Analyse statique de programmes num´ eriques avec calculs flottants eme Rencontres Arithm´ 4 ` etique de l’Informatique Math´ ematique Antoine Min´ e ´ Ecole normale sup´ erieure 9 f´ evrier 2011 Perpignan 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 1 / 63
Introduction Outline 1 Introduction Main goals Theoretical background 2 Rational Abstractions Interval domain Polyhedra domain 3 Floating-Point Abstractions Floating-point semantics Floating-point interval domain Expression linearization Floating-point polyhedra 4 Conclusion 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 2 / 63
Introduction Introduction 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 3 / 63
Introduction Main Goals Static analysis Goal: static analysis [CousotCousot-ISP76] Static (automatic) discovery of dynamic (semantic) properties of programs. Applications: compilation and optimisation, e.g.: array bound check elimination alias analysis verification, e.g.: infer invariants prove the absence of run-time errors (division by zero, overflow, invalid array access) prove functional properties We focus here on numerical properties of numerical variables. 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 4 / 63
Introduction Main Goals Example: discovering numerical invariants Insertion Sort for i=1 to 99 do p := T[i]; j := i+1; while j <= 100 and T[j] < p do T[j-1] := T[j]; j := j+1; end; T[j-1] := p; end; 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 5 / 63
Introduction Main Goals Example: discovering numerical invariants Interval analysis: Insertion Sort for i=1 to 99 do i ∈ [1 , 99] p := T[i]; j := i+1; i ∈ [1 , 99] , j ∈ [2 , 100] while j <= 100 and T[j] < p do i ∈ [1 , 99] , j ∈ [2 , 100] T[j-1] := T[j]; j := j+1; i ∈ [1 , 99] , j ∈ [3 , 101] end; i ∈ [1 , 99] , j ∈ [2 , 101] T[j-1] := p; end; = ⇒ there is no out of bound array access 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 5 / 63
Introduction Main Goals Example: discovering numerical invariants Linear inequality analysis: Insertion Sort for i=1 to 99 do i ∈ [1 , 99] p := T[i]; j := i+1; i ∈ [1 , 99] , j = i + 1 while j <= 100 and T[j] < p do i ∈ [1 , 99] , i + 1 ≤ j ≤ 100 T[j-1] := T[j]; j := j+1; i ∈ [1 , 99] , i + 2 ≤ j ≤ 101 end; i ∈ [1 , 99] , i + 1 ≤ j ≤ 101 T[j-1] := p; end; 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 5 / 63
Introduction Theoretical Background Theoretical background Abstract interpretation: unifying theory of program semantics [CousotCousot-POPL77] Provide theoretical tools to design and compare static analyses that: always terminate are approximate (solve undecidability and efficiency issues) are sound by construction (no behavior is omitted) Analysis design roadmap: 1 concrete semantics 2 abstract domains 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 6 / 63
Introduction Theoretical Background Concrete semantics Concrete semantics: most precise mathematical expression of the program behavior Example: from programs (CFGs) to equation systems X 1 = D (initial states) entry 1 X 2 = C � X := ?(0 , 10) � X 1 X:= ?(0,10) 2 X 3 = C � Y := 100 � X 2 ∪ Y:=100 X<0 3 C � Y := Y + 10 � X 5 loop invariant 6 X 4 = C � X ≥ 0 � X 3 X>=0 X 5 = C � X := X − 1 � X 4 4 X 6 = C � X < 0 � X 3 Y:=Y+10 X:=X−1 5 def V = { X , Y } variables def D = P ( V → Q ) sets of environments X i ∈ D reachable environments at location i C � c � X models the effect of command c on X 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 7 / 63
Introduction Theoretical Background Concrete semantics (cont.) Semantics of (non-deterministic) expressions and commands. E � e � : ( V → Q ) → P ( Q ) (expression semantics) def E � c � ρ = { c } { x | c ≤ x ≤ c ′ } def E � ?( c , c ′ ) � ρ = def E � V � ρ = { ρ ( V ) } def E � − e � ρ = { − v | v ∈ E � e � ρ } def E � e 1 ⋄ e 2 � ρ { v 1 + v 2 | v 1 ∈ E � e 1 � ρ, v 2 ∈ E � e 2 � ρ } = ⋄ ∈ { + , − , × , / } ∧ ( ⋄ � = / ∨ v 2 � = 0) C � c � : P ( V → Q ) → P ( V → Q ) (command semantics) def C � V := e � X { ρ [ V �→ v ] | ρ ∈ X , v ∈ E � e � ρ } = def C � e ≤ 0 � X = { ρ | ρ ∈ X , ∃ v ∈ E � e � ρ, v ≤ 0 } (can be extended to actual programming languages!) 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 8 / 63
Introduction Theoretical Background Concrete semantics (cont.) equations have the form: X i = F i ( X 1 , . . . , X n ) ( P ( V → Q ) , ⊆ , ∪ , ∩ ) is a complete lattice ( A ⊆ B = ⇒ C � c � A ⊆ C � c � B ) all the F i are monotonic Constructive version of Tarski’s theorem by [Tarski-PJM55] and [CousotCousot-PJM79] the system has a least solution (least fixpoint of F i ) it is the limit of: def X 0 ∅ = i X k +1 def F i ( X k 1 , . . . , X k = n ) for successor ordinals i def X o δ< o X δ � = for limit ordinals i i (many kinds of semantics can be expressed in fixpoint form [Cousot-ENTCS97]) 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 9 / 63
Introduction Theoretical Background Undecidability elements in P ( V → Q ) are not computer-representable C � · � and ∪ are not computable least solutions of equations are not computable (requiring transfinite iterations) = ⇒ we use computable abstractions i.e.: computable sound over-approximations 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 10 / 63
Introduction Theoretical Background Abstract domains Abstract elements: D ♯ set of computer-representable elements γ : D ♯ → D concretization ⊆ ♯ approximation order: X ♯ ⊆ ♯ Y ♯ = ⇒ γ ( X ♯ ) ⊆ γ ( Y ♯ ) Abstract operators: C ♯ � c � : D ♯ → D ♯ and ∪ ♯ : ( D ♯ × D ♯ ) → D ♯ (C � c � ◦ γ )( X ♯ ) ⊆ ( γ ◦ C ♯ � c � )( X ♯ ) soundness: γ ( X ♯ ) ∪ γ ( Y ♯ ) ⊆ γ ( X ♯ ∪ ♯ Y ♯ ) Fixpoint extrapolation ▽ : ( D ♯ × D ♯ ) → D ♯ widening γ ( X ♯ ) ∪ γ ( Y ♯ ) ⊆ γ ( X ♯ ▽ Y ♯ ) soundness: ∀ sequence ( Y ♯ termination: i ) i ∈ N the sequence X ♯ 0 = Y ♯ 0 , X ♯ i +1 = X ♯ i ▽ Y ♯ i +1 stabilizes in finite time: ∃ n < ω, X ♯ n +1 = X ♯ n Both semantics and algorithmic aspects. 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 11 / 63
Introduction Theoretical Background Abstract analysis Principles: compute entirely in D ♯ replace C � c � with C ♯ � c � in equations iterate, using widening ▽ at loop heads W X ♯ def ⊥ ♯ = i , 0 � F ♯ i ( X ♯ 1 , k , . . . , X ♯ ∈ W n , k ) if i / X ♯ def = i , k +1 X ♯ i , k ▽ F ♯ i ( X ♯ 1 , k , . . . , X ♯ if i ∈ W n , k ) Theorem: the iterations stabilize in finite time δ < ω : X ♯ i , δ +1 = X ♯ i , δ the result is sound: X i ⊆ γ ( X ♯ i , δ ) 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 12 / 63
Introduction Theoretical Background Some existing numerical abstract domains Intervals Simple Congruences � X i ∈ [ a i , b i ] � X i ≡ a i [ b i ] [CousotCousot-ISP76] [Granger-JCM89] Linear Equalities Linear Congruences � � i α i X i = β � � i α i X i ≡ β [ γ ] [Karr-AI76] [Granger-TAPSOFT91] 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 13 / 63
Introduction Theoretical Background Some existing numerical abstract domains (cont.) Polyhedra Octagons � ± X i ± X j ≤ β � � i α i X i ≥ β [CousotHalbwachs-POPL78] [Min´ e-WCRE01] Ellipsoids Varieties � α X 2 � P ( � i + β X 2 j + γ X i Y i ≤ δ X ) = 0 , P ∈ R [ V ] [Feret-ESOP04] [SankaranarayananAl-POPL04] 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 14 / 63
Introduction Theoretical Background Precision vs. cost tradeoff Example: three abstractions of the same set of points Worst-case time cost per operation wrt. number of variables: polyhedra: exponential octagons: cubic intervals: linear 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 15 / 63
Rational Abstractions Rational Numerical Abstract Domains 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 16 / 63
Rational Abstractions Interval Domain Interval Domain 9/02/2011 Analyse statique de programmes num´ eriques Antoine Min´ e p. 17 / 63
Recommend
More recommend
