COP 5021 Lecture -*- Outline -*- meeting 1 * A Mundane Approach to Correctness (4.1) That is first-order... (mundane = first-order) ** semantics and its relation to abstract interpretation ------------------------------------------ SEMANTICS AND ABSTRACT INTERPRETATION Language semantics (big step) -->* s' P |- s ~~> s' Abstract interpretation P |- l_1 |> l_2 f_p(l_1) = l_2 ------------------------------------------ a language semantics may be nondeterministic, but usually the abstract interpretation i.e., the transfer functions, are deterministic ------------------------------------------ MUNDANE Def: a *mundane* analysis or approach is one that is first-order. That is the properties describe sets of values e.g., shape analysis, constant propagation ------------------------------------------ Q: What classical analyses are not mundane? The Live Variables analysis in particular, which involves relationships between statements (or analysis values) Abstract interpretation can also deal with second-order analyses ------------------------------------------ EXAMPLE 4.1 For constant propagation: Semantics is: S* |- s1 ~~> s2 means -->* s2 Analysis is: S* |- \hat{s1} |> \hat{s2} means i = \hat{s1} /\ s2 = \bigsqcup {CP.(l) | l in final(S*)} ------------------------------------------ Q: What is the set of values for this example? The set of program states (finite maps of type [Var* -> Z6{\top}]_{\bot}) Q: What is the property space for constant propagation? states (environments) \hat{s}: Var* -> (Z \cup {\bot}) review section 2.3.3 (page 72) if necessary The book also has a control flow analysis example (4.2) ** correctness relations (4.1.1) ------------------------------------------ CORRECTNESS RELATIONS (4.1.1) def: a *correctness relation* has type V x L -> Boolean It says what properties safely describe a given value, and must be preserved by computation/analysis: (v1 R l1 /\ p |- v1 ~~> v2 /\ p |- l1 |> l2) ==> v2 R l2 (4.3) Picture: p |- l1 |> l2 R ==> R p |- v1 ~~> v2 ------------------------------------------ This is a "logical relation" ------------------------------------------ CORRECTNESS FOR ORDERED PROPERTY SPACES Suppose L = (L, <=) is a complete lattice, Then we require: v R l1 /\ l1 <= l2 ==> v R l2 (4.4) (\forall l \in L' <= L :: v R l) ==> v R (\bigmeet L') (4.5) ------------------------------------------ Q: What do these mean? (4.4) says smaller is a better approximation, i.e., more precise (4.5) says there is always a best (most precise) property that safely describes a value ------------------------------------------ CONSTANT PROPAGATION (EXAMPLE 4.3) s R_CP \hat{s} iff (\forall x \in Var* :: (\hat{s}(x) = \top \/ s(x) = \hat{s}(x))) ------------------------------------------ Q: What does that mean? That the approximation \hat{s} is correct only when it doesn't differ from s or if it uses \top (don't know) instead Q: Why do the properties (4.4) and (4.5) hold? 4.4 holds because l1 <= l2 means that l2 can use \top for some variables that l1 doesn't, otherwise they are the same ** representation functions (4.1.2) ------------------------------------------ REPRESENTATION FUNCTIONS (4.1.2) def: a *representation function* maps a value to the best property describing it. It must be preserved by computation in the following sense: (b(v1) <= l1 /\ p |- v1 ~~> v2 /\ p |- l1 |> l2) ==> b(v2) <= l2 (4.6) Picture: p |- l1 |> l2 ^ ^ b| ==> |b | | p |- v1 ~~> v2 ------------------------------------------ Q: What does this property mean? explained in terms of "safely described by" (<=) Q: Can we define a correctness relation, R, using b? yes, see below Q: And vice versa? yes, see below ------------------------------------------ CORRECTNESS VIA REPRESENTATION AND VICE VERSA def: R_b is the correctness relation generated by b: v R_b l <==> b(v) <= l def: b_R is the representation function generated by R: b_R(v) = \bigmeet { l | v R l } Lemma 4.5 (i) R_b satisfies (4.4) and (4.5), and b_{R_b} = b (ii) if R satisfies (4.4) and (4.5), then b_R is well-defined and R_{b_R} = R ------------------------------------------ draw figure 4.1 /--------------\ /---------\ | | / - - + - /--\ | | . - - + - - R | |R(V)| | | v \ - - + \ | | | | | \ | - - - -|- \ / | | \----+----------+--->./ | | | b | b(v) | | | \----------/ \--------------/ V L hence (4.3) is equivalent to (4.6) which is lemma 4.5 How would you prove this? see p. 215 ------------------------------------------ CONSTANT PROPAGATION (EXAMPLE 4.6) b_CP: State -> \hat{State_CP} b_CP(s) = s So R_CP is defined by: ------------------------------------------ ... s R_CP \hat{s} <==> b_CP(s) <=_CP \hat{s} Q: What does that mean? s R_CP \hat{s} iff \forall x : x \in FV(S*) : \hat{s}(x) = \top or s(x) = \hat{s}(x) What's the relationship between b_SA and R_SA for shape analysis? ** generalization (4.1.3) ------------------------------------------ GENERALIZATION (4.1.3) In p |- v1 ~~> v2 allow v1 in V1, v2 in V2, and V1 <> V2 In f_p(l1) = l2 allow l1 in L1, l2 in L2, and L1 <> L2 So get 2 correctness relations: R1: V1 x L1 -> Boolean generated by b1: V1 -> L1 R2: V2 x L2 -> Boolean generated by b2: V2 -> L2 Logical relationship: f_p l1 --> l2 R1 ==> R2 p |- v1 ~~> v2 def: (R1 ->> R2) is a relation defined by (p |- . ~~> .) (R1 ->> R2) f_p <==> (\forall v1, v2, l1 :: (p |- v1 ~~> v2) /\ v1 R1 l1 ==> v2 R2 f_p(l1)) ------------------------------------------ Can view a logical relation as a lift of correctness to a higher type level (Could work example 4.9)