Numerical Abstract Domain using Support Function. Yassamine Seladji - PowerPoint PPT Presentation

Numerical Abstract Domain using Support Function. Yassamine Seladji and Olivier Bouissou. CEA, LIST, LMeASI. yassamine.seladji@cea.fr olivier.bouissou@cea.fr 19 juin 2012

Context An industriel problem ◮ The crash of Ariane 5 : caused by an overflow. ⇒ 700 Million euro of lost. = Yassamine Seladji , and , Olivier Bouissou. 2 / 28

Introduction Fixpoint computation Program Input : S 0 ⊆ ❘ n Input : A ∈ ❘ n × ❘ m , b ∈ ❘ m . Input : c ∈ ❘ n , l ∈ ❘ X ∈ S 0 while ( � X , c � ≤ l ) { X = AX + b . } Yassamine Seladji , and , Olivier Bouissou. 3 / 28

Introduction Fixpoint computation Program Input : S 0 ⊆ ❘ n Input : A ∈ ❘ n × ❘ m , b ∈ ❘ m . Input : c ∈ ❘ n , l ∈ ❘ X ∈ S 0 while ( � X , c � ≤ l ) { X = AX + b . } S i = S i − 1 ∪ [( AS i − 1 + b ) ∩ ( � c , X � ≤ l )] Yassamine Seladji , and , Olivier Bouissou. 3 / 28

Introduction Static analysis by abstract interpretation ellipsoide Box Polyhedra e Sign p l a t e m T Octagon e Zonotope o n z Yassamine Seladji , and , Olivier Bouissou. 4 / 28

Introduction Static analysis by abstract interpretation ellipsoide Box Polyhedra e Sign p l a t e m T Octagon e Zonotope o n z Yassamine Seladji , and , Olivier Bouissou. 4 / 28

Introduction Static analysis by abstract interpretation Constraints representation Polyhedra Generators representation Yassamine Seladji , and , Olivier Bouissou. 4 / 28

Introduction Static analysis by abstract interpretation Constraints representation Support function Polyhedra Generators representation Yassamine Seladji , and , Olivier Bouissou. 4 / 28

Outline Support functions Definition Properties Abstract domain Definition Fixpoint computation The accelerated Kleene iteration Experimentation Related work Conclusion and future work Yassamine Seladji , and , Olivier Bouissou. 5 / 28

Support Function Definition Definition Let S be a convex set and δ S its support function, such that : ∀ d ∈ ❘ n , δ S ( d ) = sup {� x , d � : x ∈ S } Yassamine Seladji , and , Olivier Bouissou. 6 / 28

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. Yassamine Seladji , and , Olivier Bouissou. 7 / 28

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. Yassamine Seladji , and , Olivier Bouissou. 7 / 28

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. Property Let S be a convex set, and ∆ ⊆ ❘ n be a set of directions. We put � { x ∈ ❘ n |� x , d � ≤ δ S ( d ) } P = d ∈ ∆ Then S ⊆ P Yassamine Seladji , and , Olivier Bouissou. 7 / 28

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. The special case of polyhedron Let P be a polyhedron. If P is represented by : ◮ Linear system, δ P is obtained using Linear Programming. ◮ Generators (vertices) v i , δ P ( d ) = sup {� v i , d � : v i ∈ P } . Yassamine Seladji , and , Olivier Bouissou. 7 / 28

Support Function Properties Properties Let S , S ′ be two convex sets. We have : ◮ ∀ M ∈ ❘ n × ❘ m , δ MS ( d ) = δ S ( M T d ). ◮ ∀ λ ≥ 0 , δ λ S ( d ) = λδ S ( d ). ◮ δ S ⊕ S ′ ( d ) = δ S ( d ) + δ S ′ ( d ). ◮ δ S ∪ S ′ ( d ) = max( δ S ( d ) , δ S ′ ( d )). ◮ δ S ∩ S ′ ( d ) ≤ min( δ S ( d ) , δ S ′ ( d )). Yassamine Seladji , and , Olivier Bouissou. 8 / 28

Support Function Properties Properties Let S , S ′ be two convex sets. We have : ◮ ∀ M ∈ ❘ n × ❘ m , δ MS ( d ) = δ S ( M T d ). ◮ ∀ λ ≥ 0 , δ λ S ( d ) = λδ S ( d ). ◮ δ S ⊕ S ′ ( d ) = δ S ( d ) + δ S ′ ( d ). S ⊕ S ′ = { x + x ′ | x ∈ S , x ′ ∈ S ′ } ◮ δ S ∪ S ′ ( d ) = max( δ S ( d ) , δ S ′ ( d )). ◮ δ S ∩ S ′ ( d ) ≤ min( δ S ( d ) , δ S ′ ( d )). Yassamine Seladji , and , Olivier Bouissou. 8 / 28

Support Function Properties Properties Let S , S ′ be two convex sets. We have : ◮ ∀ M ∈ ❘ n × ❘ m , δ MS ( d ) = δ S ( M T d ). ◮ ∀ λ ≥ 0 , δ λ S ( d ) = λδ S ( d ). ◮ δ S ⊕ S ′ ( d ) = δ S ( d ) + δ S ′ ( d ). ◮ δ S ∪ S ′ ( d ) = max( δ S ( d ) , δ S ′ ( d )). ◮ δ S ∩ S ′ ( d ) ≤ min( δ S ( d ) , δ S ′ ( d )). Yassamine Seladji , and , Olivier Bouissou. 8 / 28

Support Function Properties Properties Let S , S ′ be two convex sets. We have : ◮ ∀ M ∈ ❘ n × ❘ m , δ MS ( d ) = δ S ( M T d ). ◮ ∀ λ ≥ 0 , δ λ S ( d ) = λδ S ( d ). ◮ δ S ⊕ S ′ ( d ) = δ S ( d ) + δ S ′ ( d ). ◮ δ S ∪ S ′ ( d ) = max( δ S ( d ) , δ S ′ ( d )). ◮ δ S ∩ S ′ ( d ) ≤ min( δ S ( d ) , δ S ′ ( d )). Yassamine Seladji , and , Olivier Bouissou. 8 / 28

P ❘ ❘ ❘ ❘ Abstract domain Definition For a set of directions ∆, Yassamine Seladji , and , Olivier Bouissou. 9 / 28

❘ ❘ ❘ Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. Yassamine Seladji , and , Olivier Bouissou. 9 / 28

Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. The concretisation function P ( ❘ n ) γ ∆ : (∆ → ❘ ∞ ) − → � d ∈ ∆ { x ∈ ❘ n | � x , d � ≤ Ω( d ) } − → Ω Yassamine Seladji , and , Olivier Bouissou. 9 / 28

Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. The concretisation function P ( ❘ n ) γ ∆ : (∆ → ❘ ∞ ) − → � d ∈ ∆ { x ∈ ❘ n | � x , d � ≤ Ω( d ) } − → Ω Example : Yassamine Seladji , and , Olivier Bouissou. 9 / 28

Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. The concretisation function P ( ❘ n ) γ ∆ : (∆ → ❘ ∞ ) − → � d ∈ ∆ { x ∈ ❘ n | � x , d � ≤ Ω( d ) } − → Ω Example : Yassamine Seladji , and , Olivier Bouissou. 9 / 28

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞   λ d . δ S ( d ) otherwise Example : Yassamine Seladji , and , Olivier Bouissou. 10 / 28

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞   λ d . δ S ( d ) otherwise Example : Yassamine Seladji , and , Olivier Bouissou. 10 / 28

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞   λ d . δ S ( d ) otherwise Example : Yassamine Seladji , and , Olivier Bouissou. 10 / 28

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞   λ d . δ S ( d ) otherwise Example : Yassamine Seladji , and , Olivier Bouissou. 10 / 28

Abstract domain Definition The complete lattice � P ♯ ∆ , ⊑ , ⊥ , ⊤ , ⊔ , ⊓� is defined by : ◮ An order relation : Ω 1 ⊑ Ω 2 ⇔ γ ∆ (Ω 1 ) ⊆ γ ∆ (Ω 2 ). ◮ A minimal element : ⊥ = λ d . − ∞ . ◮ A maximal element : ⊤ = λ d . + ∞ . ◮ A join operator : Ω 1 ⊔ Ω 2 = λ d . max(Ω 1 ( d ) , Ω 2 ( d )). ◮ A meet operator : Ω 1 ⊓ Ω 2 = λ d . min(Ω 1 ( d ) , Ω 2 ( d )). Yassamine Seladji , and , Olivier Bouissou. 11 / 28

Abstract domain Definition The complete lattice � P ♯ ∆ , ⊑ , ⊥ , ⊤ , ⊔ , ⊓� is defined by : ◮ An order relation : Ω 1 ⊑ Ω 2 ⇔ γ ∆ (Ω 1 ) ⊆ γ ∆ (Ω 2 ). ◮ A minimal element : ⊥ = λ d . − ∞ . ◮ A maximal element : ⊤ = λ d . + ∞ . ◮ A join operator : Ω 1 ⊔ Ω 2 = λ d . max(Ω 1 ( d ) , Ω 2 ( d )). ◮ A meet operator : Ω 1 ⊓ Ω 2 = λ d . min(Ω 1 ( d ) , Ω 2 ( d )). Notes : γ ∆ (Ω 1 ⊔ Ω 2 ) = γ ∆ (Ω 1 ) ⊔ γ ∆ (Ω 2 ). γ ∆ (Ω 1 ⊓ Ω 2 ) ⊒ γ ∆ (Ω 1 ) ⊓ γ ∆ (Ω 2 ). Yassamine Seladji , and , Olivier Bouissou. 11 / 28

Abstract domain The special case of polyhedron Property Let P be a polyhedron and Ω ∈ P ♯ ∆ such that Ω = α ∆ ( P ). We have that, P ⊆ γ ∆ (Ω) where this over approximation is tight as the vertices of P touch the faces of γ ∆ (Ω). Yassamine Seladji , and , Olivier Bouissou. 12 / 28

Abstract domain Fixpoint computation Program Input : P 0 a bounded polyhedron. Input : A ∈ ❘ n × ❘ m , b ∈ ❘ m . Input : c ∈ ❘ n , l ∈ ❘ X ∈ P 0 while ( � X , c � ≤ l ) { X = AX + b . } Yassamine Seladji , and , Olivier Bouissou. 13 / 28

Abstract domain Fixpoint computation Program Input : P 0 a bounded polyhedron. Input : A ∈ ❘ n × ❘ m , b ∈ ❘ m . Input : c ∈ ❘ n , l ∈ ❘ X ∈ P 0 while ( � X , c � ≤ l ) { X = AX + b . } Ω i = Ω i − 1 ∪ [( A Ω i − 1 + b ) ∩ ( � c , X � ≤ l )] Yassamine Seladji , and , Olivier Bouissou. 13 / 28