1 / 49

# 第十讲 基于格理论的数据流分析 - PowerPoint PPT Presentation

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' 第十讲 基于格理论的数据流分析' - luisa

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

S1; S2 的分析结果与 S2; S1 的结果相同

pred(v)是指该点直接前面点的集合

succ(v)是指该点直接后面点的集合

[vi] = Fi([v1], . . . , [vn])

F(x1, . . . , xn) = (F1(x1, . . . , xn), . . . , Fn(x1, . . . , xn))

x = (⊥, . . . , ⊥);

do {

t = x;

x = F(x);

} while (x  t);

x1 = ⊥; . . . ; xn = ⊥;

do {

t1 = x1; . . .; tn = xn;

x1 = F1(x1, . . . , xn);

. . .

xn = Fn(x1, . . . , xn);

} while (x1 t1 ∨ . . . ∨ xn tn);

X1:第i个结点结束时

x1 = ⊥; . . . ; xn = ⊥;

q = [v1, . . . , vn];

while (q  []) {

assume q = [vi, . . .];

y = Fi(x1, . . . , xn);

q = q.tail();

if (y  xi) {

for (v ∈ dep(vi)) q.append(v);

xi = y;

}

}

dep(vi)是被Vi影响的点的集合

L = (2{x,y,z},⊆)

var x, y, z;

x = input;

while (x>1) {

y = x/2;

if (y>3) x = x-y;

z = x-4;

if (z>0) x = x/2;

z = z-1;

}

output x;

{x, y, z}

{x, y} {x, z} {y, z}

{x} {y} {z}

{}

What’s the meaning?

[v] 代表在该结点前活跃的程序变量集

JOIN(v) = ∪ [w]

w∈succ(v)

“\” 表示减去：原来的值不再起作用

F(x1, . . . , xn)

Program

Constraints

[var x,y,z;] = [x=input] \ {x, y, z}

[x=input] = [x>1] \ {x}

[x>1] = ([y=x/2] ∪ [output x]) ∪ {x}

[y=x/2] = ([y>3] \ {y}) ∪ {x}

[y>3] = [x=x-y] ∪ [z=x-4] ∪ {y}

[x=x-y] = ([z=x-4] \ {x}) ∪ {x, y}

[z=x-4] = ([z>0] \ {z}) ∪ {x}

[z>0] = [x=x/2] ∪ [z=z-1] ∪ {z}

[x=x/2] = ([z=z-1] \ {x}) ∪ {x}

[z=z-1] = ([x>1] \ {z}) ∪ {z}

[output x] = [exit] ∪ {x}

[exit] = {}

var x, y, z;

x = input;

while (x>1) {

y = x/2;

if (y>3)

x = x-y;

z = x-4;

if (z>0)

x = x/2;

z = z-1; }

output x;

Constraints

[entry] = {}

[var x, y, z;] = {}

[x=input] = {}

[x>1] = {x}

[y=x/2] = {x}

[y>3] = {x, y}

[x=x-y] = {x, y}

[z=x-4] = {x}

[z>0] = {x, z}

[x=x/2] = {x, z}

[z=z-1] = {z}

[output x] = {x}

[exit] = {}

[entry] = {}

[var x, y, z;] = {}

[x=input] = {}

[x>1] = {}

[y=x/2] = {}

[y>3] = {}

[x=x-y] = {}

[z=x-4] = {}

[z>0] = {}

[x=x/2] = {}

[z=z-1] = {}

[output x] = {}

[exit] = {}

[var x,y,z;] = [x=input] \ {x, y, z}

[x=input] = [x>1] \ {x}

[x>1] = ([y=x/2] ∪ [output x]) ∪ {x}

[y=x/2] = ([y>3] \ {y}) ∪ {x}

[y>3] = [x=x-y] ∪ [z=x-4] ∪ {y}

[x=x-y] = ([z=x-4] \ {x}) ∪ {x, y}

[z=x-4] = ([z>0] \ {z}) ∪ {x}

[z>0] = [x=x/2] ∪ [z=z-1] ∪ {z}

[x=x/2] = ([z=z-1] \ {x}) ∪ {x}

[z=z-1] = ([x>1] \ {z}) ∪ {z}

[output x] = [exit] ∪ {x}

[exit] = {}

Constraints

[entry] = {}

[var x, y, z;] = {}

[x=input] = {}

[x>1] = {x}

[y=x/2] = {x}

[y>3] = {x, y}

[x=x-y] = {x, y}

[z=x-4] = {x}

[z>0] = {x, z}

[x=x/2] = {x, z}

[z=z-1] = {x, z}

[output x] = {x}

[exit] = {}

[entry] = {}

[var x, y, z;] = {}

[x=input] = {}

[x>1] = {x}

[y=x/2] = {x}

[y>3] = {x, y}

[x=x-y] = {x, y}

[z=x-4] = {x}

[z>0] = {x, z}

[x=x/2] = {x, z}

[z=z-1] = {z}

[output x] = {x}

[exit] = {}

[var x,y,z;] = [x=input] \ {x, y, z}

[x=input] = [x>1] \ {x}

[x>1] = ([y=x/2] ∪ [output x]) ∪ {x}

[y=x/2] = ([y>3] \ {y}) ∪ {x}

[y>3] = [x=x-y] ∪ [z=x-4] ∪ {y}

[x=x-y] = ([z=x-4] \ {x}) ∪ {x, y}

[z=x-4] = ([z>0] \ {z}) ∪ {x}

[z>0] = [x=x/2] ∪ [z=z-1] ∪ {z}

[x=x/2] = ([z=z-1] \ {x}) ∪ {x}

[z=z-1] = ([x>1] \ {z}) ∪ {z}

[output x] = [exit] ∪ {x}

[exit] = {}

Constraints

[entry] = {}

[var x, y, z;] = {}

[x=input] = {}

[x>1] = {x}

[y=x/2] = {x}

[y>3] = {x, y}

[x=x-y] = {x, y}

[z=x-4] = {x}

[z>0] = {x, z}

[x=x/2] = {x, z}

[z=z-1] = {x, z}

[output x] = {x}

[exit] = {}

[entry] = {}

[var x, y, z;] = {}

[x=input] = {}

[x>1] = {x}

[y=x/2] = {x}

[y>3] = {x, y}

[x=x-y] = {x, y}

[z=x-4] = {x}

[z>0] = {x, z}

[x=x/2] = {x, z}

[z=z-1] = {x, z}

[output x] = {x}

[exit] = {}

[var x,y,z;] = [x=input] \ {x, y, z}

[x=input] = [x>1] \ {x}

[x>1] = ([y=x/2] ∪ [output x]) ∪ {x}

[y=x/2] = ([y>3] \ {y}) ∪ {x}

[y>3] = [x=x-y] ∪ [z=x-4] ∪ {y}

[x=x-y] = ([z=x-4] \ {x}) ∪ {x, y}

[z=x-4] = ([z>0] \ {z}) ∪ {x}

[z>0] = [x=x/2] ∪ [z=z-1] ∪ {z}

[x=x/2] = ([z=z-1] \ {x}) ∪ {x}

[z=z-1] = ([x>1] \ {z}) ∪ {z}

[output x] = [exit] ∪ {x}

[exit] = {}

z = z-1 中的赋值从未被用过。

var x, y, z;

x = input;

while (x>1) {

y = x/2;

if (y>3) x = x-y;

z = x-4;

if (z>0) x = x/2;

z = z-1;

}

output x;

• var x,yz;
• x = input;
• while (x>1) {
• yz = x/2;
• if (yz>3) x = x-yz;
• yz = x-4;
• if (yz>0) x = x/2;
• }
• output x;

• var x, y, z, a, b;
• z = a+b;
• y = a*b;
• while (y > a+b) {
• a = a+1;
• x = a+b;
• }

• L = (2{a+b,a*b, y>a+b,a+1},⊇)

w∈pred(v)

↓id表示移除所有包含指向变量 id 的表达式

exps (intconst) = ∅

exps (id) = ∅

exps (input) = ∅

exps (E1opE2) = {E1 op E2} ∪ exps (E1) ∪ exps (E2)

op 是任何二元操作符

• var x, y, z, a, b;
• z = a+b;
• y = a*b;
• while (y > a+b) {
• a = a+1;
• x = a+b;
• }

[entry] = {}

[var x, y, z, a, b;] = [entry ]

[z=a+b] = exps(a+b) ↓z

[y=a*b] = ([x=a+b] ∪ exps(a*b)) ↓y

[y>a+b] = ([y=a*b] ∩ [x=a+b]) ∪ exps(y>a+b)

[a=a+1] = ([y>a+b] ∪ exps(a+1))↓a

[x=a+b] = ([a=a+1] ∪ exps(a+b))↓x

[exit] = [y>a+b]

• [entry] = {}
• [var x,y,z,a,b;] = {}
• [z=a+b] = {a+b}
• [y=a*b] = {a+b, a*b}
• [y>a+b] = {a+b, a*b, y>a+b}
• [a=a+1] = {}
• [x=a+b] = {a+b}
• [exit] = {a+b}

which confirms our assumptions about a+b.

• var x,y,z,a,b;
• z = a+b;
• y = a*b;
• while (y > a+b) {
• a = a+1;
• x = a+b;
• }
• var x, y, z, a, b, aplusb;
• aplusb = a+b;
• z = aplusb;
• y = a*b;
• while (y > aplusb) {
• a = a+1;
• aplusb = a+b;
• x = aplusb;
• }

JOIN(v) = ∩[w]

w∈succ(v)

[v] = JOIN(v)

• var x, a, b, atimesb;
• x = input;
• a = x-1;
• b = x-2;
• atimesb = a*b;
• while (x>0) {
• output atimesb - x;
• x = x-1;
• }
• output atimesb;

var x, a, b;

x = input;

a = x-1;

b = x-2;

while (x>0) {

output a*b - x;

x = x-1;

}

output a*b;

• var x, y, z;
• x = input;
• while (x>1) {
• y = x/2;
• if (y>3) x = x-y;
• z = x-4;
• if (z>0) x = x/2;
• z = z-1;
• }
• output x;

L = (2{x=input,y=x/2,x=x-y,z=x-4,x=x/2,z=z-1},⊆)

JOIN(v) = ∪ [w]

w∈pred(v)

[v] = JOIN(v)↓id ∪ {v}

[v] = JOIN(v)

var x, y, z;

x = input;

while (x>1) {

y = x/2;

if (y>3)

x = x-y;

z = x-4;

if (z>0)

x = x/2;

z = z-1; }

output x;

• 正向分析

• 可用表达式
• 可达定义
• 反向分析

• 活性
• 很忙表达式

• 可能分析

• 活性
• 可达定义
• 必须分析

• 可用表达式
• 很忙表示式

• 对于每个程序点，保证已初始化的变量集合
• 格是程序中变量的集合
• 初始化是过去的属性，需要用正向分析
• 是“必须”

[entry] = {}

[v] = ∩ [w] ∪ {id}

w∈pred(v)

[v] = ∩ [w]

w∈pred(v)

?

+ 0 –

• 如何决定各个表达式的符号 (+,0,-)?
• 可以解决的例子：是否除数是0
• 构造符号格:

⊥表示值未知

The full lattice for our analysis is the map lattice: Vars |→ Sign

where Vars is the set of variables occurring in the given program.

[v] = [id1 |→ ?, . . . , idn |→ ?]

w∈pred(v)

eval 对表达式进行抽象估计:

eval (α, id) = (id)

eval (α, intconst) = sign(intconst)

eval (α,E1 op E2) = opp’(eval (α,E1), eval (α,E2))

opp’给出一个操作的抽象估计（见下页）

+/+ 的分析结果是 ? 而不是 +，因为 1/2 被归到 0 中

?

+0 -0

+ 0 -

1

?

-3 -2 -1 0 1 2 3

var x,y,z;

x = 27;

y = input;

z = 54+y;

if (0)

{ y = z-3; }

else { y = 12; }

output y;

var y;

y = input;

output 12;

var x,y,z;

x = 27;

y = input;

z = 2*x+y;

if (x < 0)

{ y = z-3; }

else { y = 12; }

output y;

Interval = lift({[l, h] | l, h ∈ N ∧ l ≤ h})

[l1, h1] ⊑ [l2, h2] ⇔ l2 ≤ l1 ∧ h1 ≤ h2

[entry] = λ x.[−∞,∞]

[v] = JOIN(v) [id |→ eval (JOIN(v), E)]

[v] = JOIN(v)

JOIN(v) = ⊔ [w]

w∈pred(v)

eval 进行表达式的抽象估计：

• eval (α, id) = (id)
• eval (α, intconst) = [intconst, intconst]
• eval (α,E1 opE2) = opp’(eval (α, E1), eval (α, E2))
• 抽象算术操作定位为：
• opp’([l1, h1], [l2, h2]) =
• 抽象比较操作定位为：
• opp’([l1, h1], [l2, h2]) = [0, 1]

(F ◦w)i(⊥, . . . ,⊥)

w将区间映射到一个有限子集“B”: B ⊂ N，且包含−∞ 与 ∞

w([l, h]) = [max{i ∈ B | i ≤ l}, min{i ∈ B | h ≤ i}]

“加宽”（ Widening ）用于解决“无限”的问题

“收缩” （narrowing）用于改进结果

fix = ⊔ Fi(⊥, . . . ,⊥) fixw = ⊔ (F ◦ w)i(⊥, . . . ,⊥)

fix ⊑ Fi+1(fixw) ⊑ Fi(fixw) ⊑ fixw

y = 0;

while (input) {

x = 7;

x = x+1;

y = y+1;

}

[x |→ ⊥, y |→ ⊥]

[x |→ [8, 8], y |→ [0, 1]]

[x |→ [8, 8], y |→ [0, 2]]

[x |→ [8, 8], y |→ [0, 3]]

...

[x |→ ⊥, y |→ ⊥]

[x |→ [7,∞], y |→ [0, 1]]

[x |→ [7,∞], y |→ [0, 7]]

[x |→ [7,∞], y |→ [0,∞]]

[x |→ [8, 8], y |→ [0,∞]]

[x |→ ⊥, y |→ ⊥]

[x |→ [7,∞], y |→ [0, 1]]

[x |→ [7,∞], y |→ [0, 7]]

[x |→ [7,∞], y |→ [0,∞]]