Definitions and Notations Let be some Context Graph, then is a set
advertisement
Definitions and Notations
1. Let πΊ be some Context Graph, then π(πΊ)is a set of reset contexts in πΊ and πΈ(πΊ)is a set of arcs between the
contexts of πΊ, each arc associated with a DFR.
2. For a context graph arc (π, π) ∈ πΆπΊ, denote π·πΉπ
(π, π) to be the DFR associated with arc (π, π).
3. Let (πΆπΊ, π, π) be the specific context graph arc (π, π) which is in πΈ(πΆπΊ), for context graph πΆπΊ.
4. Let (π, π, πππ) ∈ πΆπΊ be a context graph arc with its associated DFR.
5. For some core language command πΆ, let πΆπΊ(πΆ) to be the context graph associated with this command.
6. Let πΆππππππ = ππππ |ππ β π |πΆ1 ; πΆ2 | πΆβπππ π πΆ1 ππ πΆ2 | πΏπππ ππ { πΆ }
πΆ, πΆ1 , πΆ2 ∈ πΆππππππ, π ∈ πΈπ₯ππππ π πππ, ππ ∈ πππ
7. Let πΆπππ‘ππ₯π‘π be the set of all possible reset-contexts
(e.g., for a program with 3 variables: πΆπππ‘ππ₯π‘π = {{ }, {1}, {2}, {3}, {1,2}, {1,3}, {2,3}, {1,2,3}} )
π
8. Let ππππ₯ (πΆπΊ, π → π) = max {π |∃π∈πΈ(πΆπΊ) βΆ [
] ∈ π·πΉπ
(π)}.
π→π
( ππππ₯ is the maximal value of any data flow between variable ππ to variable ππ which exists in any DFR
associated with any arc of Context Graph πΆπΊ ).
9. For context-graph arcs π1 ∈ πΆπΊ1 , π2 ∈ πΆπΊ2 we denote the fact that π1 and π2 has the same pre-context and
post-context by ππ =π ππ .
10. Similarly, we denote the fact that π1 and π2 do not have the same pre-context and post-context by ππ ≠π ππ .
A. Let πππ1 , πππ2 be two DFRs. We say that "π
πππ ππππππππ π
πππ ", denoted as π
πππ β π
πππ , if and only if
all of the following formulae are true:
1. ∀π,π∈ππ΄π
π,
π∈π»
βΆ [
2. ∀π,π,π′ ,π′ ∈ππ΄π
π βΆ [
π
π′
] ∈ πππ1 → (∃π′ ∈π» : π′ ≥ π ∧ [
] ∈ πππ2 )
π→π
π→π
π→π
π
π′
′
∈
πππ
→
∃
:
∈
πππ
∧
]
[
]
[
] ∈ πππ2
1
2
π,π ∈π» π → π
π′ → π′
π′ → π′
π→π
π→π
π
π′
′
3. ∀π,π,π′ ,π′ ∈ππ΄π
π βΆ ([ ′
] ∈ πππ2
′ ] ∈ πππ1 ∧ (∃π, π β 1 βΆ [π → π] ∈ πππ2 ∧ [π ′ → π ′ ] ∈ πππ2 )) → [ ′
π →π
π → π′
B. Let (π, π), (π, π ′ ) ∈ πΆπΊ be two context graph πΆπΊ arcs. We say that arc (π·, πΈ′ ) ππππππππ (π·, πΈ),
denoted (π·, πΈ′ ) β (π·, πΈ), If and only if:
π ′ ⊆ π ∧ (π·πΉπ
(π, π′) β π·πΉπ
(π, π))
C. Let πΆπΊ1 and πΆπΊ2 be two context graphs. We say that "πΆπΊ2 π π’ππ π’πππ πΆπΊ1 ", denoted as πΆπΊ2 β πΆπΊ1 if and
only if:
∀π1 ∈ πΈ(πΆπΊ1 ) ∃π2 ∈ πΈ(πΆπΊ2 ) βΆ π2 β π1
D. Let π be the Abstract Interpreter algorithm without subsumption, then π(πΆ, ππ) is the result Context
Graph of running π with command πΆand pre-contexts set ππ ⊆ πΆπππ‘ππ₯π‘π , as input.
E. Let π π be the Abstract Interpreter algorithm with subsumption, then we define the effect of π π as:
π π (πΆ, ππ) = {
π(πΆ, ππ)
πΆ = ππππ
max(π(πΆ, ππ) )
πππ π
β
Theorem(The abstract Interpreter algorithm with Subsumption yields the same worst-case results):
∀π, π ∈ ππ΄π
π, πΆ ∈ πΆππππππ, ππ ∈ πΆπππ‘ππ₯π‘π βΆ ππππ₯ (π π (πΆ, ππ), π → π) = ππππ₯ (π(πΆ, ππ), π → π)
Lemma A0(π»πππππππππππ ππ πππ β relation for context graph arcs):
(π, π) β (π, π
) ∧ (π, π
) β (π, π) → (π, π) β (π, π)
Lemma A1(β ππππ πππ£ππ πππ β relation for context graph arcs):
Let π1 =π π2 be some context graph arcs, then π1 β π2 β π1
Lemma A2(β ππππ πππ£ππ πππ β relation for context graph arcs):
Let π1 =π (π, π), π2 =π (π, π ′ ) be some context graph πΆπΊ arcs, s.t. π2 β π1
Let π1′ =π π1 , π2′ =π π2 be some context graph πΆπΊ′ arcs, s.t. π2′ β π1′
Then: π2 β π2′ β π1 β π1′
Lemma A3(ππ subsumes π):
∀πΆ ∈ πΆππππππ, ππ ∈ πΆπππ‘ππ₯π‘π βΆ π π (πΆ, ππ) β π(πΆ, ππ)
Lemma A4(ππ preserves worst-case results of π):
∀π, π ∈ ππ΄π
π, πΆ ∈ πΆππππππ βΆ ππππ₯ (π π (πΆ), π → π) ≥ ππππ₯ (π(πΆ), π → π)
Lemma B(ππ does not give higher worst-case results than π):
∀π, π ∈ ππ΄π
π, πΆ ∈ πΆππππππ βΆ ππππ₯ (π π (πΆ), π → π) ≤ ππππ₯ (π(πΆ), π → π)
Proof of Lemma A0:
Let π1 = (π, π), π2 = (π, π
), π3 = (π, π), be some three context graph arcs,
s.t. π1 β π2 ∧ π2 β π3 . It follows from definition B that π
⊆ π and π ⊆ π
.
From the transitivity of the ⊆ relation, we get π ⊆ π. Let ππππ = π·πΉπ
(ππ ), π = 1,2,3.
From π2 β π3 and definition A, we get:
(1) ∀π,π∈ππ΄π
π,
π∈π»
βΆ [
(2) ∀π,π,π′ ,π′ ∈ππ΄π
π βΆ [
π
π′
] ∈ πππ3 → (∃π′ ∈π» : π′ ≥ π ∧ [
] ∈ πππ2 )
π→π
π→π
π→π
π
π′
′
′ ] ∈ πππ3 → ∃π,π ′ ∈π» : [π → π] ∈ πππ2 ∧ [π ′ → π ′ ] ∈ πππ2
π →π
π→π
π→π
π
π′
′
(3) ∀π,π,π′ ,π′ ∈ππ΄π
π βΆ ([ ′
] ∈ πππ2
′ ] ∈ πππ3 ∧ (∃π, π β 1 βΆ [π → π] ∈ πππ2 ∧ [π ′ → π ′ ] ∈ πππ2 )) → [ ′
π →π
π → π′
From π1 β π2 and definition A, we get:
(1a) ∀π,π∈ππ΄π
π,
π∈π»
βΆ [
π
π′
] ∈ πππ2 → (∃π′ ∈π» : π′ ≥ π ∧ [
] ∈ πππ1 )
π→π
π→π
π→π
π
π′
(2a) ∀π,π,π′ ,π′ ∈ππ΄π
π βΆ [ ′
′ ] ∈ πππ2 → ∃π,π ′ ∈π» : [π → π] ∈ πππ1 ∧ [π ′ → π ′ ] ∈ πππ1
π →π
π→π
π→π
π
π′
′
(3a) ∀π,π,π′ ,π′ ∈ππ΄π
π βΆ ([ ′
] ∈ πππ1
′ ] ∈ πππ2 ∧ (∃π, π β 1 βΆ [π → π ] ∈ πππ1 ∧ [π ′ → π ′ ] ∈ πππ1 )) → [ ′
π →π
π → π′
We now show that πππ1 β πππ3 , by showing that all 3 formulae of definition A are true:
Formula 1: Let [
π
] ∈ πππ3, be some data flow in πππ3.
π→π
From (1), there exists some [
Formula 2: Let [
π′
] ∈ πππ2, s.t. π′ ≥ π, as required.
π→π
π→π
] ∈ πππ3 be some double data flow in πππ3.
π′ → π′
From π2 β π3 and (2), ∃π1 ,π2 ∈π» : [
From (1a), there exist [
Formula 3: Let [
π
π1
] ∈ πππ2 ∧ [ ′ 2 ′ ] ∈ πππ2.
π→π
π →π
π1′
π′
] ∈ πππ1 and [ 2 ] ∈ πππ1 , as required.
π→π
π→π
π→π
] ∈ πππ3 be some double data flow in πππ3.
π′ → π′
Assume that (a): ∃π, π′ β 1 βΆ [
π
π′
] ∈ πππ1 ∧ [ ′
] ∈ πππ1 .
π→π
π → π′
From (2), there are π1 , π2 such that (b):[
π
π1
] ∈ πππ2 ∧ [ ′ 2 ′ ] ∈ πππ2
π→π
π →π
From (a) , (b) and (1a) and the fact that DFR does not contain duplicate data flows with different order, we get:
(b2) [
π
π1
] ∈ πππ2 ∧ [ ′ 2 ′ ] ∈ πππ2 ∧ π1 , π2 β 1.
π→π
π →π
From (b2) and (3), we get(c): [
π→π
π→π
] ∈ πππ1 , as required β
′
′ ] ∈ πππ2 . Lastly, from (c) and (3a) we get: [ ′
π →π
π → π′
Proof of Lemma A1:
Let π1 =π π2 . We will show that π1 β π2 β π1 , by showing that π·πΉπ
(π1 β π2 ) β π·πΉπ
(π1 ). This will suffice since
the pre and post-contexts of π1 and π2 are the same.
Formula 1: Let [
π
] ∈ π·πΉπ
(π1 ).
π→π
From the effect of the β operator on DFRs (CiE08), there exists a data flow [
Such that: (π′′ = π β π′ ∧ [
π′′
] ∈ π·πΉπ
(π1 β π2 ),
π→π
π′
] ∈ π·πΉπ
(π2 )) ∨ (π′′ = π).
π→π
Since π′′ ≥ π, formula 1 is satisfied.
Formula 2: Let [
[
π→π
] ∈ π·πΉπ
(π1 ). According to the DFR construction methods, there must be two data flows
π′ → π′
π
π1
] , [ 2 ] ∈ π·πΉπ
(π1 ). It follows from formula 1 that there exist data flows
π → π π′ → π′
π ′
π ′
[ 1 ] , [ 2 ] ∈ π·πΉπ
(π1 β π2 ), as required.
π → π π′ → π′
Formula 3: Let [
π→π
] ∈ π·πΉπ
(π1 ).
π′ → π′
Assume that (a): ∃π, π′ β 1 βΆ [
π
π′
] ∈ π·πΉπ
(π1 β π2 ) ∧ [ ′
] ∈ π·πΉπ
(π1 β π2 ).
π→π
π → π′
From the definition of the β operator on DFRs [CiE08],
π·πΉπ
(π1 ) β π·πΉπ
(π2 ) = (π1, π
1) β (π2, π
2)πππ = (π1 β π2, (π
1 ∪ π
2) ∩ πΆ2(ππ(π1 β π2))),
where ππ is the set of all regular data flows π
π is the set of all double flows in π·πΉπ
(ππ ), and πΆ2 , π΄1 are as defined
in [CiE08].
Since [
π→π
π→π
] ∈ π
1, it follows that [ ′
] ∈ (π
1 ∪ π
2 ) and from (a) we also get that
π′ → π′
π → π′
π→π
π→π
[′
] ∈ πΆ2(ππ(π1 β π2)), therefore [ ′
] ∈ π·πΉπ
(π1 β π2 ), as required β
π → π′
π → π′
Proof of Lemma A3:
We show by structural induction on the core language Abstract Syntax Tree that the lemma is true.
Base: we start from the core language AST leaves. The possible leaves are:
"ππ βΆ= π" or "ππππ"
1. πΆ = ππππ
Let πΆπΊ = π(ππππ, ππ), and πΆπΊ π = π π (ππππ, ππ), for some reset context ππ.
Both algorithms do exactly the same for the skip command (no subsumption takes place), and therefore:
πΆπΊ = π(ππππ, ππ) = π π (ππππ, ππ) = πΆπΊ π .
2. πΆ = ππ βΆ= π
We consider the result of π and π π on the assignment command with a single pre-context π.
π computes new arcs according to the assignment command inference rules (section 4.2 in [BA10]), therefore
all arcs computed can only be of the form (π, πΜ) where πΜ is some post context.
Let πΆπΊ = π(ππ βΆ= π, π), and πΆπΊ π = π π (ππ βΆ= π, π), for some variable ππ , expression π, and a single resetcontext π.
Let (π, πΜ) ∈ πΆπΊ be some arc in the context-graph computed by π(ππ βΆ= π, π).
Since π π follows the same inference rules as π, π π (ππ βΆ= π, π) computes the exact same arc (π, πΜ) before
applying subsumption.
If (π, πΜ) ∈ πΆπΊ π , then it was not subsumed by any other arc, and the lemma is satisfied.
Otherwise, (π, πΜ) ∉ πΆπΊ π , which means that it was subsumed by some other arc. From definition C and the
Μ ) ∈ πΆπΊ π s.t.
transitivity of the β relation for context-graph arcs(Lemma A0), there exists some arc (π, π′
Μ ) β (π, πΜ).
(π, π′
Since π is general, it follows that (2.1):
ο·
For any single pre-context π and computed arc π1 = (π, πΜ ) ∈ πΆπΊ,
Μ ) ∈ πΆπΊ π s.t. π2 β π1 .
there exists an arc π2 = (π, π′
Given a pre-context set ππ = {π1 , π2 , … , ππ }, the effect of π on an assignment command can be described as
follows:
π(ππ βΆ= π, ππ) = π(ππ βΆ= π, {π1 , π2 , … , ππ }) =
= π(ππ βΆ= π, π1 )β¨π(ππ βΆ= π, π2 )β¨ β― β¨ π(ππ βΆ= π, ππ )
The reason is, that the set of arcs computed for any single pre-context ππ are disjoint from the set of arcs
computed for any other pre-context ππ , π ≠ π, so the effect of the LUB operator is simply to merge disjoint sets
of arcs into a single graph.
We now consider the result of π π on the same assignment command, given the same pre-contexts set ππ:
π π (ππ βΆ= π, ππ) = π π (ππ βΆ= π, {π1 , π2 , … , ππ }) =
= π π (ππ βΆ= π, π1 )β¨π π (ππ βΆ= π, π2 )β¨ β― β¨ π π (ππ βΆ= π, ππ )
It is apparent from (2.1) that for any 1 ≤ π ≤ π, π π (ππ βΆ= π, ππ ) β π(ππ βΆ= π, ππ ), and since the computed
arcs of each pre-context are disjoint it follows that π π (ππ βΆ= π, ππ) β π(ππ βΆ= π, ππ), as required.
Step: We now examine the core language compound commands. The possible compound commands are:
1. "πΆβπππ π πΆ1 ππ πΆ2 "2. "πΆ1 ; πΆ2 "3. "πΏπππ ππ { πΆ }"
1. πΆ = πΆβπππ π πΆ1 ππ πΆ2
Let πΆπΊ1 = π(πΆ1 , ππ),πΆπΊ1π = π π (πΆ1 , ππ) be the graphs computed from πΆ1 by π and π π respectively.
Similarly, let πΆπΊ2 ,πΆπΊ2π be the graphs computed from πΆ2 and the same pre-contexts ππ, byπ and π π
respectively.
From the induction hypothesis, it follows that:
1.1 πΆπΊππ β πΆπΊπ , π = 1,2
Let πΆπΊ = π(πΆ, ππ), πΆπΊ π = π π (πΆ, ππ) be the result graphs computed by π and π π respectively, from the
"πΆβπππ π πΆ1 ππ πΆ2 " command.
From the semantics of the "πΆβπππ π πΆ1 ππ πΆ2 " command:
πΆπΊ = πΆπΊ1 β πΆπΊ2
πΆπΊ π = max(πΆπΊ1π β πΆπΊ2π )
β
Let π ∈ πΆπΊ = πΆπΊ1 β πΆπΊ2 . There can be 2 possibilities:
a.
π = π1 β π2 , π . π‘. π1 ∈ πΆπΊ1 ∧ π2 ∈ πΆπΊ2
In this case, there exist arcs π1π ∈ πΆπΊ1π and π2π ∈ πΆπΊ2π , s.t. π1π β π1 and π2π β π2 .
It follows that there exists an arc π π ∈ (πΊ1π β πΆπΊ2π ) s.t. π π = π1π β π2π . From Lemma A2, π π β π.
If π π ∈ πΆπΊ π then the lemma is satisfied.
Otherwise, π π is subsumed by some other arc. From lemma A0 there exist some arc πΜ π ∈ πΆπΊ π
which subsumes π π . It follows that πΜ π β π π β π, as required.
b.
π ∈ πΆπΊπ ∧ (βπ ′ ∈ πΆπΊπ βΆ π =π π ′ )
π, π ∈ {1,2}, π ≠ π
w.l.o.g., (for symmetry) we assume that π ∈ πΆπΊ1 , π = (π, π).
It follows that there exists an arc π1π ∈ πΆπΊ1π s.t. π1π β π. From the definition of the β operator, there
exists an arc π π ∈ (πΆπΊ1π β πΆπΊ2π ) s.t. π π = π1π β π2π (take π2π empty if no such arc in πΆπΊ2π ). Therefore,
from lemma A2, π π β π1π β π.
If π π ∈ πΆπΊ π , the lemma is satisfied.
Otherwise π π is subsumed by some other arc. From lemma A0 there exist some arc πΜ π ∈ πΆπΊ π
which subsumes π π . It follows that πΜ π β π π β π, as required.
2. "πΆ1 ; πΆ2 " :
Let πΆπΊ1 ,πΆπΊ1π be the graphs computed from πΆ1 by π and π π respectively.
Similarly, let πΆπΊ2 ,πΆπΊ2π be the graphs computed from πΆ2 by π and π π respectively.
From the induction assumption, it follows that:
2.1 ∀π,π∈ππ΄π
π(πΆπΊπ ) βΆ ππππ₯ (πΆπΊππ , π → π) ≥ ππππ₯ (πΆπΊπ , π → π), πππ π = 1 ππ 2
Let πΆπΊ, πΆπΊ π be the result graphs computed by π and π π respectively, from the "πΆ1 ; πΆ2 " command.
From the semantics of the "πΆ1 ; πΆ2 " command:
πΆπΊ = πΆπΊ1 ⋅ πΆπΊ2 πΆπΊ π = πΆπΊ1π ⋅ πΆπΊ2π .
π
Now, let [
] ∈ (π, π
) be some worst-case data flow where (π, π
) ∈ πΆπΊ.i.e. ππππ₯ (πΆπΊ, π → π) = π.
π→π
From the definition of the ⋅ operator, there exists an arc (π, π) ∈ πΆπΊ1 and an arc (π, π
) ∈ πΆπΊ2 . Again from
the ⋅ operator definition, either:
2.3[
π
π
π
π
π
] = [ 1 ] ⋅ [ 2 ] where [ 1 ] ∈ (π, π), [ 2 ] ∈ (π, π
) and π = π1 β π2
π→π
π→π
π→π π→π
π→π
Or:
π→π
π→π
π
π→π
π→π
2.4 [
]=[
]⋅[
] where [
] ∈ (π, π), [
] ∈ (π, π
), and π = 2
π→π
π′ → π
π → π′ π′ → π
π → π′
It follows that there exists an arc (π, π ′ ) ∈ πΆπΊ1π and a data flow
Since any new Context Graph is created by a join or composition of πΆ ππ’ππ , the current command, with a Context
Graph that is the result of:
1. The next command πΆ πππ₯π‘ analysis (forward composition)
2. The previous commandπΆ ππππ£ analysis (reverse composition)
3. The other branch command πΆ πππ π in an "If {πΆ ππ’ππ } else {πΆ πππ π }" block analysis (join)1
Or by:
4. Loop Correctionof πΆ ππ’ππ 2
It will suffice to show(by structural induction) that any worst-case data flow generated at any stage by any of the
above actions due to data flows from the subsumed arc will still be generated on some arc.
π
πβ¨π′
Case 1: Let [
] be a worst-case data flow on arc (π, π
), generated by the composition of flow [
]from
π→π
π→π
π′
(π, π) ∈ πΆπΊ(πΆ ππ’ππ ) and flow [
] from (π, π
) ∈ πΆπΊ(πΆ πππ₯π‘ ). The edge (π, π
) will not be generated due to
π→π
the subsumption of edge (π, π). We show that the worst-case data flows of edge (π, π
) still persist:
Due to the algorithm, the pre-contexts for the analysis ofπΆ πππ₯π‘ are the post contexts of πΆπΊ(πΆ ππ’ππ ), so π′ is a
pre-context to the analysis of πΆ πππ₯π‘ . Since π ′ ⊂ π, there exists a post-context π
′ s.t. (π ′ , π
′ ) ∈
πΆπΊ(πΆ πππ₯π‘ )andπ
′ ⊆ π
. It follows that π·πΉπ
(π, π
) ⊆ π·πΉπ
(π′, π
′)(More data flows can be deduced from the
same command when less variables are zero).
So [
π′
πβ¨π′
] on
] ∈ π·πΉπ
(π ′ , π
′ ), and the composition of (π, π ′ ) ⋅ (π ′ , π
′ )yields the worst case data flow [
π→π
π→π
(π, π
′ ), as required.
Case 2: Similar to case 1 with reverse reasoning - still consider a worst-case data flow generated by the
composition, but rely on the fact that P is a post context of πΆπΊ(πΆ ππππ£ ).
Case 3: By its definition, the Join operation preserves worst-case data flows of all edges of joined graphs – in
essence, it does no create worst case data flows by itself, but preserves all worst case data flows computed in
any of the joined graphs.
Case 4: Loop correction only adds new data flows to existing edges – it does not create new edges or remove
any existing data flows (unless the new data flow has a higher value than an existing data flow, in which case the
worst case data flow will have at least the worst case data flow value from before applying the Loop Correction.
Converse direction – same principle, but use different order relation (which? Should it be different?, should
consider Loop Correction in the definition of the order relation).
Can also be a block of the form "If {πΆ πππ π } else {πΆ ππ’ππ }"– it is treated the same way by the join operation.
The Loop "m-iterations" analysis stage is not referred here since it is interpreted as a series of compositions and joins
1
2
