Answers to Self-Study Questions

Test Yourself #1

Question 1

Question 2: Show that alpha and gamma form a Galois connection.

First, we will show that Relationship 1 holds: given an arbitrary concrete element c (a set of int values), for every abstract element a such that a > α(c), c ⊆ γ(a). We will do this using cases on concrete element c.

Case 1: c contains only positive ints.

α(c) = pos	// def of alpha
the elements of A that are ≥ pos are {pos, num}	// def of the ordering of A
γ(pos) = { all positive ints }	// def of gamma
c ⊆ { all positive ints }	// def of the (subset) ordering of C
γ(num) = { all ints }	// def of gamma
c ⊆ { all ints }	// def of the (subset) ordering of C

Case 2: c contains only negative ints.

α(c) = neg	// def of alpha
the elements of A that are ≥ neg are {pos, num}	// def of the ordering of A
γ(neg) = { all negative ints }	// def of gamma
c ⊆ { all negative ints }	// def of the (subset) ordering of C
γ(num) = { all ints }	// def of gamma
c ⊆ { all ints }	// def of the (subset) ordering of C

Case 3: c contains only 0.

α(c) = zero	// def of alpha
the elements of A that are ≥ zero are {zero, num}	// def of the ordering of A
γ(zero) = { 0 }	// def of gamma
c = { 0 }	// def of c
γ(num) = { all ints }	// def of gamma
c ⊆ { all ints }	// def of the (subset) ordering of C

Case 4: c is some other subset of int vaues.

α(c) = num	// def of alpha
the only element of A that is ≥ num is num	// def of the ordering of A
γ(num) = { all ints }	// def of gamma
c ⊆ { all ints }	// def of the (subset) ordering of C

Now we will show that Relationship 2 holds: given an arbitrary abstract element a, α(γ(a)) ≤ a. We will do this using cases on abstract element a. Here is the first case:

Case 1: a is num.

In this case, γ(a) = { set of all ints } (by definition of gamma), and α(a) iγ(a) = num (by definition of alpha), which is the same as a.

Test Yourself #2

The rule-of-signs abstract interpretation of an expression exp is the result of applying the abstract valuation function to exp: E_abs[[exp]]. This gives us some abstract value a. Applying gamma to a gives us some concrete value, S, a set of (integer) values.

The actual meaning of the expression is the result of applying the standard evaluation function to exp: E[[exp]]. This produces a single (integer) value c -- the value of the expression.

What might be the relationship between c and S, and which of these possible relationships would we consider to be OK, i.e., in which cases would we say that our abstract interpretation is sound, though possibly imprecise?

1. S = { c }
   In this case, the abstract interpretation is sound and precise.
2. c ∈ S
   In this case, the abstract interpretation is sound, but not precise.
3. not (c ∈ S)
   In this case, the abstract interpretation is not sound.

Test Yourself #3

λS.{s | s ∈ S and lookup(s, a) < 3}

Test Yourself #4

In the example, there were a finite number of possible execution paths for the given CFG. If we changed the while condition to while (1) or if we added a node read(n) between nodes 3 and 4 and changed node 4 to while (a < n), the number of possible execution paths would either be infinite or could not be determined. This would cause the fixed-point iteration to be infinite (and thus, not computable).

Test Yourself #5

We need to show that, forall a in the abstract domain A:

α(γ(a)) = a

We will prove this by cases on a. All cases simply use the definitions of α and γ.

Case (1) a = ⊥

γ(⊥) = ∅
α(∅) = ⊥

Now, without loss of generality, we will assume that there is only one variable v in the program.

Case (2): a maps v to a constant value c.

γ(a) = a set S containing a single (concrete) state that maps v to c.
α(S) = a single abstract state that maps v to c.

Case (3): a maps v to ?

γ(a) an infinite set S of (concrete) states that map v to all possible values.
α(S) = a single abstract state that maps v to ?.