Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html."— Presentation transcript:

1 Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html

2 Exam Format (Moed A 02) Compile- vs Run-time events (25) American style question (10) Handling new language feature in TC (40) Understanding (25)

3 Outline What is (static) program analysis Examples Undecidability Algorithms

4 Static Analysis Automatic derivation of static properties which hold on every execution leading to a program location Usages –Compiler optimizations –Code quality tools Identify bugs Prove absence of certain bugs

5 Example Static Analysis Problem Find variables with constant value at a given program location int p(int x){ return x *x ; } void main() { int z; if (getc()) z = p(6) + 8; else z = p(5) + 7; printf (z); } int p(int x){ return (x *x) ; } void main() { int z; if (getc()) z = p(3) + 1; else z = p(-2) + 6; printf (z); }

6 Example Static Analysis Problem Find variables which are live at a given program location

7 A Simple Example /* c */ L0: a := 0 /* ac */ L1:b := a + 1 /* bc */ c := c + b /* bc */ a := b * 2 /* ac */ if c < N goto L1 /* c */ return c ab c

8 List reverse(Element  head) { List rev, n; rev = NULL; while (head != NULL) { n = head  next; head  next = rev; head = n; rev = head; } return rev; } Memory Leakage leakage of address pointed to by head

9 Memory Leakage Element  reverse(Element  head) { Element  rev,  n; rev = NULL; while (head != NULL) { n = head  next; head  next = rev; rev = head; head = n; } return rev; } ✔ No memory leaks

10 Compiler Scheme String Scanner Parser Semantic Analysis Code Generator Static analysis Transformations Tokens source-program tokens AST IR IR +information

11 Undecidability issues It is impossible to compute exact static information Finding if a program point is reachable Difficulty of interesting data properties

12 Undecidabily A variable is live at a given point in the program –if its current value is used after this point prior to a definition in some execution path It is undecidable if a variable is live at a given program location

13 Proof Sketch Pr L: x := y Is y live at L?

14 Conservative (Sound) The compiler need not generate the optimal code Can use more registers (“spill code”) than necessary Find an upper approximation of the live variables Err on the safe side A superset of edges in the interference graph Not too many superfluous live variables

15 Conservative Software Quality Tools Can never miss an error Buy may produce false alarms –Warning on non existing errors

16 Iterative computation of conservative static information Construct a control flow graph Optimistically start with the best value at every node “Interpret” every statement in a conservative way Stop when no changes occur

17 /* c */ L0: a := 0 /* ac */ L1:b := a + 1 /* bc */ c := c + b /* bc */ a := b * 2 /* ac */ if c < N goto L1 /* c */ return c a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;

18 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;      

19 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;  {c}    

20 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;  {c}   

21 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;  {c} {c, b}  

22 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;  {c} {c, b} 

23 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;  {c} {c, b} {c, a} {c, b}

24 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;  {c, a} {c} {c, b} {c, a} {c, b}

25 a := 0 ; b := a +1 ; c := c +b ; a := b*2 ; c <N goto L1 return c ;  {c, a} {c, b} {c, a} {c, b}

26 Summary Program analysis provides non-trivial insights on the runtime executions of the program Mathematically justified –Operational semantics –Abstract interpretation (lattice theory) Employed in compilers Will be employed in software quality tools But the course in TAU is theoretical

Download ppt "Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
DATAFLOW TESTING DONE BY A.PRIYA, 08CSEE17, II- M.s.c [C.S].

DATAFLOW TESTING DONE BY A.PRIYA, 08CSEE17, II- M.s.c [C.S].
Abstract Interpretation Part II

Abstract Interpretation Part II
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Data-Flow Analysis II CS 671 March 13, 2008. CS 671 – Spring 2008 1 Data-Flow Analysis Gather conservative, approximate information about what a program.

Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
8. Static Single Assignment Form Marcus Denker. © Marcus Denker SSA Roadmap  Static Single Assignment Form (SSA)  Converting to SSA Form  Examples.

8. Static Single Assignment Form Marcus Denker. © Marcus Denker SSA Roadmap  Static Single Assignment Form (SSA)  Converting to SSA Form  Examples.
Lecture 11: Code Optimization CS 540 George Mason University.

Lecture 11: Code Optimization CS 540 George Mason University.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.

Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Register Allocation Mooly Sagiv Schrierber 317 03-640-7606 Wed 10:00-12:00 html://www.math.tau.ac.il/~msagiv/courses/wcc.html.

Register Allocation Mooly Sagiv Schrierber Wed 10:00-12:00 html://
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Some Properties of SSA Mooly Sagiv. Outline Why is it called Static Single Assignment form What does it buy us? How much does it cost us? Open questions.

Some Properties of SSA Mooly Sagiv. Outline Why is it called Static Single Assignment form What does it buy us? How much does it cost us? Open questions.
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.

1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)

Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)
Introduction to Advanced Topics Chapter 1 Mooly Sagiv Schrierber 317 03-640-7606 www.math.tau.ac.il/~sagiv/courses/acd.html.

Introduction to Advanced Topics Chapter 1 Mooly Sagiv Schrierber
Lecture 01 - Introduction Eran Yahav 1. 2 Who? Eran Yahav Taub 734 Tel: 8294318 Monday 13:30-14:30

Lecture 01 - Introduction Eran Yahav 1. 2 Who? Eran Yahav Taub 734 Tel: Monday 13:30-14:30
1 Static Testing: defect prevention SIM3302. 2 objectives Able to list various type of structured group examinations (manual checking) Able to statically.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Similar presentations

Ads by Google