Numerical Abstract Domain using Support Function. Yassamine Seladji - PowerPoint PPT Presentation

Numerical Abstract Domain using Support Function. Yassamine Seladji and Olivier Bouissou. CEA, LIST, LMeASI. France yassamine.seladji@cea.fr olivier.bouissou@cea.fr

Introduction Static analysis by abstract interpretation ellipsoide Box Polyhedra e Sign p l a t e m T Octagon e Zonotope o n z Yassamine Seladji and Olivier Bouissou. 2 / 21

Introduction Static analysis by abstract interpretation ellipsoide Box Polyhedra e Sign p l a t e m T Octagon e Zonotope o n z Yassamine Seladji and Olivier Bouissou. 2 / 21

Introduction Static analysis by abstract interpretation Constraints representation Polyhedra Generators representation Yassamine Seladji and Olivier Bouissou. 2 / 21

Introduction Static analysis by abstract interpretation Constraints representation Support function Polyhedra Generators representation Yassamine Seladji and Olivier Bouissou. 2 / 21

Support Function Definition Definition Let S be a closed convex set and δ S its support function, such that : ∀ d ∈ ❘ n , δ S ( d ) = sup {� x , d � : x ∈ S } Yassamine Seladji and Olivier Bouissou. 3 / 21

Support Function Definition Definition Let S be a closed convex set and δ S its support function, such that : ∀ d ∈ ❘ n , δ S ( d ) = sup {� x , d � : x ∈ S } Yassamine Seladji and Olivier Bouissou. 3 / 21

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. Yassamine Seladji and Olivier Bouissou. 4 / 21

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. Yassamine Seladji and Olivier Bouissou. 4 / 21

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. Property Let S be a closed convex set, and ∆ ⊆ ❘ n be a set of directions. We put � { x ∈ ❘ n |� x , d � ≤ δ S ( d ) } P = d ∈ ∆ Then S ⊆ P Yassamine Seladji and Olivier Bouissou. 4 / 21

Support Function Over-approximation Let ∆ = { d 1 , d 2 , d 3 , d 4 , d 5 } be a set of directions. The special case of polyhedron Let S be a polyhedron. If S is represented by : ◮ Linear system, δ S is obtained using Linear Programming. ◮ Generators (vertices) v i , δ S ( d ) = sup {� v i , d � : v i ∈ S } . Yassamine Seladji and Olivier Bouissou. 4 / 21

Support Function Properties Properties Let S , S ′ be two closed convex sets. We have : ◮ ∀ M ∈ ❘ n × ❘ m , δ MS ( d ) = δ S ( M T d ). ◮ δ S ⊕ S ′ ( d ) = δ S ( d )+ δ S ′ ( d ). S ⊕ S ′ = { x + x ′ | x ∈ S , x ′ ∈ S ′ } ◮ δ S ∪ S ′ ( d ) = max( δ S ( d ) , δ S ′ ( d )). ◮ δ S ∩ S ′ ( d ) ≤ min( δ S ( d ) , δ S ′ ( d )). Yassamine Seladji and Olivier Bouissou. 5 / 21

Support Function Properties Properties Let S , S ′ be two closed convex sets. We have : ◮ ∀ M ∈ ❘ n × ❘ m , δ MS ( d ) = δ S ( M T d ). ◮ δ S ⊕ S ′ ( d ) = δ S ( d )+ δ S ′ ( d ). S ⊕ S ′ = { x + x ′ | x ∈ S , x ′ ∈ S ′ } ◮ δ S ∪ S ′ ( d ) = max( δ S ( d ) , δ S ′ ( d )). ◮ δ S ∩ S ′ ( d ) ≤ min( δ S ( d ) , δ S ′ ( d )). Yassamine Seladji and Olivier Bouissou. 5 / 21

P ❘ ❘ ❘ ❘ Abstract domain Definition For a set of directions ∆, Yassamine Seladji and Olivier Bouissou. 6 / 21

❘ ❘ ❘ Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. Yassamine Seladji and Olivier Bouissou. 6 / 21

Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. The concretisation function P ( ❘ n ) γ ∆ : (∆ → ❘ ∞ ) − → d ∈ ∆ { x ∈ ❘ n | � x , d � ≤ Ω( d ) } − → � Ω Yassamine Seladji and Olivier Bouissou. 6 / 21

Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. The concretisation function P ( ❘ n ) γ ∆ : (∆ → ❘ ∞ ) − → d ∈ ∆ { x ∈ ❘ n | � x , d � ≤ Ω( d ) } − → � Ω Example : Yassamine Seladji and Olivier Bouissou. 6 / 21

Abstract domain Definition For a set of directions ∆, let P ♯ ∆ = ∆ → ❘ ∞ be the abstract domain. The concretisation function P ( ❘ n ) γ ∆ : (∆ → ❘ ∞ ) − → d ∈ ∆ { x ∈ ❘ n | � x , d � ≤ Ω( d ) } − → � Ω Example : Yassamine Seladji and Olivier Bouissou. 6 / 21

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞  λ d . δ S ( d ) otherwise  Example : Yassamine Seladji and Olivier Bouissou. 7 / 21

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞  λ d . δ S ( d ) otherwise  Example : Yassamine Seladji and Olivier Bouissou. 7 / 21

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞  λ d . δ S ( d ) otherwise  Example : Yassamine Seladji and Olivier Bouissou. 7 / 21

Abstract domain Definition The abstraction function P ( ❘ n ) α ∆ : − → (∆ → ❘ ∞ )  λ d . − ∞ if S = ∅   if S = ❘ n − → S λ d . + ∞  λ d . δ S ( d ) otherwise  Example : Yassamine Seladji and Olivier Bouissou. 7 / 21

Abstract domain Definition The complete lattice � P ♯ ∆ , ⊑ , ⊥ , ⊤ , ⊔ , ⊓� is defined by : ◮ An order relation : Ω 1 ⊑ Ω 2 ⇔ γ ∆ (Ω 1 ) ⊆ γ ∆ (Ω 2 ). ◮ A minimal element : ⊥ = λ d . − ∞ . ◮ A maximal element : ⊤ = λ d . + ∞ . ◮ A join operator : Ω 1 ⊔ Ω 2 = λ d . max(Ω 1 ( d ) , Ω 2 ( d )). ◮ A meet operator : Ω 1 ⊓ Ω 2 = λ d . min(Ω 1 ( d ) , Ω 2 ( d )). Yassamine Seladji and Olivier Bouissou. 8 / 21

Abstract domain Definition The complete lattice � P ♯ ∆ , ⊑ , ⊥ , ⊤ , ⊔ , ⊓� is defined by : ◮ An order relation : Ω 1 ⊑ Ω 2 ⇔ γ ∆ (Ω 1 ) ⊆ γ ∆ (Ω 2 ). ◮ A minimal element : ⊥ = λ d . − ∞ . ◮ A maximal element : ⊤ = λ d . + ∞ . ◮ A join operator : Ω 1 ⊔ Ω 2 = λ d . max(Ω 1 ( d ) , Ω 2 ( d )). ◮ A meet operator : Ω 1 ⊓ Ω 2 = λ d . min(Ω 1 ( d ) , Ω 2 ( d )). Notes : γ ∆ (Ω 1 ⊔ Ω 2 ) = γ ∆ (Ω 1 ) ∪ γ ∆ (Ω 2 ). γ ∆ (Ω 1 ⊓ Ω 2 ) ⊒ γ ∆ (Ω 1 ) ∩ γ ∆ (Ω 2 ). Yassamine Seladji and Olivier Bouissou. 8 / 21

Abstract domain Fixpoint computation using Kleene iteration Program Input : P 0 a bounded polyhedron. Input : A ∈ ❘ n × ❘ m , b ∈ ❘ m . Input : c ∈ ❘ n , l ∈ ❘ X ∈ P 0 while ( � X , c � ≤ l ) { X = AX + b . } Yassamine Seladji and Olivier Bouissou. 9 / 21

Abstract domain Fixpoint computation using Kleene iteration Program Input : P 0 a bounded polyhedron. Input : A ∈ ❘ n × ❘ m , b ∈ ❘ m . Input : c ∈ ❘ n , l ∈ ❘ X ∈ P 0 while ( � X , c � ≤ l ) { X = AX + b . } Ω i = Ω i − 1 ⊔ [( A Ω i − 1 + b ) ⊓ ( � c , X � ≤ l )] Yassamine Seladji and Olivier Bouissou. 9 / 21

P Abstract domain Fixpoint computation using Kleene iteration ◮ Case 1 : Ω i = Ω i − 1 ⊔ [( A Ω i − 1 + b ) ⊓ ( � c , X � ≤ l )] ///////////////// Program X ∈ P 0 while ( true ) { X = AX + b } Yassamine Seladji and Olivier Bouissou. 10 / 21

P Abstract domain Fixpoint computation using Kleene iteration ◮ Case 1 : Ω i = Ω i − 1 ⊔ [( A Ω i − 1 + b ) ⊓ ( � c , X � ≤ l )] ///////////////// The first abstract element Program X ∈ P 0 Ω 1 = λ d .δ P 0 ∪ ( A P 0 ⊕ b ) ( d ) while ( true ) { X = AX + b } Yassamine Seladji and Olivier Bouissou. 10 / 21

P Abstract domain Fixpoint computation using Kleene iteration ◮ Case 1 : Ω i = Ω i − 1 ⊔ [( A Ω i − 1 + b ) ⊓ ( � c , X � ≤ l )] ///////////////// The first abstract element Program X ∈ P 0 Ω 1 = λ d .δ P 0 ∪ ( A P 0 ⊕ b ) ( d ) λ d . max ( δ P 0 ( d ) , δ P 0 ( A T d ) + � b , d � ) while ( true ) { = X = AX + b } Yassamine Seladji and Olivier Bouissou. 10 / 21

Abstract domain Fixpoint computation using Kleene iteration ◮ Case 1 : Ω i = Ω i − 1 ⊔ [( A Ω i − 1 + b ) ⊓ ( � c , X � ≤ l )] ///////////////// The first abstract element Program X ∈ P 0 Ω 1 = λ d .δ P 0 ∪ ( A P 0 ⊕ b ) ( d ) λ d . max ( δ P 0 ( d ) , δ P 0 ( A T d ) + � b , d � ) while ( true ) { = X = AX + b } The i th abstract element Ω i = λ d . max { δ P 0 ( A Tj d ) + � j k =1 � b , A T ( k − 1) d � , j = 0 , .., i } Yassamine Seladji and Olivier Bouissou. 10 / 21

Abstract domain Fixpoint computation using Kleene iteration ◮ Case 1 : Ω i = Ω i − 1 ⊔ [( A Ω i − 1 + b ) ⊓ ( � c , X � ≤ l )] ///////////////// Program X ∈ P 0 α ∆ ( P i ) = Ω i while ( true ) { X = AX + b } The i th abstract element Ω i = λ d . max { δ P 0 ( A Tj d ) + � j k =1 � b , A T ( k − 1) d � , j = 0 , .., i } Yassamine Seladji and Olivier Bouissou. 10 / 21