# Abstract Interpretation

To prove program correctness using *axiomatic semantics*, i.e., Hoare logic, we need to provide *loop invariants*, which as we have seen, can be a difficult and error-prone process.
Thus, axiomatic semantics, while extremely powerful and used in many verification tools, e.g., Microsoft Dafny, is not an automatic, push-button approach.
In addition, axiomatic semantic approach relies on checking validity of verification conditions.
For complex programs, this checking process can be very expensive and in many cases not feasible.

In this lecture, we will look at *abstract interpretation*, a verification approach that attempts to address the limiations of requiring loop invariants and expensive formula checkings.


## Domain Example:  {Zero, Odd, Even} over Natural numbers


- Maps from concrete natural numbers to either {0, odd (nat), even (nat)} 
- Examples:  5 -> odd  , 4 ->  even ,  0 -> 0

In [13]:
def mult(A,B):
    // P = {A >= 0 and B >= 0}
    x = A
    y = B
    z = 0
    // L1
    while x > 0:
        if x % 2 == 1:
            z = z + y 
        x = x // 2
        y = y * 2;
        // L2

    #// L3
    return z


- Consider the `mult` example below that multiply two natural numbers $A, B$.  Our goal is to find, at the end of the program, at location `L3`, the values of $x, y, z$ using the abstract domains **{Zero, Odd, Even}** over natural numbers.


- Case:  `A = odd, B = odd`

|      |loc | x | y | z |
|:---  |:--- |:---:|:---:|:---:|
| Init                   | L1 | odd     | odd  | odd  |
|Iter 1||||
| begin |L2 | odd     | odd  | odd  |
| case 1: x is odd  | L3 | $\top$  | even | odd  |
| case 2: x is even (not possible)|L3| $\bot$| $\bot$ | $\bot$|
| union of cases | L3 | $\top$ | even | odd|
| if loop exits| L4| 0 | even | odd |
|Iter 2||||
| begin |L2 | $\top$     | even  | odd  |
| case 1: x is odd  | L3 | $\top$  | even | odd  |
| case 2: x is even | L3| odd/even | even | odd |
| union of cases | L3 | $\top$ | even | odd|
| if loop loop exits| L4| 0 | even | odd |
|Iter 3: begin same as iter 2: fixed point||||
| begin |L2 | $\top$     | even  | odd  |
|Final results |||
| union of loop exits | L4 | 0 | even | odd


    

Abstract transformers

| $>$|    |    |    | 
|:--:|:--:|:--:|:---:
|    | 0  | odd| even
|0   | f  | f  | f   
|odd | t  | t/f| t/f 
|even| t  | t/f| t/f 


| $+$|    |    |    |
|:--:|:--:|:--:|:---:
|    | 0  | odd | even
|0   | 0  | odd | even
|odd | 0  | even| odd 
|even| 0  | odd | even



Resources
- http://www2.informatik.uni-freiburg.de/~heizmann/ProgramVerification/slides/20111025-Tue.pdf
