1 / 23

Program Analysis Last Lesson

Program Analysis Last Lesson. Mooly Sagiv. Goals. Show the significance of set constraints for CFA of Object Oriented Programs Sketch advanced techniques Summarize the course Get some feedback. A Motivating Example. class Vehicle Object { int position = 10; void move(x1 : int) {

tamarr
Télécharger la présentation

Program Analysis Last Lesson

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Program AnalysisLast Lesson Mooly Sagiv

  2. Goals • Show the significance of set constraints forCFA of Object Oriented Programs • Sketch advanced techniques • Summarize the course • Get some feedback

  3. A Motivating Example class Vehicle Object { int position = 10; void move(x1 : int) { position = position + x1 ;}} class Car extends Vehicle { int passengers; void await(v : Vehicle) { if (v.position < position) then v.move(position - v.position); else self.move(10); }} class Truck extends Vehicle { void move(x2 : int) { if (x2 < 55) position = position + x2; }} void main { Car c; Truck t; Vehicle v1; new c; new t; v1 := c; c.passengers := 2; c.move(60); v1.move(70); c.await(t) ;}

  4. A Motivating Example class Vehicle Object { int position = 10; void move(x1 : int) { position = position + x1 ;}} class Car extends Vehicle { int passengers; void await(v {Truck} : Vehicle) { if (v {Truck} .position < position) then v {Truck}.move(position - v.position); else self {Car}.move(10); }} class Truck extends Vehicle { void move(x2 : int) { if (x2 < 55) position = position + x2; }} void main { Car c; Truck t; Vehicle v1; new c {Car} ; new t {Truck} ; v1 {Car} := c {Car} ; c {Car} .passengers := 2; c {Car} .move(60); v1 {Car}.move(70); c {Car} .await(t {Truck} ) ;}

  5. Flow Insensitive Class Analysis • Determine the set of potential classes of every variable at every program point • Compute a mapping  from variables into a set of class names • Combine values of variables at different points • Generate a set of constraints for every statement • Find a minimal solution

  6. A Motivating Example class Vehicle Object { int position = 10; void move(x1 : int) { position = position + x1 ;}} class Car extends Vehicle { int passengers; void await(v1 : Vehicle) { if (v1.position < position) then v1.move(position - v1.position); else self.move(10); }} class Truck extends Vehicle { void move(x2 : int) { if (x2 < 55) position = position + x2; }} void main { Car c; Truck t; Vehicle v2; new c; new t; v2 := c; c.passengers := 2; c.move(60); v2.move(70); c.await(t) ; } {Car}  (c) {Truck}  (t) (c)  (v2) {Car}  (c) (t)  (v1)

  7. Class Analysis Summary • Resolve called function • Can also perform type inference and checking • Can be used to warn against programmer errorsat compile-time

  8. Set Constraints Summary • Can be used to generate a flow sensitive solution • Can also handle sets of “terms” • Finite set of constructors C={b, c, …} • Finite set of variables • Set expressionsE ::=  | variable | E1  E2 | E1 E2 | c(E1 , E2 ,…, Ek )| c-i(E) • Finite set of inequalitiesE1  E2 • Find the least solution (or a symbolic representation)

  9. Advanced Abstract Interpretation Techniques • Origin [Cousot&Cousot POPL 1979]Download from the course homepage • Widening & Narrowing • Combining dataflow analysis problems • Semantic reductions • ...

  10. Widening • Accelerate the termination of Chaotic iterations by computing a more conservative solution • Can handle lattices of infinite heights

  11. Example Interval Analysis • Find a lower and an upper bound of the value of a variable • Lattice L = (ZZ, , , , ,) • [a, b]  [c, d] if c  a and d  b • [a, b]  [c, d] = [min(a, c), max(b, d)] • [a, b]  [c, d] = [max(a, c), min(b, d)] •  = •  = • Programx := 1 ;while x  1000 do x := x + 1;

  12. Widening for Interval Analysis •  [c, d] = [c, d] • [a, b]  [c, d] = [ if a  c then a else if 0  c then 0 else minint,if b  d then b else if d  0 then 0 else maxint

  13. Chaotic Iterationsfor forward problems+  for l  Lab*do DFentry(l) :=  DFexit(l) :=  DFentry(init(S*)) :=  WL= Lab* while WL !=  do Select and remove an arbitrary l  WL if (temp != DFexit(l)) DFexit(l) := DFexit(l)  temp for l' such that (l,l') flow(S*) do DFentry(l') := DFentry(l')  DFexit(l) WL := WL  {l’}

  14. Example [x := 1]1 ;while [x  1000]2 do [x := x + 1]3;

  15. Requirements on Widening • For all elements l1  l2  l1  l2 • For all ascending chains l0  l1  l2  …the following sequence is finite • y0 = l0 • yi+1 = yi  li+1

  16. Narrowing • Improve the result of widening

  17. Example [x := 1]1 ;while [x  1000]2 do [x := x + 1]3;

  18. Widening and Narrowing Summary • Very simple but produces impressive precision • The McCarthy 91 function • Also useful in the finite case • Can be used as a methodological tool • But not widely accepted int f(x) if x > 100 then return x -10 else return f(f(x+11))

  19. Combining dataflow analysis problems • How to combine different analyses • The result can be more precise than both! • On some programs more efficient too • Many possibly ways to combine (4.4) • A simple example sign+parity analysisx := x - 1

  20. Cartezian Products • Analysis 1 • Lattice (L1, 1, 1, 1, 1,1) • Galois connection 1: P(States)  L1 1: L1  P(States) • Transfer functionsop1:L1  L1 • Analysis 2 • Lattice (L2, 2, 2, 2, 2,2) • Galois connection2: P(States)  L2 1: L2  P(States) • Transfer functionsop2:L2 L2 • Combined Analysis • L = (L1 L2, ) where (l1, l2)  (u1, u2) if l1 1 u1 and l2 2 u2 • Galois connection • Transfer functions

  21. Course Summary • Techniques Studied • Operational Semantics • Dataflow Analysis and Monotone Frameworks (Imperative Programs) • Control Flow Analysis and Set Constraints (Functional Programs) • Techniques Sketched • Abstract interpretation • Interprocedural Analysis • Type and effect systems • Not Covered • Efficient algorithms • Applications in compilers • Logic programming

  22. Course Summary • Able to understand advanced static analysis techniques • Find faults in existing algorithms • Be able to develop new algorithms • Gain a better understanding of programming languages • Functional Vs. Imperative • Operational Semantics

  23. Feedback

More Related