1 / 50

Systematic Derivation of Static Analyses for Software Product Lines

V AR . A BS . I NT. Systematic Derivation of Static Analyses for Software Product Lines. Jan Midtgaard Aarhus Universtity. Claus Brabrand IT University of Copenhagen. Andrzej Wasowski IT University of Copenhagen. < Outline >. Introduction The ' IMP ' and ' IMP ' Language s

Download Presentation

Systematic Derivation of Static Analyses for Software Product Lines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VAR.ABS.INT Systematic Derivation ofStatic Analyses forSoftware Product Lines Jan Midtgaard Aarhus Universtity • Claus Brabrand • IT University of Copenhagen • AndrzejWasowski • IT University of Copenhagen

  2. < Outline > • Introduction • The 'IMP' and 'IMP' Languages • Abstract Interpretation of IMP • VariationalAbstract Interpretation of IMP • Related Work • Conclusion

  3. Introduction x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x; • Software Product Lines: • Brute force analysis: ... generate O(n = 2|F|) "generate'n'analyze" Ø: {INC}: {NEG}: {INC,NEG}: x := 0; output x; x := 0; x := x + 1; output x; x := 0; x := -x; output x; x := 0; x := x + 1; x := -x; output x; analyze analyze analyze analyze x is 0 x is 1 x is -0 x is -1

  4. Analyses for SPLs • Analyses for SPLs (lifted analysis): • Previous work on: • How to lift: • ...efficiently: x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x; analyze SPL directly! {INC}: x is 1 • Ø&{NEG}: x is 0 {INC,NEG}: x is -1 "IntraproceduralDataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Winther, Borba ) TAOSD 2012 "SPLLIFT: Statically Analyzing Software Product Lines in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini) PLDI 2013

  5. Motivation Systematic liftingof other static analyses: Correctness: derivation of correct SPL analyses: • Lifted... • control-flow analysis? • dataflow analysis? • model checking? • type systems? • verification? • testing? • ...? x := 0; #ifdefINC x := x + 1; #endif #ifdefNEG x := -x; #endif output x; Correctness of analysis? Systematic derivation? {INC}: x is 1 • Ø&{NEG}: x is 0 {INC,NEG}: x is -1 Approximation in the analyses on variability: Understanding space of family-based analyses: x := 0; #ifdefXYZ x := x + 1; #endif #ifdef XYZ x := -x; #endif output x; Lifted analysis Lifted language Approximate variability? Understanding? • Ø: x is 0 {XYZ}: x is ⊤ analysis language

  6. Abstract Interpretation • The Abstract Interpretation Process: Approximate Analysis: Collecting Semantics: Constant Propagation: C A B No approximation (Undecidable) • Some approximation • (Undecidable) • More approximation • (Decidable!) derive derive

  7. VariationalAbstract Interpretation • Abstract Interpretation: Abstract Interpretation: Variational SPL LIFT LIFT LIFT LIFT LIFT LIFT

  8. Motivation: 'Var.Abs.Int' Systematic lifting ofother kinds of analyses: Correctness: derivation of correct SPL analyses: • Lifted... • control-flow analysis? • dataflow analysis? • model checking? • type systems? • verification? • testing? • ...? Systematic derivation! Correctness of analyses! Approximation in the analyses on variability: Understanding space of family-based analyses: Approximate variability! Understanding!

  9. < Outline > • Introduction • The 'IMP' and 'IMP' Languages • Abstract Interpretation of IMP • VariationalAbstract Interpretation of IMP • Related Work • Conclusion

  10. 'IMP' • Syntax: • Semantics (small-step SOS):

  11. 'IMP' • Syntax of (two-staged) IMP: • Set of Features: • Configurations: • Satisfiability of '#if' formulae, : x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x; ✘ ✔ = { INC, NEG } k = {NEG} = { Ø, {INC}, {NEG}, {INC,NEG} }

  12. 'IMP' • Semantics via preprocessor: x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x; k = {NEG} • P : IMP × ➞ IMP {NEG}: x := 0; x := -x; output x;

  13. < Outline > • Introduction • The 'IMP' and 'IMP' Languages • Abstract Interpretation of IMP • VariationalAbstract Interpretation of IMP • Related Work • Conclusion

  14. Starting Point: • SOS Semantics: Collecting Semantics: C ...ordered by '⊆' Store ➞ Store 2Store ➞ 2Store • Like Semantics, but working on sets of stores! • Undecidable analysis prepared for subsequent approximation

  15. Galois Connection • Galois Connection: • Pair of functions: • abstraction: • concretization: • Satisfying: relating two domains via abstraction! (wrt info loss btwn them)

  16. Galois Connection • Lots of interesting properties:

  17. Abstraction • From functions on Cto functions on A: • Define 'F : A➞A' in terms of 'f : C➞C' • 1) concretize • 2) apply 'f' • 3) abstract Hence:

  18. GC from C to B... • A specific Galois Connection: Sets-of-Stores: 2Store = 2Var➞Val AbstractStore: Var ➞ 2Val abstract output x*y; output x*y; ⊆ { 2 } { 1, 2, 4 }

  19. From C to B! • Collecting Semantics: C Approximate Analysis: B (2Var➞Val) ➞(2Var➞Val) (Var ➞ 2Val)➞ (Var ➞ 2Val) Note: independent of C !

  20. Derivation: C to B • Systematic derivation: from C[if] to B[if] ! • NB: This is also proof of correctness: B = α◦C◦γ βreduction • expand definition of C αis a CJM overapproximation: C and α monotone function composition Note: independent of C ! IH: B= α◦C◦γ

  21. From C to B! • Collecting Semantics: C Approximate Analysis: B (2Var➞Val) ➞(2Var➞Val) (Var ➞ 2Val)➞ (Var ➞ 2Val) Note: independent of C ! Note': Still undecidableanalysis!

  22. GC from B to A... • Another specific Galois Connection: b = [ x {1,2}, y {1} ] a = αBA(b) = [ x , y 1 ] abstract

  23. From B to A ! Approximate Analysis: B Constant Propagation: A (Var ➞ 2Val)➞ (Var ➞ 2Val) (Var ➞ Const) ➞ (Var ➞ Const) Note: independent of B !

  24. Derivation: B to A Soundness: Transitively • Systematic derivation: from B[if] to A[if]! • NB: Again, this is also proof of correctness: Note: independent of B !

  25. From B to A ! Approximate Analysis: B Constant Propagation: A (Var ➞ 2Val)➞ (Var ➞ 2Val) (Var ➞ Const) ➞ (Var ➞ Const) Note: independent of B ! Note': decidableanalysis!

  26. Extracting Dataflow Equations • Constant propagation analysis: A Dataflow Equations:

  27. < Outline > • Introduction • The 'IMP' and 'IMP' Languages • Abstract Interpretation of IMP • VariationalAbstract Interpretation of IMP • Related Work • Conclusion

  28. Lifting Domains • A domain: • is lifted to: • where

  29. Lifting GC's • Lifting Galois Connections: Note: Pointwise lifting

  30. Lifting State Xformers • 1 Complex Function Problems: • Interference! (tuples not independent) • Complicate proofs! • |K| Simple Functions • Well-behaved subset of • Independent functions! • Intuition: runanalyses in parallel ...vs... ✔ However, (ab)use this notation !!!

  31. Lifting State Xformers • Straightforward way of analyzing config, k: Note: we end up at the bottom of the diagram!

  32. Lifting State Xformers • Straightforward way of analyzing config, k: • LIFT: Simply apply to all :

  33. From A to A ! Constant Propagation: A LiftedConstant Propagation: A (Var ➞ Const) ➞ (Var ➞ Const) (Var ➞ Const)K ➞ (Var ➞ Const)K Note: independent of A !

  34. Derivation: A to A • Systematic derivation: from A[if] to A[if] ! • NB: Again, this is also proof of correctness! Note: independent of A !

  35. From A to A ! Constant Propagation: A LiftedConstant Propagation: A (Var ➞ Const) ➞ (Var ➞ Const) (Var ➞ Const)K ➞ (Var ➞ Const)K Note: independent of A !

  36. Lifted Dataflow Equations Lifted Constant Propagation: A Lifted Dataflow Equations:  Soundness:

  37. Overview: 'Var.Abs.Int' Commuting Diagram !!!

  38. Contributions: 'Var.Abs.Int' Systematic lifting ofother kinds of analyses: Correctness: derivation of correct SPL analyses: • Lifted... • control-flow analysis? • dataflow analysis? • model checking? • type systems? • verification? • testing? • ...? Systematic derivation! Correctness of analyses! Approximation in the analyses on variability: Understanding space of family-based analyses: Approximate variability! Understanding!

  39. < Outline > • Introduction • The 'IMP' and 'IMP' Languages • Abstract Interpretation of IMP • VariationalAbstract Interpretation of IMP • Related Work • Conclusion

  40. Related Work • Lifting representations: • Lifting dataflow analysis: • Lifting other analyses:(see citations in paper) "The Choice Calculus: A Representation for Software Variation" ( Erwig, Walkingshaw ) TOSEM 2011 "Variability-Aware Parsing in the Presence of Lexical Macros and Cond. Compilation" ( Kästner, Giarrusso, Rendel, Erdweg, Ostermann, Berger ) OOPSLA 2011 "IntraproceduralDataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Winther, Borba ) TAOSD 2012 "SPLLIFT: Statically Analyzing Software Product Lines in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini) PLDI 2013 • Type systems • Well-formedness checking • Model checking • Verification • Testing

  41. Related Work (cont'd) • Multi-staged program analysis: • Abstract Interpretation: "Two-Level Functional Languages" ( Nielson, Nielson )Tracts in Theoretical Computer Science, 1992 "Static Analysis of Multi-Staged Programs via UnstagingTranslation" ( Choi, Aktemur, Yi, Tatsuta ) SIGPLAN Not., 2011 "Systematic Design of Program Analysis Frameworks" ( Cousot, Cousot ) POPL 1979 "The Calculational Design of a Generic Abstract Interpreter" ( Cousot )CalculationalSystem Design, 1999 "Calculating Graph Algorithms for Dominance and Shortest Path" ( Sergey, Midtgaard, Clarke ) MPC 2012 "A Structural Soundness Proof for Shivers’sEscape Technique: ..." ( Midtgaard, Adams, Might ) SAS 2012

  42. < Outline > • Introduction • The 'IMP' and 'IMP' Languages • Abstract Interpretation of IMP • VariationalAbstract Interpretation of IMP • Related Work • Conclusion

  43. Conclusion: 'Var.Abs.Int' Systematic lifting ofother kinds of analyses: Correctness: derivation of correct SPL analyses: • Lifted... • control-flow analysis? • dataflow analysis? • model checking? • type systems? • verification? • testing? • ...? Systematic derivation! Correctness of analyses! Approximation in the analyses on variability: Understanding space of family-based analyses: Approximate variability! Understanding!

  44. Learn More... • Read (and cite) our Paper: • Including 35 page Appendix (p. 13 – 47): "Systematic Derivation of Static Analyses for Software Product Lines" ( Jan Midtgaard, Claus Brabrand, AndrzejWasowski ) Submitted for publication • Apx A: • Prerequisite Mathematics • Apx B: • Proof overview • Apx C – P: • Proofs

  45. (THANKS)

  46. BONUS SLIDES

  47. The 'Var.Abs.Int' Methodology BASE(classic abstract interpretation): • 1) Develop formal SOS semantics • 2) Devise collecting semantics • 3) Compose GC's and derive until "good analysis" LIFT(from program to program families): • 4) Extend language with preprocessor • 5) Apply lifting combinator to get to family level • 6) Simplify to direct expression for lifted analysis • –) Correctness (soundness) follows by construction Variability abstractions: • v1) Decide when to lift to program families • v2) Apply lifting combinator to get to family level • v3) Devise GC's that abstract configuration space! • v4) Simplify to direct expression for lifted analysis ++ • v–) Correctness (soundness) follows by construction

  48. 33 independent options... [ C. Kästner ] (233) > Earth's Population

  49. 320 independent options... [ C. Kästner ] (2320) > Atoms in Universe

  50. 10000 configurable options... [ C. Kästner ] (210000): Really BIG Bumber

More Related