Lecture 11 Abstract Interpretation on Control-Flow Graphs.

Slides:



Advertisements
Similar presentations
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Approximating the Worst-Case Execution Time of Soft Real-time Applications Matteo Corti.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.
Recall Taylor’s Theorem from single variable calculus:
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.
Linear functions. Mathematical Function? Relationship between two variables or quantities Represented by a table, graph, or equation Satisfies vertical.
Syntax Trees MathWorks Compiler Course – Day 5. Syntax Trees MathWorks Compiler Course – Day 5 Parser lexemes shift/reduce seq. Cfg tables Tree Symbols.
Economics 214 Lecture 37 Constrained Optimization.
Lecture 38 Constrained Optimization
Theory and Applications
Economics 214 Lecture 39 Constrained Optimization.
Numerical Solutions of Differential Equations Taylor Methods.
Derived from:  Line graphs are used to track changes over short and long periods of time.  Line graphs can also be used to compare.
Lecture 9 Illustrations Lattices. Fixpoints Abstract Interpretation.
Abstract Interpretation (Cousot, Cousot 1977) also known as Data-Flow Analysis.
Compiler Construction Lecture 16 Data-Flow Analysis.
By: Pashootan Vaezipoor Path Invariant Simon Fraser University – Spring 09.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 12 Functions of Several Variables.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 14: Numerical Abstractions Roman Manevich Ben-Gurion University.
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 14: Numerical Abstractions Roman Manevich Ben-Gurion University.
Section 14.7 Second-Order Partial Derivatives. Old Stuff Let y = f(x), then Now the first derivative (at a point) gives us the slope of the tangent, the.
MA Day 25- February 11, 2013 Review of last week’s material Section 11.5: The Chain Rule Section 11.6: The Directional Derivative.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 9: Abstract Interpretation I Roman Manevich Ben-Gurion University.
Lecture 10 Abstract Interpretation using Fixpoints.
Equations of Lines Given Two Points In addition to level 3.0 and above and beyond what was taught in class, the student may: · Make connection.
1 Announcements: The deadline for grad lecture notes was extended to Friday Nov. 9 at 3:30pm. Assignment #4 is posted: Due Thurs. Nov. 15. Nov is.
Integrating high-level constructs into programming languages Language extensions to make programming more productive Underspecified programs –give assertions,
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 12: Abstract Interpretation IV Roman Manevich Ben-Gurion University.
Scatter Diagram of Bivariate Measurement Data. Bivariate Measurement Data Example of Bivariate Measurement:
3.4 – Linear Programming. Ex. 1 Graph the system of inequalities. Name the coordinates of the vertices of the feasible region. Find the max & min values.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
Optimization Problems Example 1: A rancher has 300 yards of fencing material and wants to use it to enclose a rectangular region. Suppose the above region.
Constraints Feasible region Bounded/ unbound Vertices
SystemsOfInequalities. 7-1 Solving Systems by Graphing What is a system of linear equations? “SOLUTION” No solution Infinitely Many Solutions Page 342.
1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 12: Abstract Interpretation IV Roman Manevich Ben-Gurion University.
LINEAR PROGRAMMING 3.4 Learning goals represent constraints by equations or inequalities, and by systems of equations and/or inequalities, and interpret.
MA Day 34- February 22, 2013 Review for test #2 Chapter 11: Differential Multivariable Calculus.
Economics 2301 Lecture 37 Constrained Optimization.
Section 15.3 Constrained Optimization: Lagrange Multipliers.
1 Numeric Abstract Domains Mooly Sagiv Tel Aviv University Adapted from Antoine Mine.
Mathe III Lecture 8 Mathe III Lecture 8. 2 Constrained Maximization Lagrange Multipliers At a maximum point of the original problem the derivatives of.
$100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300 $400 $500 $100 $200 $300.
Using Systems of Equations to Solve Problems A Write and/or solve a system of linear equations (including problem situations) using graphing,
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 8: Static Analysis II Roman Manevich Ben-Gurion University.
Foundations of Computing I CSE 311 Fall Announcements Homework #2 due today – Solutions available (paper format) in front – HW #3 will be posted.
A Static Analyzer for Large Safety-­Critical Software Presented by Dario Bösch, ETH Zürich Research Topics in Software Engineering Dario.
Linear Approximations. In this section we’re going to take a look at an application not of derivatives but of the tangent line to a function. Of course,
Spring 2017 Program Analysis and Verification
Lifting Abstract Interpreters to Quantified Logical Domains (POPL’08)
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Linear Inequalities in One Variable
Functions of Several Variables
Spring 2016 Program Analysis and Verification
Linear Inequalities in Two Variables
Order Pairs An introduction.
3.2 Linear Programming 3 Credits AS
Linear Programming.
Sensitivity Analysis and
Graphical Solution Procedure
Lecture 19 Linear Program
Program correctness Axiomatic semantics
Cases. Simple Regression Linear Multiple Regression.
Nonlinear Systems of Equations
Lecture 38 Constrained Optimization
Unit 5: Linear Functions & Slope Intercept
Presentation transcript:

Lecture 11 Abstract Interpretation on Control-Flow Graphs

Example k=1; while(k < 100) { k=k+3 }; assert(k <= 255) k=1; loop {assume(k =100); assert(k <= 255) r = {(k,k’) | (k < 100 /\ k’ = k + 3) } Approximating sp({1},r*) post(P) = {1} U sp(P,r) = {1} U {k+3|k  P, k < 100} post n ({}): {}, {1}, {1,4}, …, {1,…,97},{1,…,97,100}, {1,…,97,100}

Multiple variables Wish to track an interval for each variable We track not [L,U] but ([L1,U1],[L2,U2]) If program state is (x,y), define  (([L1,U1],[L2,U2])) = {(x,y) | }  (p) = ([L1,U1],[L2,U2]) L1 = U1 = L2 = U2 =

Product of Partial Orders (A i, ≤ i ) partial orders for i  J (A, ≤) given by A = {f : J  U i  J A i,  i. f(i)  A i } f,g  A ordered by f ≤ g   i. f(i) ≤ i g(i) example: J={1,2} Then (A, ≤) is a partial order. Morever: If (A i, ≤ i ) all have lub, then so does (A, ≤). If (A i, ≤ i ) all have glb, then so does (A, ≤).

Example: Counter and a Mode mode = 1 x =0 while (-100 < x && x < 100) { if (mode == 1) { x = x + 10 mode = 2 } else { x = x - 1 mode = 1 } } assert(1 <= mode && mode <= 2 && x <= 109)

Two Counters x =0 y = 0 while (x < 100) { x = x + 1 y = y + 2 } assert(y <= 200) Non-relational analysis: tracks each variable separately. It often loses correlations between them.

Quantifier Elimination for Optimization F – Presburger arithmetic formula M = max x such that F(x,y) David Monniaux: Automatic modular abstractions for linear constraints. POPL 2009: Automatic modular abstractions for linearPOPL 2009

Beyond One Loop Formulation of one-step relation for a CFG Deriving collecting semantics