COP 5021 Lecture -*- Outline -*- * Approximation of Fixed Points (4.2) Assume from now on that all property spaces (L, M) are complete lattices (see appendix A) ** Example lattice (4.10) to motivate need for approximations ------------------------------------------ INTERVAL LATTICE (EXAMPLE 4.10) Interval = { _|_ } \cup {[z1,z2] | z1 <= z2, z1 in Z-, z2 in Z+} Z- = Z \cup {-\infty} Z+ = Z \cup {\infty} _|_ denotes the empty interval <= ordering on Interval is: where (for integers z1, z2): inf(_|_) = \infty inf([z1,z2]) = z1 sup(_|_) = -\infty sup([z1,z2]) = z2 ------------------------------------------ ... \subseteq in essence but technically int1 <= int2 iff inf(int2) <= inf(int1) /\ sup(int1) <= sup(int2) Q: Why is Interval a lattice? How to define |_| ? need to show that each subset has a least upper bound. |_| {} = _|_ |_| {_|_} = _|_ |_| Y = [inf'{inf(int) | int in Y}, sup'{sup(int) | int in |Y}] if not(Y <= {_|_}) where inf'({}) = \infty inf'(Q) = z', if z' is the least element of Q inf'(Q) = -\infty, if Z has no least element sup'({}) = -\infty sup'(Q) = z', if z' is the greatest element of Q sup'(Q) = \infty, if Z has no greatest element (for all sets of intervals Q) Q: What is \top in this lattice? [-\infty, \infty] ** Why fixed points? ------------------------------------------ WHY FIXED POINTS? Analysis transforms properties: f: L -> L where f is monotone. E.g., for reaching definitions: F(RD_1,...,RD_n) = (F_1(RD_1,...,RD_n), ..., F_n(RD_1...,RD_n)) Want least fixed point, lfp(f) for: - recursive programs - programs with loops But iterating doesn't necessarily: - reach a fixed point (stabilize) - stabalize at the least fixed point ------------------------------------------ Q: Why not? monotonicity isn't enough (don't have ascending chain condition, don't have continuity). E.g., f: Interval -> Interval f(_|_) = [0,0] f([z1,z2]) = [z1,z2+1] (this is extensive, not reductive) ** Widening Operators (4.2.1) This tries to answer the question of what to do if we don't have a fixed points automatically. *** idea ------------------------------------------ IDEA How to approximate lfp(f)? use sequence (f^n_V)n - which must stabalize - which will safely approximate lfp(f) The V (\nabla) is a widening operator ------------------------------------------ *** upper bound operators ------------------------------------------ UPPER BOUND OPERATORS def: Suppose L is a complete lattice. Then an operation ub: L x L -> L is an upper bound operator iff for all l1, l2 in L, l1 <= ub(l1,l2) and l2 <= ub(l1,l2). Example (4.12): Let int be a fixed interval e.g., int02 = [0,2] define: ub^int(int1, int2) = if int1 <= int or int2 <= int1 then int1 |_| int2 else [-\infty, \infty] e.g., with int02 = [0,2] ub^int02(int1, int2) = if int1 <= [0,2] or int2 <= int1 then int1 |_| int2 else [-\infty, \infty] so ub^int02([1,2],[2,3]) = but ub^int02([2,3],[1,2]) = ------------------------------------------ ... [1,3] (because [1,2] <= [0,2] and [1,2] |_| [2,3] = [1,3]) ... [-\infty, \infty] (because not([2,3] <= [0,2] and not([1,2] <= [2,3]) Q: Is an upper bound operator monotone? commutative? associative? no, doesn't have to be (but could be) not even the case that ub(l,l) = l. e.g., ub(l1,l2) = T is an upper bound operator (trivially) Q: Is ub^int symmetric for all intervals, int? no: ub^int02([1,2], [2,3]) = [1,3] ub^int02([[2,3],[1,2]) = [-\infty, \infty] Q: Why is ub^int an upper bound operator? because the result contains both arguments ------------------------------------------ MAKING ASCENDING CHAINS def: Let (l_n)n = (l_0, l_1, ...) be a sequence of elements in L. Let phi: (L x L) -> L be a total function. Then bapply(phi, (l_n)n) = (m_n)n where m_0 = l_0 m_n = phi(m_{n-1}, l_n), for n > 0 Notation: (bapply(phi, (l_n)n) is written (l^{phi}_n)n Fact 4.11 If (l_n)n is a sequence and ub is an upper bound operator, then (bapply(ub, (l_n)n) is an ascending chain. ------------------------------------------ Q: What happens if we bapply an an upper bound operator to a sequence? we get an ascending chain. Why? (proof by induction, on page 225) Q: Does that chain eventually stabalize? no, consider ub^{[0,\infty]}, as in example 4.12 with bapplied to [0,0], [1,1], [2,2], ... gives [0,0], [0,1], [0,2], ... however ub^{[0,2]} does work to stabilize that chain. *** widening operators ------------------------------------------ WIDENING OPERATORS def: Let L be a complete lattice. Then V: L x L -> L is a *widening operator* iff: - V is an upper bound operator, and - for all ascending chains (l_n)n, the chain bapply(V, (l_n)n) eventually stabilizes ------------------------------------------ Q: Is bapply(V, (l_n)n) an ascending chain? Yes, by fact 4.11 ------------------------------------------ USING WIDENING TO SAFELY APPROXIMATE LFP Given: monotone f: L -> L widening operator V: L x L -> L Goal: find lfp_V(f), such that: (a) f(lfp_V(f)) <= lfp_V(f), and (b) lfp_V(f) >= lfp(f) Define lfp_V(f) = f_V^m, where m >= 0 is the least number such that: f(f_V^m) <= f_V^m where for all n >= 0 f_V^0 = _|_ f_V^{n+1} = f_V^{n}, if f(f_V^{n}) <= f_V^{n} f_V^{n+1} = f_V^{n} V f(f_V^{n}), otherwise ------------------------------------------ Show and discuss figure 4.4 Q: Why does f_V^n eventually become reductive? because the widening operator forces it (by def). Prop 4.13 says this. ------------------------------------------ EXAMPLE 4.15 Consider lattice Interval. For K a finite set of integers, widening operator V_K defined by: _|_ V_K _|_ = _|_ int1 V_K int2 = [LB_K(inf(int1), inf(int2)), UB_K(sup(int1), sup(int2))] where LB_K(z1,z3) = z1, if z1 <= z3 k, if z3 < z1 /\ k = max{k \in K | k <= z3} -\infty, if z3 < z1 /\ (k \in K ==> z3 < k) UB_K(z2,z4) = z2, if z4 <= z2 k, if z2 < z4 /\ k = min{k \in K | z4 <= k} \infty, if z2 < z4 /\ (k \in K ==> k < z4) E.g., suppose K = {5, 0, 2, 1}, and consider (int_n)n defined by [0,1],[0,2],[0,3],... then (int^{V_K}_n)n is: ------------------------------------------ ... [0,1], [0,2], [0,5], [0,5], [0,5], [0,\infty], [0, \infty], ... Q: What set of integers would work? those mentioned in a program Q: Why is V_K an upper bound operator? It always returns an interval that contains the given ones Q: Why is V_K a widening operator? consider an ascending chain (int_n)n use proof by contradiction. ** narrowing operators (4.2.2) ------------------------------------------ NARROWING OPERATORS (4.2.2) Widening operator V gives an m such that f(f_V^m) <= f_V^m Note that - f_V^m may not be a fixed point of f - f_V^m >= lfp(f) Goal: get better approx to lfp(f) Idea: f_V^m in Red(f) So search by computing f(f_V^m) f(f(f_V^m)) ... f^n(f_V^m) ------------------------------------------ Q: Will this stabilize? might not Q: When can we stop? safe anytime... ------------------------------------------ NARROWING OPERATOR def: D: L x L -> L is a narrowing operator iff: - for all l1, l2 in L, l2 <= l1 ==> l2 <= (l1 D l2) and (l1 D l2) <= l1 - for all descending chains (l_n)n, the sequence bapply(D, (l_n)n) eventually stabalizes. ------------------------------------------ Show picture 4.5 Look at lemma 4.16