1 / 23

# Program Analysis Last Lesson - PowerPoint PPT Presentation

Program Analysis Last Lesson. Mooly Sagiv. Goals. Show the significance of set constraints for CFA of Object Oriented Programs Sketch advanced techniques Summarize the course Get some feedback. A Motivating Example. class Vehicle Object { int position = 10; void move(x1 : int) {

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' Program Analysis Last Lesson' - tamarr

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Program AnalysisLast Lesson

Mooly Sagiv

• Show the significance of set constraints forCFA of Object Oriented Programs

• Summarize the course

• Get some feedback

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v : Vehicle) {

if (v.position < position)

then v.move(position - v.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c;

new t;

v1 := c;

c.passengers := 2;

c.move(60);

v1.move(70);

c.await(t) ;}

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v {Truck} : Vehicle) {

if (v {Truck} .position < position)

then v {Truck}.move(position - v.position);

else self {Car}.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c {Car} ;

new t {Truck} ;

v1 {Car} := c {Car} ;

c {Car} .passengers := 2;

c {Car} .move(60);

v1 {Car}.move(70);

c {Car} .await(t {Truck} ) ;}

• Determine the set of potential classes of every variable at every program point

• Compute a mapping  from variables into a set of class names

• Combine values of variables at different points

• Generate a set of constraints for every statement

• Find a minimal solution

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v1 : Vehicle) {

if (v1.position < position)

then v1.move(position - v1.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v2;

new c;

new t;

v2 := c;

c.passengers := 2;

c.move(60);

v2.move(70);

c.await(t) ;

}

{Car}  (c)

{Truck}  (t)

(c)  (v2)

{Car}  (c) (t)  (v1)

• Resolve called function

• Can also perform type inference and checking

• Can be used to warn against programmer errorsat compile-time

• Can be used to generate a flow sensitive solution

• Can also handle sets of “terms”

• Finite set of constructors C={b, c, …}

• Finite set of variables

• Set expressionsE ::=  | variable | E1  E2 | E1 E2 | c(E1 , E2 ,…, Ek )| c-i(E)

• Finite set of inequalitiesE1  E2

• Find the least solution (or a symbolic representation)

• Widening & Narrowing

• Combining dataflow analysis problems

• Semantic reductions

• ...

• Accelerate the termination of Chaotic iterations by computing a more conservative solution

• Can handle lattices of infinite heights

• Find a lower and an upper bound of the value of a variable

• Lattice L = (ZZ, , , , ,)

• [a, b]  [c, d] if c  a and d  b

• [a, b]  [c, d] = [min(a, c), max(b, d)]

• [a, b]  [c, d] = [max(a, c), min(b, d)]

•  =

•  =

• Programx := 1 ;while x  1000 do x := x + 1;

•  [c, d] = [c, d]

• [a, b]  [c, d] = [ if a  c then a else if 0  c then 0 else minint,if b  d then b else if d  0 then 0 else maxint

Chaotic Iterationsfor forward problems+ 

for l  Lab*do

DFentry(l) := 

DFexit(l) := 

DFentry(init(S*)) := 

WL= Lab*

while WL !=  do

Select and remove an arbitrary l  WL

if (temp != DFexit(l))

DFexit(l) := DFexit(l)  temp

for l' such that (l,l') flow(S*) do

DFentry(l') := DFentry(l')  DFexit(l)

WL := WL  {l’}

[x := 1]1 ;while [x  1000]2 do [x := x + 1]3;

• For all elements l1  l2  l1  l2

• For all ascending chains l0  l1  l2  …the following sequence is finite

• y0 = l0

• yi+1 = yi  li+1

• Improve the result of widening

[x := 1]1 ;while [x  1000]2 do [x := x + 1]3;

• Very simple but produces impressive precision

• The McCarthy 91 function

• Also useful in the finite case

• Can be used as a methodological tool

• But not widely accepted

int f(x)

if x > 100

then return x -10

else return f(f(x+11))

• How to combine different analyses

• The result can be more precise than both!

• On some programs more efficient too

• Many possibly ways to combine (4.4)

• A simple example sign+parity analysisx := x - 1

• Analysis 1

• Lattice (L1, 1, 1, 1, 1,1)

• Galois connection 1: P(States)  L1 1: L1  P(States)

• Transfer functionsop1:L1  L1

• Analysis 2

• Lattice (L2, 2, 2, 2, 2,2)

• Galois connection2: P(States)  L2 1: L2  P(States)

• Transfer functionsop2:L2 L2

• Combined Analysis

• L = (L1 L2, ) where (l1, l2)  (u1, u2) if l1 1 u1 and l2 2 u2

• Galois connection

• Transfer functions

• Techniques Studied

• Operational Semantics

• Dataflow Analysis and Monotone Frameworks (Imperative Programs)

• Control Flow Analysis and Set Constraints (Functional Programs)

• Techniques Sketched

• Abstract interpretation

• Interprocedural Analysis

• Type and effect systems

• Not Covered

• Efficient algorithms

• Applications in compilers

• Logic programming

• Able to understand advanced static analysis techniques

• Find faults in existing algorithms

• Be able to develop new algorithms

• Gain a better understanding of programming languages

• Functional Vs. Imperative

• Operational Semantics