Program Analysis Last Lesson - PowerPoint PPT Presentation

1 / 23

Program Analysis Last Lesson. Mooly Sagiv. Goals. Show the significance of set constraints for CFA of Object Oriented Programs Sketch advanced techniques Summarize the course Get some feedback. A Motivating Example. class Vehicle Object { int position = 10; void move(x1 : int) {

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Program Analysis Last Lesson

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Program AnalysisLast Lesson

Mooly Sagiv

Goals

• Show the significance of set constraints forCFA of Object Oriented Programs

• Summarize the course

• Get some feedback

A Motivating Example

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v : Vehicle) {

if (v.position < position)

then v.move(position - v.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c;

new t;

v1 := c;

c.passengers := 2;

c.move(60);

v1.move(70);

c.await(t) ;}

A Motivating Example

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v {Truck} : Vehicle) {

if (v {Truck} .position < position)

then v {Truck}.move(position - v.position);

else self {Car}.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c {Car} ;

new t {Truck} ;

v1 {Car} := c {Car} ;

c {Car} .passengers := 2;

c {Car} .move(60);

v1 {Car}.move(70);

c {Car} .await(t {Truck} ) ;}

Flow Insensitive Class Analysis

• Determine the set of potential classes of every variable at every program point

• Compute a mapping  from variables into a set of class names

• Combine values of variables at different points

• Generate a set of constraints for every statement

• Find a minimal solution

A Motivating Example

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v1 : Vehicle) {

if (v1.position < position)

then v1.move(position - v1.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v2;

new c;

new t;

v2 := c;

c.passengers := 2;

c.move(60);

v2.move(70);

c.await(t) ;

}

{Car}  (c)

{Truck}  (t)

(c)  (v2)

{Car}  (c) (t)  (v1)

Class Analysis Summary

• Resolve called function

• Can also perform type inference and checking

• Can be used to warn against programmer errorsat compile-time

Set Constraints Summary

• Can be used to generate a flow sensitive solution

• Can also handle sets of “terms”

• Finite set of constructors C={b, c, …}

• Finite set of variables

• Set expressionsE ::=  | variable | E1  E2 | E1 E2 | c(E1 , E2 ,…, Ek )| c-i(E)

• Finite set of inequalitiesE1  E2

• Find the least solution (or a symbolic representation)

• Widening & Narrowing

• Combining dataflow analysis problems

• Semantic reductions

• ...

Widening

• Accelerate the termination of Chaotic iterations by computing a more conservative solution

• Can handle lattices of infinite heights

Example Interval Analysis

• Find a lower and an upper bound of the value of a variable

• Lattice L = (ZZ, , , , ,)

• [a, b]  [c, d] if c  a and d  b

• [a, b]  [c, d] = [min(a, c), max(b, d)]

• [a, b]  [c, d] = [max(a, c), min(b, d)]

•  =

•  =

• Programx := 1 ;while x  1000 do x := x + 1;

Widening for Interval Analysis

•  [c, d] = [c, d]

• [a, b]  [c, d] = [ if a  cthen aelse if 0  c then 0 else minint,if b  dthen belse if d  0then 0else maxint

Chaotic Iterationsfor forward problems+ 

for l  Lab*do

DFentry(l) := 

DFexit(l) := 

DFentry(init(S*)) := 

WL= Lab*

while WL !=  do

Select and remove an arbitrary l  WL

if (temp != DFexit(l))

DFexit(l) := DFexit(l)  temp

for l' such that (l,l') flow(S*) do

DFentry(l') := DFentry(l')  DFexit(l)

WL := WL  {l’}

Example

[x := 1]1 ;while [x  1000]2 do [x := x + 1]3;

Requirements on Widening

• For all elements l1  l2  l1  l2

• For all ascending chains l0  l1  l2  …the following sequence is finite

• y0 = l0

• yi+1 = yi  li+1

Narrowing

• Improve the result of widening

Example

[x := 1]1 ;while [x  1000]2 do [x := x + 1]3;

Widening and Narrowing Summary

• Very simple but produces impressive precision

• The McCarthy 91 function

• Also useful in the finite case

• Can be used as a methodological tool

• But not widely accepted

int f(x)

if x > 100

then return x -10

else return f(f(x+11))

Combining dataflow analysis problems

• How to combine different analyses

• The result can be more precise than both!

• On some programs more efficient too

• Many possibly ways to combine (4.4)

• A simple example sign+parity analysisx := x - 1

Cartezian Products

• Analysis 1

• Lattice (L1, 1, 1, 1, 1,1)

• Galois connection 1: P(States)  L1 1: L1  P(States)

• Transfer functionsop1:L1  L1

• Analysis 2

• Lattice (L2, 2, 2, 2, 2,2)

• Galois connection2: P(States)  L2 1: L2  P(States)

• Transfer functionsop2:L2 L2

• Combined Analysis

• L = (L1 L2, ) where (l1, l2)  (u1, u2) if l1 1 u1 and l2 2 u2

• Galois connection

• Transfer functions

Course Summary

• Techniques Studied

• Operational Semantics

• Dataflow Analysis and Monotone Frameworks (Imperative Programs)

• Control Flow Analysis and Set Constraints (Functional Programs)

• Techniques Sketched

• Abstract interpretation

• Interprocedural Analysis

• Type and effect systems

• Not Covered

• Efficient algorithms

• Applications in compilers

• Logic programming

Course Summary

• Able to understand advanced static analysis techniques

• Find faults in existing algorithms

• Be able to develop new algorithms

• Gain a better understanding of programming languages

• Functional Vs. Imperative

• Operational Semantics