Analysis of Program Differences with Numerical Abstract - PowerPoint PPT Presentation

Running example Concrete semantics Abstract semantics Evaluation References Analysis of Program Differences with Numerical Abstract Interpretation Airbus – LIP6 day David Delmas 1, 2 e 2 Antoine Min´ 1 Airbus EYYW 2 LIP6 APR 20 february 2019

Running example Concrete semantics Abstract semantics Evaluation References Introduction PhD on“portability analysis” Portability analysis is about comparing the semantics of two syntactically close versions of a program in two different environments (machine, OS, library, etc.)

Running example Concrete semantics Abstract semantics Evaluation References Introduction PhD on“portability analysis” Portability analysis is about comparing the semantics of two syntactically close versions of a program in two different environments (machine, OS, library, etc.) To start with Let us consider two syntactically close versions of a program in the same environment i.e. patch analysis

Running example Concrete semantics Abstract semantics Evaluation References Agenda Running example 1 Concrete semantics 2 Abstract semantics 3 Evaluation 4

Running example Concrete semantics Abstract semantics Evaluation References Running example Unchloop from Trostanetski et al. [2017] Original program 1 { 2 int a; int b; int c; int i ; int r; 3 4 a = input ( − 1000,1000); 5 b = input ( − 1000,1000); 6 c = 1; 7 8 i=0; 9 ( i < a ) { while 10 c=c+b; 11 i=i+1; 12 } 13 14 r = c; 15 16 }

Running example Concrete semantics Abstract semantics Evaluation References Running example Unchloop from Trostanetski et al. [2017] Change request 1 { 2 int a; int b; int c; int i ; int r; 3 4 a = input ( − 1000,1000); 5 b = input ( − 1000,1000); 6 c = 1; // to change 7 8 i=0; 9 ( i < a ) { while 10 c=c+b; 11 i=i+1; 12 } 13 14 r = c ; // to change 15 16 }

Running example Concrete semantics Abstract semantics Evaluation References Running example Unchloop from Trostanetski et al. [2017] Patched program 1 { 2 int a; int b; int c; int i ; int r; 3 4 a = input ( − 1000,1000); 5 b = input ( − 1000,1000); 6 c = 0; // 1 7 8 i=0; 9 ( i < a ) { while 10 c=c+b; 11 i=i+1; 12 } 13 14 r = c + 1; // c 15 16 }

Running example Concrete semantics Abstract semantics Evaluation References Running example Unchloop from Trostanetski et al. [2017] Joint representation: double program P 1 { 2 int a; int b; int c; int i ; int r; 3 4 a = input ( − 1000,1000); 5 b = input ( − 1000,1000); 6 c = 1 � 0; 7 8 i=0; 9 ( i < a ) { while 10 c=c+b; 11 i=i+1; 12 } 13 14 r = c � c + 1; 15 assert sync (r); 16 }

Running example Concrete semantics Abstract semantics Evaluation References Running example Unchloop from Trostanetski et al. [2017] Left projection: simple program P 1 = π 1 ( P ) 1 { 2 int a 1 ; int b 1 ; int c 1 ; int i 1 ; int r 1 ; 3 4 a 1 = input ( − 1000,1000); 5 b 1 = input ( − 1000,1000); 6 c 1 = 1; 7 def π 1 ( x ∈ V ) = x 1 ∈ V 1 8 i 1 =0; def 9 while ( i 1 < a 1 ) { π 1 ( s 1 � s 2 ) = s 1 10 c 1 =c 1 +b 1 ; 11 i 1 =i 1 +1; 12 } 13 14 r 1 = c 1 ; 15 16 }

Running example Concrete semantics Abstract semantics Evaluation References Running example Unchloop from Trostanetski et al. [2017] Right projection: simple program P 2 = π 2 ( P ) 1 { 2 int a 2 ; int b 2 ; int c 2 ; int i 2 ; int r 2 ; 3 4 a 2 = input ( − 1000,1000); 5 b 2 = input ( − 1000,1000); 6 c 2 = 0; 7 def π 2 ( x ∈ V ) = x 2 ∈ V 2 8 i 2 =0; def 9 while ( i 2 < a 2 ) { π 2 ( s 1 � s 2 ) = s 2 10 c 2 =c 2 +b 2 ; 11 i 2 =i 2 +1; 12 } 13 14 r 2 = c 2 + 1; 15 16 }

Running example Concrete semantics Abstract semantics Evaluation References Agenda Running example 1 Concrete semantics 2 Abstract semantics 3 Evaluation 4

❉ Running example Concrete semantics Abstract semantics Evaluation References Lifting simple program semantics to double programs Simple programs P k = π k ( P ) k ∈ { 1; 2 } variables in V k = { x k | x ∈ V } def memory states in E k = V k → ❘ expression semantics ❊ k � e � ∈ E k → P ( ❘ ) condition semantics ❈ k � c � ∈ E k → P ( { true , false } ) statement semantics ❙ k � s � ∈ P ( E k × E k ): input-output relation

Running example Concrete semantics Abstract semantics Evaluation References Lifting simple program semantics to double programs Simple programs P k = π k ( P ) k ∈ { 1; 2 } variables in V k = { x k | x ∈ V } def memory states in E k = V k → ❘ expression semantics ❊ k � e � ∈ E k → P ( ❘ ) condition semantics ❈ k � c � ∈ E k → P ( { true , false } ) statement semantics ❙ k � s � ∈ P ( E k × E k ): input-output relation Double program P variables in V def memory states in D = E 1 × E 2 statement semantics ❉ � s � ∈ P ( D × D ): input-output relation

Running example Concrete semantics Abstract semantics Evaluation References Assignment and blocs ❉ � dstat � ∈ P ( D × D ) def ❉ � skip � = ∆ D def ❉ � s 1 � s 2 � = { (( i 1 , i 2 ) , ( o 1 , o 2 )) | ( i 1 , o 1 ) ∈ ❙ 1 � s 1 � ∧ ( i 2 , o 2 ) ∈ ❙ 2 � s 2 � } def ❉ � V ← e 1 � e 2 � = ❉ � V ← e 1 � V ← e 2 � def ❉ � s 1 ; s 2 � = ❉ � s 1 � � ❉ � s 2 � where def R 1 � R 2 = { ( x , z ) | ∃ y : ( x , y ) ∈ R 1 ∧ ( y , z ) ∈ R 2 }

Running example Concrete semantics Abstract semantics Evaluation References if statement def ❉ � if c then s 1 else s 2 � = ❋ � c � � ❉ � s 1 � ∪ ❋ � ¬ c � � ❉ � s 2 � ∪ ❋ � c � ¬ c � � ❉ 1 � s 1 � � ❉ 2 � s 2 � ∪ ❋ � ¬ c � c � � ❉ 1 � s 2 � � ❉ 2 � s 1 � where def ❋ � c 1 � c 2 � = { (( ρ 1 , ρ 2 ) , ( ρ 1 , ρ 2 )) | true ∈ ❈ 1 � c 1 � ρ 1 ∩ ❈ 2 � c 2 � ρ 2 } def ❋ � c � = ❋ � c � c � def ❉ 1 � s � = ❉ � π 1 ( s ) � skip � def ❉ 2 � s � = ❉ � skip � π 2 ( s ) �

Running example Concrete semantics Abstract semantics Evaluation References while statement def ❉ � while c do s � = (lfp H ) � ❋ � ¬ c � where ❋ � c � � ❉ � s � ∪ � � def H ( R ) = ∆ D ∪ R � ❋ � c � ¬ c � � ❉ 1 � s � ∪ ❋ � ¬ c � c � � ❉ 2 � s �

Running example Concrete semantics Abstract semantics Evaluation References Semantics of the example 1 c = 1 � 0; 2 3 i=0; 4 while ( i < a ) { 5 c=c+b; 6 i=i+1; 7 } 8 9 r = c � c + 1;

Running example Concrete semantics Abstract semantics Evaluation References Semantics of the example 1 c = 1 � 0; 2 3 i=0; 4 ( i < a ) { while 5 c=c+b; 6 i=i+1; 7 } 8 9 r = c � c + 1; ❉ � � = { s 0 , (( a 1 , b 1 , 1 , 0 , 1) , ( a 2 , b 2 , 0 , 0 , 1)) | a 1 ≤ 0 ∧ a 2 ≤ 0 ∧ H 0 } ∪ { s 0 , (( a 1 , b 1 , 1 + a 1 × b 1 , a 1 , 1 + a 1 × b 1 ) , ( a 2 , b 2 , 0 , 0 , 1)) | a 1 > 0 ∧ a 2 ≤ 0 ∧ H 0 } ∪ { s 0 , (( a 1 , b 1 , 1 , 0 , 1) , ( a 2 , b 2 , a 2 × b 2 , a 2 , 1 + a 2 × b 2 )) | a 1 ≤ 0 ∧ a 2 > 0 ∧ H 0 } ∪ { s 0 , (( a 1 , b 1 , 1 + a 1 × b 1 , a 1 , 1 + a 1 × b 1 ) , ( a 2 , b 2 , a 2 × b 2 , a 2 , 1 + a 2 × b 2 )) | a 1 > 0 ∧ a 2 > 0 ∧ H 0 } where def = (( a 1 , b 1 , c 1 , i 1 , r 1 ) , ( a 2 , b 2 , c 2 , i 2 , r 2 )) s 0 def = ∀ k ∈ { 1 , 2 } : ( b k , c k , i k , r k ) ∈ ❘ 4 H 0

Running example Concrete semantics Abstract semantics Evaluation References Semantics of the example 1 c = 1 � 0; 2 3 i=0; equal initial states 4 ( i < a ) { while assuming a def = a 1 = a 2 and 5 c=c+b; def 6 i=i+1; b = b 1 = b 2 7 } 8 9 r = c � c + 1; ❉ � � = { s 0 , (( a , b , 1 , 0 , 1) , ( a , b , 0 , 0 , 1)) | a ≤ 0 ∧ H 0 } ∪ ∅ ∪ ∅ ∪ { s 0 , (( a , b , 1 + a × b , a , 1 + a × b ) , ( a , b , a × b , a , 1 + a × b )) | a > 0 ∧ H 0 } where def = (( a , b , c 1 , i 1 , r 1 ) , ( a , b , c 2 , i 2 , r 2 )) s 0 def = b ∈ ❘ ∧ ∀ k ∈ { 1 , 2 } : ( c k , i k , r k ) ∈ ❘ 3 H 0

Running example Concrete semantics Abstract semantics Evaluation References Agenda Running example 1 Concrete semantics 2 Abstract semantics 3 Evaluation 4

❉ ❉ ❙ ❙ ❉ ❉ ❉ ❉ ❉ ❉ ❉ ❉ ❉ ❉ Running example Concrete semantics Abstract semantics Evaluation References ❉ is not computable in general Numerical abstraction memory states in D ≈ ❘ |V 1 ∪V 2 | ⇒ any numeric abstract domain on pairs of environments

Running example Concrete semantics Abstract semantics Evaluation References ❉ is not computable in general Numerical abstraction memory states in D ≈ ❘ |V 1 ∪V 2 | ⇒ any numeric abstract domain on pairs of environments Abstract semantics ❉ defined by induction the syntax def but for ❉ � s 1 � s 2 � = { ... | ... ❙ 1 � s 1 � ∧ ... ❙ 2 � s 2 � } notice ❉ � s 1 � s 2 � = ❉ 1 � s 1 � � ❉ 2 � s 2 � e.g. ❉ � c ← 1 � 0 � = ❉ � c 1 ← 1 � � ❉ � c 2 ← 0 � ❉ ♯ is standard 1 � s 1 � � ♯ ❉ ♯ def = ❉ ♯ e.g. ❉ ♯ � s 1 � s 2 � 2 � s 2 �

Running example Concrete semantics Abstract semantics Evaluation References Which numerical abstract domains?