Program analysis last lesson
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Program Analysis Last Lesson PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on
  • Presentation posted in: General

Program Analysis Last Lesson. Mooly Sagiv. Goals. Show the significance of set constraints for CFA of Object Oriented Programs Sketch advanced techniques Summarize the course Get some feedback. A Motivating Example. class Vehicle Object { int position = 10; void move(x1 : int) {

Download Presentation

Program Analysis Last Lesson

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Program analysis last lesson

Program AnalysisLast Lesson

Mooly Sagiv


Goals

Goals

  • Show the significance of set constraints forCFA of Object Oriented Programs

  • Sketch advanced techniques

  • Summarize the course

  • Get some feedback


A motivating example

A Motivating Example

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v : Vehicle) {

if (v.position < position)

then v.move(position - v.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c;

new t;

v1 := c;

c.passengers := 2;

c.move(60);

v1.move(70);

c.await(t) ;}


A motivating example1

A Motivating Example

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v {Truck} : Vehicle) {

if (v {Truck} .position < position)

then v {Truck}.move(position - v.position);

else self {Car}.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v1;

new c {Car} ;

new t {Truck} ;

v1 {Car} := c {Car} ;

c {Car} .passengers := 2;

c {Car} .move(60);

v1 {Car}.move(70);

c {Car} .await(t {Truck} ) ;}


Flow insensitive class analysis

Flow Insensitive Class Analysis

  • Determine the set of potential classes of every variable at every program point

  • Compute a mapping  from variables into a set of class names

  • Combine values of variables at different points

  • Generate a set of constraints for every statement

  • Find a minimal solution


A motivating example2

A Motivating Example

class Vehicle Object { int position = 10;

void move(x1 : int) {

position = position + x1 ;}}

class Car extends Vehicle { int passengers;

void await(v1 : Vehicle) {

if (v1.position < position)

then v1.move(position - v1.position);

else self.move(10); }}

class Truck extends Vehicle {

void move(x2 : int) {

if (x2 < 55) position = position + x2; }}

void main { Car c; Truck t; Vehicle v2;

new c;

new t;

v2 := c;

c.passengers := 2;

c.move(60);

v2.move(70);

c.await(t) ;

}

{Car}  (c)

{Truck}  (t)

(c)  (v2)

{Car}  (c) (t)  (v1)


Class analysis summary

Class Analysis Summary

  • Resolve called function

  • Can also perform type inference and checking

  • Can be used to warn against programmer errorsat compile-time


Set constraints summary

Set Constraints Summary

  • Can be used to generate a flow sensitive solution

  • Can also handle sets of “terms”

    • Finite set of constructors C={b, c, …}

    • Finite set of variables

    • Set expressionsE ::=  | variable | E1  E2 | E1 E2 | c(E1 , E2 ,…, Ek )| c-i(E)

    • Finite set of inequalitiesE1  E2

    • Find the least solution (or a symbolic representation)


Advanced abstract interpretation techniques

Advanced Abstract Interpretation Techniques

  • Origin [Cousot&Cousot POPL 1979]Download from the course homepage

  • Widening & Narrowing

  • Combining dataflow analysis problems

  • Semantic reductions

  • ...


Widening

Widening

  • Accelerate the termination of Chaotic iterations by computing a more conservative solution

  • Can handle lattices of infinite heights


Example interval analysis

Example Interval Analysis

  • Find a lower and an upper bound of the value of a variable

  • Lattice L = (ZZ, , , , ,)

    • [a, b]  [c, d] if c  a and d  b

    • [a, b]  [c, d] = [min(a, c), max(b, d)]

    • [a, b]  [c, d] = [max(a, c), min(b, d)]

    •  =

    •  =

  • Programx := 1 ;while x  1000 do x := x + 1;


Widening for interval analysis

Widening for Interval Analysis

  •  [c, d] = [c, d]

  • [a, b]  [c, d] = [ if a  cthen aelse if 0  c then 0 else minint,if b  dthen belse if d  0then 0else maxint


Chaotic iterations for forward problems

Chaotic Iterationsfor forward problems+ 

for l  Lab*do

DFentry(l) := 

DFexit(l) := 

DFentry(init(S*)) := 

WL= Lab*

while WL !=  do

Select and remove an arbitrary l  WL

if (temp != DFexit(l))

DFexit(l) := DFexit(l)  temp

for l' such that (l,l') flow(S*) do

DFentry(l') := DFentry(l')  DFexit(l)

WL := WL  {l’}


Example

Example

[x := 1]1 ;while [x  1000]2 do [x := x + 1]3;


Requirements on widening

Requirements on Widening

  • For all elements l1  l2  l1  l2

  • For all ascending chains l0  l1  l2  …the following sequence is finite

    • y0 = l0

    • yi+1 = yi  li+1


Narrowing

Narrowing

  • Improve the result of widening


Example1

Example

[x := 1]1 ;while [x  1000]2 do [x := x + 1]3;


Widening and narrowing summary

Widening and Narrowing Summary

  • Very simple but produces impressive precision

  • The McCarthy 91 function

  • Also useful in the finite case

  • Can be used as a methodological tool

  • But not widely accepted

int f(x)

if x > 100

then return x -10

else return f(f(x+11))


Combining dataflow analysis problems

Combining dataflow analysis problems

  • How to combine different analyses

  • The result can be more precise than both!

  • On some programs more efficient too

  • Many possibly ways to combine (4.4)

  • A simple example sign+parity analysisx := x - 1


Cartezian products

Cartezian Products

  • Analysis 1

    • Lattice (L1, 1, 1, 1, 1,1)

    • Galois connection 1: P(States)  L1 1: L1  P(States)

    • Transfer functionsop1:L1  L1

  • Analysis 2

    • Lattice (L2, 2, 2, 2, 2,2)

    • Galois connection2: P(States)  L2 1: L2  P(States)

    • Transfer functionsop2:L2 L2

  • Combined Analysis

    • L = (L1 L2, ) where (l1, l2)  (u1, u2) if l1 1 u1 and l2 2 u2

    • Galois connection

    • Transfer functions


Course summary

Course Summary

  • Techniques Studied

    • Operational Semantics

    • Dataflow Analysis and Monotone Frameworks (Imperative Programs)

    • Control Flow Analysis and Set Constraints (Functional Programs)

  • Techniques Sketched

    • Abstract interpretation

    • Interprocedural Analysis

    • Type and effect systems

  • Not Covered

    • Efficient algorithms

    • Applications in compilers

    • Logic programming


Course summary1

Course Summary

  • Able to understand advanced static analysis techniques

  • Find faults in existing algorithms

  • Be able to develop new algorithms

  • Gain a better understanding of programming languages

    • Functional Vs. Imperative

    • Operational Semantics


Feedback

Feedback


  • Login