Embed Size (px)
Citation preview
Program AnalysisLecture 1
Rayna Dimitrova
WS 2016/2017
AdministrativeLectures
I Slides/lecture notes will be posted onhttp://www.mpi-sws.org/~rayna/pa1617.html
I We will follow closely the WS 2015/2016 edition of the course(lecture notes in German)
I Written exam
Exercises
I Time and place of tutorial to be determined
I Exercise sheet will be posted after each lecture onhttp://www.mpi-sws.org/~rayna/pa1617.html
I Solutions are due at the beginning of the next lecture
I You need 60% of the total number of points on the exercisesheets during the semester to qualify for the exam
2/18
Program analysis
Software
I has bugs
I is often too slow
Applications of program analysis
I software verification
I compiler optimization
Static program analysisestablish properties of a program without executing it
Theorem (Rice)All non-trivial semantic properties of programs are undecidable.
=⇒ develop algorithms that give conservative answers
3/18
A simple program
x and y are integer variables
r e a d ( x ) ;
i f ( x < 0){y : = 0 ;whi le x < 0 do{
x++;y++;
}}e l s e {
y := x ;}
p r i n t ( y ) ;
4/18
A simple sign lattice
∅
(n, nn) (nn, n)(n, n) (nn, nn)
(n, ?) (?, n) (?, nn) (nn, ?)
(?, ?)
I n : negative value, nn: non-negative value; ?: any value in ZI (n, nn) represents the set {(x, y) ∈ Z× Z | x < 0, y ≥ 0}I an arrow a −→ b denotes the fact that the set represented by
a is a subset of the set represented by bI Note: we have omitted arrows such as
I (n, nn) −→ (n, nn) (self-loop),I (n, nn) −→ (?, ?), induced by the arrows
(n, nn) −→ (n, ?) and (n, ?) −→ (?, ?) 5/18
Total orders
(N,≤) is a total order: it satisfies the following conditions
reflexivity: a ≤ a for all a ∈ Nantisymmetry: a ≤ b and b ≤ a implies a = b
transitivity: a ≤ b and b ≤ c implies b ≤ c
comparability: For any a, b ∈ N, either a ≤ b or b ≤ a
What about (P({1, 2, 3}),⊆)?(where P({1, 2, 3}) is the set of all subsets of {1,2,3})
{1, 2} 6⊆ {1, 3} and {1, 3} 6⊆ {1, 2}{1, 2} and {1, 3} are incomparable
6/18
Total orders
(N,≤) is a total order: it satisfies the following conditions
reflexivity: a ≤ a for all a ∈ Nantisymmetry: a ≤ b and b ≤ a implies a = b
transitivity: a ≤ b and b ≤ c implies b ≤ c
comparability: For any a, b ∈ N, either a ≤ b or b ≤ a
What about (P({1, 2, 3}),⊆)?(where P({1, 2, 3}) is the set of all subsets of {1,2,3})
{1, 2} 6⊆ {1, 3} and {1, 3} 6⊆ {1, 2}{1, 2} and {1, 3} are incomparable
6/18
Partial orders
A partial order (D,≤) consists of a set D 6= ∅ and arelation ≤ ⊆ D ×D which has the following properties
reflexivity: a ≤ a for all a ∈ Nantisymmetry: a ≤ b and b ≤ a implies a = b
transitivity: a ≤ b and b ≤ c implies b ≤ c
(P({1, 2, 3}),⊆) is a partial order
partial order + comparability = total order
7/18
A Hasse diagram for (P({1, 2, 3}),⊆)I leave out reflexivity self-loops
I leave out edges induced by transitivity
{1, 2, 3}
{1, 3}{1, 2} {2, 3}
{1} {2} {3}
∅
8/18
Least and greatest elements of a setLet (D,≤) be a partial order and X ⊆ D.
a ∈ X is a minimal element of Xif there does not exist x ∈ X such that x ≤ a and x 6= a.
l ∈ X is the least element of Xif for all x ∈ X it holds that l ≤ x.
9/18
Least and greatest elements of a setLet (D,≤) be a partial order and X ⊆ D.
a ∈ X is a minimal element of Xif there does not exist x ∈ X such that x ≤ a and x 6= a.
l ∈ X is the least element of Xif for all x ∈ X it holds that l ≤ x.
ExampleConsider (P({1, 2, 3}),⊆).The set {{1, 2}, {2, 3}} has two minimal elements.The set {{1, 2}, {2, 3}} does not have a least element.
ExampleConsider (Z∪{#},≤) where ≤ is the less-than-or-equal relation onZ, and # is incomparable with each of the elements of Z. The setZ∪{#} has exactly one minimal element, #, and no least element.
9/18
Least and greatest elements of a setLet (D,≤) be a partial order and X ⊆ D.
a ∈ X is a minimal element of Xif there does not exist x ∈ X such that x ≤ a and x 6= a.
l ∈ X is the least element of Xif for all x ∈ X it holds that l ≤ x.
b ∈ X is a maximal element of Xif there does not exist x ∈ X such that b ≤ x and x 6= b.
g ∈ X is the greatest element of Xif for all x ∈ X it holds that x ≤ g.
9/18
Join
Let (D,≤) be a partial order and let X ⊆ D
u ∈ D is called an upper bound for X if x ≤ u for all x ∈ X
u ∈ D is called a least upper bound for X (also join of X) if
I u is an upper bound for X
I u ≤ u′ for all upper bounds u′ for X
By definition, if it exists, the least upper bound of X is unique.
The least upper bound of X is denoted by⊔X.
Instead of⊔{a, b} we write a t b.
10/18
Join
Let (D,≤) be a partial order and let X ⊆ D
u ∈ D is called an upper bound for X if x ≤ u for all x ∈ X
u ∈ D is called a least upper bound for X (also join of X) if
I u is an upper bound for X
I u ≤ u′ for all upper bounds u′ for X
By definition, if it exists, the least upper bound of X is unique.
The least upper bound of X is denoted by⊔X.
Instead of⊔{a, b} we write a t b.
10/18
Join
Let (D,≤) be a partial order and let X ⊆ D
u ∈ D is called an upper bound for X if x ≤ u for all x ∈ X
u ∈ D is called a least upper bound for X (also join of X) if
I u is an upper bound for X
I u ≤ u′ for all upper bounds u′ for X
By definition, if it exists, the least upper bound of X is unique.
The least upper bound of X is denoted by⊔X.
Instead of⊔{a, b} we write a t b.
10/18
Join
Let (D,≤) be a partial order and let X ⊆ D
u ∈ D is called an upper bound for X if x ≤ u for all x ∈ X
u ∈ D is called a least upper bound for X (also join of X) if
I u is an upper bound for X
I u ≤ u′ for all upper bounds u′ for X
By definition, if it exists, the least upper bound of X is unique.
The least upper bound of X is denoted by⊔X.
Instead of⊔{a, b} we write a t b.
10/18
Meet
Let (D,≤) be a partial order and let X ⊆ D
l ∈ D is called a lower bound for X if l ≤ x for all x ∈ X
l ∈ D is called a greatest lower bound for X (also meet of X) if
I l is a lower bound for X
I l′ ≤ l for all lower bounds l′ for X
By definition, if it exists, the greatest lower bound of X is unique.
The greatest lower bound of X is denoted bydX.
Instead ofd{a, b} we write a u b.
11/18
Meet
Let (D,≤) be a partial order and let X ⊆ D
l ∈ D is called a lower bound for X if l ≤ x for all x ∈ X
l ∈ D is called a greatest lower bound for X (also meet of X) if
I l is a lower bound for X
I l′ ≤ l for all lower bounds l′ for X
By definition, if it exists, the greatest lower bound of X is unique.
The greatest lower bound of X is denoted bydX.
Instead ofd{a, b} we write a u b.
11/18
Meet
Let (D,≤) be a partial order and let X ⊆ D
l ∈ D is called a lower bound for X if l ≤ x for all x ∈ X
l ∈ D is called a greatest lower bound for X (also meet of X) if
I l is a lower bound for X
I l′ ≤ l for all lower bounds l′ for X
By definition, if it exists, the greatest lower bound of X is unique.
The greatest lower bound of X is denoted bydX.
Instead ofd{a, b} we write a u b.
11/18
Meet
Let (D,≤) be a partial order and let X ⊆ D
l ∈ D is called a lower bound for X if l ≤ x for all x ∈ X
l ∈ D is called a greatest lower bound for X (also meet of X) if
I l is a lower bound for X
I l′ ≤ l for all lower bounds l′ for X
By definition, if it exists, the greatest lower bound of X is unique.
The greatest lower bound of X is denoted bydX.
Instead ofd{a, b} we write a u b.
11/18
LatticesA lattice is a partial order (D,≤) in which for every pair a, b ∈ Dthere exist least upper bound a t b and greatest lower bound a u b.
A lattice is called complete if for every subset X ⊆ D there existthe least upper bound
⊔X and the greatest lower bound
dX.
12/18
LatticesA lattice is a partial order (D,≤) in which for every pair a, b ∈ Dthere exist least upper bound a t b and greatest lower bound a u b.
A lattice is called complete if for every subset X ⊆ D there existthe least upper bound
⊔X and the greatest lower bound
dX.
Examples
x
x1 x2
not a lattice:{x1, x2} does nothave a lower bound
a1
a2 a3
a4 a5
a6
not a lattice: {a2, a3} hasupper bounds a4, a5, a6but no least upper bound(a4, a5 not comparable)
12/18
LatticesA lattice is a partial order (D,≤) in which for every pair a, b ∈ Dthere exist least upper bound a t b and greatest lower bound a u b.
A lattice is called complete if for every subset X ⊆ D there existthe least upper bound
⊔X and the greatest lower bound
dX.
Example
(N,≤) is a lattice but not a complete lattice:
I a t b = max (a, b), a u b = min (a, b)
I the set N does not have an upper bound
12/18
LatticesA lattice is a partial order (D,≤) in which for every pair a, b ∈ Dthere exist least upper bound a t b and greatest lower bound a u b.
A lattice is called complete if for every subset X ⊆ D there existthe least upper bound
⊔X and the greatest lower bound
dX.
Lemma
Every complete lattice (D,≤) has a unique least element (bottom)
⊥ :=⊔∅ =
lD,
Every complete lattice (D,≤) has a unique greatest element (top)
> :=l∅ =
⊔D
Every lattice (D,≤) where D is finite is complete.
12/18
Fixpoints
Let (D,≤) be a partial order and let f : D → D be a function.
A fixpoint of f is an element x ∈ D such that f(x) = x.
13/18
Fixpoints
Let (D,≤) be a partial order and let f : D → D be a function.
A fixpoint of f is an element x ∈ D such that f(x) = x.
A function f : D → D is called monotonic if
a ≤ b implies f(a) ≤ f(b).
13/18
Fixpoints
Let (D,≤) be a partial order and let f : D → D be a function.
A fixpoint of f is an element x ∈ D such that f(x) = x.
Theorem (Knaster, Tarski’55)Let (D,≤) be a complete lattice andlet f : D → D a monotonic function. Then,
(1) there exists a (unique) least fixpoint of f given by
lfp(f) :=l{x ∈ D | f(x) ≤ x}
(2) there exists a (unique) greatest fixpoint of f given by
gfp(f) :=⊔{x ∈ D | x ≤ f(x)}
13/18
Proof
Let (D,≤) be a complete lattice and let f : D → D be monotonic.We show that l := lfp(f) is the least fixpoint of f , meaning that l is afixpoint of f , and for every fixpoint d of f , we have that l ≤ d.
I We show that f(l) ≤ l for l =dD′, D′ = {x ∈ D | f(x) ≤ x}.
Since l is the greatest lower bound of D′, if we show that f(l) is alower bound of D′, then we have f(l) ≤ l.
l ≤ x for all x ∈ D′(l is a lower bound for D′)
f(l) ≤ f(x) for all x ∈ D′(f is monotonic)
f(l) ≤ x for all x ∈ D′(definition of D′, transitivity)
Thus, f(l) is a lower bound of D′. So, we have f(l) ≤d
D′ = l.
14/18
Proof continued
I We show that l ≤ f(l) for l =dD′, D′ = {x ∈ D | f(x) ≤ x}.
If we show f(l) ∈ D′, then l ≤ f(l), because l is a lower bound for D′.
Above we showed that f(l) ≤ l.
By monotonicity of f , f(f(l)) ≤ f(l).
By definition of D′, f(l) ∈ D′. Thus, l ≤ f(l).
By antisymmetry, from f(l) ≤ l and l ≤ f(l) we get f(l) = l.
Now, suppose that d ∈ D is such that f(d) = d. We show that l ≤ d.By the choice of d and reflexivity, we have f(d) ≤ d. Hence, d ∈ D′.Then, l ≤ d, because l is a lower bound for D′.
From this we conclude that l is the least fixpoint of f .
The proof for gfp(f) is analogous.
14/18
Chains
Let (D,≤) be a partial order.
I A chain in D is a totally ordered non-empty subset C ⊆ D.(For any a, b ∈ C, either a ≤ b or b ≤ a.)
I A sequence (ci)i∈N is called
I ascending chain if ci ≤ ci+1 for all i ∈ N.I descending chain if ci+1 ≤ ci for all i ∈ N.
I A partial order (D,≤) has
I finite height if every chain C in D is finite.I bounded height if there exists h ∈ N such that every chain C
in D has at most h elements.
15/18
t-continuous and u-continuous functions
Let (D,≤) be a complete lattice and let f : D → D be a function.
f is called t-continuous if for every chain C in D,
f(⊔
C) =⊔{f(c) | c ∈ C}.
f is called u-continuous if for every chain C in D,
f(l
C) =l{f(c) | c ∈ C}.
16/18
Ascending and descending chain conditions
A partial order (D,≤)
I satisfies the ascending chain condition (ACC) iffor every ascending chain c0 ≤ c1 ≤ . . .there exists n ∈ N such that for all i ≥ n we have ci = cn.
I satisfies the descending chain condition (DCC) iffor every descending chain c0 ≥ c1 ≥ . . .there exists n ∈ N such that for all i ≥ n we have ci = cn.
17/18
Ascending and descending chain conditions
A partial order (D,≤)
I satisfies the ascending chain condition (ACC) iffor every ascending chain c0 ≤ c1 ≤ . . .there exists n ∈ N such that for all i ≥ n we have ci = cn.
I satisfies the descending chain condition (DCC) iffor every descending chain c0 ≥ c1 ≥ . . .there exists n ∈ N such that for all i ≥ n we have ci = cn.
Example(N,≤) is a totally ordered set that satisfies the (DCC) condition.Such totally ordered sets are called well-ordered.
17/18
Ascending and descending chain conditions
A partial order (D,≤)
I satisfies the ascending chain condition (ACC) iffor every ascending chain c0 ≤ c1 ≤ . . .there exists n ∈ N such that for all i ≥ n we have ci = cn.
I satisfies the descending chain condition (DCC) iffor every descending chain c0 ≥ c1 ≥ . . .there exists n ∈ N such that for all i ≥ n we have ci = cn.
TheoremLet (D,≤) be a complete lattice andlet f : D → D be a monotonic function. Then
(1) if (D,≤) satisfies (ACC), then f is t-continuous.
(2) if (D,≤) satisfies (DCC), then f is u-continuous.
17/18
Proof
Let (D,≤) be a complete lattice satisfying (ACC) and f : D → D bemonotonic. We show that f is t-continuous. Let C ⊆ D be a chain.
I We show that f(⊔
C) ≤⊔{f(c) | c ∈ C}.
Since⊔{f(c) | c ∈ C} is an upper bound for {f(c) | c ∈ C} it
suffices to show that f(⊔C) ∈ {f(c) | c ∈ C}. We show
⊔C ∈ C.
First, we show that there exists c ∈ C such that c ≤ c for all c ∈ C.
Assume this is not true. Then, for every d ∈ C there exists c ∈ Csuch that d < c (d ≤ c and d 6= c), or c and d are incomparable.Since C is a chain, c and d cannot be incomparable. Thus, we canconstruct a sequence c0 < c1 < . . ., which contradicts (ACC).
⊔C is an upper bound for C =⇒ c ≤
⊔C (since c ∈ C)
c is an upper bound for C =⇒⊔C ≤ c
By antisymmetry we get c =⊔C, and thus,
⊔C ∈ C.
18/18
Proof continued
I We show that⊔{f(c) | c ∈ C} ≤ f(
⊔C).
Since⊔{f(c) | c ∈ C} is the least upper bound for {f(c) | c ∈ C} it
suffices to show that f(⊔C) is an upper bound for {f(c) | c ∈ C}.
c ≤⊔
C for all c ∈ C (⊔
C is an upper bound for C)
f(c) ≤ f(⊔
C) for all c ∈ C (f is monotonic)
Thus, f(⊔C) is an upper bound for {f(c) | c ∈ C}, which
concludes the proof.
From f(⊔
C) ≤⊔{f(c) | c ∈ C} and
⊔{f(c) | c ∈ C} ≤ f(
⊔C)
by antisymmetry we conclude that f(⊔C) =
⊔{f(c) | c ∈ C}.
18/18
