principles of program analysis -...
TRANSCRIPT
![Page 1: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/1.jpg)
Principles of Program Analysis
Lecture 1
Harry Xu
Spring 2013
![Page 2: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/2.jpg)
An Imperfect World
• Software has bugs – The northeast blackout of 2003, affected 10 million
people in Ontario and 45 million in eight U.S. states (caused by a race condition)
– The explosion of the Ariane 5, valued at $500 million, 45 seconds after its lift-off (due to an 16-bit integer overflow)
• Software is slow – the conversion of a single date field from a SOAP data
source to a Java object can require as many as 268 method calls and the generation of 70 objects
![Page 3: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/3.jpg)
Program Analysis
• Discovering facts about programs
• A wide variety of applications – Finding bugs (e.g., model checking, testing, etc.)
– Optimizing performance (e.g., compiler optimizations, bloat detection, etc.)
– Detecting security vulnerabilities (e.g., detecting violations of security policies, etc.)
– Improving software maintainability and understandability (e.g., reverse-engineering of UML diagrams, software visualization, etc.)
![Page 4: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/4.jpg)
Static v.s. Dynamic Analysis
• Static analysis
– Attempt to understand certain program properties without running a program
– Make over-conservative claims
• Dynamic analysis
– Need to run user instrumented code
– Add overhead to running time and memory consumption
![Page 5: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/5.jpg)
This Class
• Focus on static program analysis in this class • We will discuss
– Both principles and practices – Both classical program analysis algorithms and the
state-of-the-art research
• We will cover five major topics – Dataflow analysis – Abstract interpretation – Constraint-based analysis – Type and effect system – Scalable interprocedural analysis
![Page 6: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/6.jpg)
This Class
• We will spend two weeks on each topic – Discuss analysis principles in the first week (via lectures)
– Discuss state-or-the-art research in the second week (via student presentations)
• Homework for each topic – A project that implements program analysis algorithms in
Java
– Paper critiques
• Students volunteer to present papers – 15 slots
– Bonus credits!
![Page 7: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/7.jpg)
Projects
• Two students form a group
• Based on the soot program analysis framework (http://www.sable.mcgill.ca/soot/)
• The first project – Implement a “hello-world” version of an intra-
procedural analysis that prints out all heap load/store operations
– Due Friday April 10
![Page 8: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/8.jpg)
Course Pre-Reqs and Grading
• Office hour: Thursday 2—4pm, DBH 3212
• Reader: Taesu Kim
• Prerequisites: Java programming experience
• Grading
– Paper critiques (20%)
– Projects (40%)
– In-class final (40%)
![Page 9: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/9.jpg)
Static Analysis
• Key property: safe approximation
– A larger set of possibilities than what will ever happen during any execution of the program
![Page 10: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/10.jpg)
A Simple Example read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write y z = y;
![Page 11: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/11.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 12: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/12.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 13: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/13.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 14: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/14.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
– The value of z is 2
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 15: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/15.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
– The value of z is 2
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 16: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/16.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
– The value of z is 2
– The value of z is in the set {1, 2}
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 17: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/17.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
– The value of z is 2
– The value of z is in the set {1, 2}
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 18: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/18.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
– The value of z is 2
– The value of z is in the set {1, 2}
– The value of z is in the set {1, 2, 34, 128}
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 19: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/19.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis?
– The value of z is 1
– The value of z is 2
– The value of z is in the set {1, 2}
– The value of z is in the set {1, 2, 34, 128}
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 20: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/20.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis? – The value of z is 1 – The value of z is 2 – The value of z is in the set {1, 2} – The value of z is in the set {1, 2, 34, 128} – The value of z depends on the value of x; when x > 0, z
is 1; otherwise z is 2
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 21: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/21.jpg)
A Simple Example
• Which of the following statements about z are valid from the perspective of a static analysis? – The value of z is 1 – The value of z is 2 – The value of z is in the set {1, 2} – The value of z is in the set {1, 2, 34, 128} – The value of z depends on the value of x; when x > 0, z
is 1; otherwise z is 2
read(x); if(x>0) y = 1; else {y = 2; S}; //S does not write z z = y;
![Page 22: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/22.jpg)
The Nature of Approximations
![Page 23: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/23.jpg)
Setting the Stage
• Formalism
– A simple imperative language
– Operational semantics
– Lattice theory
– Fixedpoint computation
• A simple reaching-definition analysis used throughout the quarter
![Page 24: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/24.jpg)
A while Language
![Page 25: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/25.jpg)
An Example Program
[y:=x]1; [z:=1]2;
while [y>1]3 do
([z:=z*y]4; [y:=y-1]5;);
[y:=0]6
Computes the factorial of the number in x and leaves the result in z
![Page 26: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/26.jpg)
Formal Semantics
• Why useful
– Formally define what a program does exactly
– Prove the correctness of an language implementation or a program analysis
• Three major kinds of semantics
– Denotational semantics
– Operational semantics
– Axiomatic semantics
![Page 27: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/27.jpg)
Denotational Semantics
• Concerned about the conceptual meaning of a program
• Each phrase is interpreted as a denotation
• The meaning of a program reduces to the meaning of the sequence of commands
![Page 28: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/28.jpg)
An Denotational Semantics Example
![Page 29: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/29.jpg)
Denotational Semantics
value 1023 = plus(times(10, value 102 ), digit 3 ) = plus(times(10, plus(times(10, value 10 ), digit 2 ))), digit 3 ) = plus(times(10, plus(times(10, plus(times(10, plus(times(10, digit 1 ), digit 0 ))), digit 2 ))),digit 3 ) = 1023
Two language constructs are semantically equivalent if they share the same denotation
![Page 30: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/30.jpg)
Axiomatic Semantics
• Based on mathematical logic (e.g., Hoare logic)
– Used to reason about the correctness of a program
• Hoare triple
– {P} C {Q}
– P and Q are assertions (i.e., formulae in predicate logic) and C is a command
– P is the precondition and Q is the postcondition
– When P is met, C establishes Q
• Example: {x + 1 = 43} y:= x+1 {y = 43}
![Page 31: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/31.jpg)
Operational Semantics
• The execution of a program is described directly
• Structural (small-step) operational semantics
– Formally define how the individual steps of a computation take place
• Big-step operational semantics
– How the overall results of an execution are obtained
![Page 32: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/32.jpg)
Operational Semantics
• More commonly used in formally reasoning about a program analysis algorithm
– The algorithm is sound if it appropriately abstracts the concrete operational semantics of the program
![Page 33: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/33.jpg)
Operational Semantics
![Page 34: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/34.jpg)
Transitions
![Page 35: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/35.jpg)
Example Derivation Sequence
![Page 36: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/36.jpg)
Lattice Theory
• A lattice is a partially ordered set (L, ≤)
• Any two elements have a supremum (i.e., least upper bound) and an infimum (i.e., greatest lower bound)
• For any two elements a and b in L, a and b have a join: a ∨ b (superemum)
• For any two elements a and b in L, a and b have a meet: a ∧ b (infimum)
![Page 37: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/37.jpg)
An Example Lattice • A lattice of partitions
of a four-element set {1, 2, 3, 4}
• Ordered by the relation “is refinement of”
• a ∨ b = a coarser-grained partition than both a and b
• a ∧ b = a finer-grained partition than both a and b
![Page 38: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/38.jpg)
General Properties
• Commutative laws – a ∧ b = b ∧ a a ∨ b = b ∨ a
• Associative laws – a ∨ (b ∨ c) = (a ∨ b) ∨ c a ∧(b ∧ c) = (a ∧ b) ∧ c
• Absorption laws – a ∨ (a ∧ b) = a a ∧ (a ∨ b) = a
• Idempotent laws – a ∨ a = a a ∧ a = a
![Page 39: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/39.jpg)
More about Lattice
• The least element ⊥ (i.e., unknown) and the greatest element ⊤ (i.e., everything) – ⊤ ∧ a = a ⊤ ∨ a = ⊤ – ⊥ ∧ a = ⊥ ⊥ ∨ a = a
• Semi-lattice – A join-semi-lattice only has a join for any non-empty
finite subset – A meet-semi-lattice only has a meet for any non-
empty finite subset
• Real-world examples – Types in Java
![Page 40: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/40.jpg)
Fixedpoint Computation
A fixedpoint equation has the form
f(x) = x
Its solutions are called the fixed points of f because if xp is a solution then
xp = f(xp) = f(f(xp)) = f(f(f(xp))) = ...
In program analysis, we look for both such xp and function f that can eventually reach a fixedpoint
![Page 41: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/41.jpg)
Tarski’s Fixedpoint Theorem
![Page 42: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/42.jpg)
Dataflow Analysis
Harry Xu
CS 253/INF 212
Spring 2013
![Page 43: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/43.jpg)
Acknowledgements
Many slides in this file were taken from the chapter 2 slides available at
http://www2.imm.dtu.dk/~hrni/PPA/ppasup2004.html
We thank the authors of the book
Principles of Program Analysis for providing their slides.
![Page 44: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/44.jpg)
Dataflow analysis
• A class of static analyses that aim to understand how data flows in the program
• Typical examples
– Available expression analysis
– Reaching definition analysis
– Live variable analysis
– Constant propagation
![Page 45: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/45.jpg)
Analysis Scope
• Intraprocedural analysis
– Focusing on each individual function
– Do not track dataflow across function boundary
• Interprocedural analysis
– Analyze the whole program
– Way more expensive
![Page 46: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/46.jpg)
Control flow graph
![Page 47: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/47.jpg)
Intraprocedural Dataflow Analyses
• Classical analyses
– Available expression analysis
– Reaching definition analysis
– Live variable analysis
![Page 48: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/48.jpg)
Available Expression Analysis
![Page 49: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/49.jpg)
Basic Idea
![Page 50: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/50.jpg)
Analysis Algorithm
![Page 51: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/51.jpg)
Analysis Example
![Page 52: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/52.jpg)
Example (Cond)
![Page 53: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/53.jpg)
Example (Cond)
![Page 54: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/54.jpg)
Reaching Definition Analysis
![Page 55: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/55.jpg)
Basic Idea
![Page 56: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/56.jpg)
Analysis Algorithm
![Page 57: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/57.jpg)
Analysis Example
![Page 58: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/58.jpg)
Example (Cond)
![Page 59: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/59.jpg)
Example (Cond)
![Page 60: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/60.jpg)
Live Variable Analysis
![Page 61: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/61.jpg)
Basic Idea
![Page 62: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/62.jpg)
Analysis Algorithm
![Page 63: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/63.jpg)
Example
![Page 64: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/64.jpg)
Example (Cond)
![Page 65: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/65.jpg)
Example (Cond)
![Page 66: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/66.jpg)
Extracting Similarities
A common pattern exists in these analyses
![Page 67: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/67.jpg)
Forward v.s. Backward
![Page 68: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/68.jpg)
Union or Intersection
![Page 69: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/69.jpg)
Property Space
L is a complete lattice used to represent the data flow information (data flow facts) ⊔ is the combination operation: P(L) → L, used to Combine information from different paths
![Page 70: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/70.jpg)
Transfer Function
![Page 71: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/71.jpg)
Frameworks
![Page 72: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/72.jpg)
Framework Instances
![Page 73: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/73.jpg)
Equations and Constraints
![Page 74: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/74.jpg)
Examples Revisited
![Page 75: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/75.jpg)
Bit-Vector Frameworks
![Page 76: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/76.jpg)
Bit-Vector Frameworks are Monotone and Distributive
Monotonicity can be proved in a similar manner
![Page 77: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/77.jpg)
Example: Constant Propagation
• Determine, for each program point, whether or not a variable has a constant value whenever execution reaches the point
![Page 78: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/78.jpg)
Now You Tell Me
• How to define a lattice L?
• How to define transfer functions?
• Is constant propagation a monotone framework?
• Is it a distributive framework?
![Page 79: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/79.jpg)
Solving the Equation
• Many different approaches
• The least fixed-point solution
– Always decidable
– A worklist-based algorithm for monotone frameworks
![Page 80: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/80.jpg)
Algorithm
• Idea: iterate until stabilization
![Page 81: Principles of Program Analysis - UCLAweb.cs.ucla.edu/~harryxu/courses/253/sp2013/slides/lecture_1.pdf · Spring 2013 . An Imperfect World •Software has bugs –The northeast blackout](https://reader030.vdocuments.site/reader030/viewer/2022040811/5e5381dae2c3da2086489f7e/html5/thumbnails/81.jpg)
Algorithm (Cond.)