Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University 640-6706.

Published byCuthbert Gilmore Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University 640-6706."— Presentation transcript:

1 1 Combining Abstract Interpreters Mooly Sagiv http://www.cs.tau.ac.il/~msagiv/courses/pa16.html Tel Aviv University 640-6706

2 Motivation u Develop new abstract interpreters from old u If I know how to handle programs over data type A and programs over data type B –How can I handle programs with variables of type A or type B u Develop new abstract domains from old u Develop new transformers from old

3 Pointer Semantics

4 Simple Pointer Commands u ::= X := Y X, Y  Var | X := &Y | *X := Y | assume X = Y | assume *X = Y | assert X = Y | assert *X = Y u Control Flow Graph G(N, E, s) where E  N  N is annotated with commands –s  N is the start node

5 6 Example Program 1 2 A1 := &B1 3 A2 := &B2 4 5 7 X := &A1 X := &A2 *X := B1

6 Disjunctive Completion u Given an abstract domain D –Construct an abstract domain D’ such that join does not lose information »How can this be formulated? u Examples: –Signs = { , {+}, {-}. {0}, {0, +}, {0, -}, Z} –Points-to u Size of the new domin u Height of the new abstract domain –Finite lattices –Infinite lattice u Constructing transformers

7 6 Example Program 1 2 A1 := &B1 3 A2 := &B2 4 5 7 X := &A1 X := &A2 *X := B1

8 Cartesian Product u Given domains D 1 =<D 1,  1,  1,  1,  1,  1 ) and D 2 =<D 2,  2,  2,  2,  2,  2 ) u Construct a domain D =<D 1  D 2, , , , ,  ) u Galois connection –Is it a Galois insertion u Widening u Transformers for (i=0; i < arr.length ; i++) arr[i] = 0

9 Reduced Product u Cartesian product does not utilize the interaction between the domains u How can each analysis in the abstract composition benefits from the information brought by the other analyses u Two solutions –Employ a theorem prover –Employ semantic reduction

10 Semantic Reduction u Improve the precision of the analysis by recovering properties of the program semantics u A Galois connection (L 1, , , L 2 ) u An operation op:L 2  L 2 is a semantic reduction –  l  L 2 op(l)  l –  (op(l)) =  (l) u The most precise semantic reduction can be defined but not-necessarily computed u Can be applied before and after basic operations l L1L1 L2L2   op

11 Example u D1= Intervals u D2 = Parity u Example Reduction: –Update lower/upper bound

12 Granger Product u A general heuristics for approximating semantic reduction u D 1 =<D 1,  1,  1,  1,  1,  1 ) D 2 =<D 2,  2,  2,  2,  2,  2 ) D =< D 1  D 2, , , , ,  ) u Define operations:  1 : D 1  D 2  D 1 and  2 : D 1  D 2  D 2 such that –  1 (d 1, d 2 )  1 d 1 and  (  1 (d 1, d 2 ), d 2 ) =  (d 1, d 2 ) –  2 (d 1, d 2 )  2 d 2 and  (d 1,  2 (d 1, d 2 ) ) =  (d 1, d 2 ) u Compute the semantic reduction iteratively – =

13 A Simple Example [Intervals+Inqualities] if (I <= 0) arr = new Int[1] else arr = new Int[I] for (i=0; i < I ; i++) arr[i] = 0;

14 A Complex Example [Intervals+Inqualities] if (I <= 2) arr = new Int[1] else arr = new Int[I] for (i=3; i < I ; i++) arr[i] = 0;

15 Reduced Cardinal Power u Combine the two domains in a way which keeps correlations between the individual elements u The element a  b means that if the state obeys ‘a’ it also obeys ‘b’

16 Reduced Cardinal Power u Given domains D 1 =<D 1,  1,  1,  1,  1,  1 ) and D 2 =<D 2,  2,  2,  2,  2,  2 ) u Construct a domain D =<D 1  D 2, , , , ,  ) u Galois connection u Transformers

17 A Complex Example [Intervals+Inqualities] if (I <= 2) arr = new Int[1] else arr = new Int[I] for (i=3; i < I ; i++) arr[i] = 0;

18 A Complex Example [Booleans+Signs] x := 100; b := true; while b do { x := x – 1; b := (x > 0); }

19 Practical Applications of Reduced Cardinal Power u Astree Branch Correlations u Interprodecural analysis [Next lesson] u Shape Analysis [Later]

20 Other Combinations u Open Product u Logical Product

21 Bibliography u Cousot & Cousot POPL 1979 u Bruno Blachet, Introduction to Abstract Interpretation u A. Cortesi, G. Contanini, P. Ferrrara: A survey o Product Operator in Abstract Interpretations u Roberto Giacobazzi, Francesco Ranzato: Optimal Domains for Disjunctive Abstract Intepretation. Sci. Comput. Program. 32(1-3): 177-210 u Sumit Gulewani, Ashish Tiwari: Combining abstract interpreters PLDI’06

22 Summary u Many ways to combine abstractions u Simplifies the design and implementation of static analyzers u Improve our understanding of abstractions

Download ppt "1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University 640-6706."

Similar presentations

Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.

Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
Abstract Interpretation Part II

Abstract Interpretation Part II
Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.

Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
Data-Flow Analysis II CS 671 March 13, 2008. CS 671 – Spring 2008 1 Data-Flow Analysis Gather conservative, approximate information about what a program.

Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN 2006 -

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.

Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
Common Sub-expression Elim Want to compute when an expression is available in a var Domain:

Common Sub-expression Elim Want to compute when an expression is available in a var Domain:
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Control Flow Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber.

Control Flow Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
1 Iterative Program Analysis Part I Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program.

1 Iterative Program Analysis Part I Mooly Sagiv Tel Aviv University Textbook: Principles of Program.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc08.html.

Program analysis Mooly Sagiv html://
1 Control Flow Analysis Mooly Sagiv Tel Aviv University 640-6706 Textbook Chapter 3

1 Control Flow Analysis Mooly Sagiv Tel Aviv University Textbook Chapter 3
1 Iterative Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program Analysis.

1 Iterative Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.
Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.

Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.

Similar presentations

Ads by Google