y z)– Idempotent: x x = x
22
Join operator
• Assume a poset (D, )• Let X D be a subset of D (finite/infinite)• The join of X is defined as
– X = the least upper bound (LUB) of all elements in X if it exists– X = min{ b | forall xX we have that xb}– The supremum of the elements in X– A kind of abstract union (disjunction) operator
• Properties of a join operator– Commutative: x y = y x– Associative: (x y) z = x (y z)– Idempotent: x x = x
23
Meet operator
• Assume a poset (D, )• Let X D be a subset of D (finite/infinite)• The meet of X is defined as
– X = the greatest lower bound (GLB) of all elements in X if it exists– X = max{ b | forall xX we have that bx}– The infimum of the elements in X– A kind of abstract intersection (conjunction) operator
• Properties of a join operator– Commutative: x y = y x– Associative: (x y) z = x (y z)– Idempotent: x x = x
24
Meet operator
• Assume a poset (D, )• Let X D be a subset of D (finite/infinite)• The meet of X is defined as
– X = the greatest lower bound (GLB) of all elements in X if it exists– X = max{ b | forall xX we have that bx}– The infimum of the elements in X– A kind of abstract intersection (conjunction) operator
• Properties of a join operator– Commutative: x y = y x– Associative: (x y) z = x (y z)– Idempotent: x x = x
25
Complete lattices
• A complete lattice (D, , , , , ) is• A set of elements D• A partial order x y• A join operator • A meet operator • A bottom element
= = D• A top element
= D =
Transfer Functions
• Mathematical foundations
27
Towards an automatic proof
• Goal: automatically compute an annotated program proving as many facts of the formx = y + z as possible
• Decision 1: develop a forward-going proof• Decision 2: draw predicates from a finite set D
– “looking under the light of the lamp”– A compromise that simplifies problem by focusing attention –
possibly miss some facts that hold• Challenge 1: handle straight-line code• Challenge 2: handle conditions• Challenge 3: handle loops
28
Domain for SAV
• Define atomic facts (for SAV) as = { x = y | x, y Var } { x = y + z | x, y, z Var }– For n=|Var| number of atomic facts is O(n3)
• Define sav-predicates as = 2
• For D , Conj(D) = D– Conj({a=b, c=b+d, b=c}) = (a=b) (c=b+d) (b=c)
• Note:– Conj(D1 D2) = Conj(D1) Conj(D1)– Conj({}) true
29
Visualizing ordering for SAV
{false}
{x=y y=z+a}* {x=y p=q}* {y=z+a p=q}*
{x=y}* {y=z+a}* {p=q}*
{true}Greater
Lower
D={x=y, y=x, p=q, q=p, y=z+a, y=a+z, z=y+z, x=z+a}
30
An algorithm for annotating SLP
• Annotate(P, x:=a) = {P} x:=a F*[x:=a](P)
• Annotate(P, S1; S2) = {P} S1; {Q1} S2 {Q2
– Annotate(P, S1) = {P} S1 {Q1}
– Annotate(Q1, S2) = {Q1} S2 {Q2}
31
handling conditions: Goal
• Annotate a programif b then S1 else S2 with predicates from
• Assumption 1: P is given(otherwise use true)
• Assumption 2: b is a simple binary expression e.g., x=y, xy, x<y (why?)
{ P }if b then
{ b P }S1
{ Q1 }else
{ b P }S2
{ Q2 }{ Q }
32
handling conditions: Goal
• Annotate a programif b then S1 else S2 with predicates from
• Assumption 1: P is given(otherwise use true)
• Assumption 2: b is a simple binary expression e.g., x=y, xy, x<y (why?)
{ P }if b then
{ b P }S1
{ Q1 }else
{ b P }S2
{ Q2 }{ Q }
33
Annotating conditions
1. Start with P or {b P} and annotate S1 (yielding Q1)
2. Start with P or {b P} andannotate S2 (yielding Q2)
3. How do we infer a Q such that Q1Q and Q2Q?
Q1=Conj(D1), Q2=Conj(D2)Define: Q = Q1 Q2
= Conj(D1 D2)
{ P }if b then
{ b P }S1
{ Q1 }else { b P }
S2
{ Q2 }{ Q }
Possibly an SAV-fact
Possibly an SAV-fact
34
Joining predicates
1. Start with P or {b P} and annotate S1 (yielding Q1)
2. Start with P or {b P} andannotate S2 (yielding Q2)
3. How do we infer a Q such that Q1Q and Q2Q?
Q1=Conj(D1), Q2=Conj(D2)Define: Q = Q1 Q2
= Conj(D1 D2)
{ P }if b then
{ b P }S1
{ Q1 }else { b P }
S2
{ Q2 }{ Q }The join operator for SAV
35
Joining predicates
• Q1=Conj(D1), Q2=Conj(D2)
• We want to soundly approximate Q1 Q2 in
• Define: Q = Q1 Q2
= Conj(D1 D2)
• Notice that Q1Q and Q2Qmeaning Q1 Q2 Q
36
Handling conditional expressions
• Let D be a set of facts and b be an expression• Goal: Elements in that soundly approximate– D bexpr – D bexpr
• Technique: Add statement assume bexpr assume bexpr, s sos s if B bexpr s = tt
• Find a function F[assume bexpr] : Conj(D) bexpr Conj(F[assume bexpr])
37
Handling conditional expressions
• F[assume bexpr] : such thatConj(D) bexpr Conj(F[assume bexpr])
• (bexpr) = if bexpr is an SAV-fact then {bexpr} else {}– Notice bexpr (bexpr)– Examples
• (y=z) = {y=z}• (y<z) = {}
• F[assume bexpr](D) = D (bexpr)
38
Example
{ }if (x = y) { x=y, y=x } a := b + c { x=y, y=x, a=b+c, a=c+b } d := b – c { x=y, y=x, a=b+c, a=c+b }else { } a := b + c { a=b+c, a=c+b } d := b + c { a=b+c, a=c+b, d=b+c, d=c+b, a=d, d=a }{ a=b+c, a=c+b }
39
Example
{ }if (x = y) { x=y, y=x } a := b + c { x=y, y=x, a=b+c, a=c+b } d := b – c { x=y, y=x, a=b+c, a=c+b }else { } a := b + c { a=b+c, a=c+b } d := b + c { a=b+c, a=c+b, d=b+c, d=c+b, a=d, d=a }{ a=b+c, a=c+b }
Handling assumes
• Meet or join?
Another Example
42
Constant Propagation (CP)
• Goal: infers facts of the form x=c
43
Motivation: Constant folding
• Optimization: constant folding
– Example: x:=7; y:=x*9transformed to: x:=7; y:=7*9and then to: x:=7; y:=63
{ x=c }y := aexpr y := eval(aexpr[c/x])
constantfolding
simplifies constant expressions
44
CP semantic domain
?
45
CP semantic domain
• Define CP-factoids: = { x = c | x Var, c Z }– How many factoids are there?
• Define predicates as = 2
– How many predicates are there?– Do all predicates make sense? (x=5) (x=7)
• Treat conjunctive formulas as sets of factoids{x=5, y=7} ~ (x=5) (y=7)
46
CP abstract transformer• Goal: define a function
FCP[x:=aexpr] : such thatif FCP[x:=aexpr] P = P’ then sp(x:=aexpr, P) P’
?
47
CP abstract transformer• Goal: define a function
FCP[x:=aexpr] : such thatif FCP[x:=aexpr] P = P’ then sp(x:=aexpr, P) P’
{ x=c } x:=aexpr { }[kill]
{ y=c, z=c’ } x:=y op z { x=c op c’ }[gen-2]
{ } x:=c { x=c }[gen-1]
{ y=c } x:=aexpr { y=c }[preserve]
48
Gen-kill formulation of transformers
• Suited for analysis propagating sets of factoids– Available expressions,– Constant propagation, etc.
• For each statement, define a set of killed factoids and a set of generated factoids
F[S] P = (P \ kill(S)) gen(S)• FCP[x:=aexpr] P = (P \ {x=c}) aexpr is not a constant• FCP[x:=k] P = (P \ {x=c}) {x=k}
• Used in dataflow analysis – a special case of abstract interpretation
49
Does this still work?
Annotate(P, S1; S2) = let Annotate(P, S1) be {P} A1 {Q1} let Annotate(Q1, S2) be {Q1} A2 {Q2} return {P} A1; {Q1} A2 {Q2}
50
Handling conditional expressions
• We want to soundly approximate D bexpr and D bexpr in
• Define an artificial statement assume bexpr assume bexpr, s sos s if B bexpr s = tt
• Define (bexpr) = if bexpr is CP-factoid {bexpr} else {}
• Define F[assume bexpr](D) = D (bexpr)
51
Does this still work?
let Pt = F[assume bexpr] P
let Pf = F[assume bexpr] P
let Annotate(Pt, S1) be {Pt} S1 {Q1}
let Annotate(Pf, S2) be {Pf} S2 {Q2}
return {P} if bexpr then {Pt} S1 {Q1} else {Pf} S2 {Q2} {Q1 Q2}
How do we define join for CP?
52
Join example
• {x=5, y=7} {x=3, y=7, z=9} =
53
Does this still work?
• What about correctness?• What about termination?
Annotate(P, while bexpr do S) = N’ := Nc := P // Initialize repeat let Pt = F[assume bexpr] Nc
let Annotate(Pt, S) be {Nc} Abody {N’} Nc := Nc N’ until N’ = Nc return {P} INV= {N’} while bexpr do {Pt} Abody {F[assume bexpr](N)}
54
Does this still work?
• What about correctness?– If loop terminates then is N’ a loop invariant?
• What about termination?
Annotate(P, while bexpr do S) = N’ := Nc := P // Initialize repeat let Pt = F[assume bexpr] Nc
let Annotate(Pt, S) be {Nc} Abody {N’} Nc := Nc N’ until N’ = Nc return {P} INV= {N’} while bexpr do {Pt} Abody {F[assume bexpr](N)}
55
What were the common elements?
• Two static analyses– Available Expressions (extended with equalities)– Constant Propagation
• Semantic domain– An approximation relation
• A weaker one given by set inclusion
– Join operator• Abstract transformers for basic statements
– Assignments– assume statements
• Initial precondition
56
Abstract Interpretation [Cousot’77]More Formally …
• Mathematical foundation of static analysis
57
Abstract Interpretation [Cousot’77]
• Mathematical framework for approximating semantics (aka abstraction)– Allows designing sound static analysis algorithms• Usually compute by iterating to a fixed-point
– Computes (loop) invariants• Can be interpreted as axiomatic verification assertions• Generalizes Hoare Logic & WP / SP calculus
58
Abstract Interpretation [Cousot’77]
• Mathematical foundation of static analysis– Abstract domains• Abstract states ~ Assertions• Join () ~ Weakening
– Transformer functions• Abstract steps ~ Axioms
– Chaotic iteration • Structured Programs ~ Control-flow graphs• Abstract computation ~ Loop invariants
60
Introduction to Domain Theory
61
Motivation
• Let “isone” be a function that must return “1$” when the input string has at least a 1 and “0$” otherwise– isone(00…0$) = 0$– isone(xx…1…$) =1$– isone(0…0) =?
• Monotonicity: in terms of information– Output is never retracted• More information about the input is reflected in more
information about the output– How do we express monotonicity precisely?
62
Montonicity
• Define a partial orderx y– A partial order is reflexive, transitive, and anti-symmetric– y is a refinement of x
• “more precise”
• For streams of bits x y when x is a prefix of y• For programs, a typical order is:– No output (yet) some output
63
Montonicity
• A set equipped with a partial order is a poset• Definition: – D and E are postes– A function f: D E is monotonic if
x, y D: x D y f(x) E f(y) – The semantics of the program ought to be a
monotonic function• More information about the input leads to more
information about the output
64
Montonicity Example• Consider our “isone” function with the prefix
ordering• Notation:– 0k is the stream with k consecutive 0’s– 0 is the infinite stream with only 0’s
• Question (revisited): what is isone(0k )?– By definition, isone(0k$) = 0$ and isone(0k1$) = 1$– But 0k 0k$ and 0k 0 k1$– “isone” must be monotone, so:
• isone( 0k ) isone( 0k$) = 0$• isone( 0k ) isone( 0k1$) = 1$
– Therefore, monotonicity requires that isone(0k ) is a common prefix of 0$ and 1$, namely
65
Motivation• Are there other constraints on “isone”?• Define “isone” to satisfy the equations
– isone()=– isone(1s)=1$– isone(0s)=isone(s)– isone($)=0$
• What about 0?
• Continuity: finite output depends only on finite input (no infinite lookahead)– Intuition: A program that can produce observable results can
do it in a finite time
66
Chains
• A chain is a countable increasing sequence<xi> = {xi X | x0 x1 … }
• An upper bound of a set if an element “bigger” than all elements in the set
• The least upper bound is the “smallest” among upper bounds:– xi <xi> for all i N– <xi> y for all upper bounds y of <xi>
and it is unique if it exists
67
Complete Partial Orders
• Not every poset has an upper bound– with n and nn for all n N– {1, 2} does not have an upper bound
• Sometimes chains have no upper bound
0 1 2…
2
1
0
The chain
0 12…
does not have an upper bound
68
Complete Partial Orders
• It is convenient to work with posets where every chain (not necessarily every set) has a least upper bound
• A partial order P is complete if every chain in P has a least upper bound also in P
• We say that P is a complete partial order (cpo)• A cpo with a least (“bottom”) element is a pointed
cpo (pcpo)
69
Examples of cpo’s• Any set P with the order
x y if and only if x = y is a cpoIt is discrete or flat
• If we add so that x for all x P, we get a flat pointed cpo• The set N with is a poset with a bottom, but not a complete
one• The set N { } with n is a pointed cpo• The set N with is a cpo without bottom• Let S be a set and P(S) denotes the set of all subsets of S
ordered by set inclusion– P(S) is a pointed cpo
70
Constructing cpos
• If D and E are pointed cpos, then so is D × E(x, y) D×E (x’, y’) iff x D x’ and yE y’D×E = (D , E ) (x i , y i ) = ( D x i , E y i)
71
Constructing cpos (2)
• If S is a set of E is a pcpos, then so is S Em m’ iff s S: m(s) E m’(s)SE = s. E
(m , m’ ) = s.m(s) E m’(s)
72
Continuity
• A monotonic function maps a chain of inputs into a chain of outputs:x0 x1 … f(x0) f(x1) …
• It is always true that:i <f(xi)> f(i <xi>)
• Butf(i <xi>) i <f(xi)> is not always true
73
A Discontinuity Example
3
2
1
0
1
f(i <xi>) i <f(xi)>
74
Continuity
• Each f(xi) uses a “finite” view of the input
• f(<xi> ) uses an “infinite” view of the input• A function is continuous when
f(<xi>) = i <f(xi)>• The output generated using an infinite view of the
input does not contain more information than all of the outputs based on finite inputs
75
Continuity
• Each f(xi) uses a “finite” view of the input
• f(<xi> ) uses an “infinite” view of the input• A function is continuous when
f(<xi>) = i <f(xi)>• The output generated using an infinite view of the
input does not contain more information than all of the outputs based on finite inputs
• Scott’s thesis: The semantics of programs can be described by a continuous functions
76
Examples of Continuous Functions • For the partial order ( N { }, )
– The identity function is continuousid(ni) = id(ni )
– The constant function “five(n)=5” is continuousfive(ni) = five(ni )
– If isone(0) = then isone is continuos
• For a flat cpo A, any monotonic function f: A Asuch that f is strict is continuous
• Chapter 8 of the Wynskel textbook includes many more continuous functions
77
Fixed Points
• Solve equation:
where W:∑ ∑ ; W= Swhile b do S
W(Ss ) if Bb()=true W() = if Bb()=false
if Bb()= {
78
Fixed Points
• Solve equation:
where W:∑ ∑ ; W= Swhile be do s
• Alternatively, W = F(W) where:
F(W) = .
W(Ss ) if Bb()=true W() = if Bb()=false
if Bb()= {
W(Ss ) if Bb()=true if Bb()=false
if Bb()= {
79
Fixed Point (cont)
• Thus we are looking for a solution for W = F( W)– a fixed point of F
• Typically there are many fixed points• We may argue that W ought to be continuous
W [∑ ∑]• Cut the number of solutions• We will see how to find the least fixed point for such
an equation provided that F itself is continuous
80
Fixed Point Theorem• Define Fk = x. F( F(… F( x)…)) (F composed k times)• If D is a pointed cpo and F : D D is continuous,
then – for any fixed-point x of F and k N
Fk () x– The least of all fixed points is
k Fk ()• Proof:
i. By induction on k.• Base: F0 ( ) = x• Induction step: Fk+1 ( ) = F( Fk ( )) F( x) = x
ii. It suffices to show that k Fk () is a fixed-point• F(k Fk ()) = k Fk+1 ( ) = k Fk ()
81
Fixed-Points (notes)
• If F is continuous on a pointed cpo, we know how to find the least fixed point
• All other fixed points can be regarded as refinements of the least one– They contain more information, they are more
precise– In general, they are also more arbitrary
82
Fixed-Points (notes)
• If F is continuous on a pointed cpo, we know how to find the least fixed point
• All other fixed points can be regarded as refinements of the least one– They contain more information, they are more
precise– In general, they are also more arbitrary
– They also make less sense for our purposes
Denotational Semantics
• Meaning of programs
84
Denotational Semantics of While• ∑ is a flat pointed cpo
– A state has more information on non-termination– Otherwise, the states must be equal to be comparable (information-
wise)
• We want strict functions ∑ ∑– therefore, continuous functions
• The partial order on ∑ ∑ f g iff f(x) = or f(x) = g(x) for all x ∑– g terminates with the same state whenever f terminates– g might terminate for more inputs
85
Denotational Semantics of While
• Recall that W is a fixed point ofF:[[∑ ∑][∑ ∑]]
• F is continuous
• Thus, we set Swhile b do c = Fk()– Least fixed point
• Terminates least often of all fixed points
• Agrees on terminating states with all fixed point
w(Ss()) if Bb()=true F(w) = . if Bb()=false
if Bb()= {
86
Denotational Semantics of While
• S skip = .• S X := exp = .[X Aexp ]
• S s0 ; s1 = . S s1 (S s0 )
• S if b then s0 else s1 =
. if Bb then S s0 else S s1 • S while b do s = Fk() – k=0, 1, … – F = w. . if Bb()=true w(Ss()) else
87
Example(1)
• while true do skip• F:[[∑ ∑][∑ ∑]]
w(Ss()) if Bb()=true F = w.. if Bb()=false
if Bb()=
Btrue=.trueSskip=.
F = w..w()
F0()= F1() = F2() = =
{
88
Example(2)
• while false do s• F:[[∑ ∑][∑ ∑]]
Bfalse=.false
F = w..
F0()= F1() = . F2() = . =.
w(Ss()) if Bb()=true F = w.. if Bb()=false
if Bb()= {
89
Example(3) while x3 do x = x -1 = Fk() k=0, 1, …
whereF = w. . if (x)3 w([x (x) -1]) else
F0()
F1() if (x)3 ([x (x) -1]) else if (x)3 then else
F2() if (x)3 then F1([x (x) -1] ) else if (x)3 then (if [x (x) -1] x 3 then else [x (x) -1] ) else if (x)3 (if (x) 4 then else [x (x) -1] ) else if (x) {3, 4} then [x 3] else
Fk()lfp(F)
if (x) {3, 4, …k} then [x 3] else if (x) 3 then [x 3] else
90
Complete Lattice
• Let (D, ) be a partial order
• D is a complete lattice if every subset has both greatest lower bounds and least upper bounds
91
Knaster-Tarski Theorem
• Let f: L L be a monotonic function on a complete lattice L
• The least fixed point lfp(f) exists– lfp(f) = {x L: f(x)x}
92
Fixed Points
• A monotone function f: L L where (L, , , , , ) is a complete lattice
• Fix(f) = { l: l L, f(l) = l}• Red(f) = {l: l L, f(l) l}• Ext(f) = {l: l L, l f(l)}– l1 l2 f(l1 ) f(l2 )
• Tarski’s Theorem 1955: if f is monotone then:– lfp(f) = Fix(f) = Red(f) Fix(f)– gfp(f) = Fix(f) = Ext(f) Fix(f)
f()
f()
f2()
f2()
Fix(f)
Ext(f)
Red(f)gfp(f)
lfp(f)
Constant Propagation - Again
94
Constant Propagation
• Optimization: constant folding
– Example: x:=7; y:=x*9transformed to: x:=7; y:=7*9and then to: x:=7; y:=63
• Analysis: constant propagation (CP)– Infers facts of the form x=c
{ x=c }y := aexpr y := eval(aexpr[c/x])
constantfolding
simplifies constant expressions
95
CP semantic domain
• Define CP-factoids: = { x = c | x Var, c Z }– How many factoids are there?
• Define predicates as = 2
– How many predicates are there?– Do all predicates make sense? (x=5) (x=7)
• Treat conjunctive formulas as sets of factoids{x=5, y=7} ~ (x=5) (y=7)
96
One lattice per variable
true
false
x=0
x0
x<0 x>0
x0
true
false
y=0
y0
y<0 y>0
y0
How can we compose them?
97
Cartesian product of complete lattices
• For two complete lattices L1 = (D1, 1, 1, 1, 1, 1) L2 = (D2, 2, 2, 2, 2, 2)
• Define the posetLcart = (D1D2, cart, cart, cart, cart, cart)as follows:– (x1, x2) cart (y1, y2) iff x1 1 y1 x2 2 y2
– cart = ? cart = ? cart = ? cart = ?
• Lemma: L is a complete lattice• Define the Cartesian constructor Lcart = Cart(L1, L2)
98
Cartesian product example=(,)
x<0,y<0 x<0,y=0 x<0,y>0 x=0,y<0 x=0,y=0 x=0,y>0 x>0,y<0 x>0,y=0 x>0,y>0
x0,y<0 x0,y<0 x0,y=0 x0,y=0 x0,y>0 x0,y>0 x>0,y0 x>0,y0……
x0,y0 x0,y0 x0,y0x0,y0
x0 x0 y0 y0
…
(false, false)How does it represent
(x<0y<0) (x>0y>0)?
=(, )
99
Disjunctive completion
• For a complete lattice L = (D, , , , , )
• Define the powerset lattice L = (2D, , , , , ) = ? = ? = ? = ? = ?
• Lemma: L is a complete lattice
• L contains all subsets of D, which can be thought of as disjunctions of the corresponding predicates
• Define the disjunctive completion constructorL = Disj(L)
100
The base lattice CP
{x=0}
{x=-1}{x=-2} {x=1} {x=2} ……
101
The disjunctive completion of CP
{x=0}
true
{x=-1}{x=-2} {x=1} {x=2} ……
false
{x=-2x=-1} {x=-2x=0} {x=-2x=1} {x=1x=2}… … …
{x=0 x=1x=2}{x=-1 x=1x=-2}… ………
What is the height of this lattice?
102
Relational product of lattices
• L1 = (D1, 1, 1, 1, 1, 1)L2 = (D2, 2, 2, 2, 2, 2)
• Lrel = (2D1D2, rel, rel, rel, rel, rel)as follows:– Lrel = ?
103
Relational product of lattices
• L1 = (D1, 1, 1, 1, 1, 1)L2 = (D2, 2, 2, 2, 2, 2)
• Lrel = (2D1D2, rel, rel, rel, rel, rel)as follows:– Lrel = Disj(Cart(L1, L2))
• Lemma: L is a complete lattice• What does it buy us?
104
Cartesian product exampletrue
false
x<0,y<0 x<0,y=0 x<0,y>0 x=0,y<0 x=0,y=0 x=0,y>0 x>0,y<0 x>0,y=0 x>0,y>0
x0,y<0 x0,y<0 x0,y=0 x0,y=0 x0,y>0 x0,y>0 x>0,y0 x>0,y0……
x0,y0 x0,y0 x0,y0x0,y0
x0 x0 y0 y0
…
How does it represent(x<0y<0) (x>0y>0)?
What is the height of this lattice?
105
Relational product exampletrue
false
(x<0y<0)(x>0y>0)
x0 x0 y0 y0
How does it represent(x<0y<0) (x>0y>0)?
(x<0y<0)(x>0y=0) (x<0y0)(x<0y0)
…
What is the height of this lattice?