- 76 Views
- Uploaded on
- Presentation posted in: General

Program Analysis Last Lesson

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Program AnalysisLast Lesson

Mooly Sagiv

- Show the significance of set constraints forCFA of Object Oriented Programs
- Sketch advanced techniques
- Summarize the course
- Get some feedback

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v : Vehicle) {

if (v.position < position)

then v.move(position - v.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c;

new t;

v1 := c;

c.passengers := 2;

c.move(60);

v1.move(70);

c.await(t) ;}

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v {Truck} : Vehicle) {

if (v {Truck} .position < position)

then v {Truck}.move(position - v.position);

else self {Car}.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c {Car} ;

new t {Truck} ;

v1 {Car} := c {Car} ;

c {Car} .passengers := 2;

c {Car} .move(60);

v1 {Car}.move(70);

c {Car} .await(t {Truck} ) ;}

- Determine the set of potential classes of every variable at every program point
- Compute a mapping from variables into a set of class names
- Combine values of variables at different points
- Generate a set of constraints for every statement
- Find a minimal solution

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v1 : Vehicle) {

if (v1.position < position)

then v1.move(position - v1.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v2;

new c;

new t;

v2 := c;

c.passengers := 2;

c.move(60);

v2.move(70);

c.await(t) ;

}

{Car} (c)

{Truck} (t)

(c) (v2)

{Car} (c) (t) (v1)

- Resolve called function
- Can also perform type inference and checking
- Can be used to warn against programmer errorsat compile-time

- Can be used to generate a flow sensitive solution
- Can also handle sets of “terms”
- Finite set of constructors C={b, c, …}
- Finite set of variables
- Set expressionsE ::= | variable | E1 E2 | E1 E2 | c(E1 , E2 ,…, Ek )| c-i(E)
- Finite set of inequalitiesE1 E2
- Find the least solution (or a symbolic representation)

- Origin [Cousot&Cousot POPL 1979]Download from the course homepage
- Widening & Narrowing
- Combining dataflow analysis problems
- Semantic reductions
- ...

- Accelerate the termination of Chaotic iterations by computing a more conservative solution
- Can handle lattices of infinite heights

- Find a lower and an upper bound of the value of a variable
- Lattice L = (ZZ, , , , ,)
- [a, b] [c, d] if c a and d b
- [a, b] [c, d] = [min(a, c), max(b, d)]
- [a, b] [c, d] = [max(a, c), min(b, d)]
- =
- =

- Programx := 1 ;while x 1000 do x := x + 1;

- [c, d] = [c, d]
- [a, b] [c, d] = [ if a cthen aelse if 0 c then 0 else minint,if b dthen belse if d 0then 0else maxint

for l Lab*do

DFentry(l) :=

DFexit(l) :=

DFentry(init(S*)) :=

WL= Lab*

while WL != do

Select and remove an arbitrary l WL

if (temp != DFexit(l))

DFexit(l) := DFexit(l) temp

for l' such that (l,l') flow(S*) do

DFentry(l') := DFentry(l') DFexit(l)

WL := WL {l’}

[x := 1]1 ;while [x 1000]2 do [x := x + 1]3;

- For all elements l1 l2 l1 l2
- For all ascending chains l0 l1 l2 …the following sequence is finite
- y0 = l0
- yi+1 = yi li+1

- Improve the result of widening

[x := 1]1 ;while [x 1000]2 do [x := x + 1]3;

- Very simple but produces impressive precision
- The McCarthy 91 function
- Also useful in the finite case
- Can be used as a methodological tool
- But not widely accepted

int f(x)

if x > 100

then return x -10

else return f(f(x+11))

- How to combine different analyses
- The result can be more precise than both!
- On some programs more efficient too
- Many possibly ways to combine (4.4)
- A simple example sign+parity analysisx := x - 1

- Analysis 1
- Lattice (L1, 1, 1, 1, 1,1)
- Galois connection 1: P(States) L1 1: L1 P(States)
- Transfer functionsop1:L1 L1

- Analysis 2
- Lattice (L2, 2, 2, 2, 2,2)
- Galois connection2: P(States) L2 1: L2 P(States)
- Transfer functionsop2:L2 L2

- Combined Analysis
- L = (L1 L2, ) where (l1, l2) (u1, u2) if l1 1 u1 and l2 2 u2
- Galois connection
- Transfer functions

- Techniques Studied
- Operational Semantics
- Dataflow Analysis and Monotone Frameworks (Imperative Programs)
- Control Flow Analysis and Set Constraints (Functional Programs)

- Techniques Sketched
- Abstract interpretation
- Interprocedural Analysis
- Type and effect systems

- Not Covered
- Efficient algorithms
- Applications in compilers
- Logic programming

- Able to understand advanced static analysis techniques
- Find faults in existing algorithms
- Be able to develop new algorithms
- Gain a better understanding of programming languages
- Functional Vs. Imperative
- Operational Semantics