summaryrefslogtreecommitdiff
path: root/doc/enonce.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/enonce.html')
-rw-r--r--doc/enonce.html170
1 files changed, 170 insertions, 0 deletions
diff --git a/doc/enonce.html b/doc/enonce.html
new file mode 100644
index 0000000..f9948e6
--- /dev/null
+++ b/doc/enonce.html
@@ -0,0 +1,170 @@
+<!-- -*- ispell-local-dictionary: "english" -*- -->
+<html><head>
+<title>Semantics and application to program verification, École normale supérieure, 2013-2014</title>
+<meta name="author" content="Antoine Mine">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link rel="Stylesheet" title="Stylesheet" type="text/css" href="enonce_files/preferred.css">
+<script src="enonce_files/main.js" type="text/javascript"></script>
+</head>
+<body>
+
+<h1>Semantics and application to program verification</h1>
+
+<div id="main">
+
+<h2>Project</h2>
+
+<p>
+The goal of the project is to write a simple static analyzer by abstract
+ interpretation in OCaml to discover automatically numeric invariants
+about the variables of programs written in a simple programming
+language.
+
+</p><p>
+The project is due on the day of the exam, on <b>May the 28th</b>.
+The project should be sent by email to the teachers.
+
+</p><h3>Result</h3>
+
+<p>
+For the project, you should deliver an archive that contains the following items:
+</p><ul>
+<li> the source code of the static analyzer, well-commented and complete with a Makefile;
+</li><li> a report of 4 pages or more that describes the language
+features supported, the choices in semantics and implementation (if
+any), the usage of the analyzer; it must also discuss the result of a
+few analysis tests (we provide some <a href="#testing">tests</a> that you can use).
+</li></ul>
+
+
+<h3><a name="features">Required features</a></h3>
+
+<h4>Input language</h4>
+
+<p>
+The input language can be based on the language used in the lab session,
+ or you can design your own language with similar features.
+To get started, you can download the <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/codeV1x.tgz">codeV1x.tgz</a> package (see the <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/denotational.html#syntax">first practical session</a> for an explanation of the syntax of the language).
+
+</p><p>
+More precisely, the language must feature at least:
+</p><ul>
+<li> blocks (nested sequences of instructions);
+</li><li> declarations of variables of integer type, with proper scoping with respect to blocks <span class="com">(to simplify, you can assume that all variable names are distinct)</span>;
+</li><li> assignments of integer expressions, with the standard arithmetic operators: <tt>+</tt>, <tt>-</tt>, <tt>*</tt> <span class="com">(and optionally division <tt>/</tt> and modulo <tt>%</tt>)</span>;
+</li><li> if-then-else instructions, using boolean expressions containing integer comparisons (<tt>==</tt>, <tt>!=</tt>, <tt>&lt;</tt>, <tt>&gt;</tt>, <tt>&lt;=</tt>, <tt>&gt;=</tt>) and boolean operators (<tt>&amp;&amp;</tt>, <tt>||</tt>, <tt>!</tt>) <span class="com">(support for boolean variables is not required)</span>;
+</li><li> while loops;
+</li><li> a non-deterministic operation, such as <tt>rand(l,h)</tt> in integer expressions;
+</li><li> an <tt>assert</tt> instruction, that checks the validity of a boolean expression;
+</li><li> a <tt>print</tt> instruction, that takes as argument a list of variables and prints their value.
+</li></ul>
+
+<p>
+<span class="com">(You are free to reject programs using other language
+constructions, such as functions, non-integer variable declarations,
+gotos, etc.)</span>
+
+</p><h4>Analysis</h4>
+
+<p>
+The analyzer should contain an iterator that analyzes the program
+forwards, by induction on the abstract syntax tree.
+Loops can be unrolled a fixed number of times (e.g., 3 times), but you
+should ultimately use iterations with widening in order to always
+terminate for domains with infinite increasing chains.
+To increase the precision, the first few (e.g., 3) applications of the
+widening may be replaced with a join.
+
+</p><p>
+The analysis should be parametric in the choice of a numeric abstract domain.
+At least the <b>three</b> following domains must be provided:
+</p><ul>
+<li> the <b>constant domain</b>, that you should implement yourself;
+</li><li> the <b>interval domain</b>, that you should also implement yourself;
+</li><li> the <b>polyhedra domain</b>, which calls the <a href="http://apron.cri.ensmp.fr/library/0.9.10/mlapronidl">Apron library</a> to perform the abstract operations <span class="com">(you are not asked to implement the polyhedra operators yourself)</span>.
+</li></ul>
+
+<p>
+Depending on the domain, at least the following kinds of expressions should be handled precisely:
+</p><ul>
+<li> in assignments: all arithmetic expressions for the constant and interval domains; affine expressions for polyhedra;
+</li><li> in the conditions of if-then-else and while instructions: for
+polyhedra, boolean formulas whose atoms are affine constraints; for
+constants and intervals, boolean formulas whose atoms are simple
+comparisons between two variables or between a variable and a constant.
+</li></ul>
+
+<p>
+All the expressions allowed in the program syntax must be handled (no
+"not implemented" exception); however, any expression not belonging to
+the above categories may be handled in a coarse way (e.g., considering
+assignments as non-deterministic and ignoring conditions).
+
+</p><h4>Output</h4>
+
+<p>
+The analysis should at least output a textual file containing:
+</p><ul>
+<li> a list of the assertions that cannot be proved to hold, and their location;
+</li><li> for each <tt>print</tt> instruction, the invariant found for the specified variables at the location of the instruction.
+</li></ul>
+
+<p>
+For debugging, it can be useful to implement a <i>trace mode</i> that outputs the abstract element computed at each step of the analysis.
+
+</p><h4><a name="testing">Tests</a></h4>
+
+<p>
+To help you test your analyzer, we provide a <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/tests.tgz">set of small test programs</a>,
+ written in the small language used in the practical sessions.
+We also provide the output of their analysis using our reference
+analyzer, so that you can easily check the correctness and the precision
+ of your analyzer.
+
+</p><h3><a name="extensions">Extensions</a></h3>
+
+<p>
+In addition to the mandatory features described above, you may implement one or several extensions, such as for instance:
+</p><ul>
+<li> functions and function calls <span class="com">(without recursion)</span>;
+</li><li> checks for arithmetic overflows and divisions by zero errors in expressions;
+</li><li> other numeric abstract domains <span class="com">(such as non-relational integer congruences, or linear equalities)</span>;
+</li><li> several types of numeric variables <span class="com">(such as rationals or floating-point numbers, which are supported directly by Apron)</span>;
+</li><li> boolean variables <span class="com">(you can handle them as integer variables that can only take two values: 0 for false, and 1 for true)</span>;
+</li><li> arrays <span class="com">(each array can be abstracted by a single variable, and assignments result in weak updates);
+</span></li><li> non-local control-flow instructions, such as <tt>break</tt> and <tt>continue</tt> in loops, forward <tt>goto</tt>, or even arbitrary <tt>goto</tt>;
+</li><li> a backward analysis <span class="com">(find necessary conditions on the start of the program so that all assertions are satisfied)</span>;
+</li><li> a nicer presentation for the output of the analysis, such as a graphical visualisation of numeric invariants <span class="com">(particularly useful for polyhedra in 2D or 3D)</span>;
+</li><li> any extension of your choice.
+</li></ul>
+
+<h3><a name="doc">Resources</a></h3>
+
+<h4>Files</h4>
+<ul>
+<li> <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/codeV1x.tgz">codeV1x.tgz</a>: language parser;
+</li><li> <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/tests.tgz">tests.tgz</a>: some programs to test your analyzer.
+</li></ul>
+
+<h4>Documentation</h4>
+<ul>
+<li> <a href="http://caml.inria.fr/pub/docs/manual-ocaml"><b>OCaml</b></a> programming language;
+</li><li> <a href="http://gallium.inria.fr/%7Efpottier/menhir"><b>Menhir</b></a> parser generator;
+</li><li> <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/doc-zarith"><b>ZArith</b></a> arbitrary precision number library;
+</li><li> <a href="http://apron.cri.ensmp.fr/library/0.9.10/mlapronidl"><b>Apron</b></a> abstract domain library;
+</li><li> <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/doc-mapext/index.html"><b>Mapext</b></a> maps with some additional useful functions (the source code is included in the <a href="http://www.di.ens.fr/%7Emine/enseignement/l3/codeV1x.tgz">codeV1x.tgz</a> bundle).
+</li></ul>
+
+<p>
+</p><hr>
+<br>
+<p>
+Author: <a href="http://www.di.ens.fr/%7Emine">Antoine Miné</a>
+<br><br>
+
+</p></div>
+
+
+
+
+</body></html> \ No newline at end of file