Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions
description
Transcript of Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions
![Page 1: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/1.jpg)
Spring 2014Program Analysis and Verification
Lecture 14: Numerical Abstractions
Roman ManevichBen-Gurion University
![Page 2: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/2.jpg)
2
Syllabus
Semantics
NaturalSemantics
Structural semantics
AxiomaticVerification
StaticAnalysis
AutomatingHoare Logic
Control Flow Graphs
Equation Systems
CollectingSemantics
AbstractInterpretation fundamentals
Lattices
Fixed-Points
Chaotic Iteration
Galois Connections
Domain constructors
Widening/Narrowing
AnalysisTechniques
Numerical Domains
Alias analysis
InterproceduralAnalysis
ShapeAnalysis
CEGAR
Crafting your own
Soot
From proofs to abstractions
Systematically developing
transformers
![Page 3: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/3.jpg)
3
Previously
• Composing abstract domains (and GCs)• Widening and narrowing• Interval domain
![Page 4: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/4.jpg)
4
Today
• Abstractions for properties of numeric variables
• Classification:– Relational vs. non-relational– Equalities vs. non-equalities– Zones
![Page 5: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/5.jpg)
5
Numerical Abstractions
By Quilbert (own work, partially derived from en:Image:Poly.pov) [GPL (http://www.gnu.org/licenses/gpl.html)], via Wikimedia Commons
![Page 6: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/6.jpg)
6
Overview• Goal: infer numeric properties of program variables
(integers, floating point)• Applications– Detect division by zero, overflow, out-of-bound array access– Help non-numerical domains
• Classification– Non-relational– (Weakly-)relational– Equalities / Inequalities– Linear / non-linear– Exotic
![Page 7: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/7.jpg)
7
Implementation
![Page 8: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/8.jpg)
8
Non-relational abstractions
![Page 9: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/9.jpg)
9
Non-relational abstractions
• Abstract each variable individually– Constant propagation [Kildall’73]– Intervals (Box)• Covered in lecture 13
– Sign– Parity (congruences)– Assignment 3: arithmetic progressions
![Page 10: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/10.jpg)
10
Sign abstraction for variable x• Concrete lattice: C = (2State, , , , , State) • Sign = {, neg, 0, pos, }• GCC,Sign=(C, , , Sign)• () = ?• (neg) = ?• (0) = ?• (pos) = ?• () = ?• How can we represent 0?
neg pos
0
![Page 11: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/11.jpg)
11
Transformer x:=y*z
pos 0 neg *
neg 0 pos neg
0 0 0 0 0
pos 0 neg pos
0
Check at home:Abstract transformer is complete
![Page 12: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/12.jpg)
12
Transformer x:=y+z
pos 0 neg +
neg neg neg
pos 0 neg 0
pos pos pos
Check at home:Abstract transformer is not complete
![Page 13: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/13.jpg)
13
Parity abstraction for variable x
• Concrete lattice: C = (2State, , , , , State) • Parity = {, E, O, }• GCC,Parity=(C, , , Parity)• () = ?• (E) = ?• (O) = ?• () = ?
E O
![Page 14: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/14.jpg)
14
Transformer x:=y+z
O E +
O E E
E O O
![Page 15: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/15.jpg)
15
Boxes (intervals)
0 2 312345
4
6
x
y
1
y [3,6]
x [1,4]
![Page 16: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/16.jpg)
16
Non-relational abstractions
• Cannot prove properties that hold simultaneous for several variables– x = 2*y– x ≤ y
![Page 17: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/17.jpg)
17
Practical aspectsof Non relational abstractions
![Page 18: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/18.jpg)
18
The abstraction
• Abstract domain for variables x1,…,xn is the Cartesian product of a mini-domain for one variable D[x]– D[x1] … D[xn]– Need to implement join, meet, widening, narrowing
just for mini-domain• Usually a non-relational is associated with a
Galois Insertion– No reduction required– The Cartesian product is a reduced product
![Page 19: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/19.jpg)
19
Sound assignment transformers• Let remove(S, x) be the operation that removes the factoid
associated with x from S• Let factoid(S, x) be the operation that returns the factoid
associated with x in S• x := c# S = remove(S, x) ({[xc]})• x := y# S = remove(S, x) {factoid(S, y)[x/y]}• x := y+c# S = remove(S, x) {factoid(S, y)[x/y] + c}• x := y+z# S = remove(S, x)
{factoid(S, y)[x/y] + factoid(S, z)[x/z]}• x := y*c# S = remove(S, x) {factoid(S, y)[x/y] * c}• x := y*z# S = remove(S, x)
{factoid(S, y)[x/y] * factoid(S, z)[x/z]}
![Page 20: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/20.jpg)
20
Sound assume transformers
• assume x=c# S = S ({[xc]})• assume x<c# S = …• assume x=y# S = S {factoid(S, y)[x/y]}
{factoid(S, x)[y/x]}• assume xc# S = if S ({[xc]})
then else S
![Page 21: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/21.jpg)
21
(Weakly-)relational abstractions
![Page 22: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/22.jpg)
22
Relational abstractions• Represent correlations between all program variables
– Polyhedra– Linear equalities
• When correlations exist only between few variables (usually 2) we say that the abstraction is weakly-relational– Linear relations example (discussed in class)– Zone abstraction (next)– Octagons– Two-variable polyhedra– Usually abstraction is defined as the reduced product of the
abstract domain for any pair of variables
![Page 23: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/23.jpg)
23
Zone abstraction
![Page 24: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/24.jpg)
24
Zone abstraction [Mine]• Maintain bounded differences between a pair of
program variables (useful for tracking array accesses)• Abstract state is a conjunction of linear inequalities of
the form x-yc
0 2 312345
4
6
x
y
1
x ≤ 4−x ≤ −1y ≤ 3−y ≤ −1x − y ≤ 1
![Page 25: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/25.jpg)
25
Difference bound matrices• Add a special V0 variable for the number 0• Represent non-existent relations between variables by +
entries• Convenient for defining the partial order between two abstract
elements… =?
x ≤ 4−x ≤ −1y ≤ 3−y ≤ −1x − y ≤ 1
y x V0
3 4 + V0
+ + -1 x
+ 1 -1 y
![Page 26: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/26.jpg)
26
Ordering DBMs
• How should we order M1 M2?
x ≤ 5−x ≤ −1y ≤ 3x − y ≤ 1
y x V0
3 5 + V0
+ + -1 x
+ 1 + y
x ≤ 4−x ≤ −1y ≤ 3−y ≤ −1x − y ≤ 1
y x V0
3 4 + V0
+ + -1 x
+ 1 -1 y
M1 =
M2 =
![Page 27: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/27.jpg)
27
Joining DBMs
• How should we join M1 M2?
x ≤ 2−x ≤ −1y ≤ 0x − y ≤ 1
y x V0
0 2 + V0
+ + -1 x
+ 1 + y
x ≤ 4−x ≤ −1y ≤ 3−y ≤ −1x − y ≤ 1
y x V0
3 4 + V0
+ + -1 x
+ 1 -1 y
M1 =
M2 =
![Page 28: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/28.jpg)
28
Widening DBMs
• How should we widen M1 M2?
x ≤ 5−x ≤ −1y ≤ 3x − y ≤ 1
y x V0
3 5 + V0
+ + -1 x
+ 1 + y
x ≤ 4−x ≤ −1y ≤ 3−y ≤ −1x − y ≤ 1
y x V0
3 4 + V0
+ + -1 x
+ 1 -1 y
M1 =
M2 =
![Page 29: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/29.jpg)
29
Potential graph• A vertex per variable• A directed edge with the weight of the inequality• Enables computing semantic reduction by shortest-path
algorithms
x ≤ 4−x ≤ −1y ≤ 3−y ≤ −1x − y ≤ 1
V0
x y
-1-1
1
3
3
Can we tell whether a system of constraints is satisfiable?
![Page 30: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/30.jpg)
Semantic reduction for zones
• Apply the following rule repeatedlyx - y ≤ c y - z ≤ d x - z ≤ e
x - z ≤ min{e, c+d}• When should we stop?• Theorem 3.3.4. Best abstraction of potential
sets and zones m = (∗ Pot ◦ Pot)(m)
30
![Page 31: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/31.jpg)
31
More numerical domains
![Page 32: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/32.jpg)
32
Octagon abstraction [Mine-01]
• Abstract state is an intersection of linear inequalities of the form x y c
captures relationships common in programs (array access)
![Page 33: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/33.jpg)
33
Some inequality-basedrelational domains
policy iteration
![Page 34: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/34.jpg)
34
Equality-based domains
• Simple congruences [Granger’89]: y=a mod k• Linear relations: y=a*x+b– Join operator a little tricky
• Linear equalities [Karr’76]: a1*x1+…+ak*xk = c• Polynomial equalities:
a1*x1d1*…*xk
dk + b1*y1z1*…*yk
zk + … = c– Some good results are obtainable when
d1+…+dk < n for some small n
![Page 35: Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions](https://reader035.fdocuments.in/reader035/viewer/2022062520/5681611f550346895dd07843/html5/thumbnails/35.jpg)
Next lecture:alias analysis