Com S 641 Lecture -*- Outline -*- meeting 1 * A Mundane Approach to Correctness (4.1) ** semantics and its relation to abstract interpretation ------------------------------------------ SEMANTICS AND ABSTRACT INTERPRETATION Language semantics (big step) -->* s' P |- s ~~> s' Abstract interpretatrion P |- l_1 |> l_2 f_p(l_1) = l_2 ------------------------------------------ a language semantics may be nondeterministic, but usually the abstract interpretation transfer functions are deterministic ------------------------------------------ MUNDANE Means first-order properties describe sets of values e.g., shape analysis, constant propagation ------------------------------------------ Q: What classical analyses are not mundane? all of them ------------------------------------------ EXAMPLE 4.1 For constant propagation: Semantics is: p |- s1 ~~> s2 means -->* s2 Analysis is: p |- \hat{s1} |> \hat{s2} means i = \hat{s1} /\ s2 = \bigsqcup {CP.(l) | l in final(S*)} ------------------------------------------ Q: What is the set of values for this example? Q: What is the property space for constant propagation? review page 72 if necessary Q: What would this be for shape analysis? ** correctness relations (4.1.1) ------------------------------------------ CORRECTNESS RELATIONS (4.1.1) def: a *correctness relation* has type V x L -> Boolean It says what properties safely describe a given value, and must be preserved by computation: (v1 R l1 /\ p |- v1 ~~> v2 /\ p |- l1 |> l2) ==> v2 R l2 (4.3) Picture: p |- l1 |> l2 R ==> R p |- v1 ~~> v2 ------------------------------------------ This is a "logical relation" ------------------------------------------ CORRECTNESS FOR ORDERED PROPERTY SPACES Suppose L = (L, <=) is a complete lattice, Then we require: v R l1 /\ l1 <= l2 ==> v R l2 (4.4) (\forall l \in L' <= L :: v R l) ==> v R (\bigmeet L') (4.5) ------------------------------------------ Q: What do these mean? (4.4) says smaller is better equals more precise (4.5) says there is always a best (most precise) property that safely describes a value ------------------------------------------ CONSTANT PROPAGATION (EXAMPLE 4.3) s R_CP \hat{s} iff (\forall x \in Var* :: s(x) = T \/ s(x) = \hat{s}(x)) ------------------------------------------ Q: What does that mean? Q: Why do the properties (4.4) and (4.5) hold? Q: What is correctness for shape analysis? ** representation functions (4.1.2) ------------------------------------------ REPRESENTATION FUNCTIONS (4.1.2) def: a *representation function* maps a value to the best property describing it. It must be preserved by computation in the following sense: (b(v1) <= l1 /\ p |- v1 ~~> v2 /\ p |- l1 |> l2) ==> b(v2) <= l2 (4.6) Picture: p |- l1 |> l2 ^ ^ b| ==> |b | | p |- v1 ~~> v2 ------------------------------------------ Q: What does this property mean? explained in terms of "safely described by" (<=) Q: Can we define a correctness relation, R, using b? Q: And vice versa? ------------------------------------------ CORRECTNESS VIA REPRESENTATION AND VICE VERSA def: R_b is the correctness relation generated by b: v R_b l <==> b(v) <= l def: b_R is the representation function generated by R: b_R(v) = \bigmeet { l | v R l } Lemma 4.5 (i) R_b satisfies (4.4) and (4.5), and b_{R_b} = b (ii) if R satisfies (4.4) and (4.5), then b_R is well-defined and R_{b_R} = R ------------------------------------------ draw figure 4.1 hence (4.3) is equivalent to (4.6) Q: How would you prove this? ------------------------------------------ CONSTANT PROPAGATION (EXAMPLE 4.6) b_CP: State -> \hat{State_CP} b_CP(s) = s So R_CP is defined by: ------------------------------------------ ... s R_CP \hat{s} <==> b_CP(s) <=_CP \hat{s} Q: What does that mean? Q: What's the relationship between b_SA and R_SA for shape analysis? ** generalization (4.1.3) ------------------------------------------ GENERALIZATION (4.1.3) In p |- v1 ~~> v2 allow v1 in V1, v2 in V2, and V1 <> V2 In f_p(l1) = l2 allow l1 in L1, l2 in L2, and L1 <> L2 So get 2 correctness relations: R1: V1 x L1 -> Boolean generated by b1: V1 -> L1 R2: V2 x L2 -> Boolean generated by b2: V2 -> L2 Logical relationship: f_p l1 --> l2 R1 ==> R2 p |- v1 ~~> v2 def: (R1 ->> R2) is a relation defined by (p |- . ~~> .) (R1 ->> R2) f_p <==> (\forall v1, v2, l1 :: (p |- v1 ~~> v2) /\ v1 R1 l1 ==> v2 R2 f_p(l1)) ------------------------------------------ Can view a logical relation as a lift of correctness to a higher type level Work example 4.9