1. Software analysis
SET seminar

2. Software analysis
is the process of (semi-)automatically establishing properties of the computer programs.
a.k.a. Program analysis.
Applications:
For computers:
Program correctness
Execution optimization
For humans:
Quality assessment (maintainability, testability)
/ Faculteit Wiskunde en Informatica

3. Axes of program analysis
Compile-time (static) vs. run-time (dynamic)
Dynamic: on-line vs. off-line
Properties of interest: Structure vs. behavior
Language-specific vs. language-independent
Generic Language Technology (separate lecture)
General-purpose languages vs. domain-specific ones
/ Faculteit Wiskunde en Informatica

4. Static vs. dynamic Static Dynamic
Applicable to incomplete or non-executable programs.
Covers all possible executions.
Usually less precise
Dynamic
Only executable programs.
Covers only specific executions:
On-line: current
Off-line: those registered
Usually more precise
Can incur performance penalty
Non-executable: special hardware that can be not available
Some properties are better suited for static analysis, some for dynamic analysis
/ Faculteit Wiskunde en Informatica

5. Static vs. Dynamic: Which way is easier?
Sharing problem: say “yes” if p and q point to the same memory cell?
Termination: say “yes” if the program terminates.
/ Faculteit Wiskunde en Informatica

6. Structure vs. behavior Behavior: pointer sharing, termination
Optimization, correctness
Structure:
How many execution paths pass through the procedure?
How readable is the given code fragment?
Maintainability, testability
/ Faculteit Wiskunde en Informatica

7. Language-specific vs. language-independent
Broader applicable
Language-specific
Can be fine tuned for a specific language
/ Faculteit Wiskunde en Informatica

8. General purpose vs domain-specific
Domain specific (usually) change often
Changes in the domain
Demand certain independence from a language?
/ Faculteit Wiskunde en Informatica

9. Examples of analysis techniques
/ Faculteit Wiskunde en Informatica

10. Numbers Software Metrics Static (usually) Structure
Quality assessment: maintainability, testability, …
Software
Numbers
/ Faculteit Wiskunde en Informatica

11. Metrics LOC % comments Cyclomatic complexity = #IF + #LOOP + 1
Source LOC, non-empty LOC, logical LOC
% comments
< 7% usually problematic
Cyclomatic complexity = #IF + #LOOP + 1
Testability: #execution paths
More than 15 – problematic
Assignment A1 mentions the Halstead metrics…
Logical = one commando on a number of lines
/ Faculteit Wiskunde en Informatica

12. Dn – abstractness/stability balance
Instable packages
Depend upon many other classes
No dependents
Should be not extensible via inheritance (concrete)
Stable packages
Do not depend upon other classes
Many dependents
Should be extensible via inheritance (abstract)
/ SET / W&I

13. Instability: What does “depend” mean?4 1 3
[Martin 2000]
[Martin 1994]
[JDepend]
/ SET / W&I

14. Dn – Distance from the main sequence
Abstractness
Dn = | Abstractness + Instability – 1 | 1
The closer Dn is to 0 – the better!
Instability 1
/ SET / W&I

15. Metrics: Research challenges
Different definitions for the “same metrics”
What is the impact on assessment of maintainability, testability, etc.?
How can we prove that the metrics indeed reflect maintainability, testability, etc.?
Statistical correlation with #bugs, maintenance effort?
How can we aggregate the metrics?
From methods to classes, packages and systems
Average? Statistical distributions?
/ Faculteit Wiskunde en Informatica

16. Behavioral analysis Software model checking Theorem proving
Derive/construct a model of a software system
Apply model checking techniques
More: ask dr. Dragan Bosnacki.
Theorem proving
Add annotations
Prove their correctness
More: talk by dr. Michael Franssen
Abstract interpretation: Today!
/ Faculteit Wiskunde en Informatica

17. Abstract Interpretation: Example
2173  38 = or 2173  38 = 82574?
Casting out nines:
Sum the digits in the multiplicand n1, multiplier n2 and the product n to obtain s1, s2 and s.
Divide s1, s2 and s by 9 to compute the remainder, that is, r1 = s1 mod 9, r2 = s2 mod 9 and r = s mod 9.
If (r1  r2) mod 9  r then multiplication is incorrect
The algorithm returns “incorrect” or “don’t know”
Group A: apply casting out nines to the first multiplication (should fail), Group B: apply it to the second multiplication (should succeed)

18. Correctness argument Suppose r1 = n1 mod 9 and r2 = n2 mod 9 If
n = n1  n2 then
n mod 9 = (n1  n2) mod 9 hence
n mod 9 = ((n1 mod 9)  (n2 mod 9)) mod 9 whence
n mod 9 = (r1  r2) mod 9 = r therefore
r = n mod 9
If r  n mod 9, then n  n1  n2

19. Abstract Interpretation: Basic idea
Concrete domain
Abstraction function α
Abstract domain
Computation is difficult or impossible
Computation is easier
Approximation
Concrete domain
Abstract domain
Concretization function γ
/ Faculteit Wiskunde en Informatica

20. Formalization Based on notions of a Galois connection
Patrick Cousot & Radhia Cousot.
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints.
In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 238—252, Los Angeles, California, ACM Press, New York, NY, USA.
/ Faculteit Wiskunde en Informatica

21. Lattices – a prelude Suppose S,  is a partially-ordered set
:SSS is a join (the least upper bound) iff
a  ab and b  ab for all a,bS
if a  c and b  c, then ab  c for any cS
:SSS is a meet (the greatest lower bound)
ab  a and ab  b for all a,bS
if c  a and c  b, then c  ab for any cS
Partially ordered set. Who knows what a partial order is?

22. Complete lattices The join concept can often be lifted to sets iff
t(T) for all TS and for all tT
if ts for all tT then (T)s
If meet can often be lifted analogously, then the lattice is complete
A lattice that contains a finite number of elements is always complete

23. Abstract Interpretation: Revisited
Concrete domain
Abstract domain
Computation is difficult or impossible
Abstraction function α
Concretization function γ
Computation is easier
Complete lattice
/ Faculteit Wiskunde en Informatica

24. A, , C,  is Galois connection whenever
A, A and C, C are complete lattices
:CA and :AC are monotonic
If c1 C c2 then (c1) A (c2)
If a1 A a2 then (a1) C (a2)
:AA and :CC satisfy
c C ()(c) for all cC
()(a) A a for all aA α γ

25. A classic Galois connection example
The concrete domain C,C,C,C is 2Z,,,
The abstract domain A,A,A,A where:
A = {,+,-,T}
 A a AT for all aA
join A and meet A are defined by: T - + 

26. The relationship between A and C
The concretisation function :AC:
() = Ø
(+) = {nZ | n > 0}
(-) = {nZ | n < 0}
(T) = Z
The abstraction function :CA is defined:
(S) =  if S = Ø
(S) = + else if n > 0 for all nS
(S) = - else if n < 0 for all nS
(S) = Z otherwise

27. Abstract Interpretation: Revisited
Concrete domain
Abstract domain * α γ
Complete lattice
((a1) *C (a2)) C a1 *A a2 for all a1,a2A
Approximation
/ Faculteit Wiskunde en Informatica

28. Applications
Verification: can a concurrent program deadlock? Is termination assured?
Parallelization: are two or more tasks independent? What is the worst/base-case running time of function?
Transformation: can a definition be unfolded? Will unfolding terminate?
Implementation: can an operation be specialized with knowledge of its (global) calling context?
/ Faculteit Wiskunde en Informatica

29. Abstract Interpretation: Challenges
New abstract domains
Intervals, octagons, more?
New applications = new concrete domains
New tools
/ Faculteit Wiskunde en Informatica

30. Summary: Program analysis
Compile-time (static) vs. run-time (dynamic)
Dynamic: on-line vs. off-line
Properties of interest: Structure vs. behavior
Language-specific vs. language-independent
Generic Language Technology (separate lecture)
General-purpose languages vs. domain-specific ones
Next time: Analysis in practice!
/ Faculteit Wiskunde en Informatica