View
24
Download
0
Category
Preview:
DESCRIPTION
Program Analysis Last Lesson. Mooly Sagiv. Goals. Show the significance of set constraints for CFA of Object Oriented Programs Sketch advanced techniques Summarize the course Get some feedback. A Motivating Example. class Vehicle Object { int position = 10; void move(x1 : int) { - PowerPoint PPT Presentation
Citation preview
Program AnalysisLast Lesson
Mooly Sagiv
Goals
Show the significance of set constraints forCFA of Object Oriented Programs
Sketch advanced techniques Summarize the course Get some feedback
A Motivating Exampleclass Vehicle Object { int position = 10; void move(x1 : int) { position = position + x1 ;}}class Car extends Vehicle { int passengers;
void await(v : Vehicle) { if (v.position < position) then v.move(position - v.position); else self.move(10); }}class Truck extends Vehicle {
void move(x2 : int) { if (x2 < 55) position = position + x2; }}void main { Car c; Truck t; Vehicle v1;
new c; new t; v1 := c;c.passengers := 2;c.move(60);v1.move(70);c.await(t) ;}
A Motivating Exampleclass Vehicle Object { int position = 10; void move(x1 : int) { position = position + x1 ;}}class Car extends Vehicle { int passengers;
void await(v {Truck} : Vehicle) { if (v {Truck} .position < position) then v {Truck}.move(position - v.position); else self {Car}.move(10); }}class Truck extends Vehicle {
void move(x2 : int) { if (x2 < 55) position = position + x2; }}void main { Car c; Truck t; Vehicle v1;
new c {Car} ; new t {Truck} ; v1 {Car} := c {Car} ;c {Car} .passengers := 2;c {Car} .move(60);v1 {Car}.move(70);c {Car} .await(t {Truck} ) ;}
Flow Insensitive Class Analysis
Determine the set of potential classes of every variable at every program point
Compute a mapping from variables into a set of class names
Combine values of variables at different points Generate a set of constraints for every statement Find a minimal solution
A Motivating Exampleclass Vehicle Object { int position = 10; void move(x1 : int) { position = position + x1 ;}}class Car extends Vehicle { int passengers;
void await(v1 : Vehicle) { if (v1.position < position) then v1.move(position - v1.position); else self.move(10); }}class Truck extends Vehicle {
void move(x2 : int) { if (x2 < 55) position = position + x2; }}void main { Car c; Truck t; Vehicle v2;
new c; new t; v2 := c;c.passengers := 2;c.move(60);v2.move(70);c.await(t) ;
}
{Car} (c){Truck} (t)(c) (v2)
{Car} (c) (t) (v1)
Class Analysis Summary
Resolve called function Can also perform type inference and checking Can be used to warn against programmer errors
at compile-time
Set Constraints Summary Can be used to generate a flow sensitive solution Can also handle sets of “terms”
– Finite set of constructors C={b, c, …}
– Finite set of variables
– Set expressionsE ::= | variable | E1 E2 | E1 E2 | c(E1 , E2 ,…, Ek )| c-i(E)
– Finite set of inequalitiesE1 E2
– Find the least solution (or a symbolic representation)
Advanced Abstract Interpretation Techniques Origin [Cousot&Cousot POPL 1979]
Download from the course homepage Widening & Narrowing Combining dataflow analysis problems Semantic reductions ...
Widening
Accelerate the termination of Chaotic iterations by computing a more conservative solution
Can handle lattices of infinite heights
Example Interval Analysis Find a lower and an upper bound of the value of a
variable Lattice L = (ZZ, , , , ,)
– [a, b] [c, d] if c a and d b– [a, b] [c, d] = [min(a, c), max(b, d)]
– [a, b] [c, d] = [max(a, c), min(b, d)] = =
Programx := 1 ;while x 1000 do x := x + 1;
Widening for Interval Analysis [c, d] = [c, d] [a, b] [c, d] = [
if a cthen aelse if 0 c
then 0 else minint,
if b dthen belse if d 0
then 0else maxint
Chaotic Iterations
for forward problems+ for l Lab* do
DFentry(l) := DFexit(l) :=
DFentry(init(S*)) := WL= Lab*
while WL != do Select and remove an arbitrary l WL
if (temp != DFexit(l))
DFexit(l) := DFexit(l) temp for l' such that (l,l') flow(S*) do DFentry(l') := DFentry(l') DFexit(l) WL := WL {l’}
))(( lDFftemp entryl
Example
[x := 1]1 ;
while [x 1000]2 do [x := x + 1]3;
Requirements on Widening
For all elements l1 l2 l1 l2
For all ascending chains l0 l1 l2 …the following sequence is finite– y0 = l0
– yi+1 = yi li+1
Narrowing
Improve the result of widening
Example
[x := 1]1 ;
while [x 1000]2 do [x := x + 1]3;
Widening and Narrowing Summary
Very simple but produces impressive precision The McCarthy 91 function
Also useful in the finite case Can be used as a methodological tool But not widely accepted
int f(x)if x > 100
then return x -10else return f(f(x+11))
Combining dataflow analysis problems
How to combine different analyses The result can be more precise than both! On some programs more efficient too Many possibly ways to combine (4.4) A simple example sign+parity analysis
x := x - 1
Cartezian Products Analysis 1
– Lattice (L1, 1, 1, 1, 1,1)
– Galois connection 1: P(States) L1 1: L1 P(States)
– Transfer functionsop1:L1 L1
Analysis 2
– Lattice (L2, 2, 2, 2, 2,2)
– Galois connection2: P(States) L2 1: L2 P(States)
– Transfer functionsop2:L2 L2
Combined Analysis
– L = (L1 L2, ) where (l1, l2) (u1, u2) if l1 1 u1 and l2 2 u2
– Galois connection
– Transfer functions
Course Summary Techniques Studied
– Operational Semantics
– Dataflow Analysis and Monotone Frameworks (Imperative Programs)
– Control Flow Analysis and Set Constraints (Functional Programs)
Techniques Sketched– Abstract interpretation
– Interprocedural Analysis
– Type and effect systems
Not Covered– Efficient algorithms
– Applications in compilers
– Logic programming
Course Summary
Able to understand advanced static analysis techniques
Find faults in existing algorithms Be able to develop new algorithms Gain a better understanding of programming
languages– Functional Vs. Imperative
– Operational Semantics
Feedback
Recommended