1 / 91

Program Analysis via Graph Reachability

Program Analysis via Graph Reachability. Thomas Reps University of Wisconsin. http://www.cs.wisc.edu/~reps/. See http://www.cs.wisc.edu/wpis/papers/tr1386.ps. PLDI  00 Registration Form. PLDI  00: …………………….. $ ____ Tutorial (morning): …………… $ ____ Tutorial (afternoon): ………….. $ ____

agrata
Download Presentation

Program Analysis via Graph Reachability

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ProgramAnalysisvia GraphReachability ThomasReps UniversityofWisconsin http://www.cs.wisc.edu/~reps/ Seehttp://www.cs.wisc.edu/wpis/papers/tr1386.ps

  2. PLDI 00 Registration Form • PLDI 00: …………………….. $ ____ • Tutorial (morning): …………… $ ____ • Tutorial (afternoon): ………….. $ ____ • Tutorial (evening): ……………. $ – 0 –

  3. Slicing & Applications Dataflow Analysis Demand Algorithms CFL Reachability Structure- Transmitted Dependences Set Constraints 1987 1993 1994 1995 1996 1997 1998

  4. Applications • Program optimization • Software engineering • Program understanding • Reengineering • Static bug-finding • Security (information flow)

  5. Susan Horwitz Mooly Sagiv Genevieve Rosay David Melski David Binkley Michael Benedikt Patrice Godefroid Collaborators

  6. Themes • Harnessing CFL-reachability • Exhaustive alg.  Demand alg.

  7. Backward slicewith respect to “printf(“%d\n”,i)” Backward Slice int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); }

  8. Backward Slice int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Backward slicewith respect to “printf(“%d\n”,i)”

  9. Slice Extraction int main() { int i = 1; while (i < 11) { i = i + 1; } printf(“%d\n”,i); } Backward slicewith respect to “printf(“%d\n”,i)”

  10. Forward slicewith respect to “sum = 0” Forward Slice int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); }

  11. Forward Slice int main() { intsum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Forward slicewith respect to “sum = 0”

  12. What Are Slices Useful For? • Understanding Programs • What is affected by what? • Restructuring Programs • Isolation of separate “computational threads” • Program Specialization and Reuse • Slices = specialized programs • Only reuse needed slices • Program Differencing • Compare slices to identify changes • Testing • What new test cases would improve coverage? • What regression tests must be rerun after a change?

  13. Line-Character-Count Program void line_char_count(FILE *f) { int lines = 0; int chars; BOOL eof_flag = FALSE; int n; extern void scan_line(FILE *f, BOOL *bptr, int *iptr); scan_line(f, &eof_flag, &n); chars = n; while(eof_flag == FALSE){ lines = lines + 1; scan_line(f, &eof_flag, &n); chars = chars + n; } printf(“lines = %d\n”, lines); printf(“chars = %d\n”, chars); }

  14. Character-Count Program void char_count(FILE *f) { int lines = 0; int chars; BOOL eof_flag = FALSE; int n; extern void scan_line(FILE *f, BOOL *bptr, int *iptr); scan_line(f, &eof_flag, &n); chars = n; while(eof_flag == FALSE){ lines = lines + 1; scan_line(f, &eof_flag, &n); chars = chars + n; } printf(“lines = %d\n”, lines); printf(“chars = %d\n”, chars); }

  15. Line-Character-Count Program void line_char_count(FILE *f) { int lines = 0; int chars; BOOL eof_flag = FALSE; int n; extern void scan_line(FILE *f, BOOL *bptr, int *iptr); scan_line(f, &eof_flag, &n); chars = n; while(eof_flag == FALSE){ lines = lines + 1; scan_line(f, &eof_flag, &n); chars = chars + n; } printf(“lines = %d\n”, lines); printf(“chars = %d\n”, chars); }

  16. Line-Count Program void line_count(FILE *f) { int lines = 0; int chars; BOOL eof_flag = FALSE; int n; extern void scan_line2(FILE *f, BOOL *bptr, int *iptr); scan_line2(f, &eof_flag, &n); chars = n; while(eof_flag == FALSE){ lines = lines + 1; scan_line2(f, &eof_flag, &n); chars = chars + n; } printf(“lines = %d\n”, lines); printf(“chars = %d\n”, chars); }

  17. wc -c wc -l Specialization Via Slicing wc -lc

  18. Control Flow Graph int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Enter F sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T sum = sum + i i = i + i

  19. Control Dependence Graph int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Control dependence q is reached from p if condition p is true (T), not otherwise. p q T Similar for false (F). p q F Enter T T T T T T sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T T sum = sum + i i = i + i

  20. Flow Dependence Graph int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Flow dependence Value of variable assigned at p may be used at q. p q Enter i = 1 sum = 0 printf(sum) printf(i) while(i < 11) sum = sum + i i = i + i

  21. Program Dependence Graph (PDG) int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Control dependence Flow dependence Enter T T T T T T sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T T sum = sum + i i = i + i

  22. Opposite Order Same PDG Program Dependence Graph (PDG) int main() { int i = 1; int sum = 0; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Enter T T T T T T sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T T sum = sum + i i = i + i

  23. Backward Slice int main() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Enter T T T T T T sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T T sum = sum + i i = i + i

  24. Backward Slice (2) intmain() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Enter T T T T T T sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T T sum = sum + i i = i + i

  25. Backward Slice (3) intmain() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Enter T T T T T T sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T T sum = sum + i i = i + i

  26. Backward Slice (4) intmain() { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf(“%d\n”,sum); printf(“%d\n”,i); } Enter T T T T T T sum = 0 i = 1 printf(sum) printf(i) while(i < 11) T T sum = sum + i i = i + i

  27. Slice Extraction intmain() { int i = 1; while (i < 11) { i = i + 1; } printf(“%d\n”,i); } Enter T T T T i = 1 printf(i) while(i < 11) T i = i + i

  28. CodeSurfer

  29. You get a new page Or you move to an internal tag Browsing a Dependence Graph Pretend this is your favorite browser What does clicking on a link do?

  30. Backward slicewith respect to “printf(“%d\n”,i)” Interprocedural Slice int main() { int sum = 0; int i = 1; while (i < 11) { sum = add(sum,i); i = add(i,1); } printf(“%d\n”,sum); printf(“%d\n”,i); } int add(int x, int y) { return x + y; }

  31. Interprocedural Slice int main() { int sum = 0; int i = 1; while (i < 11) { sum = add(sum,i); i = add(i,1); } printf(“%d\n”,sum); printf(“%d\n”,i); } int add(int x, int y) { return x + y; } Backward slicewith respect to “printf(“%d\n”,i)”

  32. Interprocedural Slice int main() { int sum = 0; int i = 1; while (i < 11) { sum = add(sum,i); i = add(i,1); } printf(“%d\n”,sum); printf(“%d\n”,i); } int add(int x, int y) { return x + y; } Superfluous components included by Weiser’s slicing algorithm [TSE 84] Left out by algorithm of Horwitz, Reps, & Binkley [PLDI 88; TOPLAS 90]

  33. System Dependence Graph (SDG) Enter main Call p Call p Enterp

  34. SDG for the Sum Program Enter main while(i < 11) sum = 0 i = 1 printf(sum) printf(i) Call add Call add yin = i xin = sum sum = xout xin = i yin= 1 i = xout Enter add x = xin y = yin x = x + y xout = x

  35. Interprocedural Backward Slice Enter main Call p Call p Enter p

  36. InterproceduralBackward Slice (2) Enter main Call p Call p Enter p

  37. Interprocedural Backward Slice (3) Enter main Call p Call p Enter p

  38. Interprocedural Backward Slice (4) Enter main Call p Call p Enter p

  39. Interprocedural Backward Slice (5) Enter main Call p Call p Enter p

  40. [ ) ( ] Interprocedural Backward Slice (6) Enter main Call p Call p Enter p

  41. ( ) [ ) Matched-Parenthesis Path

  42. Interprocedural Backward Slice (6) Enter main Call p Call p Enter p

  43. Interprocedural Backward Slice (7) Enter main Call p Call p Enter p

  44. Slice Extraction Enter main Call p Enter p

  45. Slice of the Sum Program Enter main while(i < 11) i = 1 printf(i) Call add xin = i yin= 1 i = xout Enter add x = xin y = yin x = x + y xout = x

  46. CFL-Reachability[Yannakakis 90] • G: Graph (N nodes, E edges) • L: A context-free language • L-path from s to t iff • Running time: O(N 3)

  47. Interprocedural Slicingvia CFL-Reachability • Graph: System dependence graph • L: L(matched) [roughly] • Node m is in the slice w.r.t. n iff there is an L(matched)-path from m to n

More Related