ABSTRACT INTERPRETATION

Transcription

1 Master of Science in Engineering ABSTRACT INTERPRETATION Pascal Roman Artho, Seminar Program Analysis and Transformation Rapperswil, January 7, 2015

2 Agenda Informal Example What is the idea of Abstract Interpretation? Formal Example Conclusion 2

3 Informal Example: Concrete Domain 3

4 Informal Example: Abstract Domain 4

5 Informal Example: Abstraction Function αα 5

6 Informal Example: Concretization Function γγ 6

7 What is the idea of Abstract Interpretation? Try to abstract the semantic of a concrete program Verify the program runtime properties at compile-time and make automatic proofs Proofs are done at some level of abstraction where irrelevant details about the semantics and the specifications are ignored 7

8 Example: Ariane 5 Date: June 4, bit floating point number had to convert into a 16-bit signed integer value Destruction after 36.7 seconds 8

9 Example: sum(int n) Java Code Testing the function with different input values public static int sum(int n) { int r = 0; for (int i = 1; i <= n; i++) { r = r + i; int n = 3; System.out.println( "sum(" + n + ")=" + sum(n)); // sum(3)=6 } } return r; n = 4; System.out.println( "sum(" + n + ")=" + sum(n)); // sum(4)=10 9

10 Example: sum(int n) 2,50E+09 n = 65535; 2,00E+09 1,50E+09 1,00E+09 System.out.println( "sum(" + n + ")=" + sum(n)); // sum(65535)= n = ; System.out.println( "sum(" + n + ")=" + sum(n)); // sum(100000)= ,00E+08 0,00E+00-5,00E+08-1,00E+09-1,50E+09-2,00E+09-2,50E+09 n = 65536; System.out.println( "sum(" + n + ")=" + sum(n)); // sum(65536)=

11 Example: sum(int n) Java Code Conclusion public static int sum(int n) { int r = 0; for (int i = 1; i <= n; i++) { r = r + i; Overflow of variable r and / or variable i leads to incorrect results Limitation of an integer value is respectively } } return r; No guarantee that this program is safe! System safety specifications are needed 11

12 Example: sum(int n) Java Code Trace for sum(4) public static int sum(int n) { int r = 0; // no overflow of i++ for (int i = 1; i <= n; i++) { // no overflow of r = r + i r = r + i; } nn 44; rr 00; ii 11; rr = 11; ii 22; rr = 33; ii 33; rr = 66; ii 44; rr = 1100; ii 55; rrrrrrrrrrrr 1111; return r; } 12

13 Evolution of the system state (x(t)) over the time (t) 13

14 Possible trajectories and forbidden zones of the system 14

15 Example of under-approximation by testing or debugging a few trajectories 15

16 Abstraction of the trajectories (over-approximation) leads to a false alarm 16

17 Abstraction of the trajectories (time-independent) leads to false alarms 17

18 Abstraction of the trajectories (time-dependent) leads to false alarms 18

19 Partitioning of the system 19

20 Abstraction of the trajectories split by the partitions (time-independent, imprecise) 20

21 Abstraction of the trajectories split by the partitions (time-dependent, precise) 21

22 Conclusion Advantages Disadvantages Abstract interpretation is an over-approximation and cover all possible executions Multiple possibilities to abstract Drops out costly bugs and makes the system safety safe Tools can proof the absence of runtime errors and increase safety and quality of a software A precise abstraction avoid more false alarms An imprecise or coarse abstraction reduces the computation costs A precise abstraction costs more to determine An imprecise or coarse abstraction lead to false alarms 22

23 Why do we need Abstract Interpretation? Avoid such scenarios like Ariane 5 Make safety critical systems safe 23

24 Tools Ada Android Binaries C C++ Java Java Bytecode.NET ASTRÉE CodeSonar Julia Eclair Polyspace Code Contracts 24

25 Discussion 25

26 References Nielson, Flemming ; Nielson, Hanne R. ; Hankin, Chris: Principles of Program Analysis. Springer Publishing Company, Incorporated, ISBN , Cousot, P. ; Cousot, R.: A gentle introduction to formal verification of computer systems by abstract interpretation (NATO Science Series III: Computer and Systems Sciences) Images t_june_4_1996/ eng-gb/explosion_of_first_ariane_5_flight_june_4_1996.jpg 26

27 Thank you Thank you for your attention 27