Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013
Acknowledgements Many slides in this file were taken from the tutorial slides that Patrick Cousot used in VMCAI’05
Abstract Interpretation • A theory of sound approximation of the semantics of computer programs • A partial execution of a program which gains information about its semantics (e.g., control- flow, data-flow) without performing all the calculations • Establish a relationship between the concrete semantics and the abstract semantics
More Formally
Abstract Interpretation • A methodology to derive sound static analysis with varying precision – Correct by construction – Generic – Easy to fine-tune int a[1000]; int a[1000]; for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) { • Example a[i] = … ; // 0 <= i <= 999 a[i] = … ; // 0 <= i <= 999 safe operation } } a[i] = … ; // i = 1000; a[i] = … ; // i = 1000; buffer overrun
Overview • Start with a formal specification of the program semantics (the concrete semantics) • Construct abstract semantic equations w.r.t. a parametric approximation scheme • Use general algorithms to solve the abstract semantic equations • Try-and-test various instantiations of the approximation scheme in order to find the best fit
General Idea Concrete Semantics Collecting Semantics Tuners Partitioning Abstract Domain Iterative Abstract Resolution Semantics Algorithms Abstract Domain
Which Collecting Semantics? • Buffer overrun, division by zero, arithmetic overflows: state properties • Deadlocks, un-initialized variables: finite trace properties • Loop termination: finite and infinite trace properties
Fixpoint Approximation α o F o γ L 2 L 2 γ α L 1 L 1 F Theorem: lfp F ⊆ γ (lfp α o F o γ )
Abstracting the Collecting Semantics • Find a Galois connection: γ ( ℘ ( Σ ), ⊆ ) ( Σ # , ≤ ) α • Find a function: α o F o γ ≤ F # Partitioning ➱ Abstract sets of environments
Widening and Narrowing • Help the fixpoint iteration quickly converge and stabilize • Conceptually similar to join and meet in dataflow analysis
Recommend
More recommend
![Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift](https://c.sambuz.com/842045/abstract-interpretation-s.jpg)
