1 / 74

Program Analysis with Set Constraints

Program Analysis with Set Constraints. Ravi Chugh. Set-constraint based analysis. Another technique for computing information about program variables Phase 1: constraint generation Create set variables corresponding to program Add inclusion constraints between these sets

raya-hutchinson
Download Presentation

Program Analysis with Set Constraints

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Program Analysiswith Set Constraints Ravi Chugh

  2. Set-constraint based analysis • Another technique for computing information about program variables • Phase 1: constraint generation • Create set variables corresponding to program • Add inclusion constraints between these sets • Usually a local, syntax-directed process (ASTsvsCFGs) • Phase 2: constraint resolution • Solve for values of all set variables • Extends naturally to inter-procedural analysis

  3. Constant propagation int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... } • Want to determine whether x and y are constant values when they are used • We will build a flow-insensitive analysis

  4. Set constraints • Terms t := c (constant) | X (set variable) | C(t1,...,tn) (constructed term) • Constraints t1 <= t2 (set inclusion) • Constructors • C(v1,...,vn) is an n-arg ctor C with variances vi • vi is either + (covariant) or – (contravariant) • Covariance corresponds to “forwards flow” • Contravariance corresponds to “backwards flow”

  5. Set constraints and graph reachability Tight correspondence between set-inclusion constraints and edges in a flow graph

  6. Set constraints and graph reachability • 1 <= X 1 X Tight correspondence between set-inclusion constraints and edges in a flow graph

  7. Set constraints and graph reachability • 1 <= X • X <= Y 1 X Y Tight correspondence between set-inclusion constraints and edges in a flow graph

  8. Set constraints and graph reachability • 1 <= X • X <= Y • Ctor(A,B,C) <= Ctor(D,E,F)where Ctor(+,-,+) 1 X Y Ctor ( A , B , C ) Ctor ( D , E , F ) Tight correspondence between set-inclusion constraints and edges in a flow graph

  9. Set constraints and graph reachability • 1 <= X • X <= Y • Ctor(A,B,C) <= Ctor(D,E,F)where Ctor(+,-,+) 1 X Y Ctor ( A , B , C ) Ctor ( D , E , F ) Tight correspondence between set-inclusion constraints and edges in a flow graph

  10. Constraint resolution • System of constraints Con • Additional constraints added by following rules • 1) Transitivity of sets • Con with x <= y∧ y <= z Con∧ x <= z • 2) Constructed terms • Con with C(...,xi,...) <= C(...,yi,...)  Con ∧istrainti • straintiis xi <= yiif C covariant in i • straintiis yi <= xiif C contravariant in i • 3) Inconsistent terms • Con with C(...) <= D(...)  Inconsistent

  11. Fun constructor For simplicity, assume all functions take one arg Define constructor Fun(-,+) Places for function input and output Encoding a function call: int z = id(2);Fun(i, retid) <= Fun(2, z)

  12. Fun constructor Fun ( i , retid) Fun ( 2 , z ) For simplicity, assume all functions take one arg Define constructor Fun(-,+) Places for function input and output Encoding a function call: int z = id(2);Fun(i, retid) <= Fun(2, z) By contravariance, the actual 2 flows to i By covariance, the return value of id flows to z

  13. int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  14. Fun(i,ret1) <= abs Fun (i, ret1) abs int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  15. Fun(i,ret1) <= abs Fun (i, ret1) abs int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  16. Fun(i,ret1) <= abs i <= ret1 Fun (i, ret1) abs int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  17. Fun(i,ret1) <= abs i <= ret1 Fun (i, ret1) abs int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  18. Fun(i,ret1) <= abs i <= ret1 T <= ret1 T Fun (i, ret1) abs int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  19. Fun(i,ret1) <= abs i <= ret1 T <= ret1 T Fun (i, ret1) abs int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  20. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id T Fun (i, ret1) Fun (j, ret2) abs id int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  21. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id T Fun (i, ret1) Fun (j, ret2) abs id int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  22. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 T Fun (i, ret1) Fun (j, ret2) abs id int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  23. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 T Fun (i, ret1) Fun (j, ret2) abs id int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  24. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b T Fun (i, ret1) Fun (j, ret2) abs id a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  25. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b T Fun (i, ret1) Fun (j, ret2) abs id a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  26. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) T Fun (i, ret1) Fun (j, ret2) abs id Fun ( , x ) a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  27. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) T Fun (i, ret1) Fun (j, ret2) abs id Fun ( , x ) a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  28. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) T Fun (i, ret1) Fun (j, ret2) abs id Fun ( , x ) a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  29. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) T Fun (i, ret1) Fun (j, ret2) abs id Fun ( , x ) Fun ( , y ) a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  30. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) T Fun (i, ret1) Fun (j, ret2) abs id Fun ( , x ) Fun ( , y ) a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  31. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) [[x]] = [[y]] = T Fun (i, ret1) Fun (j, ret2) abs id Fun ( , x ) Fun ( , y ) a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  32. Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) [[x]] = {1, T} [[y]] = {2} T Fun (i, ret1) Fun (j, ret2) abs id Fun ( , x ) Fun ( , y ) a b 1 2 int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b); ... use x ... ... use y ... }

  33. Pointers int i = 1; int *p = &i; *p = 2; int j = *p; Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  34. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; i Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  35. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; i Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  36. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  37. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  38. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  39. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  40. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Ref ( 2 , _) Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  41. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Ref ( 2 , _) Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  42. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Ref ( 2 , _) Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  43. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Ref ( 2 , _) Ref ( _ , j) Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  44. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Ref ( 2 , _) Ref ( _ , j) Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  45. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Ref ( 2 , _) Ref ( _ , j) [[j]] = Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  46. Pointers 1 int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) p Ref ( 2 , _) Ref ( _ , j) [[j]] = {1, 2} Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations

  47. More on functions • Our encoding supports higher-order functions • Passing around Fun terms just like constants • Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0);

  48. More on functions funcPtr • Our encoding supports higher-order functions • Passing around Fun terms just like constants • Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0);

  49. More on functions funcPtr • Our encoding supports higher-order functions • Passing around Fun terms just like constants • Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0);

  50. More on functions Fun (i, ret) foo funcPtr • Our encoding supports higher-order functions • Passing around Fun terms just like constants • Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0);

More Related