Spring 2014 Program Analysis and Verification Lecture 7: Static Analysis I

Spring 2014Program Analysis and Verification

Lecture 7: Static Analysis I

Roman ManevichBen-Gurion University

2

Syllabus

Semantics

NaturalSemantics

Structural semantics

AxiomaticVerification

StaticAnalysis

AutomatingHoare Logic

Control Flow Graphs

Equation Systems

CollectingSemantics

AbstractInterpretation fundamentals

Lattices

Galois Connections

Fixed-Points

Widening/Narrowing

Domain constructors

InterproceduralAnalysis

AnalysisTechniques

Numerical Domains

CEGAR

Alias analysis

ShapeAnalysis

Crafting your own

Soot

From proofs to abstractions

Systematically developing

transformers

3

Previously

• Axiomatic verification• Weakest precondition calculus• Strongest postcondition calculus• Total correctness

4

Axiomatic semantics for While { P[a/x] } x := a { P }[assp]

{ P } skip { P }[skipp]

{ P } S1 { Q }, { Q } S2 { R } { P } S1; S2 { R }[compp]

{ b P } S1 { Q }, { b P } S2 { Q } { P } if b then S1 else S2 { Q }[ifp]

{ b P } S { P } { P } while b do S {b P }

[whilep]

{ P’ } S { Q’ } { P } S { Q }

[consp] if PP’ and Q’Q

5

Strongest postcondition

• A forward-going predicate transformer• The strongest postcondition for P is

’ sp(P, C)if and only if there exists such that P and C, ’

Propositions:1. p { P } C { sp(P, C) }

2. If p { P } C { Q } then sp(P, C) Q

6

Calculating sp

1. sp(skip, P) = P2. sp(x := a, P) = v. x=a[v/x] P[v/x] 3. sp(S1; S2, P) = sp(S2, sp(S1, P))

4. sp(if b then S1 else S2, P) =sp(S1, b P) sp(S2, b P)

5. sp(while b do {} S, P) = bwhere {b } S {}and P b

7

Today

• Static analysis for compiler optimization– Common Subexpression Elimination– Available Expression domain

• Develop a static analysis for Simple Available Expressions

8

Array-max example: Post3nums : array{ N0 0m<N } // N stands for num’s lengthx := 0{ x=0 }res := nums[0]{ x=0 res=nums(0) }Inv = { 0m<x nums(m)res }while x < N { x=k res=oRes 0m<k nums(m)oRes } if nums[x] > res then { nums(x)>oRes res=oRes x=k 0m<k nums(m)oRes } res := nums[x] { res=nums(x) nums(x)>oRes x=k 0m<k nums(m)oRes } { x=k 0mk nums(m)res } { (x=k 0mk nums(m)res) (oresnums(x) res=oRes x=k res=oRes 0m<k nums(m)oRes)} { x=k 0mk nums(m)res } x := x + 1 { x=k+1 0mk nums(m)res } { 0m<x nums(m)res }{ x=N 0m<x nums(m)res} [univp]{ m. 0m<N nums(m)res }

9

Can we find this proof automatically?

nums : arrayN : int{ N0 } x := 0{ N0 x=0 }res := nums[0]{ x=0 }Inv = { xN }while x < N { x=k k<N } if nums[x] > res then { x=k k<N } res := nums[x] { x=k k<N } { x=k k<N } x := x + 1 { x=k+1 k<N }{ xN xN }{ x=N }

Observation: predicates in proof have the general form

constraint

where constraint has the formX - Y c orX c

10

Look under the

street lamp

By Infopablo00 (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons

…We may move

lamp a bit

11

Zone Abstract Domain

• Developed by Antoine Minein his Ph.D. thesis

• Uses constraints of the formX - Y c and X c

12

Analysis with Zone abstract domainnums : arrayN : int { N0 } x := 0{ N0 x=0 }res := nums[0]{ N0 x=0 }Inv = { N0 0xN }while x < N { N0 0x<N } if nums[x] > res then { N0 0x<N } res := nums[x] { N0 0x<N } { N0 0x<N } x := x + 1 { N0 0<x<N }{N0 0x x=N }

nums : arrayN : int { N0 } x := 0{ N0 x=0 }res := nums[0]{ x=0 }Inv = { xN }while x < N { x=k kN } if nums[x] > res then { x=k k<N } res := nums[x] { x=k k<N } { x=k k<N } x := x + 1 { x=k+1 k<N }{ xN xN }{ x=N }

Static Analysis with Zone Abstraction Manual Proof

13

Static analysisfor compiler optimizations

14

Motivating problem: optimization

• A compiler optimization is defined by a program transformation:

T : Stmt Stmt• The transformation is semantics-preserving:

s. Ssos C s = Ssos T(C) s• The transformation is applied to the program

only if an enabling condition is met• We use static analysis for inferring enabling

conditions

15

Common Subexpression Elimination

• If we have two variable assignmentsx := a op b…y := a op band the values of x, a, and b have not changed between the assignments, rewrite the code asx = a op b…y := x

• Eliminates useless recalculation• Paves the way for more optimizations

(e.g., dead code elimination)

op {+, -, *, ==, <=}

16

What do we need to prove?

{ true }C1

x := a op bC2

{ x = a op b }y := a op bC3

{ true }C1

x := a op bC2

{ x = a op b }y := xC3

CSE

Assertion localizes decision

17

A simplified problem

{ true }C1

x := a + bC2

{ x = a + b }y := a + bC3

{ true }C1

x := a + bC2

{ x = a + b }y := xC3

CSE

18

Available Expressions analysis

• A static analysis that infers for every program point a set of facts of the formAV = { x = y | x, y Var }

{ x = op y | x, y Var, op {-, !} } { x = y op z | y, z Var, op {+, -, *, <=} }

• For every program with n=|Var| variables number of possible facts is finite: |AV|=O(n3)

• Yields a trivial algorithm …– Is it efficient?

19

Simple Available Expressions

• Define atomic facts (for SAV) as = { x = y | x, y Var } { x = y + z | x, y, z Var }– For n=|Var| number of atomic facts is O(n3)

• Define sav-predicates as = 2

20

Notation for conjunctive sets of facts

• For a set of atomic facts D , we defineConj(D) = D– E.g., if D={a=b, c=b+d, b=c} then

Conj(D) = (a=b) (c=b+d) (b=c)

• Notice that for two sets of facts D1 and D2

Conj(D1 D2) = Conj(D1) Conj(D1)• What does Conj({}) stand for…?

21

Towards an automatic proof• Goal: automatically compute an annotated program

proving as many facts as possible of the form x = y and x = y + z

• Decision 1: develop a forward-going proof• Decision 2: draw predicates from a finite set D– “looking under the light of the lamp”– A compromise that simplifies problem by focusing

attention – possibly miss some facts that hold• Challenge 1: handle straight-line code• Challenge 2: handle conditions• Challenge 3: handle loops

22

Challenge 1: handling straight-line code

By Zachary Dylan Tax (Zachary Dylan Tax) [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC-BY-3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons

23

Straight line code example

• Find a proof that satisfies both conditions

{ }x := a + b{ x=a+b }z := a + c{ x=a+b, z=a+c }b := a * c{ z=a+c }

24

Straight line code example

• Can we make this into an algorithm?• What do we need to ensure for each triple?


Frame

sp

cons

25

Goal

• Given a program of the formx1 := a1; … xn := an

• Find predicates P0, …, Pn such that1. {P0} x1 := a1 {P1} … {Pn-1} xn := an {Pn} is a proof

That is: sp(xi := ai, Pi-1) Pi

2. Each Pi has the form Conj(Di) where Di is a set of atomic

26

Algorithm for straight-line code• Goal: find predicates P0, …, Pn such that

1. {P0} x1 := a1 {P1} … {Pn-1} xn := an {Pn} is a proof That is: sp(xi := ai, Pi-1) Pi

2. Each Pi has the form Conj(Di) where Di is a set of atomic facts

• Idea: define a function FSAV[x:=a] : s.t.if FSAV[x:=a](D) = D’then sp(x := a, Conj(D)) Conj(D’)– We call F the abstract transformer of x:=a

• Unless D0 is given, initialize D0={}

• For each i: compute Di+1 = Conj(FSAV[xi := ai] Di)

• Finally Pi = Conj(Di)

27

Defining an SAV abstract transformer

• Goal: define a function FSAV[x:=a] : s.t.if FSAV[x:=a](D) = D’then sp(x := a, Conj(D)) Conj(D’)

• Idea: define rules for individual factsand generalize to sets of facts by the conjunction rule

28




29




Is either a variable v or an addition expression v+w

{ x= } x:=a { }[kill-lhs]

{ y=x+w } x:=a { }[kill-rhs-1]

{ y=w+x } x:=a { }[kill-rhs-2]

{ } x:= { x= }[gen]

{ y=z+w } x:=a { y=z+w }[preserve]

30

SAV abstract transformer example

Is either a variable v or an addition expression v+w


{ x= } x:= aexpr { }[kill-lhs]

{ y=x+w } x:= aexpr { }[kill-rhs-1]

{ y=w+x } x:= aexpr { }[kill-rhs-2]

{ } x:= { x= }[gen]

{ y=z+w } x:= aexpr { y=z+w }[preserve]

31

Problem 1: large expressions

• Large expressions on the right hand sides of assignments are problematic– Can miss optimization opportunities– Require complex transformers

• Solution: transform code to normal form where right-hand sides have bounded size

Missed CSE opportunity

{ }x := a + b + c{ }y := a + b + c{ }

32

Three-address code

• Main idea: simplify expressions by storing intermediate results in new temporary variables

• Number of variables in simplified statements 3

{ }x := a + b + c{ }y := a + b + c{ }

{ }i1 := a + b{ i1=a+b }x := i1 + c{ i1=a+b, x=i1+c }i2 := a + b{ i1=a+b, x=i1+c, i2=a+b }y := i2 + c{ i1=a+b, x=i1+c, i2=a+b, y=i2+c }

33

Three-address code

• Main idea: simplify expressions by storing intermediate results in new temporary variables

• Number of variables in simplified statements 3

{ }x := a + b + c{ }y := a + b + c{ }


Need to infer i1=i2

34

Problem 2: transformer precision

• Our transformer only infers syntactically available expressions – ones that appear in the code explicitly

• We want a transformer that looks deeper into the semantics of the predicates– Takes equalities into account


Need to infer i1=i2

35

Defining a semantic reduction• Idea: make as many implicit facts explicit by

– Using symmetry and transitivity of equality– Commutativity of addition– Meaning of equality – can substitute equal variables

• For an SAV-predicate P=Conj(D) defineExplicate(D) = minimal set D* such that:

1. D D*

2. x=y D* implies y=x D*

3. x=y D* y=z D* implies x=z D*

4. x=y+z D* implies x=z+y D*

5. x=y D* and x=z+w D* implies y=z+w D*

6. x=y D* and z=x+w D* implies z=y+w D*

7. x=z+w D* and y=z+w D* implies x=y D*

• Notice that Explicate(D) D• Explicate is a special case of a semantic reduction

36

Sharpening the transformer• Define: F*[x:=aexpr] = Explicate FSAV[x:= aexpr]

{ }i1 := a + b{ i1=a+b, i1=b+a }x := i1 + c{ i1=a+b, i1=b+a, x=i1+c, x=c+i1 }i2 := a + b{ i1=a+b, i1=b+a, x=i1+c, x=c+i1, i2=a+b, i2=b+a, i1=i2, i2=i1, x=i2+c, x=c+i2, }y := i2 + c{ ... }

Since sets of facts and their conjunction are isomorphic we will use them interchangeably

37

An algorithm for annotating SLP

• Annotate(P, x:=aexpr) ={P} x:=aexpr F*[x:= aexpr](P)

Annotate(P, S1; S2) = let Annotate(P, S1) be {P} A1 {Q1} let Annotate(Q1, S2) be {Q1} A2 {Q2} return {P} A1; {Q1} A2 {Q2}

38

Challenge 2: handling conditions

39

Goal

• Annotate a programif bexpr then S1 else S2 with predicates from

• Assumption 1: P is given(otherwise use true)

• Assumption 2: bexpr is a simple binary expression e.g., x=y, xy, x<y (why?)

{ P }if bexpr then

{ bexpr P }S1

{ Q1 }else { bexpr P }

S2

{ Q2 }{ Q }

40

Joining predicates

1. Start with P or {bexpr P} and annotate S1 (yielding Q1)

2. Start with P or {bexpr P} andannotate S2 (yielding Q2)

3. How do we infer a Q such that Q1Q and Q2Q?

Q1=Conj(D1), Q2=Conj(D2)Define: Q = Q1 Q2

= Conj(D1 D2)

{ P }if bexpr then

{ bexpr P }S1


S2

{ Q2 }{ Q }

Possibly an SAV-fact

Possibly an SAV-fact

41

Joining predicates

1. Start with P or {bexpr P} and annotate S1 (yielding Q1)

2. Start with P or {bexpr P} andannotate S2 (yielding Q2)

3. How do we infer a Q such that Q1Q and Q2Q?

Q1=Conj(D1), Q2=Conj(D2)Define: Q = Q1 Q2

= Conj(D1 D2)

The join operator for SAV

{ P }if bexpr then

{ bexpr P }S1


S2

{ Q2 }{ Q }

42

Joining predicates

• Q1=Conj(D1), Q2=Conj(D2)

• We want to soundly approximate Q1 Q2 in

• Define: Q = Q1 Q2

= Conj(D1 D2)

• Notice that Q1Q and Q2Qmeaning Q1 Q2 Q

43

Simplifying conditions

• Extend While with– Non-determinism (or) and– An assume statement

assume b, s sos s if B b s = tt • Now, the following two statements are

equivalent– if b then S1 else S2

– (assume b; S1) or (assume b; S2)

44

Handling conditional expressions

• We want to soundly approximate D bexpr and D bexpr in

• Define (bexpr) = if bexpr is factoid {bexpr} else {}

• Define F[assume bexpr](D) = D (bexpr)• Can sharpen

F*[assume bexpr] = Explicate FSAV[assume bexpr]

45

Handling conditional expressions

• Notice bexpr (bexpr)• Examples– (y=z) = {y=z}– (y<z) = {}

46

An algorithm for annotating conditions

let Pt = F*[assume bexpr] P

let Pf = F*[assume bexpr] P

let Annotate(Pt, S1) be {Pt} A1 {Q1}

let Annotate(Pf, S2) be {Pf} A2 {Q2}

return {P} if bexpr then {Pt} A1 {Q1} else {Pf} A2 {Q2} {Q1 Q2}

47

Example

{ }if (x = y) { x=y, y=x } a := b + c { x=y, y=x, a=b+c, a=c+b } d := b – c { x=y, y=x, a=b+c, a=c+b }else { } a := b + c { a=b+c, a=c+b } d := b + c { a=b+c, a=c+b, d=b+c, d=c+b, a=d, d=a }{ a=b+c, a=c+b }

48

Example


49

Recap

• We now have an algorithm for soundly annotating loop-free code

• Generates forward-going proofs• Algorithm operates on abstract syntax tree of

code– Handles straight-line code by applying F*

– Handles conditions by recursively annotating true and false branches and then intersecting their postconditions

50

Example


51

Challenge 2: handling loops

By Stefan Scheer (Own work (Own Photo)) [GFDL (http://www.gnu.org/copyleft/fdl.html), CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/) or CC-BY-SA-2.5-2.0-1.0 (http://creativecommons.org/licenses/by-sa/2.5-2.0-1.0)], via Wikimedia Commons

52

Goal

• Annotate a program while bexpr do S with predicates from – s.t. P N

• Main challenge: find N• Assumption 1: P is given

(otherwise use true)• Assumption 2: bexpr is a

simple binary expression

{ P }Inv = { N }while bexpr do { bexpr N } S { Q }{bexpr N }

53

Example: annotate this program

{ y=x+a, y=a+x, w=d, d=w }Inv = { y=x+a, y=a+x }while (x z) do { z=x+a, z=a+x, w=d, d=w } x := x + 1 { w=d, d=w

} y := x + a { y=x+a, y=a+x, w=d, d=w } d := x + a { y=x+a, y=a+x, d=x+a, d=a+x, y=d, d=y } { y=x+a, y=a+x, x=z, z=x }

54

Example: annotate this program

{ y=x+a, y=a+x, w=d, d=w }Inv = { y=x+a, y=a+x }while (x z) do { y=x+a, y=a+x } x := x + 1 { } y := x + a { y=x+a, y=a+x } d := x + a { y=x+a, y=a+x, d=x+a, d=a+x, y=d, d=y } { y=x+a, y=a+x, x=z, z=x }

55

Goal

• Idea: try to guess a loop invariant from a small number of loop unrollings– We know how to annotate S

(by induction)

{ P }Inv = { N }while bexpr do { bexpr N } S { Q }{bexpr N }

56

k-loop unrolling

{ P }if (x z) x := x + 1 y := x + a d := x + aQ1 = { y=x+a } if (x z) x := x + 1 y := x + a d := x + aQ2 = { y=x+a }

…

{ P }Inv = { N }while (x z) do x := x + 1 y := x + a d := x + a

{ y=x+a, y=a+x, w=d, d=w } if (x z) x := x + 1 y := x + a d := x + aQ1 = { y=x+a }

57

k-loop unrolling

{ P }if (x z) x := x + 1 y := x + a d := x + aQ1 = { y=x+a, y=a+x } if (x z) x := x + 1 y := x + a d := x + aQ2 = { y=x+a, y=a+x }

…


{ y=x+a, y=a+x, w=d, d=w } if (x z) x := x + 1 y := x + a d := x + aQ1 = { y=x+a, y=a+x }

58

k-loop unrolling

The following must hold:P NQ1 NQ2 N…Qk N


…



59

k-loop unrolling

The following must hold:P NQ1 NQ2 N…Qk N…


…



We can compute the following sequence:N0 = P

N1 = N1 Q1

N2 = N1 Q2

…Nk = Nk-1 Qk

Observation 1: No need to explicitly unroll loop – we can reuse postcondition from unrolling k-1 for k

60

k-loop unrolling

The following must hold:P NQ1 NQ2 N…Qk N…


…



We can compute the following sequence:N0 = P

N1 = N1 Q1

N2 = N1 Q2

…Nk = Nk-1 Qk

Observation 2: Nk monotonically decreases set of facts.Question: does it stabilizes for some k?

61

Algorithm for annotating a loopAnnotate(P, while bexpr do S) = Initialize N := Nc := P

repeat let Annotate(P, if b then S else skip) be {Nc} if bexpr then S else skip {N} Nc := Nc N until N = Nc

return {P} INV= N while bexpr do F[assume bexpr](N) Annotate(F[assume bexpr](N), S) F[assume bexpr](N)

62

Putting it together

63

Algorithm for annotating a programAnnotate(P, S) = case S is x:=aexpr return {P} x:=aexpr {F*[x:=aexpr] P} case S is S1; S2

let Annotate(P, S1) be {P} A1 {Q1}

let Annotate(Q1, S2) be {Q1} A2 {Q2}

return {P} A1; {Q1} A2 {Q2}

case S is if bexpr then S1 else S2

let Pt = F[assume bexpr] P

let Pf = F[assume bexpr] P

let Annotate(Pt, S1) be {Pt} A1 {Q1}

let Annotate(Pf, S2) be {Pf} A2 {Q2}

return {P} if bexpr then {Pt} A1 {Q1} else {Pf} A2 {Q2} {Q1 Q2}

case S is while bexpr do S N := Nc := P // Initialize

repeat let Pt = F[assume bexpr] Nc

let Annotate(Pt, S) be {Nc} Abody {N} Nc := Nc N

until N= Nc return {P} INV= {N} while bexpr do {Pt} Abody {F[assume bexpr](N)}

64

Exercise: apply algorithm

{ }y := a+b{ }x := y{ } while (xz) do { } w := a+b { } x := a+b { } a := z { }

65

Step 1/18

{}y := a+b{ y=a+b }*x := ywhile (xz) do w := a+b x := a+b a := z

Not all factoids are shown – apply Explicate to get all factoids

66

Step 2/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*while (xz) do w := a+b x := a+b a := z

67

Step 3/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’ = { y=a+b, x=y, x=a+b }*while (xz) do w := a+b x := a+b a := z

68

Step 4/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’ = { y=a+b, x=y, x=a+b }*while (xz) do { y=a+b, x=y, x=a+b }* w := a+b x := a+b a := z

69

Step 5/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’ = { y=a+b, x=y, x=a+b }*while (xz) do { y=a+b, x=y, x=a+b }* w := a+b { y=a+b, x=y, x=a+b, w=a+b, w=x, w=y }* x := a+b a := z

70

Step 6/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’ = { y=a+b, x=y, x=a+b }*while (xz) do { y=a+b, x=y, x=a+b }* w := a+b { y=a+b, x=y, x=a+b, w=a+b, w=x, w=y }* x := a+b { y=a+b, w=a+b, w=y, x=a+b, w=x, x=y }* a := z

71

Step 7/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’ = { y=a+b, x=y, x=a+b }*while (xz) do { y=a+b, x=y, x=a+b }* w := a+b { y=a+b, x=y, x=a+b, w=a+b, w=x, w=y }* x := a+b { y=a+b, w=a+b, w=y, x=a+b, w=x, x=y }* a := z { w=y, w=x, x=y, a=z }*

72

Step 8/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’ = { x=y }*while (xz) do { y=a+b, x=y, x=a+b }* w := a+b { y=a+b, x=y, x=a+b, w=a+b, w=x, w=y }* x := a+b { y=a+b, w=a+b, w=y, x=a+b, w=x, x=y }* a := z { w=y, w=x, x=y, a=z }*

73

Step 9/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’ = { x=y }*while (xz) do { x=y }* w := a+b { y=a+b, x=y, x=a+b, w=a+b, w=x, w=y }* x := a+b { y=a+b, w=a+b, w=y, x=a+b, w=x, x=y }* a := z { w=y, w=x, x=y, a=z }*

74

Step 10/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’ = { x=y }*while (xz) do { x=y }* w := a+b { x=y, w=a+b }* x := a+b { y=a+b, w=a+b, w=y, x=a+b, w=x, x=y }* a := z { w=y, w=x, x=y, a=z }*

75

Step 11/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’ = { x=y }*while (xz) do { x=y }* w := a+b { x=y, w=a+b }* x := a+b { x=a+b, w=a+b, w=x }* a := z { w=y, w=x, x=y, a=z }*

76

Step 12/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’ = { x=y }*while (xz) do { x=y }* w := a+b { x=y, w=a+b }* x := a+b { x=a+b, w=a+b, w=x }* a := z { w=x, a=z }*

77

Step 13/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’’ = { }while (xz) do { x=y }* w := a+b { x=y, w=a+b }* x := a+b { x=a+b, w=a+b, w=x }* a := z { w=x, a=z }*

78

Step 14/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’’ = { }while (xz) do { } w := a+b { x=y, w=a+b }* x := a+b { x=a+b, w=a+b, w=x }* a := z { w=x, a=z }*

79

Step 15/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv’’’ = { }while (xz) do { } w := a+b { w=a+b }* x := a+b { x=a+b, w=a+b, w=x }* a := z { w=x, a=z }*

80

Step 16/18


81

Step 17/18


82

Step 18/18

{}y := a+b{ y=a+b }*x := y{ y=a+b, x=y, x=a+b }*Inv = { }while (xz) do { } w := a+b { w=a+b }* x := a+b { x=a+b, w=a+b, w=x }* a := z { w=x, a=z }*{ x=z }

Next lecture:abstract interpretation

fundamentals

84

Canonical form for SAV• For an available expressions element A define

Explicate(A) = minimal set B such that:1. A B2. x=y B implies y=x B3. x=y B and y=z B implies x=z B4. x=y+z B implies x=z+y B5. x=y B and x=z+w B implies y=z+w B6. x=y B and z=x+w B implies z=y+w B7. x=z+w B and y=z+w B implies x=y B

• Makes all implicit facts explicit• Define A* = Explicate(A)• Define (for two subsets A1, A2 D)

A1 exp A2 if and only if A1* A2

*

• Lemma: A1 exp A2 if and only A1 imp A2

Spring 2014 Program Analysis and Verification Lecture 7: Static Analysis I

Documents