Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interprocedural analysis © Marcelo d’Amorim 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Interprocedural analysis © Marcelo d’Amorim 2010."— Presentation transcript:

1 Interprocedural analysis http://pan.cin.ufpe.br © Marcelo d’Amorim 2010

2 Intraprocedural analysis Intraprocedural analysis considers the body of a single function – Useful for many applications For instance, to identify local variable definition without use (or the contrary) public void foo(int x) { int tmp; if (x > 10) { tmp = 10; … } else { … } … = tmp } © Marcelo d’Amorim 2010

3 Some applications require analyses across multiple functions. For instance, to identify methods that can read data that another writes. © Marcelo d’Amorim 2010

4 Interprocedural analysis Data flows across function calls Naive solution: ??? © Marcelo d’Amorim 2010

5 Interprocedural analysis Data flows across function calls Naive solution: Inline all calls – Limitations ??? © Marcelo d’Amorim 2010

6 Interprocedural analysis Data flows across function calls Naive solution: Inline all calls – Limitations Program size “explodes” with number of call sites Does not handle recursion in general – requires bounded unfolding of function declarations © Marcelo d’Amorim 2010

7 Interprocedural analysis Data flows across function calls Naive solution: Inline all calls – Limitations Program size “explodes” with number of call sites Does not handle recursion in general – requires bounded unfolding of function declarations © Marcelo d’Amorim 2010 May be good enough for you!

8 Classical approach Build flow graph with special nodes+edges to propagate function call data © Marcelo d’Amorim 2010

9 Syntax of language with procedures © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005

10 Flow graphs for programs (as opposed to a procedure) Needs to consider effects of – Call – Procedure entry – Procedure exit – Return © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005

11 Exercise Build FG for the following program begin proc fib(val z, u, res v) is if z < 3 then v := u + 1 else call fib(z-1,u,v); call fib(z-2,v,v) end; end © Marcelo d’Amorim 2010

12 Program flow graph *From Principles of Program Analysis, F. Nielson et al., Springer 2005 © Marcelo d’Amorim 2010

13 Data propagates across edges just as before. Intraprocedural analysis still applies for every non function-related node.

14 A problem to overcome… foo() call site 1 call site 2 Suppose this is part of one program flow graph. Can you see the problem in the way data may flow? © Marcelo d’Amorim 2010

15 A problem to overcome… foo() call site 1 call site 2 This control path does not exist. Ignoring this issue may affect precision! Context sensitivity eliminates such data flows. But adds complexity to the analysis: impact on time/memory requirements. © Marcelo d’Amorim 2010

16 A problem to overcome… foo() call site 1 call site 2 A context-sensitive analysis will only consider valid control paths in the flow graph © Marcelo d’Amorim 2010

17 Quick Question © Marcelo d’Amorim 2010 Would such invalid paths arise in the inline approach?

18 Context sensitive analysis General approach: Encode context information with analysis information © Marcelo d’Amorim 2010

19 Context sensitive analysis General approach: Encode context information with analysis information – At entry node, appends origin location – At exit node, only transfer data that have flown from origin © Marcelo d’Amorim 2010 foo() call site 1 call site 2

20 Exercise We have programs with integer variables and want to detect statically the signs they can hold. What lattice would you use? © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005

21 Exercise This formulation allows one to associate signs of distinct variables. © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005 One option…

22 Context information in the lattice Back to Detection of Signs Analysis Data is labeled by calling context △. © Marcelo d’Amorim 2010

23 Transfer functions © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005

24 Transfer functions For declarations Two transfer functions Define effect of entry (exit) at (from) p For illustration purposes assume both function are identity © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005

25 Transfer functions For calls Transfer function for call: Function f lc “saves” calling context together with data © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005

26 Transfer functions For calls Transfer function for return Function f lc,lr “restores” context and only propagate data that correspond to the call © Marcelo d’Amorim 2010 *From Principles of Program Analysis, F. Nielson et al., Springer 2005

27 Two standard encodings of context Call strings Assumption sets © Marcelo d’Amorim 2010

28 Call Strings String consisting of pending procedure call on the stack Call strings of fib – [], [9,4], [9,6], [9,4,4], [9,4,6], [9,6,4], [9,6,6], etc. Unbounded ( ) or Bounded ( ) length © Marcelo d’Amorim 2010

29 Call Strings String consisting of pending procedure call on the stack Call strings of fib – [], [9,4], [9,6], [9,4,4], [9,4,6], [9,6,4], [9,6,6], etc. Unbounded ( ) or Bounded ( ) length © Marcelo d’Amorim 2010 Context is a stack of string elements, each denoting function calls.

30 Assumption Sets Use abstract states to caracterize context For instance, make △ = or △ = © Marcelo d’Amorim 2010

31 Flow sensitivity Considers the order of statements – Flow insensitive analysis produce same results for S;S’ and S’;S So far, only flow sensitive examples © Marcelo d’Amorim 2010

32 Example begin proc fib(val z) is if z < 3 then call add(1) else call fib(z-1); call fib(z-2) end; proc add(val u) is (y:=y+u; u:=0) end; y:=0; call fib(x) end © Marcelo d’Amorim 2010

33 What globals are updated? Two auxiliary functions: – AV: Name => P (Name) – CP: Name => P (Name) Defintion: – IAV(p) = (AV(S) \ {x}) U U {IAV(p’) | p’ ∈ CP(s)}, where proc p(val x, res y) is S end IAV(fib) = ( Ø \ {z}) U IAV(fib) U IAV(add) IAV(add) = {y,u} \ {u} © Marcelo d’Amorim 2010

34 Points-to Analysis Analysis that computes a function Null deref? – null ∈ pt(o) Alias possible? – pt(a) ∩ pt(b) ≠ Ø © Marcelo d’Amorim 2010 pt: Var => P (Loc)

35 Question Points to set are typically large. For type safe languages, these sets can be significantly reduced. Why? © Marcelo d’Amorim 2010

36 Points-to Analysis Two algorithms for finding “points-to” sets: – Andersen’s – Steensgaard’s © Marcelo d’Amorim 2010 possible seminar selection

37 Points-to Analysis Main applications – Null pointer analysis – Shape analysis – Mutability analysis © Marcelo d’Amorim 2010 Important for interprocedural analysis. E.g., more detailed flow graphs for oo programs can be built by constraining the actual types of method callers.

38 APPLICATIONS OF STATIC ANALYSIS © Marcelo d’Amorim 2010

39 Some applications Change Impact Analysis – Guide inspection, debugging, and testing activities – See work of Barbara Ryder at Rutgers Univ. Dataflow testing – Test is “good” if exercises data dependency – See work of Mauro Pezze at Politechnical de Milano © Marcelo d’Amorim 2010

40 Some applications Change Impact Analysis – Guide inspection, debugging, and testing activities – See work of Barbara Ryder at Rutgers Univ. Dataflow testing – Test is “good” if exercises data dependency – See work of Mauro Pezze at Politechnical de Milano © Marcelo d’Amorim 2010 Focus

41 Traditional dataflow Check if test activates pair of def-use – Variations: all pairs, all uses, all defs © Marcelo d’Amorim 2010

42 Question Why traditional dataflow testing may not be appropriate for oo programs? © Marcelo d’Amorim 2010

43 Question Why traditional dataflow testing may not be appropriate for oo programs? © Marcelo d’Amorim 2010 Imagine the scenario where all fields are encapsulated with accessor methods (getters & setters). Dataflow adequacy will be vacuous (and trivial to obtain)!

44 Question Why traditional dataflow testing may not be appropriate for oo programs? © Marcelo d’Amorim 2010 Imagine the scenario where all fields are encapsulated with accessor methods (getters & setters). Dataflow adequacy will be vacuous (and trivial to obtain)! Would that be a problem with a flat state (i.e., all state global no object)?

45 Data encapsulation Encapsulation is key to information-hiding and advocated in OO programming © Marcelo d’Amorim 2010

46 Contextual def-use associations Stronger requirement: add context information to associations (test requirement) – A contextual def-use association is a tuple (d,u,cd,cu) – Example: (19,22,Storage::storeMsg()-> Storage::setStored(), Storage::getStored()) © Marcelo d’Amorim 2010 Distinguish from context-free associations in that invocations to accessors are mediated. Context of definition and use

47 http://pan.cin.ufpe.br © Marcelo d’Amorim 2010

Download ppt "Interprocedural analysis © Marcelo d’Amorim 2010."

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR

R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR
Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.

Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.

P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.
Exercise 1 Generics and Assignments. Language with Generics and Lots of Type Annotations Simple language with this syntax types:T ::= Int | Bool | T =>

Exercise 1 Generics and Assignments. Language with Generics and Lots of Type Annotations Simple language with this syntax types:T ::= Int | Bool | T =>
The University of Adelaide, School of Computer Science

The University of Adelaide, School of Computer Science
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Programming Languages and Paradigms

Programming Languages and Paradigms
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.

Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Programming Languages and Paradigms The C Programming Language.

Programming Languages and Paradigms The C Programming Language.
Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:

Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.

Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.
1 CS 201 Compiler Construction Lecture Interprocedural Data Flow Analysis.

1 CS 201 Compiler Construction Lecture Interprocedural Data Flow Analysis.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani

Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Composition CMSC 202. Code Reuse Effective software development relies on reusing existing code. Code reuse must be more than just copying code and changing.

Composition CMSC 202. Code Reuse Effective software development relies on reusing existing code. Code reuse must be more than just copying code and changing.
Symbolic execution © Marcelo d’Amorim 2010.

Symbolic execution © Marcelo d’Amorim 2010.
Graph Coverage for Design Elements 1.  Use of data abstraction and object oriented software has increased importance on modularity and reuse.  Therefore.

Graph Coverage for Design Elements 1.  Use of data abstraction and object oriented software has increased importance on modularity and reuse.  Therefore.
Principles of programming languages 4: Parameter passing, Scope rules Department of Information Science and Engineering Isao Sasano.

Principles of programming languages 4: Parameter passing, Scope rules Department of Information Science and Engineering Isao Sasano.
1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.

1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.

Similar presentations

Ads by Google