from program slicing to abstract interpretation
DESCRIPTION
From Program slicing to Abstract Interpretation. Dr. Manuel Oriol. Topics. Program Slicing Static Dynamic Abstract Interpretation Soundness Completeness. Program slicing. A technique for analyzing programs regarding to a specific criterion. - PowerPoint PPT PresentationTRANSCRIPT
Chair of Software Engineering
From Program slicing to Abstract Interpretation
Dr. Manuel Oriol
2
Topics
Program Slicing Static Dynamic
Abstract Interpretation Soundness Completeness
3
Program slicing
A technique for analyzing programs regarding to a specific criterion.
More specifically, the analysis is meant to find the statements that participate to a result.
4
IntuitionWhat are the statements leading to the value of b at the end?
a := 1b := 5if (b > 3) then
Result := belse
a := 2endb := a
5
Key Idea: static slicing criteria
Slicing criterion:
(S, {variables})
A statement, a point in the
program
The set of variables that
matter
6
The static sliceThe set of statements that lead to the state of the variables at the chosen statement.
Example:
i := 3fact := 1from i := 1 until i > 10 loop
fact :=fact *ilast_i := i -- Middleio.put ("last I:" +last_i )i := i + 1
end
(end,i)? (end,fact)? (middle,i)?
7
Key Idea: dynamic slicing criteria
Slicing criterion:
(x, Sq, {variables})
Input of the program
The set of variables that
matter
Statement S in qth position
8
The dynamic sliceThe set of statements that lead to the state of the variables at the chosen statement given input x.
Example:
n := io.read_inti := 3fact := 1from i := 1 until i > n loop
fact :=fact *ilast_i := i -- Middleio.put ("last I:“ + last_i )i := i + 1
end
(10,end1,i)? (0,end1,fact)? (5,middle2,i)?
9
Application: Debugging
Simpler: Easier to understand what’s wrong
Remove statements: Detect dead code
By comparing to an intended behavior: detects bugs in the behavior
10
Other Applications
Software maintenance
Testing
Optimizations
11
Abstract interpretation
A technique for analyzing the programs by modeling their values and operations.
It is an execution that one can make to prove facts.
12
IntuitionSet of values:
V::= integers
Expressions:e::= e * e | i ∈ V
Language:eval: e -> integerseval(i) = ieval(e1*e2) = eval(e1) x eval(e2)
How can we decide on the sign of the evaluated expressions?
13
Key Idea: the Abstraction!
State
Abstract State
State
Abstract Statenext
next
α α
How is this called? Homomorphism
γ
α: abstraction functionγ: concretization function
14
Abstraction
Set of values: V::= integers
Expressions: e::= e * e | i ∈ V
Language: eval: e -> integers eval(i) = i eval(e1*e2) = eval(e1) * eval(e2)
Set of abstract values: AV::= {+, -, 0}
Expressions:e::= e * e | ai ∈ AV
Language:aeval: e -> AVaeval(i>0) = +aeval(i<0) = -aeval(i=0) = 0aeval(e1*e2) = aeval(e1)* aeval(e2)
where +*- = -+*+=+-*-=+0*av=0av*0=0
Adding unary minus?
15
If only the world would be so great…
State
Abstract State
State
Abstract Statenext
next
α α
How is this called? Semi-Homomorphism
⊆
16
Abstraction
Set of values: V::= integers
Expressions: e::= e * e | -e | e + e | i ∈ V
Language: eval: e -> integers eval(i) = i eval(-e)=-eval(e) eval(e1*e2) = eval(e1) * eval(e2) eval(e1+e2) = eval(e1) + eval(e2)
Set of abstract values: AV::= {+, -, 0, T}
Expressions:e::= e * e | -e | e + e | av ∈ AV
Language:aeval: e -> AVaeval(integer) = … as beforeaeval(e1*e2) = … as beforeaeval(-e) = … easy ;)aeval(e1+e2) = aeval(e1)+ aeval(e2)
where + + - = T+ + + = +
- + - = -0+av=av
av+0=av
17
Abstraction complete?
Set of values: V::= integers
Expressions: e::= e * e | -e | e + e | e/e | i ∈ V
Language: eval: e -> integers eval(i) = i eval(-e)=-eval(e) eval(e1*e2) = eval(e1) * eval(e2) eval(e1+e2) = eval(e1) + eval(e2) eval(e1/e2) = eval(e1) / eval(e2)
Set of abstract values: AV::= {+, -, 0, T, ⊥}
Expressions:e::= e * e | -e | e + e | e/e | av ∈ AV
Language:aeval: e -> AVaeval(integer) = … as beforeaeval(e1*e2) = … as beforeaeval(-e) = … easy ;)aeval(e1/e2) = aeval(e1)/ aeval(e2)
where av/0 = ⊥av+ ⊥= ⊥
…
18
Significance of the results?
It is sound!(the results are correct)
It is far from complete!!!!!(the results loose too much information)
19
Condition for Soundness
It should be a Galois insertion:
γ and α monotonic (x ⊆ y => f(x) ⊆ f(y))
for all S: S ⊆ γ(α(S))α(γ(av)) = av
20
Monotonic Functions
In the example:
for α: (S, ⊆) → (AV,≤)for γ: (av,≤) → (S,⊆)
T
+ 0 -
⊥
21
Exercise
Prove that the expression is divisible by 3.
Set of abstract values: AV::= {true,false,T, ^}
Expressions:e::= e * e | -e | e + e | e/e | ai ∈ AV
Language:aeval: e -> AVaeval(3) = yesaeval(e1*e2) = yes iff aeval(e1)=yes or
aeval(e2)=yesaeval(-e) = … easy ;)aeval(e1+e2) = aeval(e1) and aeval(e2)aeval(e1/e2) = true if aeval(e1) and
not aeval (e2)
22
Presenting it…
Usually presented through the definition of transitions…Prove that this program does not try to access a value outside the array’s definition, a of size 10 (from 1 to 10)
j := 0from i := 1 until i > 50 loop
j :=j + (45 - a.item (i ) + a.item (2*i ))i :=i + 1
end
23
Using abstract interpretation… What abstraction would you use to compute the
call graph of a program?
What abstraction would you use to optimize the tests within a program?
24
Problems How would you verify that loops terminate?
Is it sound? Is it complete?
How would you verify that a password read on the keyboard is not sent through a socket? Is it sound? Is it complete?
25
Applications to Trusted Components
Dataflow Analysis?
Program Slicing?
Abstract Interpretation?
26
Conclusions
Program Slicing Static Dynamic
Abstract Interpretation Soundness Completeness