Lecture 10 Abstract Interpretation using Fixpoints

Notation Partial order: Least upper bound: lub, sup, Greatest lower bound: glb, inf, Least fixpoint: lfp Complete lattice: always exist

Tarski’s fixpoint theorem (A, ) complete lattice G : A  A monotonic function Postfixp = { x | G(x) x } Then G has least fixpoint, lfp(G) and it’s Postfixp So, if G(x) x then x Postfixp, so lfp(G) x Let G be also -continuous. Then { G n ( ) | n 0 } = lfp(G)

Fixpoints for Recursive Definitions Given monotonic G in complete lattice, If G(P) P then lfp(G) P Natural numbers: lfp under adding successors: G(P) = {0} {x+1|x P} lfp(G) = {0,1,2, … }(natural numbers) Take a property PP(x), let P = {x | PP(x)} What does G(P) P mean? {0} U {x+1|x P} P 0 P x P  x+1 P If so, we get that all natural numbers are in P

Structural Recursion Trees = lfp(G) where G(P) = { Leaf } U { Node(t1,x,t2) | t1  P, t2  P} To prove all trees satisfy property, prove for the set P of trees satisfying property that G(P)  P. { Leaf } U { Node(t1,x,t2) | t1  P /\ t2  P}  P Structural induction! Every inductively defined set is given as lfp(G) for some G, and this gives us an induction principle.

Concrete post Init,Good  S r  SxS Goal: show sp(Init,r*)  Good Approach: find I  S such that sp(Init,r*)  I  Good Define post : 2 S  2 S post(P) = Init U sp(P,r) – post is monotonic function on complete lattice 2 S so it has a least fixpoint. This is sp(Init,r*) – Consequence: if post(P)  P, then sp(Init,r*)  P – Remark: post is also  -continuous and join morphism: post(UC)=U{post(x)|x  C} so this is also equal to U{ post n ({}) | n ≥ 0} Strategy: find P such that post(P)  P and then check that P  Good

Example k=1; while(k < 100) { k=k+3 }; assert(k <= 255) k=1; loop {assume(k =100); assert(k <= 255) r = {(k,k’) | (k < 100 /\ k’ = k + 3) } Approximating sp({1},r*) post(P) = {1} U sp(P,r) = {1} U {k+3|k  P, k < 100} post n ({}): {}, {1}, {1,4}, …, {1,…,97},{1,…,97,100}, {1,…,97,100}

Approximate post Let apost be approximation of post, that is, post(P)  apost(P) for all sets P (e.g. take interval enclosing a set) If we find P such that apost(P)  P, then post(P)  apost(P)  P Summary: all we need is – apost that approximes post – a postfix point P of apost, ideally as small as possible, hoping to be able to prove P  Good

Domain: Representation of Invariants apost will work only on certain invariants (e.g. only intervals) Represent these invariants as another set A. Define concretization  : A  2 S post# : A  A  (post#(a)) = apost(  (a)) Then post(P)  apost(P) becomes post(  (a))   (post#(a)) This is the soundness condition.

Postfixpoint in Abstract Domain We have found a postfixpoint  (a) if  (post#(a))   (a) How to effectively check if this inclusion holds? Define an ordering on domain that is computable and satisfies: a1 a2   (a1)   (a2) If post#(a) a, then  (post#(a))   (a)  is monotonic. We need postfixpoint of  Define such that it is ordering, the nicer ordering the better (e.g. complete lattice).

Interval Approximation post(P) = {1} U {k+3|k  P /\ k < 100} post#(  ) = [1,1] post#([a,b]) = [min(1,a+3),min(b+3,102)] Soundness: post([a,b])  post#([a,b]) {1}U{k+3|a ≤ k ≤ b, k < 100}  [min(1,a+3),min(b+3,102)] (post#) n (  ): , [1,1], [1,4], …, [1,97], lfp(post#) = [1,102] We proved automatically sp({1},r*)  [1,102]

How to define post# ? One way: Galois comes to rescue Suppose  s.t. ( ,  ) is Galois connection. Then post(  (a))   (post#(a)) is equivalent to (  on right =  on left)  (post(  (a)) post#(a) So we can define: post#(a) =  (post(  (a)) Note: such post# is monotonic

Finding fixpoint of post# Compute post# iteration: (post#) n (  ) If for some n (post#) n (  )= (post#) n+1 (  ) then for this n lfp(post#) = (post#) n (  ) To help make this happen make post# monotonic design domain so post# iteration terminates in finitely many steps

Partial Order on Intervals

Interval Domain A A = , intervals w/ finite and infinite bounds Partial order a1, a2  A

Galois Connection: Monotonicity  : A  2 S  ([L,U]) = {x | L ≤ x ≤ U}  : 2 S  A  (c) = [min(c),max(c)] Prove ,  are monotonic

Galois Connection Condition  : A  2 S  ([L,U]) = {x | L ≤ x ≤ U}  : 2 S  A  (c) = [min(c),max(c)] Galois connection condition c   (a)   (c) a Prove it for case where c is bounded, a is [L,U]

Multiple variables Wish to track interval for each variable We track not [L,U] but ([L1,U1],[L2,U2]) If program state is (x,y), define  (([L1,U1],[L2,U2])) = {(x,y) | }  (p) = ([L1,U1],[L2,U2]) L1 = U1 = L2 = U2 =

Product of Partial Orders (A i, ≤ i ) partial orders for i  J (A, ≤) given by A = {f : J  U i  J A i,  i. f(i)  A i } f,g  A ordered by f ≤ g   i. f(i) ≤ i g(i) Then (A, ≤) is a partial order. Moreover: If (A i, ≤ i ) all have lub, then so does (A, ≤). If (A i, ≤ i ) all have glb, then so does (A, ≤).