compilation and program analysis (#8) : abstract interpretation - gonnord€¦ · laure gonnord...
TRANSCRIPT
![Page 1: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/1.jpg)
Compilation and Program Analysis (#8) :Abstract Interpretation
Laure Gonnordhttp://laure.gonnord.org/pro/teaching/capM1.html
Master 1, ENS de Lyon
2018-2019
![Page 2: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/2.jpg)
Objective
Compilation vs program analysis :
Compilation : generate code (with the “same” semantics).
Program Analysis : infer properties, prove absence of bugs.
I Programs are inputs.
Inspiration for slides : M2 course Program Analysis, D. Monniaux, D. Hirschkoff, P.
Roux, . . . .
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 2 / 91 �
![Page 3: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/3.jpg)
Reference book
Chapters 2.4 (dataflow) and 4 (abstract interpretation).
A nice paper (in french), about ocaml implementation for finitelattices : http://perso.ens-lyon.fr/pierre.roux/media/jfla2011.pdf
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 3 / 91 �
![Page 4: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/4.jpg)
Program analysis & Abstract Interpretation
Typical questions we want to ask/bugs to avoid
x:=a/b make sure that b 6= 0.
x:=t[i] make sure that i is within the bounds of t.
i:=i+1 make sure there is no overflow.
or more complex properties.
Fully automatic !
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 4 / 91 �
![Page 5: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/5.jpg)
Come back on dataflow
1 Come back on dataflow
2 A bit of theory : IA on finite lattices
3 Computing Invariants in infinite height lattices.
4 Application - Tools
5 Designing Analyses that scale
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 5 / 91 �
![Page 6: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/6.jpg)
Come back on dataflow
Liveness
exit
entry
Block `
LVexit(`) =
∅ if ` = final⋃{LVentry(`′)|(`, `′) ∈ flow(G)}
LVentry(`) =(LVexit(`)\killLV (`)
)∪ genLV (`)
I “Backward” set of recurrence equations.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 6 / 91 �
![Page 7: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/7.jpg)
Come back on dataflow
Available expressions
exit
entry
Block `
AEentry(`) =
∅ if ` = init⋂{AEexit(`
′)|(`′, `) ∈ flow(G)}
AEexit(`) =(AEentry(`)\killAE(`)
)∪ genAE(`)
I “Forward” set of recurrence equations.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 7 / 91 �
![Page 8: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/8.jpg)
Come back on dataflow
Common points
Computing growing sets from ∅ via fixpoint iterations. (orthe dual)
Sets of equations of the form (collecting semantics) :
S(`) =⋃
(`′,`)∈E
f(S(`′))
where f is computed w.r.t. the program statements
I S is an abstract interpretation of the program.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 8 / 91 �
![Page 9: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/9.jpg)
A bit of theory : IA on finite lattices
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.
4 Application - Tools
5 Designing Analyses that scale
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 9 / 91 �
![Page 10: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/10.jpg)
A bit of theory : IA on finite lattices
Concrete semantics : refreshing memories
Program control points are denoted by ` ∈ L. Environnementsassign values to variables.Operational semantics :
Recursive equations involving sets of environments.
The fixpoint yields a function of type L → P(Var→ Val).(set of possible memory states of each variable at eachline).
I Concrete semantics = least fixpoint. It exists(Knaster-Tarski’s theorem). No hope to compute it.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 10 / 91 �
![Page 11: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/11.jpg)
A bit of theory : IA on finite lattices
Concrete semantics-revisited
kinit k1
cos(y) ≤ x → x := x+ 1
x 6= y → y := yx
true → y := y + 2
Semantics of the programs as transition systems :
A state is a pair (k,Val) :
Val : Var→ N d
Var is [[0, . . . , d− 1]] (finite set, d vars)N is N, Z, Q
Initial states : (kinit, allv).
+ “transition relation” (concrete) denoted by→.Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 11 / 91 �
![Page 12: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/12.jpg)
A bit of theory : IA on finite lattices
Computing concrete semantics-reachability
Notations :
Σ concrete states, (σ a state).
Σ0 ⊆ Σ : set of initial states.
reachable states : σ is reachable iff :
∃σ0 ∈ Σ0 σ0 →∗ σ
R(X) = {y ∈ Σ | ∃x ∈ X x→ y}.
Xn : set of states reachable in at most n steps : X0 = Σ0,X1 = Σ0 ∪R(Σ0), X2 = Σ0 ∪R(Σ0) ∪R(R(Σ0)), etc.
I The sequence Xk is ascending for ⊆. Its limit (= the union ofall iterates) is the set of reachable states.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 12 / 91 �
![Page 13: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/13.jpg)
A bit of theory : IA on finite lattices Computing invariants
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 13 / 91 �
![Page 14: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/14.jpg)
A bit of theory : IA on finite lattices Computing invariants
Computing concrete semantics-iterative computation
Remark Xn+1 = φ(Xn) with φ(X) = Σ0 ∪R(X).
How to compute efficiently the Xn ? And the limit ?
Explicit representations of Xn (list all states) : If Σ finite, Xn
converges in at most |Σ| iterations.
else, we have to cope with two problems :Representing the Xis and computing R(Xi).Computing the limit ?
I X∞ = ∪φn(X0) is the strongest invariant of the programI Looking for overapproximations : X∞ ⊆ Xresult also calledinvariant.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 14 / 91 �
![Page 15: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/15.jpg)
A bit of theory : IA on finite lattices Computing invariants
Invariants for programs
init
loop
end
x := 0
x ≥ 100
x ≤ 99
→ x++
I {x ∈ N, 0 6 x 6 100} is the most precise invariant in controlpoint loop.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 15 / 91 �
![Page 16: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/16.jpg)
A bit of theory : IA on finite lattices Computing invariants
Inductive invariants(Inductive) invariant : set X of states s.t. φ(X) ⊆ X : with
φ(X) = X0 ∪ {y ∈ Σ | ∃x ∈ X x→ y}
Properties :
If X et Y two invariants, then so is X ∩ Y .
φ monotonic for ⊆ (if X ⊆ Y , then φ(X) ⊆ φ(Y )).
φ(X ∩ Y ) ⊆ φ(X) ⊆ X, same for Y , thusφ(X ∩ Y ) ⊆ X ∩ Y .
Same for intersections of infinitely many invariants.
I Thus the strongest invariant can be defined as theintersection of all invariants. This invariant satisfies φ(X) = X,it is the least fixed point of φ.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 16 / 91 �
![Page 17: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/17.jpg)
A bit of theory : IA on finite lattices Computing invariants
Back to our problem
Given a program (or an interpreted automaton), find inductiveinvariants for each control point : Recall : a state is a pair
(pc,Val) :Val : Var→ N d
I We want to compute lfp(φ) with
φ(X) = X0 ∪ {y ∈ Σ | ∃x ∈ X x→ y}
and→ entails the concrete semantics of the program.
This is unfeasible in general
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 17 / 91 �
![Page 18: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/18.jpg)
A bit of theory : IA on finite lattices Two problems to solve
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 18 / 91 �
![Page 19: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/19.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Representing sets of valuations
First problem to cope with : represent sets of valuations
Val : Var→ N d
Var is [[0, . . . , d− 1]] (finite set, d vars)
N is N, Z, Q
I Find a finite representation ! abstract value/abstractdomain.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 19 / 91 �
![Page 20: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/20.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Representing sets of valuations 2/2
Represent values of variables :
Rpc ∈ P(Nd)
by a finite computable superset R]pc :
y
xxx
y y
I And compute such abstract values for each control point.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 20 / 91 �
![Page 21: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/21.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Computing R
Second problem to cope with : computing the transitionrelation
R(`,X) = {(`′, x′)|∃x ∈ X and (`, x)→ (`′, x′)}
X is a (representation of a) set of valuations
→ is the program transition function (the semantics)
I We have to adapt→ into an abstract semantics→]. R willbe changed into R].
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 21 / 91 �
![Page 22: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/22.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Some examples of abstractions
For numerical values, we can abstract P(Var→ Val) by :
Signs
Constant+Value / Non Constant
Intervals (Boxes)
More complex shapes (see later).
The function used to abstract elements of P(Var→ Val) isdenoted by α and called abstraction.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 22 / 91 �
![Page 23: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/23.jpg)
A bit of theory : IA on finite lattices Two problems to solve
From a lattice to an abstract domain
A lattice :
elements, > (greatest), ⊥ (least element), partial order.
join (union), meet (intersection), emptiness test.
Abstract Domain :
Abstraction (α : val 7→ element) of the lattice, andconcretization (γ) s.t. X ⊆ γ(α(X) (Galois Connection).
Abstract transfer functions : each f is adapted into f ] s.t. :
f(X) ⊆ γ(f ](α(X)))
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 23 / 91 �
![Page 24: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/24.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Abstract Domain for signs
Lattice for a single element :
I take the cross product (for all variables), and modify meet,join, order . . . accordingly. Abstract domain :
α, γ ? (on board)
Give the abstract transfer function for + (on board)
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 24 / 91 �
![Page 25: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/25.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Abstract Interpretation, Algorithm
(High-level) Algorithm :
Write the abstract equations corresponding to the abstractsemantics.
Interpret the program from the beginning, but abstractly :Compute a lattice element per control point.Always make the union (join) with the former value.
Stop when the iteration has stabilized (for all controlpoints).
credit examples, P. Roux for Onera
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 25 / 91 �
![Page 26: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/26.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
�� � �
![Page 27: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/27.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮
�� � �
![Page 28: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/28.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮
�� � �
![Page 29: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/29.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮
�� � �
![Page 30: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/30.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮
✏ ✑ �✒ ✑ �✓ ✔✕��
✏ ✖ ✒ ✖ ✓
�� � �
![Page 31: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/31.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮� ✭ ✎ ✱ ✎ ✮
�� � �
![Page 32: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/32.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮
�� � �
![Page 33: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/33.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ � ✮
�� � �
![Page 34: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/34.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮
�� � �
![Page 35: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/35.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ � ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮
�� � �
![Page 36: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/36.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮
✏ ✑ �✒ ✑ �✓ ✔✕��
✏ ✖ ✒ ✑ � ✓
�� � �
![Page 37: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/37.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮
�� � �
![Page 38: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/38.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮
�� � �
![Page 39: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/39.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ �✮
�� � �
![Page 40: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/40.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ � ✮
�� � �
![Page 41: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/41.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮ ✭ ✞ � ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ � ✮
�� � �
![Page 42: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/42.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ � ✮
✏ ✑ �✒ ✑ �✓ ✔✕��
✏ ✖ ✒ ✑ � ✓
�� � �
![Page 43: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/43.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮ ✭ ✞ � ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ � ✮
�� � �
![Page 44: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/44.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ � ✮
�� � �
![Page 45: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/45.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ � ✮ ✭ ✍ � ✱ ✞ �✮
�� � �
![Page 46: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/46.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� ❃ �� �
�� � � � � �
�� � � ✰ � �
�
� � �
��
� � ������� ��� � � ��
� ❃ �
� � � � �
� � � ✰ �
� ✁ �
�✂�
� ✄ �❂ ☎ ��
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪
�✂�
� ✄ �❂ �
✂�
� ✄ �❬ � ✆✝ ✞ �❪ ✟ ✂
��
�✂�
�✠� ✆✝ �
✂�
�
✭ � ✮ ✡ ✂ ✭ ✞ �✮☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ☞ ✂ ✞ �
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �✭ � ✮ ✌ ✂ ✭ ✞ �✮
☛
�✂�
� ✄ �❂ �
✂�
� ✄ �✠� ✆✝ �
✂�
� ✄ �☞ ✂ ✍ �
☛
� �✂�
��
✂�
��
✂�
��
✂�
�
� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮ ✭ ☎ ✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ � ✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮ ✭ ✞ �✱ ☎ ✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ ✞ �✱ ✞ �✮ ✭ ✞ �✱ ✞ � ✮ ✭ ✞ �✱ ✞ � ✮� ✭ ✎ ✱ ✎ ✮ ✭ ☎ ✱ ✞ � ✮ ✭ ☎ ✱ ✞ �✮ ✭ ☎ ✱ ✞ �✮� ✭ ✎ ✱ ✎ ✮ ✭ �✱ ✞ �✮ ✭ ✍ �✱ ✞ � ✮ ✭ ✍ �✱ ✞ � ✮
� � � ��� �� ���� ��� �
�� � �
![Page 47: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/47.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Abstraction, concretisation for constantsAbstraction : α is ?Concretization : γ is ?
Lattice :
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 26 / 91 �
![Page 48: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/48.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
�� � �
![Page 49: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/49.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)
�� � �
![Page 50: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/50.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)
�� � �
![Page 51: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/51.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤,⊤)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)
�� � �
![Page 52: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/52.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤, ��)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)
(⊤, ��) ⊔♯��
(⊥,⊥)
�� � �
![Page 53: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/53.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, ��)� (⊥,⊥)� (⊥,⊥)� (⊥,⊥)
�� � �
![Page 54: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/54.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, �)� (⊥,⊥)� (⊥,⊥)
�� � �
![Page 55: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/55.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, �)� (⊥,⊥)
�� � �
![Page 56: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/56.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, ��)
�� � �
![Page 57: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/57.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, ��)
�� � �
![Page 58: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/58.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, ��)
�� � �
![Page 59: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/59.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, ��)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, ��)
(⊤, ��) ⊔♯��
(⊤, �+ �)
�� � �
![Page 60: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/60.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, ��)
�� � �
![Page 61: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/61.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, �) (⊤, �)� (⊥,⊥) (⊤, �)� (⊥,⊥) (⊤, ��)
�� � �
![Page 62: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/62.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, �) (⊤, �)� (⊥,⊥) (⊤, �) (⊤, �)� (⊥,⊥) (⊤, ��)
�� � �
![Page 63: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/63.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, �) (⊤, �)� (⊥,⊥) (⊤, �) (⊤, �)� (⊥,⊥) (⊤, ��) (⊤, ��)
�� � �
![Page 64: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/64.jpg)
������� �� ����� � ��� ��� ��� ���
�� � ������� ��� ��� � �� �
��� ��� > �� �
�� � � / � �
�� � � − � �
�� � � + � �
�� � �
��
� � ������� ��� � � �� � > �
� � � / �
� � � − �
� � � + �
� � �
�♯�
�+�= ⊤��
�♯�
�+�= �
♯�
�+�[� �→ ⊤]
�♯�
�+�= �
♯�
�+�[� �→ ��]⊔♯
��
�♯�
�[
� �→ �♯�
�
(�) +♯�
]
�♯�
�+�= �
♯�
�+�
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)/♯�
]
�♯�
�+�= �
♯�
�+�[
� �→ �♯�
�+�(�)−♯ �
♯�
�+�(�)
]
�♯�
�+�= �
♯�
�+�
� �♯�
��
♯�
��
♯�
�
� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤,⊤) (⊤,⊤)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, ��) (⊤, ��)� (⊥,⊥) (⊤, �) (⊤, �)� (⊥,⊥) (⊤, �) (⊤, �)� (⊥,⊥) (⊤, ��) (⊤, ��)
� � ������� �� ����� ��� �
�� � �
![Page 65: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/65.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Result
TerminationIf the underlying lattice is of finite height, then the fixpointiteration terminates and the least abstract fixpoint is computed.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 27 / 91 �
![Page 66: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/66.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Abstract Interpretation, implementation choices
Control Flow Graph, and an abstract value per block.Propagate on the edges of the CFG.
On the Abstract Syntax tree, a visitor, and the propagationis made by induction on the syntax. The only stopping testis inside the while visitor.
I For the lab, on the AST.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 28 / 91 �
![Page 67: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/67.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Abstract Interpretation, algorithm on CFG
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 29 / 91 �
![Page 68: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/68.jpg)
A bit of theory : IA on finite lattices Two problems to solve
Abstract Interpretation, algorithm on AST
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 30 / 91 �
![Page 69: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/69.jpg)
Computing Invariants in infinite height lattices.
1 Come back on dataflow
2 A bit of theory : IA on finite lattices
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scale
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 31 / 91 �
![Page 70: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/70.jpg)
Computing Invariants in infinite height lattices.
In a nutshell
The two problems also occur :
representation of sets of valuations.
abstract transitions (transfer functions).
there is another one, how to terminate if the lattice is of infiniteheight.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 32 / 91 �
![Page 71: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/71.jpg)
Computing Invariants in infinite height lattices. Intervals
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 33 / 91 �
![Page 72: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/72.jpg)
Computing Invariants in infinite height lattices. Intervals
A first example - Intervals
Try to compute an interval for each variable at each programpoint using interval arithmetic :
assume ( x >= 0 && x<= 1 ) ;assume ( y >= 2 && y= 3 ) ;assume ( z >= 3 && z= 4 ) ;t = ( x+y ) ∗ z ;
Interval for z ? [6, 16]
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 34 / 91 �
![Page 73: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/73.jpg)
Computing Invariants in infinite height lattices. Intervals
The interval lattice
See the exercise sheet.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 35 / 91 �
![Page 74: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/74.jpg)
Computing Invariants in infinite height lattices. Intervals
An example that terminates
i n t x =0;while ( x<1000) {
x=x +1;}
Loop iterations [0, 0], [0, 1], [0, 2], [0, 3],. . .
How? φ(X) = Initial state tR(X), thusφ([a, b]) = {0} t [a+ 1,min(b, 999) + 1]
I Stricly growing interval during 1000 iterations, thenstabilizes : [0, 1000] is an invariant.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 36 / 91 �
![Page 75: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/75.jpg)
Computing Invariants in infinite height lattices. Intervals
Termination Problem
Third problem to cope with : stopping the computation :
Too many computations
unbounded loops
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 37 / 91 �
![Page 76: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/76.jpg)
Computing Invariants in infinite height lattices. Intervals
One solution. . .
Extrapolation !
[0, 0], [0, 1], [0, 2], [0, 3]→ [0,+∞)
Push interval :
i n t x =0; / ∗ [ 0 , 0 ] ∗ /
while / ∗ [ 0 , + i n f t y ) ∗ / ( x<1000) {/ ∗ [ 0 , 9 9 9 ] ∗ /
x=x +1;/ ∗ [ 1 , 1 0 0 0 ] ∗ /
}
Yes ! [0,∞[ is stable !
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 38 / 91 �
![Page 77: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/77.jpg)
Computing Invariants in infinite height lattices. Intervals
Computing inductive invariants as intervals
Representation : intervals. The union leads to anoverapproximation.
We don’t know how to compute R(P ) with P interval (Thestatements may be too complex, . . .)I Replace computation by simpler over-approximationR(X) ⊆ R](X).
The convergence is ensured by extrapolation/widening.
I We always compute φ](X) with : φ(X) ⊆ φ](X)
In the end, over-approximation of the least fixed point of φ.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 39 / 91 �
![Page 78: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/78.jpg)
Computing Invariants in infinite height lattices. Intervals
Computing inductive invariants as intervals - 2
(abstract) Interval operations :
+,−,× on intervals : interval arithmetic
union : [a, b] ∪ [c, d] : loosing info !
widening : (I1∇I2 with I1 ⊆ I2)
⊥∇I = I
[a, b]∇[c, d] = [if c < a then −∞ else a,
if d > b then +∞ else b]
The idea is to infer the dynamic of the intervals thanks to thefirst terms.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 40 / 91 �
![Page 79: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/79.jpg)
Computing Invariants in infinite height lattices. Intervals
Computing inductive invariants as intervals - 3The widening operator being designed, we compute (x ⊆ F (x))
Σ0, Y1 = Σ0∇F (Σ0), Y2 = Y1∇F (Y1) . . .
finite computation instead of : Σ0, F (Σ0), F2(Σ0), . . . which
can be infinite.
Theorem(Cousot/Cousot 77) Iteratively computing the reachable statesfrom the entry point with the interval operators and applyingwidening at entry nodes of loops converges in a finite numberof steps to a overapproximation of the least invariant (akapostfixpoint).
I The widening operators must satisfy the non ascending chaincondition (see Cousot/Cousot 1977).
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 41 / 91 �
![Page 80: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/80.jpg)
Computing Invariants in infinite height lattices. Intervals
Invariants for programs - ex 1
init
loop
end
x := 0
x ≥ 100
x ≤ 99
→ x++
I x ∈ [0,+∞] in loop.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 42 / 91 �
![Page 81: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/81.jpg)
Computing Invariants in infinite height lattices. Intervals
Computing inductive invariants as intervals - ex 2
x = random ( 0 , 7 ) ;y = cos ( x )+ xwhile ( y<=100) {
i f ( x >2) x−−;else {
y = −4;x−−;
}}
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 43 / 91 �
![Page 82: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/82.jpg)
Computing Invariants in infinite height lattices. Intervals
Nested loops / Several loops(Bourdoncle, 1992) Computing strongly connectedsubcomponents and iterate inside each :
0
1 2 3 4
7 5 8 9
6
Gray nodes are widening nodes
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 44 / 91 �
![Page 83: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/83.jpg)
Computing Invariants in infinite height lattices. Intervals
Improving precision after convergence
i n t x =0; / ∗ [ 0 , 0 ] ∗ /
while / ∗ [ 0 , + i n f t y ) ∗ / ( x<1000) {/ ∗ [ 0 , 9 9 9 ] ∗ /
x=x +1;/ ∗ [ 1 , 1 0 0 0 ] ∗ /
}
we got [0,+∞) instead of [0, 999]. Run one more iteration of theloop : {0} t [1, 1000] = [0, 1000]. Check if [0, 1000] is an inductiveinvariant? YESI This is called narrowing or descending sequence : endswhen we have an inductive invariant or after k applications ofthe transition function.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 45 / 91 �
![Page 84: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/84.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 46 / 91 �
![Page 85: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/85.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
When intervals are not sufficient
assume ( x >= 0 && x <= 1 ) ;y = x ;z = x−y ;
The human (intelligent) sees z = 0 thus interval [0, 0],taking into account y = x.
Interval arithmetic does not see z = 0 because it does nottake y = x into account.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 47 / 91 �
![Page 86: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/86.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
How to track relations
Using relational domains.
E.g. : keep
for each variable an interval
for each pair of variables (x, y) an information x− y 6 C.
(One obtains x = y by x− y 6 0 and y − x 6 0.)
How to compute on that?
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 48 / 91 �
![Page 87: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/87.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Bounds on differences : practical example
Suppose x− y 6 4, computation is z = x+ 3, then we knowz − y 6 7. Suppose x− z 6 20, that x− y 6 4 and that
y − z 6 6, then we know x− z 6 10.
I We know how to compute on these relations (transitiveclosure / shortest path).
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 49 / 91 �
![Page 88: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/88.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Why this is useful
Let t(0..n) an array in the program.The program writes t(i).
Need to know whether 0 6 i 6 n, otherwise said find bounds oni and on n− i. . .
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 50 / 91 �
![Page 89: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/89.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Can we do better?
How about tracking relations such as 2x+ 3y 6 6 ?
At a given program point, a set of linear inequalities.
In other words, a convex polyhedron (Linear Relation Anlysis).
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 51 / 91 �
![Page 90: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/90.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Classical Linear Relation Analysis
(Halbwachs/Cousot 1979)
Abstract Interpretation in the Polyhedral domain
Infinite Domain with many particularities
Discover affine relations on variables
I Classically used in verification problems.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 52 / 91 �
![Page 91: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/91.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
The polyhedral domain (1)
Convex polyhedra representation :
I Effective and efficient algorithmic (emptyness test, union,affine transformation . . . )
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 53 / 91 �
![Page 92: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/92.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
The polyhedral domain(2)
Intersection, emptyness
Affine Transformation : a(P ) = {CX +D | X ∈ P}.
Convex hull (loss of precision)
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 54 / 91 �
![Page 93: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/93.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
The Polyhedral domain (3)Widening : P∇Q : limit extrapolation.P∇Q constraints : take Q constraints and remove those whichare not saturated by P .
Trick ( !) : {x = y = 0} = {0 6 y 6 x 6 0}
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 55 / 91 �
![Page 94: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/94.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Analysis example - 1
x:=0;y:=0
while (x<=100) do
read(b);
if b then
x:=x+2
else begin
x:=x+1;
y:=y+1;
end;
endif
endwhile
p
pin
x 6 100 →
x := x + 1y := y + 1
x 6 100 →
x := x + 2
(x, y) := (0, 0)
pout
x > 100
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 56 / 91 �
![Page 95: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/95.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Example - 2
p
pin
x 6 100 →
x := x + 1y := y + 1
x 6 100 →
x := x + 2
(x, y) := (0, 0)
pout
x > 100
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 57 / 91 �
![Page 96: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/96.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Linear Relation Analysis - Problems
Complexity increases with :
number of control points
number of numerical variables
Approximation is due to :
Convex hulls
Widening
(credits for these slides : Nicolas Halbwachs)
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 58 / 91 �
![Page 97: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/97.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Complexity
(In general) The more precise we are, the higher the costs.
Intervals : algorithms O(n), n number of variables.
Differences x− y 6 C : algorithms O(n3)
Octagons ±x± y 6 C (Miné) : algorithms O(n3)
Polyhedra (Cousot / Halbwachs) : algorithms often O(2n).
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 59 / 91 �
![Page 98: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/98.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Delaying widening - 1
Halbwachs 1993 / Goubault 2001 / Blanchet et al. 2003
Fix k and compute :
Xn =
⊥ if n = 0
F (Xn−1) if n < k
Xn−1∇F (Xn−1) else.
I Similar to unrolling loops, costly but useful (regular behaviourafter a constant number of iterations).
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 60 / 91 �
![Page 99: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/99.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Delaying widening - 2 - ex
p
q0
x > 0 →
x := x + 1
x = 0 →
x := x + 1
y := y + 1
x := 0; y := 0
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 61 / 91 �
![Page 100: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/100.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Improving the widening operatorWhile applying P∇Q, intersect with constraints that aresatisfied by both P and Q. The constraints must beprecomputed.
init
loop
end
x := 0
x ≥ 100
x ≤ 99
→ x++
Here, with “x 6 100” in the pool of constraints, it avoidsnarrowing.I Warning widening is not monotone, so improving locally isnot necessarily a good idea !
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 62 / 91 �
![Page 101: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/101.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Local improvement with acceleration
(Gonnord/Halbwachs 2006, Schrammel 2012)Idea : Sometimes, a fixpoint of a loop can be easily computedwithout any fixpoint iteration.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 63 / 91 �
![Page 102: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/102.jpg)
Computing Invariants in infinite height lattices. Toward more relational abstract domains
Good path heuristic
(Gonnord/Monniaux 2011)Idea : find interesting paths by means of smt-queries
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 64 / 91 �
![Page 103: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/103.jpg)
Application - Tools
1 Come back on dataflow
2 A bit of theory : IA on finite lattices
3 Computing Invariants in infinite height lattices.
4 Application - Tools
5 Designing Analyses that scale
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 65 / 91 �
![Page 104: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/104.jpg)
Application - Tools
ApplicationsBounds on iterators of arrays (intervals, differences onbounds)Dead code elimination (all domains) - especially when thecode has been automatically generated / assertsVectorization : computations that can be permutedMemory optimisation : this int can be encoded in 16 bits?Preconditions for code specialization (on going work with F.Rastello)Safety analysis. Termination.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 66 / 91 �
![Page 105: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/105.jpg)
Application - Tools
Tools
Frama-C : analysing/ proving correction of C programs(see http://frama-c.com/
Apron : numerical domain interface(http://apron.cri.ensmp.fr/library/)
Interproc : IA analyser connected to Apron (see http:
//pop-art.inrialpes.fr/interproc/interprocweb.cgi
Rose / LLVM : C (and more) parsers and API formanipulating C programs. Rose is more decidated toprogram transformation, LLVM to compilerconstruction(http://www.rosecompiler.org/ andhttp://llvm.org/.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 67 / 91 �
![Page 106: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/106.jpg)
Application - Tools
Industrial succes stories
Polyspace
Astree
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 68 / 91 �
![Page 107: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/107.jpg)
Application - Tools
Demo Time : PAGAI.
http://pagai.forge.imag.fr/
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 69 / 91 �
![Page 108: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/108.jpg)
Designing Analyses that scale
1 Come back on dataflow
2 A bit of theory : IA on finite lattices
3 Computing Invariants in infinite height lattices.
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 70 / 91 �
![Page 109: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/109.jpg)
Designing Analyses that scale
Challenges in Abstract Interpretation
Precision of the abstract domain.
Thousands, millions of lines of code to analyze.
Static analyzers and compilers are complex programs (thatalso have bugs)
I Growing need for simple specialized analyses that scale
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 71 / 91 �
![Page 110: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/110.jpg)
Designing Analyses that scale
Designing a scalable static analysis : an example
OOPSLA’14 :
A technique to prove that (some) memory accesses aresafe :
Less need for additional guards.Based on abstract interpretation.Precision and cost compromise.
Implemented in LLVM-compiler infrastructure :Eliminate 50% of the guards inserted by AddressSanitizerSPEC CPU 2006 17% faster
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 72 / 91 �
![Page 111: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/111.jpg)
Designing Analyses that scale Overview
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 73 / 91 �
![Page 112: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/112.jpg)
Designing Analyses that scale Overview
A bit on sanitizing memory accesses
Different techniques : but all have an overhead.
Ex : Address Sanitizer
Shadow every memory allocated : 1 byte→ 1 bit (allocatedor not).
Guard every array access : check if its shadow bit is valid.I slows down SPEC CPU 2006 by 25%
I We want to remove these guards.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 74 / 91 �
![Page 113: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/113.jpg)
Designing Analyses that scale Overview
Green Arrays : overview 1/2
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 75 / 91 �
![Page 114: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/114.jpg)
Designing Analyses that scale Overview
Green Arrays : overview 2/2
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 76 / 91 �
![Page 115: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/115.jpg)
Designing Analyses that scale Overview
Symbolic ranges : How to ensure scalability?
The idea is to work on the intermediate representation toensure the following key property :
SSI PropertyAll abstract values are stable on their live ranges.
How? Splitting variables (v, i in the last example).(technical stuff later if there remains time)
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 77 / 91 �
![Page 116: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/116.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 78 / 91 �
![Page 117: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/117.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
Symbolic Ranges (SRA) : Running example
i n t main ( i n t argc ) {i n t ∗ v = mal loc ( sizeof ( i n t )∗ argc ) ;i n t i = argc − 1;v [ i ] = 0 ;i f ( ? ) { v = r e a l l o c ( sizeof ( i n t ) ∗2 ) ; i =1 ; }v [ i ] = 0 ;
}
I Are all accesses to v safe?
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 79 / 91 �
![Page 118: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/118.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
Symbolic Ranges (SRA) : On the SSA form
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 80 / 91 �
![Page 119: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/119.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
SRA on SSA form : a sparse analysis
An abtract interpretation-based technique.
Very similar to classic range analysis.
One abstract value (R) per variable : sparsity.
I Easy to implement (simple algorithm, simple data structure).
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 81 / 91 �
![Page 120: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/120.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
SRA on SSA form : constraint system
v = • ⇒ R(v) = [v, v]
v = o ⇒ R(v) = R(o)
v = v1 ⊕ v2 ⇒ R(v) = R(v1)⊕I R(v2)
v = φ(v1, v2) ⇒ R(v) = R(v1) tR(v2)
other instructions ⇒ ∅
⊕I : abstract effect of the operation ⊕ on two intervals.t : convex hull of two intervals. I All these operation areperformed symbolically thanks to GiNaC
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 82 / 91 �
![Page 121: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/121.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
SRA on SSA form : an example
N = randunsigned ()
i_0 = 0
i_1 = phi(i_0 ,i_2)
i_1 < N ?
i_2 = i_1 + 1
R(i0) = [0, 0]
R(i1) = [0,+∞]
R(i2) = [1,+∞]
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 83 / 91 �
![Page 122: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/122.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
Improving precision of SRA : live-range splitting 1/2
I e-SSA form.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 84 / 91 �
![Page 123: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/123.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
Improving precision of SRA : live-range splitting 2/2
Rule for live-range splitting :
t = a < bbr (t, l)
at = σ(a)bt = σ(b)
af = σ(a)bf = σ(b)
l
R(at ) = [R(a)↓, min(R(b)↑− 1, R(a)↑)]
R(bt ) = [max(R(a)↓ + 1, R(a)↓), R(b)↑]
R(af ) = [max(R(a)↓, R(a)↑), R(a)↑]
R(bt ) = [R(b)↓, min(R(a)↑, R(b)↑)]
�
I All simplications are done by GiNaC.
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 85 / 91 �
![Page 124: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/124.jpg)
Designing Analyses that scale Scalable symbolic abstract domain
SRA + live-range on an example
N = randunsigned ()
i_0 = 0
i_1 = phi(i_0 ,i_2)
i_1 < N ?
i_t = sigma(i_1)
i_2 = i_t + 1R(it) = [R(i1) ↓,min(N − 1, R(i1) ↑)]
R(i0) = [0, 0]
R(i1) = [0, N ]
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 86 / 91 �
![Page 125: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/125.jpg)
Designing Analyses that scale Experimental results
1 Come back on dataflow
2 A bit of theory : IA on finite latticesComputing invariantsTwo problems to solve
3 Computing Invariants in infinite height lattices.IntervalsToward more relational abstract domains
4 Application - Tools
5 Designing Analyses that scaleOverviewScalable symbolic abstract domainExperimental results
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 87 / 91 �
![Page 126: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/126.jpg)
Designing Analyses that scale Experimental results
Experimental setup
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 88 / 91 �
![Page 127: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/127.jpg)
Designing Analyses that scale Experimental results
Percentage of bound checks removed
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 89 / 91 �
![Page 128: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/128.jpg)
Designing Analyses that scale Experimental results
Runtime improvement
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 90 / 91 �
![Page 129: Compilation and Program Analysis (#8) : Abstract Interpretation - Gonnord€¦ · Laure Gonnord (M1/DI-ENSL)Compilation and Program Analysis (#8): Abstract Interpretation2018-2019](https://reader036.vdocuments.net/reader036/viewer/2022062606/5fe76d92a83bc67a996ebc96/html5/thumbnails/129.jpg)
Designing Analyses that scale Experimental results
In the paper (OOPSLA’14)
A complete formalisation of all the analyses :
Concrete and abstract semantics.
Safety is proved.
Interprocedural analysis.
I https://code.google.com/p/ecosoc/
Remaining question : improving precision of the symbolic rangeanalysis?
Laure Gonnord (M1/DI-ENSL) Compilation and Program Analysis (#8): Abstract Interpretation2018-2019 � 91 / 91 �