Software analysis SET seminar
Software analysis is the process of (semi-)automatically establishing properties of the computer programs. a.k.a. Program analysis. Applications: For computers: Program correctness Execution optimization For humans: Quality assessment (maintainability, testability) / Faculteit Wiskunde en Informatica 29-11-2018
Axes of program analysis Compile-time (static) vs. run-time (dynamic) Dynamic: on-line vs. off-line Properties of interest: Structure vs. behavior Language-specific vs. language-independent Generic Language Technology (separate lecture) General-purpose languages vs. domain-specific ones / Faculteit Wiskunde en Informatica 29-11-2018
Static vs. dynamic Static Dynamic Applicable to incomplete or non-executable programs. Covers all possible executions. Usually less precise Dynamic Only executable programs. Covers only specific executions: On-line: current Off-line: those registered Usually more precise Can incur performance penalty Non-executable: special hardware that can be not available Some properties are better suited for static analysis, some for dynamic analysis / Faculteit Wiskunde en Informatica 29-11-2018
Static vs. Dynamic: Which way is easier? Sharing problem: say “yes” if p and q point to the same memory cell? Termination: say “yes” if the program terminates. / Faculteit Wiskunde en Informatica 29-11-2018
Structure vs. behavior Behavior: pointer sharing, termination Optimization, correctness Structure: How many execution paths pass through the procedure? How readable is the given code fragment? Maintainability, testability / Faculteit Wiskunde en Informatica 29-11-2018
Language-specific vs. language-independent Broader applicable Language-specific Can be fine tuned for a specific language / Faculteit Wiskunde en Informatica 29-11-2018
General purpose vs domain-specific Domain specific (usually) change often Changes in the domain Demand certain independence from a language? / Faculteit Wiskunde en Informatica 29-11-2018
Examples of analysis techniques / Faculteit Wiskunde en Informatica 29-11-2018
Numbers Software Metrics Static (usually) Structure Quality assessment: maintainability, testability, … Software Numbers / Faculteit Wiskunde en Informatica 29-11-2018
Metrics LOC % comments Cyclomatic complexity = #IF + #LOOP + 1 Source LOC, non-empty LOC, logical LOC % comments < 7% usually problematic Cyclomatic complexity = #IF + #LOOP + 1 Testability: #execution paths More than 15 – problematic Assignment A1 mentions the Halstead metrics… Logical = one commando on a number of lines / Faculteit Wiskunde en Informatica 29-11-2018
Dn – abstractness/stability balance Instable packages Depend upon many other classes No dependents Should be not extensible via inheritance (concrete) Stable packages Do not depend upon other classes Many dependents Should be extensible via inheritance (abstract) / SET / W&I
Instability: What does “depend” mean? 4 1 3 [Martin 2000] [Martin 1994] [JDepend] / SET / W&I
Dn – Distance from the main sequence Abstractness Dn = | Abstractness + Instability – 1 | 1 The closer Dn is to 0 – the better! Instability 1 / SET / W&I
Metrics: Research challenges Different definitions for the “same metrics” What is the impact on assessment of maintainability, testability, etc.? How can we prove that the metrics indeed reflect maintainability, testability, etc.? Statistical correlation with #bugs, maintenance effort? How can we aggregate the metrics? From methods to classes, packages and systems Average? Statistical distributions? / Faculteit Wiskunde en Informatica 29-11-2018
Behavioral analysis Software model checking Theorem proving Derive/construct a model of a software system Apply model checking techniques More: ask dr. Dragan Bosnacki. Theorem proving Add annotations Prove their correctness More: talk by dr. Michael Franssen Abstract interpretation: Today! / Faculteit Wiskunde en Informatica 29-11-2018
Abstract Interpretation: Example 2173 38 = 81574 or 2173 38 = 82574? Casting out nines: Sum the digits in the multiplicand n1, multiplier n2 and the product n to obtain s1, s2 and s. Divide s1, s2 and s by 9 to compute the remainder, that is, r1 = s1 mod 9, r2 = s2 mod 9 and r = s mod 9. If (r1 r2) mod 9 r then multiplication is incorrect The algorithm returns “incorrect” or “don’t know” Group A: apply casting out nines to the first multiplication (should fail), Group B: apply it to the second multiplication (should succeed)
Correctness argument Suppose r1 = n1 mod 9 and r2 = n2 mod 9 If n = n1 n2 then n mod 9 = (n1 n2) mod 9 hence n mod 9 = ((n1 mod 9) (n2 mod 9)) mod 9 whence n mod 9 = (r1 r2) mod 9 = r therefore r = n mod 9 If r n mod 9, then n n1 n2
Abstract Interpretation: Basic idea Concrete domain Abstraction function α Abstract domain Computation is difficult or impossible Computation is easier Approximation Concrete domain Abstract domain Concretization function γ / Faculteit Wiskunde en Informatica 29-11-2018
Formalization Based on notions of a Galois connection Patrick Cousot & Radhia Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 238—252, Los Angeles, California, 1977. ACM Press, New York, NY, USA. / Faculteit Wiskunde en Informatica 29-11-2018
Lattices – a prelude Suppose S, is a partially-ordered set :SSS is a join (the least upper bound) iff a ab and b ab for all a,bS if a c and b c, then ab c for any cS :SSS is a meet (the greatest lower bound) ab a and ab b for all a,bS if c a and c b, then c ab for any cS Partially ordered set. Who knows what a partial order is?
Complete lattices The join concept can often be lifted to sets iff t(T) for all TS and for all tT if ts for all tT then (T)s If meet can often be lifted analogously, then the lattice is complete A lattice that contains a finite number of elements is always complete
Abstract Interpretation: Revisited Concrete domain Abstract domain Computation is difficult or impossible Abstraction function α Concretization function γ Computation is easier Complete lattice / Faculteit Wiskunde en Informatica 29-11-2018
A, , C, is Galois connection whenever A, A and C, C are complete lattices :CA and :AC are monotonic If c1 C c2 then (c1) A (c2) If a1 A a2 then (a1) C (a2) :AA and :CC satisfy c C ()(c) for all cC ()(a) A a for all aA α γ
A classic Galois connection example The concrete domain C,C,C,C is 2Z,,, The abstract domain A,A,A,A where: A = {,+,-,T} A a AT for all aA join A and meet A are defined by: T - +
The relationship between A and C The concretisation function :AC: () = Ø (+) = {nZ | n > 0} (-) = {nZ | n < 0} (T) = Z The abstraction function :CA is defined: (S) = if S = Ø (S) = + else if n > 0 for all nS (S) = - else if n < 0 for all nS (S) = Z otherwise
Abstract Interpretation: Revisited Concrete domain Abstract domain * α γ Complete lattice ((a1) *C (a2)) C a1 *A a2 for all a1,a2A Approximation / Faculteit Wiskunde en Informatica 29-11-2018
Applications Verification: can a concurrent program deadlock? Is termination assured? Parallelization: are two or more tasks independent? What is the worst/base-case running time of function? Transformation: can a definition be unfolded? Will unfolding terminate? Implementation: can an operation be specialized with knowledge of its (global) calling context? / Faculteit Wiskunde en Informatica 29-11-2018
Abstract Interpretation: Challenges New abstract domains Intervals, octagons, more? New applications = new concrete domains New tools / Faculteit Wiskunde en Informatica 29-11-2018
Summary: Program analysis Compile-time (static) vs. run-time (dynamic) Dynamic: on-line vs. off-line Properties of interest: Structure vs. behavior Language-specific vs. language-independent Generic Language Technology (separate lecture) General-purpose languages vs. domain-specific ones Next time: Analysis in practice! / Faculteit Wiskunde en Informatica 29-11-2018