Abstraction and Abstract Interpretation. Abstraction (a simplified view) Abstraction is an effective tool in verification Given a transition system, we.

Slides:



Advertisements
Similar presentations
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Advertisements

Abstraction in Model Checking Nishant Sinha. Model Checking Given a: –Finite transition system M –A temporal property p The model checking problem: –Does.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Rules of Matrix Arithmetic
Boyce/DiPrima 9th ed, Ch 2.8: The Existence and Uniqueness Theorem Elementary Differential Equations and Boundary Value Problems, 9th edition, by William.
Abstraction of Source Code (from Bandera lectures and talks)
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
Partial Order Reduction: Main Idea
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.
The Game of Algebra or The Other Side of Arithmetic The Game of Algebra or The Other Side of Arithmetic © 2007 Herbert I. Gross by Herbert I. Gross & Richard.
Tutorial on Widening (and Narrowing) Hongseok Yang Seoul National University.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
Circuit Analysis III Section 06.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
CSE 231 : Advanced Compilers Building Program Analyzers.
Ch 5.2: Series Solutions Near an Ordinary Point, Part I
ADDITIONAL ANALYSIS TECHNIQUES LEARNING GOALS REVIEW LINEARITY The property has two equivalent definitions. We show and application of homogeneity APPLY.
Abstractions. Outline Informal intuition Why do we need abstraction? What is an abstraction and what is not an abstraction A framework for abstractions.
Synergy: A New Algorithm for Property Checking
Correctness. Until now We’ve seen how to define dataflow analyses How do we know our analyses are correct? We could reason about each individual analysis.
CS 267: Automated Verification Lectures 14: Predicate Abstraction, Counter- Example Guided Abstraction Refinement, Abstract Interpretation Instructor:
Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.
1 Systematic Domain Design Some Remarks. 2 Best (Conservative) interpretation abstract representation Set of states concretization Abstract semantics.
1 Combining verification and analysis. 2 CONCLUSIONS ON VERIFICATION  denotational abstract interpreters have the extra-value of being easily transformed.
1 Program Analysis Systematic Domain Design Mooly Sagiv Tel Aviv University Textbook: Principles.
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan.
CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.
1 Tentative Schedule u Today: Theory of abstract interpretation u May 5 Procedures u May 15, Orna Grumberg u May 12 Yom Hatzamaut u May.
1 MA 1128: Lecture 09 – 6/08/15 Solving Systems of Linear Equations.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
MATH 224 – Discrete Mathematics
TH EDITION Copyright © 2013, 2009, 2005 Pearson Education, Inc. 1 1 Equations and Inequalities Copyright © 2013, 2009, 2005 Pearson Education,
SIMPLIFY EXPRESSIONS WITH INTEGER EXPONENTS PRACTICE ALL OF THE PROPERTIES OF EXPONENTS.
SECOND-ORDER DIFFERENTIAL EQUATIONS Series Solutions SECOND-ORDER DIFFERENTIAL EQUATIONS In this section, we will learn how to solve: Certain.
Slide 7- 1 Copyright © 2012 Pearson Education, Inc.
Constraint Satisfaction Problems (CSPs) CPSC 322 – CSP 1 Poole & Mackworth textbook: Sections § Lecturer: Alan Mackworth September 28, 2012.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 3: Modular Verification with Magic, Predicate Abstraction.
1 Bisimulations as a Technique for State Space Reductions.
Lecture 81 Regional Automaton CS 5270 Lecture 8. Lecture 82 What We Need to Do Problem: –We need to analyze the timed behavior of a TTS. –The timed behavior.
Regular Expressions and Languages A regular expression is a notation to represent languages, i.e. a set of strings, where the set is either finite or contains.
CS 267: Automated Verification Lecture 3: Fixpoints and Temporal Properties Instructor: Tevfik Bultan.
Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.
Bell Work: Simplify: √500,000,000. Answer: 10,000√5.
Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.
1 2/21/2016 MATH 224 – Discrete Mathematics Sequences and Sums A sequence of the form ar 0, ar 1, ar 2, ar 3, ar 4, …, ar n, is called a geometric sequence.
1 Iterative Program Analysis Abstract Interpretation Mooly Sagiv Tel Aviv University Textbook:
24 September 2002© Willem Visser Program Model Checking Enabling Technology Abstraction void add(Object o) { buffer[head] = o; head = (head+1)%size;
1 Abstract interpretation Giorgio Levi Dipartimento di Informatica, Università di Pisa
13.5 – Sums of Infinite Series Objectives: You should be able to…
MATH 224 – Discrete Mathematics
Fixpoints and Reachability
Section 2-4: Adding Integers using Rules
Spring 2016 Program Analysis and Verification
To any sequence we can assign a sequence with terms defined as
Arithmetic Constraints and Automata
Symbolic Implementation of the Best Transformer
Iterative Program Analysis Abstract Interpretation
Abstract Interpretation
Zero and Negative Exponents
Abstract Interpretation
Predicate Abstraction
Zero and Negative Integral Indices
ADDITIONAL ANALYSIS TECHNIQUES
Presentation transcript:

Abstraction and Abstract Interpretation

Abstraction (a simplified view) Abstraction is an effective tool in verification Given a transition system, we want to generate an abstract transition system which is easier to analyze However, we want to make sure that –If a property holds in the abstract transition system, it also holds in the original (concrete) transition system

Abstraction (a simplified view) How do we generate an abstract transition system? Merge states in the concrete transition system (based on some criteria) –This reduces the number of states, so it should be easier to do verification Do not eliminate transitions –This will make sure that the paths in the abstract transition system subsume the paths in the concrete transition system

Abstraction (a simplified view) For every path in the concrete transition system, there is an equivalent path in the abstract transition system –If no path in the abstract transition system violate a property, then no path in the concrete system can violate the property Using this reasoning we can verify properties( that are about for all paths) in the abstract transition system –If the property holds on the abstract transition system, we are sure that the property holds in the concrete transition system –If the property does not hold in the abstract transition system, then we are not sure if the property holds or not in the concrete transition system

Abstraction (A simplified view) If the property does not hold in the abstract transition system, what can we do? We can refine the abstract transition system (split some states that we merged) We have to make sure that the refined transition system is still an abstraction of the concrete transition system Then, we can recheck the property again on the refined transition system –If the property does not hold again, we can refine again

Abstraction and Simulation Given two transition systems T 1 = (S 1, I 1, R 1 ) T 2 = (S 2, I 2, R 2 ) We call H  (S 1, S 2 ) a simulation relation if, for any (s 1, s 2 )  H –s 1 and s 2 satisfy the same set of atomic properties –For every state s 1 ’ such that (s 1, s 1 ’)  R 1 there exists a state s 2 ’ such that (s 2, s 2 ’)  R 2 and (s 1 ’, s 2 ’)  H We say that T 2 simulates T 1 if there exists a simulation relation H such that for each s 1  I 1, there exists a s 2  I 2 such that (s 1, s 2 )  H.

Abstraction and Simulation If T 2 simulates T 1 then if we can verify a property on T 2 then we can conclude that it holds for T 1 We can define simulation relations between abstract and concrete transition systems such that –the abstract system simulates the concrete system Hence when we verify a property in the abstract transition system we know that it also holds for the concrete transition system

Abstract Interpretation Abstract interpretation provides a general framework for defining abstractions Different abstract domains can be combined using abstract interpretation framework Abstract interpretation framework also provides techniques such as widening for computing approximations of fixpoints

Abstract Interpretation Example Assume that we have a program with some integer variables We want to figure out possible values these variables can take at a certain point in the program –The results will be a set of integer values for each variable (i.e., the result for each variable will be a member of 2 Z where Z is the set of integers) An easy answer would be to return Z for all the variables –I.e., say that each variable can possibly take any value –This is not a very precise and helpful answer The smaller the sets in our answer, the more precise our answer is –Of course we are not allowed to give a wrong answer by omitting a value that a variable can take!

Abstract Interpretation Example Assume that we have two integer variables x and y The answer we return should be something like –x  {1, 2, 3, 4} –y  {n | n > 5} the variables x and y should not take any value outside of these sets for any execution of the program Unfortunately if we use 2 Z and develop a static analysis to solve this problem the fixpoint computations will not converge since 2 Z an infinite lattice –Use abstraction!

Abstract Interpretation Example Define an abstract domain for integers –For example: 2 {neg, zero, pos} Define abstraction and concretization functions between the integer domain and this abstract domain Interpret integer expressions in the abstract domain The abstract domain 2 {neg, zero, pos} corresponds to a finite lattice, so the fixpoint computations will converge if (y == 0) { x = 2; y = x; } if (y == {zero}) { x = {pos}; y = x; }

Abstract Interpretation In abstract interpretation framework: We define an abstraction function from the concrete domain to the abstract domain –  : Concrete  Abstract We define a concretization function from the abstract domain to the concrete domain –  : Abstract  Concrete

Abstract Interpretation Example Concrete domain: 2 Z (sets of integers) Abstract domain: 2 {neg, zero, pos} Abstraction function  : 2 Z  2 {neg, zero, pos} –  (c) = a such that (  n  c, n = 0  zero  a)  (  n  c, n > 0  pos  a)  (  n  c, n < 0  neg  a) Concretization function  : 2 {neg, zero, pos}  2 Z –  (a) = c such that (zero  a  0  c)  (pos  a  {n | n>0}  c)  (neg  a  {n | n<0}  c)

Precision Ordering Both for the concrete and abstract domains we can define a partial ordering which denotes their precision For both the concrete domain 2 Z and the abstract domain 2 {neg, zero, pos} the precision ordering is  –a  b means that a is more precise than b ( ,  ) is called a Galois connection if and only if  (a)  b  a   (b)

Abstract Interpretation Abstract DomainConcrete Domain a  (a) b  (b) 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.