Probabilistic abstract interpretation

Download Report

Transcript Probabilistic abstract interpretation 

An abstract-interpretation based framework for verification and static
analysis of probabilistic programs
Michael Monerau
Patrick Cousot
Courant Institute, NYU
École Normale Supérieure de Paris, France
Courant Institute, NYU
École Normale Supérieure de Paris, France
Static analysis of probabilistic programs. What? Why?
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
2
Programs behavior depends on :
INPUTS
RANDOMNESS
x = rand()
Sometimes
inputs are
probabilistic
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
3
1.
2.
Verify properties of probabilistic programs
Predict probabilities, e.g.:
 Branching probabilities
▪ Optimisations for compilers (cache, registers…)
▪ JIT-compilers (gives insight without profiling)
 Outputs distributions
Provide a formal basis for probabilistic static analysis
& Design actual analyses
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
4

Recall: Abstract Interpretation

Recall: Probability theory

Overview on a small example

Probabilistic concrete semantics

3 kinds of Abstractions

Making the analysis automatic

Related work & Conclusion
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
5
A quick overview of Abstract Interpretation
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
6
CONCRETE WORLD
ABSTRACT WORLD
⊥
⊥
𝛼
Logical
Implication
order
𝑸 ∈ 𝓐 abstracts 𝑷 ∈ 𝑪 iff 𝜸 𝑸 ≥ 𝑷
𝛾
⊤
⊤
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
7

Given two posets 𝐶, ≤ and 𝒜, ⊑
Best abstraction (ie. most precise) iff Galois Connection
𝐶, ≤
∀𝑃 ∈ 𝐶, ∀𝑄 ∈ 𝒜,
𝛾
𝛼
𝒜, ⊑
𝛼 𝑃 ⊑ 𝑄 ⟺ 𝑃 ≤ 𝛾(𝑄)
⟹
Soundness
Optimality ⟸
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
8

1.
x ∈ [1, 10]
2.
y = 0
approximation of the
x ≤ 5
x > 5
3.
abstract state at each
control point
y = 2

4.
Print y
Goal
Find an over-
Equations (fixpoint)
 𝑎2 = 𝑥 > 5 𝑎1
 𝑎3 = 𝑥 ≤ 5 𝑎1
 𝑎4 = 𝑎2 ⊔ 𝑎3
9
1.
x ∈ [1, 10]
x ≤ 5
x > 5
2.
y = 0
4.

3.
y = 2
Inferred invariants :

𝑥1 ∈ 1,10 ,
𝑦1 ∈ ] − ∞, +∞[

𝑥2 ∈ 6,10 ,
𝑦2 ∈ [0,0]

𝑥3 ∈ 1,5 ,
𝑦3 ∈ [2,2]

𝑥4 ∈ 1,5 ⊔ 6,10 = [1,10]
𝑦4 ∈ 0,0 ⊔ 2,2 = [0,2]
Print y
10
The mathematics behind probabilities
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
11

Ω, ℰ, 𝜇 is called a measurable space when :
 Ω : set of all possible scenarios
 Ω = 𝑡𝑎𝑖𝑙, ℎ𝑒𝑎𝑑𝑠
 An event 𝐸 ∈ 𝒫(Ω) is a set of scenarios
 ℰ ∈ 𝒫(𝒫 Ω ) : set of observable events
▪ Ω∈ℰ
▪ Stable by complementation and countable union
 μ ∶ ℰ ⟶ [0,1] : measure
[ 𝜇 𝐸 = 𝑃𝑟𝑜𝑏(𝐸) ]
▪ 𝜇 ∅ = 0 and 𝜇 Ω = 1
▪ (𝐴𝑖 )𝑖 ∈ ℕ countable family of disjoint events, then
𝜇 ∪ 𝑖 𝐴𝑖 =
 ℰ=𝒫 Ω
 ∀𝜔 ∈ Ω,
𝜇 {𝜔} = 1/8
𝜇(𝐴𝑖 )
𝑖
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
12
3

Probability of an event 𝐴 ∈ ℰ:
𝑃 𝐴 =𝜇 𝐴 =
Characteristic
function of 𝐴
𝜒𝐴 𝜔 𝑑𝜇 𝜔
𝜔∈Ω
𝜔1
EXAMPLE
𝜔2
 3 throws of non-biased coins
▪ Ω = 𝑡𝑎𝑖𝑙, ℎ𝑒𝑎𝑑𝑠 3
▪ ℰ=𝒫 Ω
▪ ∀𝜔 ∈ Ω, 𝜇 {𝜔} = 1/8
 𝐸=
𝑐𝑜𝑖𝑛1 = 𝑡𝑎𝑖𝑙
𝑐𝑜𝑖𝑛3 = ℎ𝑒𝑎𝑑𝑠
𝜔3
𝜔4
𝜔5
𝜔6
𝜇
= 1/4
𝜔7
𝜔8
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
13
𝐸, ℰ,∙ and 𝐹, ℱ,∙ measurable spaces.
𝑋: 𝐸 ↣ 𝐹 is measurable iff
∀𝐵 ∈ ℱ,
𝑋 −1 𝐵 ∈ ℰ
Meaning:
 ∀𝜔 ∈ Ω, an action 𝑋(𝜔) happens
 𝐵 ∈ ℱ : observable set of actions
 𝑋 measurable : if you can observe a set of actions,
then you can observe the “parent” scenarios
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
14
X: E, ℰ, μ ↣ F, ℱ,∙ measurable. The distribution
𝑿(𝝁) of X is a measure on F :
∀𝐵 ∈ ℱ,
X μ 𝐵 = μ X −1 𝐵
Meaning:
Probability (actions 𝑩)
=
Probability (“parent” scenarios)
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
15
UNIFORM DISTRIBUTION ON [1,5]
𝑿: 𝛀 ↣ ℕ
GAUSSIAN DISTRIBUTION
𝑿: 𝛀 ↣ ℕ
0.3
1
0.25
0.8
0.2
0.6
0.15
0.4
0.1
0.2
0.05
0
0
{1}
{2}
{3}
{4}
{5}
{1}
…
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
16
Probability of 𝐴 under condition 𝐵
𝑃 𝐴∩𝐵
𝑃 𝐴 𝐵) =
, 𝑤ℎ𝑒𝑛 𝑃 𝐵 ≠ 0
𝑃 𝐵
Example:
𝑃 𝑤ℎ𝑖𝑠𝑡𝑙𝑖𝑛𝑔 ∧ 𝑐𝑦𝑐𝑙𝑖𝑛𝑔
𝑃 𝑤ℎ𝑖𝑠𝑡𝑙𝑖𝑛𝑔 𝑐𝑦𝑐𝑙𝑖𝑛𝑔) =
𝑃 𝑐𝑦𝑐𝑙𝑖𝑛𝑔
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
17
Getting the idea on a simple example
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
18
x = 0 2/3 ⊕1/3 x = 1
if (x = 0)
y = 2 1/4 ⊕3/4 y = 4
else
y = 1 1/5 ⊕4/5 y = 3
3 probabilistic choices
 Ω𝑃 = 𝑙𝑒𝑓𝑡, 𝑟𝑖𝑔ℎ𝑡 3
 Events ℰ

𝒍, 𝒍, 𝑙 , 𝒍, 𝒍, 𝑟
 { 𝒍, 𝒓, 𝑙 , (𝒍, 𝒓, 𝑟)}
 { 𝒓, 𝑙, 𝒍 , (𝒓, 𝑟, 𝒍)}
 { 𝒓, 𝑙, 𝒓 , (𝒓, 𝑟, 𝒓)}
𝜇
𝜇
𝜇
𝜇
..
..
..
..
=2
=2
=1
=1
3∗1
3∗3
3∗1
3∗4
4
4
5
5
Semantic point of view :
 Non-probabilistic semantic domain: 𝒟 = trace semantics
 𝑆𝑝 𝑃 ∶ Ω𝑃 ↣ 𝒟
∀𝜔 ∈ Ω𝑃 , 𝑆𝑝 𝑃 𝜔 = traces for this scenario
 A semantic property is some Γ ∈ 𝒫(𝒟)
 𝑆𝑝 𝑃 𝜇 : 𝒫 𝒟 ⟶ [0,1] distribution gives the probability of a property
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
19
Our concrete probabilistic semantics
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
20

In non-probabilistic setting:
 Semantic domain 𝒟, ≼
 Properties of programs are some Γ ∈ 𝒫(𝒟)
 For a program 𝑃, ∃𝐹: 𝒫 𝒟 ⟶ 𝒫 𝒟
𝑆 𝑃 = 𝑙𝑓𝑝⊆ 𝐹

Properties are abstracted
𝒫 𝒟 , ⊆ ⇆ 𝒜, ⊑
Abstract 𝐹 to 𝐹: 𝒜 ⟶ 𝒜 and find / over-approximate
𝑆 𝑃 = 𝑙𝑓𝑝⊑ 𝐹
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
21
Scenarios space Ω𝑃
𝜔1
𝜔1 ↦ 𝑑1 ∈ 𝒟
𝜔2
𝜔 2 ↦ 𝑑2 ∈ 𝒟
Program semantics
...
...
Nonprobabilistic
semantics
𝑺𝒑 𝑷 ∶ 𝛀𝑷 ↣ 𝓓
For each scenario,
a non-probabilistic fixpoint semantics:
∀𝜔 ∈ Ω,
Let 𝐹Ω ∶
𝑆𝑝 𝑃 𝜔 = 𝑙𝑓𝑝⊑ 𝐹𝜔
Ω𝑃 → 𝒟
𝑠
⟶
⟼
Ω𝑃 → 𝒟
𝜔 ↦ 𝐹𝜔 (𝑠 𝜔 )
Probabilistic semantics :
𝑺𝒑 𝑷 = 𝒍𝒇𝒑⊑ 𝑭𝛀
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
22
Already has probability information !
𝑺𝒑 𝑷 ∶ 𝛀𝑷 ↣ 𝓓
Given 𝜴𝑷 , 𝓔, 𝝁
Observable events
ℰ ⊆ 𝒫 Ω𝑃

𝜇 ∶ ℰ ⟶ [0,1]
Probability of an event



Observable properties
ℱ ⊆ 𝒫(𝒟)
𝑆𝑝 𝑃 𝜇 ∶ ℱ ⟶ [0,1]
Probability of a property
𝑆𝑝 𝑃 cannot say anything on
properties outside ℱ.
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
23

Precise formal setting

The most general setting
 Can express any probabilistic situation
 Usual proof methods are easily adapted

Separates probabilities from semantics
 𝜇 is independent from the semantics 𝑆𝑝 𝑃
 Abstractions can be made on either side
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
24
Many semantics can describe the same situation. So
pick only one representation using a :
Sanity Checker
𝑉: Ω𝑃 → 𝒟 ⟶ {𝑇𝑟𝑢𝑒, 𝐹𝑎𝑙𝑠𝑒}
For instance in the 3 coins flips case :

Semantics 𝑆𝑝 𝑃 ∶ Ω𝑃 ↣ 𝒟. But...
∀𝜎 ∈ 𝝅 Ω𝑃 , 𝑙𝑒𝑡 𝑆𝑝𝜎 𝑃 = 𝑆𝑝 𝑃 ∘ 𝜎
𝑆𝑝𝜎 𝑃 is acceptable too
Concrete Domain: 𝒫𝒟𝑝𝑉 = 𝒫 𝑠: Ω𝑃 ↣ 𝒟 𝑉 𝑠 }
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
25
Concrete Domain : 𝒫𝒟𝑝𝑉 = 𝒫 𝑠: Ω𝑃 ↣ 𝒟 𝑉 𝑠 }
𝑺
𝑺′
⊑
⊑
𝒔 is more precise
on each scenario
∀𝑆, 𝑆 ′ ∈ 𝒫𝒟𝑝𝑉 ,
𝑆 ⊑ 𝑆 ′ ⟺ ∀𝑠 ∈ 𝑆, ∃𝑠 ′ ∈ 𝑆 ′ , 𝑠 ⊑ 𝑠′
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
26
“Abstraction is real, probably more real than nature”
Josef Albers
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
27

3 possible abstractions of 𝒫𝒟𝑝𝑉 ⊆ Ω𝑃 ↣ 𝒟
 Abstract the probabilities, ie. on Ω𝑃 side
 Abstract the semantics, ie. on 𝒟 side
 Abstract the functions, ie. take their distribution
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
28
Abstract away probability details
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
29
𝑺𝒑 𝑷 ∶ 𝛀𝑷
𝒒
𝒟
𝜶𝛀
𝛀𝑷 ′
𝒟
𝜔1
𝜔2
𝝎𝟏 ′
𝜔3
𝜔4
𝜔2 ′
𝜔5
⟼
𝒅𝟏 ⊔ 𝒅𝟐
⊔ 𝒅𝟑
𝑑1
𝑑2
𝑑3
𝑑4
𝑑4
𝜔3 ′
𝑑5
𝑑5
𝜔6
𝜔4 ′
𝑑6
𝑑6
𝜔7
𝜔5 ′
𝑑7
𝑑7
Everything is
lifted by 𝒒
 𝒒 is measurable
 𝝁 ⇢ 𝝁 ∘ 𝒒−𝟏
(𝒒-distribution)
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
30
x ==00 2/3
x = 1
[x
□⊕
x 1/3
= 1]
if (x = 0)
[yy==22 1/4
⊕⊕
3/4
1/4
3/4 yy==44
□
else
y y
= =
1 11/51/5
⊕4/5
y y
= 3]
⊕4/5
= 3
𝑞 “forgets” probabilistic choice for x :

 𝑞 ∶ 𝑙, 𝑟 3 ↣ 𝑙, 𝑟 2
 𝑞 𝑎, 𝑏, 𝑐 = (𝑏, 𝑐)

Observable events ?
 Observable event : set of actions whose
 Events ℰ

𝒍, 𝑙, 𝑙 , 𝒍, 𝑙, 𝑟
 { 𝒍, 𝑟, 𝑙 , (𝒍, 𝑟, 𝑟)}
 { 𝒓, 𝑙, 𝑙 , (𝒓, 𝑟, 𝑙)}
 { 𝒓, 𝑙, 𝑟 , (𝒓, 𝑟, 𝑟)}
causes are observable scenarios
 But does not exist with this 𝑞 !
 Probabilistic properties depending on x
are not observable

Probabilistic properties independent
from x are still observable
Non-determinism = abstraction of probabilistic choice
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
31
 If Ω′𝑃
′
= singleton = {𝜔 }
 Still sound (every scenario
output has been joined)
 No more probabilities
𝜔1
𝑞
𝜔2
𝜔3
𝜔′
𝜔4
𝜔5
…
Brings back to the usual Abstract
Interpretation setting
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
32
Lift an existing static analysis to the probabilistic
setting
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
33

Hypothesis :
𝒫 𝒟 , ⊆ ⇆ 𝒜, ⊑
We have the semantics :
𝑆𝑝 𝑃 ∶ Ω𝑃 ↣ 𝒟
𝒫(𝛀𝑷 ⟶ 𝓟(𝓓)) !
And the semantic domain :
𝒫𝒟𝑝𝑉 ≈ 𝒫(Ω𝑃 ↣ 𝒟)
𝛀𝑷 ⟶ 𝓟(𝓓) ?

How to make 𝓟(𝓓) appear ?
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
34
𝑺𝒑 𝑷 ∶ 𝛀𝑷
𝝎
⟶
𝓓
⟼ 𝑺𝒑 𝑷 (𝝎)
𝓟(𝛀𝑷 ↣ 𝓓)
𝜶𝒫 (𝑺𝒑 𝑷 ) ∶ 𝛀𝑷
𝝎
𝜶𝒫
⟶
⟼
𝓟(𝓓)
{𝑺𝒑 𝑷 𝝎 }
𝓟(𝛀𝑷 ↣ 𝓟(𝓓))
𝜶𝓐
Finally, an abstraction saying :
« In scenario 𝝎, abstract
property 𝑺 𝑷 (𝝎) is verified »
𝓟(𝛀𝑷 ↣ 𝓐)
𝜶𝓐 𝝎 ↦ 𝚪𝝎 ∶ 𝛀𝑷
𝝎
⟶
⟼
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
𝒜
𝜶(𝚪𝝎 )
35
Control flow estimation
Probabilistic semantics :
Abstraction :
Keep labels only 1. x = rand(1,3)
𝑥=1
𝑦 = 0 4,
𝑧=0
𝑥=1
𝑦=0
𝑧=0
𝜔2 ↦ 1, 𝑥 = 2 2,
𝑥=2
𝑦 = 0 4,
𝑧=0
𝑥=2
𝑦=0
𝑧=0
𝜔3 ↦ 1, 𝑥 = 3 3,
𝑥=3
𝑦 = 1 4,
𝑧=1
𝑥=3
𝑦=1
𝑧=1
𝜔1 ↦ 1, 𝑥 = 1 2,
𝑥≤2
𝑥>2
2. y = 0,
z = 0
3. y = 1,
z = 1
4. ...
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
36
Abstract measurable functions into their distribution
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
37

Abstract semantics
𝑆 𝑃 ∶ Ω𝑃 ↣ 𝒜
𝜶𝓛
For 𝑄 ∈ 𝒜,
↓ 𝑄 = 𝑄′ ∈ 𝒜 𝑄′ ⊑ 𝑄}
1
𝓐
Semantics distribution :
𝑆 𝑃 𝜇 ∶ 𝒫 𝒜 ↣ [0,1]

0.6
0.1
↓ 𝑸0.2
Information we want
𝑺 𝑷 𝝁 (↓ 𝑸)
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
38
𝓐
𝓐
≼
Let 𝑙1 and 𝑙2 be two distributions,
𝑙1 ≼ 𝑙2
⟺
∀𝑄 ∈ 𝒜, 𝑙1 ↓ 𝑄 ≥ 𝑙2 (↓ 𝑄)
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
39

Transfer functions can be expressed as:
𝐹 ∶ Ω𝑃 ⟶ (𝒜 → 𝒜)

For 𝑠 ∶ Ω𝑃 → 𝒜, and Λ ∈ 𝒫(𝒜)
𝑃 𝐹(𝑠) ∈ Λ =
𝜔∈Ω𝑃

𝜒Λ 𝐹𝜔 (𝑠 𝜔 ) 𝑑𝜇(𝜔)
But: in the abstract, just the distribution of 𝑠
 If 𝐹 does not depend on 𝜔, then easy computation with just the
𝑠 distribution
 Otherwise, back to the concretisations (thus the precision of the
sanity checker is important!)
 Too hard to compute? Over-approximate
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
40
1
x = 0 2/3 ⊕1/3 x = 1
if (x = 0)
y = 2 1/4 ⊕3/4 y = 4
else
y = 1 1/5 ⊕4/5 y = 3
Our abstract domain :
The final
distribution
⊤
2/3
2/3
x = 0
y even
1/3
y odd
1/3
x = 1
x = 0
y odd
x = 1
y even
1/3
x = 1
y odd
2/3
x = 0
y even
⊥
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
41
Iteration in the abstract, composing the abstractions
Branching estimation
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
42
Goal : Finding abstract distributions
𝒫 𝒜 ⟶ [0,1] automatically

Transfer functions : OK

Branching
If (Cond)
p
𝑃 Γ = 𝑃(Γ ∩ 𝑙𝑒𝑓𝑡) + 𝑃(Γ ∩ 𝑟𝑖𝑔ℎ𝑡)
1-p
1
2
= 𝑝 𝑃 Γ 𝑙𝑒𝑓𝑡) + 1 − 𝑝 𝑃 Γ 𝑟𝑖𝑔ℎ𝑡)
Computed in 1
Computed in 2
...
Essential to estimate 𝒑
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
43
Branching with respect to a condition « Cond »
Let ℱ denote the observable actions in 𝒜, and 𝑝
the probability of branching left

Then, 2 cases :
 Cond = true is equivalent to a 𝐶 ∈ ℱ
▪ At the test location, the analysis discovered a distribution 𝜈,
then 𝜈 𝐶 ≤ 𝑝
▪ If ∃𝐶 ∈ ℱ, Cond = 𝑓𝑎𝑙𝑠𝑒 ↭ 𝐶, then 1 − 𝜈 𝐶 ≥ 𝑝
 Otherwise, nothing can be said : 𝑝 ∈ [0,1]
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
44
x = 0 2/3 ⊕1/3 x = 1
if (x = 0)
y = 2 1/4 ⊕3/4 y = 4
else
y = 1 1/5 ⊕4/5 y = 3

𝑃 𝑥 = 0 = 2/3
𝑃 𝑥 ≠ 0 = 1/3
Tight bound on branching probability :
2/3 & 1/3
At the end :
𝑃 𝑦 𝑒𝑣𝑒𝑛 = 𝑃 𝑦 𝑒𝑣𝑒𝑛 ∩ 𝑥 = 0 + 𝑃(𝑦 𝑒𝑣𝑒𝑛 ∩ 𝑥 ≠ 0)
2
1
= 𝑃 𝑦 𝑒𝑣𝑒𝑛 𝑥 = 0) + 𝑃 𝑦 𝑒𝑣𝑒𝑛 𝑥 = 1)
3
3
2
1
= ∙1+ ∙0
3
3
The abstract transfer function for If-Else on
2
the distribution has been computed
=
3
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
45
 Same thing with Cond for branching
 But it may depend on the number of
iterations too
while (Cond)
body
Goal: Determine an over-approximating transfer function as precise as
possible

2 main cases :
 Known influence of the body on the distribution and on
the branching : mathematical formula for the new
distribution
 Unknown influence : unroll until branching probability is
small (or after N loops) and then over-approximate
possible remaining loop iterations [widening]
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
46
Probabilities at location 2 :
0. loop = 0
1. x = 0 1/3 ⊕2/3 x = 1
2. while (x = 0)
3.
x = 0 1/4 ⊕3/4 x = 1
4.
loop++

𝑃 𝑥2 = 0 ∧ 𝑙𝑜𝑜𝑝2 = 0 = 1/3
𝑃 𝑥2 = 1 ∧ 𝑙𝑜𝑜𝑝2 = 0 = 2/3
𝑃 𝑥2 = 0 ∧ 𝑙𝑜𝑜𝑝2 = 1 = 1 3 ∗ 1 4
𝑃 𝑥2 = 1 ∧ 𝑙𝑜𝑜𝑝2 = 1 = 1 3 ∗ 3/4
How to infer that ?
𝑃 𝑥2 = 𝑏 ∧ 𝑙𝑜𝑜𝑝2 = 𝑖 = 𝑃(𝑥4 = 𝑏 ∧ 𝑙𝑜𝑜𝑝4 = 𝑖 − 1)
= 𝑃 𝑥4 = 𝑏 ∙ 𝑃(𝑙𝑜𝑜𝑝2 = 𝑖 − 1)
Easy recurrence equation
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
47
On probabilistic static analysis
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
48

Works towards probabilistic Abstract Interpretation:
 ≈ abstraction of Law-abstraction [Monniaux ‘00]
 Mean behavior (not “sound”) [Wiklicky ‘02]

Probabilistic Model Checking [Kucera, 10]

Weakest precondition semantics [McIver ’97]
Conjecture:
Abstractions expressible in our framework
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
49
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
50

More precise Law-style abstractions (relational
abstractions)

More precise techniques to predict branching

Consider other abstractions for While loops to
make their over-approximation more precise

Implementation & Experimentation

Non-Galois setting
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
51

New probabilistic extension of Abstract Interpretation

New way to express probabilistic semantics

New ways to design probabilistic static analyses

Lift classical static analyses to a probabilistic setting

The precision of probabilistic and semantic
abstractions are independent

Very expressive, and precision can be adjusted by
abstractions
Probabilistic Abstract Interpretation - Patrick Cousot, Michael Monerau
52