Program Analysis with Set Constraints Ravi Chugh.

Slides:



Advertisements
Similar presentations
Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Advertisements

Interprocedural Analysis. Currently, we only perform data-flow analysis on procedures one at a time. Such analyses are called intraprocedural analyses.
SSA and CPS CS153: Compilers Greg Morrisett. Monadic Form vs CFGs Consider CFG available exp. analysis: statement gen's kill's x:=v 1 p v 2 x:=v 1 p v.
Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.
Jaewook Shin, Priyadarshini Malusare and Paul D. Hovland Mathematics and Computer Science Division Argonne National Laboratory Design and Implementation.
Chapter 9 Code optimization Section 0 overview 1.Position of code optimizer 2.Purpose of code optimizer to get better efficiency –Run faster –Take less.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
Register Allocation CS 671 March 27, CS 671 – Spring Register Allocation - Motivation Consider adding two numbers together: Advantages: Fewer.
1 CS 201 Compiler Construction Lecture Interprocedural Data Flow Analysis.
Flow-Insensitive Points-to Analysis with Term and Set Constraints Presentation by Kaleem Travis Patrick.
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.
Program Analysis with Set Constraints Ravi Chugh.
Interprocedural analysis © Marcelo d’Amorim 2010.
Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Advanced Compilers CMPSCI 710.
CS 536 Spring Global Optimizations Lecture 23.
CS 536 Spring Intermediate Code. Local Optimizations. Lecture 22.
Control Flow Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Context-Sensitive Flow Analysis Using Instantiation Constraints CS 343, Spring 01/02 John Whaley Based on a presentation by Chris Unkel.
1 Intermediate representation Goals: –encode knowledge about the program –facilitate analysis –facilitate retargeting –facilitate optimization scanning.
Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.
1 Control Flow Analysis Mooly Sagiv Tel Aviv University Textbook Chapter 3
Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:
Intraprocedural Points-to Analysis Flow functions:
Chapter 6. 2 Objectives You should be able to describe: Function and Parameter Declarations Returning a Single Value Pass by Reference Variable Scope.
Staged Information Flow for JavaScript Ravi Chugh, Jeff Meister, Ranjit Jhala, Sorin Lerner UC San Diego.
Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization.
Guide To UNIX Using Linux Third Edition
An Efficient Inclusion-Based Points-To Analysis for Strictly-Typed Languages John Whaley Monica S. Lam Computer Systems Laboratory Stanford University.
Overview of program analysis Mooly Sagiv html://
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
Prof. Bodik CS 164 Lecture 16, Fall Global Optimization Lecture 16.
Procedure Optimizations and Interprocedural Analysis Chapter 15, 19 Mooly Sagiv.
Advanced Compiler Techniques LIU Xianhua School of EECS, Peking University Inter-procedural Analysis.
Chapter 6: User-Defined Functions I Instructor: Mohammad Mojaddam
Data Objects (revisited) Recall that values are stored in data objects, and that each data object holds one value of a particular type. Data objects may.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University STATIC ANALYSES FOR JAVA IN THE PRESENCE OF DISTRIBUTED COMPONENTS AND.
Programmer's view on Computer Architecture by Istvan Haller.
A First Book of C++: From Here To There, Third Edition2 Objectives You should be able to describe: Function and Parameter Declarations Returning a Single.
COP 4620 / 5625 Programming Language Translation / Compiler Writing Fall 2003 Lecture 10, 10/30/2003 Prof. Roy Levow.
Lesson 13 CDT301 – Compiler Theory, Spring 2011 Teacher: Linus Källberg.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Lexical Analyzer (Checker)
Type Systems CS Definitions Program analysis Discovering facts about programs. Dynamic analysis Program analysis by using program executions.
Value and Reference Parameters. CSCE 1062 Outline  Summary of value parameters  Summary of reference parameters  Argument/Parameter list correspondence.
1 Languages and Compilers (SProg og Oversættere) Bent Thomsen Department of Computer Science Aalborg University With acknowledgement to Norm Hutchinson.
CS536 Semantic Analysis Introduction with Emphasis on Name Analysis 1.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
CS 343 presentation Concrete Type Inference Department of Computer Science Stanford University.
Reachability Analysis for Callbacks 北京大学 唐浩
Control Flow Graphs : The if Statement 1 if (x < y) { y = 0; x = x + 1; } else { x = y; } x >= yx < y x = y y = 0 x = x + 1 if (x < y) { y = 0;
CS 404Ahmed Ezzat 1 CS 404 Introduction to Compiler Design Lecture 1 Ahmed Ezzat.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 8: Static Analysis II Roman Manevich Ben-Gurion University.
Inter-procedural analysis
Design issues for Object-Oriented Languages
Manuel Fahndrich Jakob Rehof Manuvir Das
Static Analysis of Object References in RMI-based Java Software
User-Written Functions
Chapter 7 User-Defined Methods.
Constructing Precedence Table
Interprocedural Analysis Chapter 19
Ravi Mangal Mayur Naik Hongseok Yang
Program Slicing Baishakhi Ray University of Virginia
Pointer analysis.
자바 언어를 위한 정적 분석 (Static Analyses for Java) ‘99 한국정보과학회 가을학술발표회 튜토리얼
Presentation transcript:

Program Analysis with Set Constraints Ravi Chugh

Set-constraint based analysis Another technique for computing information about program variables Phase 1: constraint generation – Create set variables corresponding to program – Add inclusion constraints between these sets – Usually a local, syntax-directed process (ASTs vs CFGs) Phase 2: constraint resolution – Solve for values of all set variables Extends naturally to inter-procedural analysis

Constant propagation int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Want to determine whether x and y are constant values when they are used We will build a flow- insensitive analysis

Set constraints Terms t := c (constant) | X (set variable) | C(t 1,...,t n )(constructed term) Constraints t 1 <= t 2 (set inclusion) Constructors – C(v 1,...,v n ) is an n-arg ctor C with variances v i – v i is either + (covariant) or – (contravariant) – Covariance corresponds to “forwards flow” – Contravariance corresponds to “backwards flow”

Set constraints and graph reachability Tight correspondence between set-inclusion constraints and edges in a flow graph

Set constraints and graph reachability Tight correspondence between set-inclusion constraints and edges in a flow graph 1 <= X X X 1 1

Set constraints and graph reachability Tight correspondence between set-inclusion constraints and edges in a flow graph 1 <= X X <= Y X X 1 1 Y Y

Set constraints and graph reachability Tight correspondence between set-inclusion constraints and edges in a flow graph 1 <= X X <= Y Ctor(A,B,C) <= Ctor(D,E,F) where Ctor(+,-,+) X X 1 1 Ctor ( A, B, C ) Ctor ( D, E, F ) Y Y

Set constraints and graph reachability Tight correspondence between set-inclusion constraints and edges in a flow graph 1 <= X X <= Y Ctor(A,B,C) <= Ctor(D,E,F) where Ctor(+,-,+) X X 1 1 Ctor ( A, B, C ) Ctor ( D, E, F ) Y Y

Constraint resolution System of constraints Con Additional constraints added by following rules 1) Transitivity of sets – Con with x <= y ∧ y <= z  Con ∧ x <= z 2) Constructed terms – Con with C(...,x i,...) <= C(...,y i,...)  Con ∧ i straint i straint i is x i <= y i if C covariant in i straint i is y i <= x i if C contravariant in i 3) Inconsistent terms – Con with C(...) <= D(...)  Inconsistent

Fun constructor For simplicity, assume all functions take one arg Define constructor Fun(-,+) Places for function input and output Encoding a function call: int z = id(2); Fun(i, retid) <= Fun(2, z)

Fun constructor For simplicity, assume all functions take one arg Define constructor Fun(-,+) Places for function input and output Encoding a function call: int z = id(2); Fun(i, retid) <= Fun(2, z) By contravariance, the actual 2 flows to i By covariance, the return value of id flows to z Fun ( i, retid) Fun ( 2, z )

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... }

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs Fun (i, ret1) abs

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs Fun (i, ret1) abs

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 Fun (i, ret1) abs

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 Fun (i, ret1) abs

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun (i, ret1) abs T T

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun (i, ret1) abs T T

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id Fun (i, ret1) abs T T Fun (j, ret2) id

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id Fun (i, ret1) abs T T Fun (j, ret2) id

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 Fun (i, ret1) abs T T Fun (j, ret2) id

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 Fun (i, ret1) abs T T Fun (j, ret2) id

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2 Fun (, x )

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2 Fun (, x )

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2 Fun (, x )

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2 Fun (, x ) Fun (, y )

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2 Fun (, x ) Fun (, y )

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2 Fun (, x ) Fun (, y ) [[x]] = [[y]] =

int abs(int i) { if (...) { return i; } else { return –i; } } int id(int j) { return j; } void main() { int a = 1, b = 2; int x = abs(a); int y = id(b);... use x use y... } Fun(i,ret1) <= abs i <= ret1 T <= ret1 Fun(j,ret2) <= id j <= ret2 1 <= a 2 <= b abs <= Fun(a,x) id <= Fun(b,y) Fun (i, ret1) abs T T Fun (j, ret2) id a a 1 1 b b 2 2 Fun (, x ) Fun (, y ) [[x]] = {1, T} [[y]] = {2}

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p;

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; i i 1 1

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; 1 1 i i

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p Ref ( 2, _)

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p Ref ( 2, _)

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p Ref ( 2, _)

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p Ref ( 2, _) Ref ( _, j)

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p Ref ( 2, _) Ref ( _, j)

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p Ref ( 2, _) Ref ( _, j) [[j]] =

Pointers Handle pointers with a Ref(-,+) constructor Two args correspond to set and get operations int i = 1; int *p = &i; *p = 2; int j = *p; Ref (seti, i) 1 1 p p Ref ( 2, _) Ref ( _, j) [[j]] = {1, 2}

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0);

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) foo

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) foo

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) Ref (setF, foo)

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); Fun (i, ret) Ref (setF, foo) funcPtr

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) Ref (setF, foo)

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) Ref (setF, foo)

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) Ref (setF, foo) Ref ( _, Fun (0, x )

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) Ref (setF, foo) Ref ( _, Fun (0, x )

More on functions Our encoding supports higher-order functions – Passing around Fun terms just like constants Function pointers also just work int (*funcPtr)(int); int foo(int i) { return i }; funcPtr = &foo; int x = (*funcPtr)(0); funcPtr Fun (i, ret) Ref (setF, foo) Ref ( _, Fun (0, x )

Context sensitivity Smearing call sites int x = id(1); int y = id(2); Fun (j, r) id Fun (1, x) Fun (2, y) [[x]] = {1, 2} [[y]] = {1, 2}

Context sensitivity Smearing call sites int x = id(1); int y = id(2); Option 1: Specialization Each call id i gets a new copy of id Eliminates smearing, but graph size increases Fun (j, r) id Fun (1, x) Fun (2, y) Fun (j, r) id 1 Fun (1, x) Fun (j, r) id 2 Fun (2, y) [[x]] = {1, 2} [[y]] = {1, 2}

Context sensitivity Option 2: Unique labeled edges for each call site Not using Fun constructor There is flow only if there is a path that spells a substring of a well-bracketed string – [ a [ b ] b ] a and [ a ] a [ b are valid; [ a [ b ] a ] b is not For both options, if there are higher-order functions or function pointers, need a first pass to compute pointer targets j j r r 1 1 x x 2 2 y y [1[1 ]1]1 [2[2 ]2]2

Field sensitivity For each field f, define Fld f (-,+) constructor int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, )

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, )

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, ) o o Fld g (_, og) Fld f (_, of)

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, ) o o Fld g (_, og) Fld f (_, of)

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, ) o o Fld g (_, og) Fld f (_, of) Fld f (3, _) Fld g (4, _)

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, ) o o Fld g (_, og) Fld f (_, of) Fld f (3, _) Fld g (4, _)

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, ) o o Fld g (_, og) Fld f (_, of) Fun (, w ) Fld f (_, ) Fld f (3, _) Fld g (4, _)

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, ) o o Fld g (_, og) Fld f (_, of) Fun (, w ) Fld f (_, ) Fld f (3, _) Fld g (4, _)

Field sensitivity int readG(obj p) { return p.g; } obj o; o.f = 3; o.g = 4; int w = id(o.f); int z = readG(o); Fun (j, ret2) id For each field f, define Fld f (-,+) constructor Fun (p, ret3) readG Fld g (_, ) o o Fld g (_, og) Fld f (_, of) Fun (, z ) Fun (, w ) Fld f (_, ) Fld f (3, _) Fld g (4, _)

Scalability Constraint graph for entire program is in memory Even for flow-insensitive analyses, this can become a bottleneck Even worse for flow-sensitive analyses Techniques for analyzing parts of program in isolation and storing summaries of their observable effects

Summary Set constraints are often natural for expressing various program analyses – Constant propagation, pointer analysis – Closure analysis – Receiver class analysis – Information flow Rich literature on solving systems of constraints Non-trivial to extend to flow-sensitive or summary-based analyses Interference between functions and references

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.