1 / 39

Abstractions

Abstractions. Eric Feron. Outline. Principles of abstraction Motivating example Abstracting variables Abstracting functions Abstracting operators Recommended readings. Principles of abstractions. We consider software or hardware objects which are too complicated to describe exactly.

melaney-ganas
Download Presentation

Abstractions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Abstractions Eric Feron

  2. Outline • Principles of abstraction • Motivating example • Abstracting variables • Abstracting functions • Abstracting operators • Recommended readings

  3. Principles of abstractions • We consider software or hardware objects which are too complicated to describe exactly. • We approximate them by embedding them into larger objects, but whose description is simpler. • If the original objects are subject to manipulations, we are able to manipulate their abstractions at comparable computational cost. • Hopefully we learn something useful.

  4. Example • Prototype program [1] while x> 1000 do [2] x:=x+y ; [3] od; [4] (x,y) in [-b-1;b] integer b is overflow limit. Program characteristics: Program terminates without error iff (x>0, y0<0). Execution never terminates iff (1000<x0<b)(y0=0). Execution leads to run-time error (by overflow) iff (x0>1000)(y0>0). These are desirable characteristics to be found

  5. Where can the states of a program go? [1] while x> 1000 do [2] x:=x+y ; [3] od; [4] (x,y) in I=[-b;b] integer 1 if x<1000 if x> 1000 2 4 <x,y> < <x+y,y> if x>1000 if x<1000 3 Representation of program behavior by means of automaton possible but not really compact.

  6. Reachable states

  7. Reachable states • Order relation is that of inclusion: A set is smaller than another if it is included in it • Forms a complete lattice: Any finite set of sets has a least upper bound and a greatest lower bound. • Reachable set always grows with iterations • Basic theorem: A sequence of sets that always grows ends up converging. • But convergence can take a very long time

  8. Example of complete lattice Set L of subsets of states in a state-space S: Partial order is traditional inclusion H = {H1,H2}  L H1 U H2 is the least upper bound for H. H1  H2 is the greatest lower bound for H. Obviously these exist for any H. L has an infimum: The empty set L has a supremum: S. H2 H1 Problem: Arbitrary sets are often not computer-representable, thus hard to do computations with them.

  9. (Discrete) Complete Lattices A Some element in the set A Least upper bound Greatest lower bound For our purposes, each element is a set. So A is a set of sets.

  10. Back to our program Assume y <0, x>0. Clearly insufficient to identify what will happen to program states Could use abstraction by means of intervals: eg: x in [200;2000], y in [-2 -1] Can extract "propagation laws" for intervals rather than numbers. 1 if x<1000 if x> 1000 2 4 <x,y> <x+y,y> if x>1000 if x<1000 3

  11. Lattice of Intervals In one dimension least upper bound (lub) greatest lower bound (glb) In two dimensions Least upper bound Greatest lower bound

  12. From program on variables to abstracted program on abstracted variables 1 1 (X1,Y1) if x<1000 if x<1000 if x> 1000 if x> 1000 4 2 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) 4 2 <x,y> <x+y,y> (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x>1000 if x>1000 <x,y> <x+y,y> if x<1000 if x<1000 (X3,Y3) = (X2+Y2,Y2) 3 3

  13. Step 1 X1 = [200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X2= , Y2 =  x= , y =  2 4 if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= , Y3 = 

  14. Step 2 X1 =[200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= , Y4=  2 X2 = [1000;2000] Y2 = [-2 -1] 4 <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 X3= , Y3 =  3 (X3,Y3) = (X2+Y2,Y2)

  15. Step 3 X1 =[200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= , Y4=  2 X2 = [1000;2000] Y2 = [-2 -1] 4 <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= [998,1999], Y3 = [-2-1]

  16. Step 4 X1 =[200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= [200,999], Y4= [-2;-1] 2 X2 = [1000;2000] Y2 = [-2 -1] 4 <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= [998,1999], Y3 = [-2;-1] Any further iteration would not yield any change to the values of (Xi, Yi)s: We have reached a fixed point.

  17. New initial conditions Step 1 X1 = [1200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X2= , Y2 =  x= , y =  2 4 if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= , Y3 = 

  18. Step 2 X1 =[1200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= , Y4=  2 4 X2 = [1200;2000] Y2 = [-2 -1] <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 X3= , Y3 =  3 (X3,Y3) = (X2+Y2,Y2)

  19. Step 3 X1 =[1200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= , Y4=  2 X2 = [1200;2000] Y2 = [-2 -1] 4 <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= [1198,1999], Y3 = [-2-1]

  20. Step 4 X1 =[1200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= , Y4=  2 X2 = [1200;2000] Y2 = [-2 -1] 4 <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= [1198,1999], Y3 = [-2-1] We are not finished with iterations.....

  21. Step 5 X1 =[1200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= , Y4=  2 4 X2 = [1198;2000] Y2 = [-2 -1] <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= [1198,1999], Y3 = [-2-1]

  22. Step 6 X1 =[1200;2000], Y1 = [-2 -1] 1 if x<1000 if x> 1000 (X2,Y2)= (lub((X1[1000;b]) U (X3  [1000;b])),lub(Y1UY3)) X4= , Y4=  2 4 X2 = [1198;2000] Y2 = [-2 -1] <x,y> <x+y,y> if x>1000 (X4,Y4)=(lub((X1[-b;1000]) U(X3  [-b;1000])), lub(Y1UY3) if x<1000 3 (X3,Y3) = (X2+Y2,Y2) X3= [1196,1999], Y3 = [-2-1] All this is going to take a while to converge towards fixed point...

  23. Some interesting questions • How can I speed up the convergence of the computations leading to a fixed point? • Does the order in which I do the computation (the sequence of vertices where reachable sets are computed) have much importance? • How do I automatically write the "abstracted program"?

  24. Abstracting state spaces further  {Set of all subsets of signed integer numbers between -b and b} + - if x = T then x is any value if x = +then 0<x<b if x = 0 then x = 0 if x= - then -b<x<0 if x =  then  0  Some Rules: + + - = T but + + + = error - + - = error Effect: Go from huge state-space decompositions to finite and simple state-space decomposition +U- = T o T = o

  25. From program on variables to abstracted program on abstracted variables 1 1 (X1,Y1) if x<1000 if x<1000 if x> 1000 if x> 1000 4 2 4 2 (X2,Y2)=((X3+)U (X1 +),Y1UY3) <x,y> <x+y,y> (X4,Y4)=(X1UX3,Y1UY3) if x>1000 if x>1000 <x,y> <x+y,y> if x<1000 if x<1000 3 3 (X3,Y3) =(X2+Y2,Y2)

  26. Step 1 X1= +, Y1 = - 1 if x<1000 if x> 1000 (X4,Y4)=(X1UX3,Y1UY3) (X2,Y2)=((X3+)U (X1 +),Y1UY3) 2 4 X2= , Y2 =  X4 = , Y4 =  if x>1000 <x,y> <x+y,y> if x<1000 X3= , Y3 =  3 (X3,Y3) =(X2+Y2,Y2)

  27. Step 2 X1= +, Y1 = - 1 if x<1000 if x> 1000 (X4,Y4)=(X1UX3,Y1UY3) (X2,Y2)=((X3+)U (X1 +),Y1UY3) 2 4 X2= +, Y2 = - X4 = , Y4 =  if x>1000 <x,y> <x+y,y> if x<1000 X3= , Y3 =  3 (X3,Y3) =(X2+Y2,Y2)

  28. Step 3 X1= +, Y1 = - 1 if x<1000 if x> 1000 (X4,Y4)=(X1UX3,Y1UY3) (X2,Y2)=((X3+)U (X1 +),Y1UY3) 2 4 X2= +, Y2 = - X4 = , Y4 =  <x,y> <x+y,y> if x>1000 if x<1000 X3= T, Y3 = - 3 (X3,Y3) =(X2+Y2,Y2)

  29. Step 4 X1= +, Y1 = - 1 if x<1000 if x> 1000 (X4,Y4)=(X1UX3,Y1UY3) (X2,Y2)=((X3+)U (X1 +),Y1UY3) 2 4 X2= +, Y2 = - X4 = T, Y4 = - <x,y> <x+y,y> if x>1000 if x<1000 X3= T, Y3 = - 3 (X3,Y3) =(X2+Y2,Y2) ... and we have reached a fixed point ....

  30. Other motivating example In ideal world (real numbers are reals and multiplies are truly working as they should, the sequence converges to 1 for any delta and x0. But real world is populated by, well, floats, and things become more hairy. In particular, system may exhibit disgraceful behaviors, including non convergence to zero (or its vicinity). Assume we would like to “establish good behavior” of the system over a range of possible initial conditions and values of delta. Issue: Exhaustive exploration of state-space is necessary but impossible in current form. Must work at higher abstract level.

  31. Abstraction of floats • Float format (figuratively) defined as: • Geometric distribution: f2 f1 0 How do we prove things work over this range? Possibly LOTS of floats between f1 and f2. Abstraction: Consider the whole real interval between f1 and f2: [f1 f2]. Counterintuitive because reals are not machine representable. Simple object though – the object itself (the interval) is machine-representable.

  32. Working with abstractions • Intuitively: • But Must have some machine-representable description of where interval could “land” after “+” operation. Sounds trivial but requires monotonicity properties of ‘+’ operation over floats. In this case it’s OK. So we can write

  33. Associativity counts… and + under floats is not associative

  34. Back to system Must define interval for xks. Transition rules for intervals: “Abstracted transitions” So in this case we can monitor behavior of entire interval by monitoring bounds.

  35. Nonconvergence :

  36. Nonconvergence • Would like to “bound” possible behaviors From observations: Looks like it stays around 1. Look at behaviors of intervals in vicinity of 1. Eg pick By induction, true for all following iterations: So we know [.95 1.05] is invariant. Nonconvergence (to 1) maybe, but could that be sufficient level of precision for practical purposes?? Note analysis is for fixed delta (1e-5) – so far.

  37. Guaranteed convergence to region of nonconvergence • Fix delta and a for simplicity (you make them live in intervals for HW) Look in more detail at behavior of Need easy to analyze upper bounds for x+ and lower bounds for x- Requires abstraction of float operations (+ and x) themselves!

  38. Abstraction of float operations

  39. Back to problem

More Related