1 / 26

Overview of program analysis

Overview of program analysis. Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html. Exam Format (Moed A 02). Compile- vs Run-time events (25) American style question (10) Handling new language feature in TC (40) Understanding (25). Outline. What is (static) program analysis

latashiaj
Download Presentation

Overview of program analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html

  2. Exam Format (Moed A 02) • Compile- vs Run-time events (25) • American style question (10) • Handling new language feature in TC (40) • Understanding (25)

  3. Outline • What is (static) program analysis • Examples • Undecidability • Algorithms

  4. Static Analysis • Automatic derivation of static properties which hold on every execution leading to a programlocation • Usages • Compiler optimizations • Code quality tools • Identify bugs • Prove absence of certain bugs

  5. Example Static Analysis Problem • Find variables with constant value at a given program location int p(int x){ return x *x ; } void main() { int z; if (getc()) z = p(6) + 8; else z = p(5) + 7; printf (z); } int p(int x){ return (x *x) ; } void main() { int z; if (getc()) z = p(3) + 1; else z = p(-2) + 6; printf (z); }

  6. Example Static Analysis Problem • Find variables which are live at a given program location

  7. a b c A Simple Example /* c */ L0: a := 0 /* ac */ L1: b := a + 1 /* bc */ c := c + b /* bc */ a := b * 2 /* ac */ if c < N goto L1 /* c */ return c

  8. leakage of address pointed to by head Memory Leakage List reverse(Element head) { List rev, n;rev = NULL; while (head != NULL) { n = head next; head  next = rev; head = n; rev = head; }return rev; }

  9. Memory Leakage Element reverse(Element head) { Element rev, n;rev = NULL; while (head != NULL) { n = head  next; head  next = rev; rev = head; head = n; }return rev; } ✔No memory leaks

  10. source-program Compiler Scheme Scanner String tokens Parser Tokens AST Semantic Analysis Code Generator IR Static analysis IR +information Transformations

  11. Undecidability issues • It is impossible to compute exact static information • Finding if a program point is reachable • Difficulty of interesting data properties

  12. Undecidabily • A variable is live at a givenpoint in the program • if its current value is used after this point prior to a definition in some execution path • It is undecidable if a variable is live at a given program location

  13. Proof Sketch Pr L: x := y Is y live at L?

  14. Conservative (Sound) • The compiler need not generate the optimal code • Can use more registers (“spill code”) than necessary • Find an upper approximation of the live variables • Err on the safe side • A superset of edges in the interference graph • Not too many superfluous live variables

  15. Conservative Software Quality Tools • Can never miss an error • Buy may produce false alarms • Warning on non existing errors

  16. Iterative computation of conservative static information • Construct a control flow graph • Optimistically start with the best value at every node • “Interpret” every statement in a conservative way • Stop when no changes occur

  17. a := 0 ; /* c */ L0: a := 0 /* ac */ L1: b := a + 1 /* bc */ c := c + b /* bc */ a := b * 2 /* ac */ if c < N goto L1 /* c */ return c b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;

  18. a := 0 ;  b := a +1 ;  c := c +b ;  a := b*2 ;  c <N goto L1  return c ; 

  19. a := 0 ;  b := a +1 ;  c := c +b ;  a := b*2 ;  c <N goto L1 {c} return c ; 

  20. a := 0 ;  b := a +1 ;  c := c +b ;  a := b*2 ; {c} c <N goto L1 {c} return c ; 

  21. a := 0 ;  b := a +1 ;  c := c +b ; {c, b} a := b*2 ; {c} c <N goto L1 {c} return c ; 

  22. a := 0 ;  b := a +1 ; {c, b} c := c +b ; {c, b} a := b*2 ; {c} c <N goto L1 {c} return c ; 

  23. a := 0 ; {c, a} b := a +1 ; {c, b} c := c +b ; {c, b} a := b*2 ; {c} c <N goto L1 {c} return c ; 

  24. a := 0 ; {c, a} b := a +1 ; {c, b} c := c +b ; {c, b} a := b*2 ; {c} c <N goto L1 {c, a} return c ; 

  25. a := 0 ; {c, a} b := a +1 ; {c, b} c := c +b ; {c, b} a := b*2 ; {c, a} c <N goto L1 {c, a} return c ; 

  26. Summary • Program analysis provides non-trivial insights on the runtime executions of the program • Mathematically justified • Operational semantics • Abstract interpretation (lattice theory) • Employed in compilers • Will be employed in software quality tools • But the course in TAU is theoretical

More Related