Iterative Dataflow Analysis
|
|
- Job Hicks
- 5 years ago
- Views:
Transcription
1 Iterative Dataflow Analysis CS 352 9/24/07 Slides adapted from Nielson, Nielson, Hankin Principles of Program Analysis
2 Key Ideas Need a mechanism to evaluate (statically) statements in a program Problem: how do mimic runtime behavior statically? Approach: abstract away unnecessary or statically uncomputable aspects of execution Result: an abstract interpretation of the program that provides useful dataflow information 2
3 Components Dataflow analysis via abstract interpretation has three main components: A transfer function (f(n)) that approximates the execution of instruction n based on the (approximate) inputs given. A join operation that abstracts statically uncomputable operations (e.g., conditionals) A direction (forward or reverse) describing the order in which instructions are interpreted. 3
4 Approach After deciding the structure of the transfer function, join operation, and analysis direction, we run the analysis. We continue to iterate until no new information is generated. Formally: forward Backward 4
5 Example: Reaching Definitions Definition d of variable x reaches statement s if there exists a path from d to s with no intervening redefinition of x. Assignment to x generates a definition, and kills previous definition. Equations: GEN[n]: the set of definitions that n creates KILL[n]: the set of definitions that n kills. Transfer function: f(n) = GEN[n] U (IN[n] - KILL[n]) Join: Union 5
6 Simple Language a ::= x n a 1 op a a 2 b ::= true false not b b 1 op b b 2 a 1 op r a 2 S ::= [x := a] l [skip] l S 1 ; S 2 if [b] l then S 1 else S 2 while [b] l do S Example: [z:=1] 1 ; while [x>0] 2 do ([z:=z*y] 3 ; [x:=x-1] 4 ) 6
7 Flow Graph init( ) = 1 [z:=1] 1 final( ) = {2} labels( ) = {1, 2, 3, 4} flow( ) = {(1, 2), (2, 3), (3, 4), (4, 2)} [x>0] 2 yes [z:=z*y] 3 no flow R ( ) = {(2, 1), (2, 4), (3, 2), (4, 3)} [x:=x-1] 4 7
8 Initial and Final Labels init : Stmt Lab init([x := a] l ) = l init([skip] l ) = l init(s 1 ; S 2 ) = init(s 1 ) init(if [b] l then S 1 else S 2 ) = l init(while [b] l do S) = l final : Stmt P(Lab) final([x := a] l ) = {l} final([skip] l ) = {l} final(s 1 ; S 2 ) = final(s 2 ) final(if [b] l then S 1 else S 2 ) = final(s 1 ) final(s 2 ) final(while [b] l do S) = {l} init([z:=1] 1 ; while [x>0] 2 do ([z:=z*y] 3 ; [x:=x-1] 4 )) = 1 final([z:=1] 1 ; while [x>0] 2 do ([z:=z*y] 3 ; [x:=x-1] 4 )) = {2} 8
9 Capturing Control-Flow Represent a program s control-flow through relations built using labels: flow, flow R : Stmt P(Lab Lab) flow([x := a] l ) = flow([skip] l ) = flow(s 1 ; S 2 ) = flow(s 1 ) flow(s 2 ) {(l, init(s 2 )) l final(s 1 )} flow(if [b] l then S 1 else S 2 ) = flow(s 1 ) flow(s 2 ) {(l, init(s 1 )), (l, init(s 2 ))} flow(while [b] l do S) = flow(s) {(l, init(s))} {(l, l) l final(s)} flow R (S) = {(l, l ) (l, l) flow(s)} 9
10 Basic Blocks Aggregate statements into a set of blocks blocks : Stmt P(Blocks) blocks([x := a] l ) = {[x := a] l } blocks([skip] l ) = {[skip] l } blocks(s 1 ; S 2 ) = blocks(s 1 ) blocks(s 2 ) blocks(if [b] l then S 1 else S 2 ) = {[b] l } blocks(s 1 ) blocks(s 2 ) blocks(while [b] l do S) = {[b] l } blocks(s) 10
11 Available Expressions For each program point, which expressions have already been computed, and not later modified on all paths to this point. point of interest [x:= a+b ] 1 ; [y:=a*b] 2 ; while [y> a+b ] 3 do ([a:=a+1] 4 ; [x:= a+b ] 5 ) The analysis enables a transformation into [x:= a+b] 1 ; [y:=a*b] 2 ; while [y> x ] 3 do ([a:=a+1] 4 ; [x:= a+b] 5 ) 11
12 Available Expressions X 1 X 2 N = X 1 X 2 x := a { kill }}{ X = (N\{expressions with an x} ) {subexpressions of a without an x} }{{} gen 12
13 Specification kill and gen functions kill AE ([x := a] l ) = {a AExp x FV(a )} kill AE ([skip] l ) = kill AE ([b] l ) = gen AE ([x := a] l ) = {a AExp(a) x FV(a )} gen AE ([skip] l ) = gen AE ([b] l ) = AExp(b) Transfer Functions data flow equations: AE = { if l = init(s ) AE entry (l) = {AEexit (l ) (l, l) flow(s )} otherwise AE exit (l) = (AE entry (l)\kill AE (B l )) gen AE (B l ) where B l blocks(s ) 13
14 Example [x:=a+b] 1 ; [y:=a*b] 2 ; while [y>a+b] 3 do ([a:=a+1] 4 ; [x:=a+b] 5 ) kill and gen functions: l kill AE (l) gen AE (l) 1 {a+b} 2 {a*b} 3 {a+b} 4 {a+b, a*b, a+1} 5 {a+b} 14
15 Example (cont) [x:=a+b] 1 ; [y:=a*b] 2 ; while [y>a+b] 3 do ([a:=a+1] 4 ; [x:=a+b] 5 ) Equations: AE entry (1) = AE entry (2) = AE exit (1) AE entry (3) = AE exit (2) AE exit (5) AE entry (4) = AE exit (3) AE entry (5) = AE exit (4) AE exit (1) = AE entry (1) {a+b} AE exit (2) = AE entry (2) {a*b} AE exit (3) = AE entry (3) {a+b} AE exit (4) = AE entry (4)\{a+b, a*b, a+1} AE exit (5) = AE entry (5) {a+b} 15
16 Solutions Available expressions is an example of a forward analysis: We are interested in the largest solution that satisfies the equations. [x:=a+b] 1 ; [y:=a*b] 2 ; while [y> a+b ] 3 do ([a:=a+1] 4 ; [x:=a+b] 5 ) l AE entry (l) AE exit (l) 1 {a+b} 2 {a+b} {a+b, a*b} 3 {a+b} {a+b} 4 {a+b} 5 {a+b} 16
17 Largest Solutions [z:=x+y] l ; while [true] l do [skip] l Equations: AE entry (l) = AE entry (l ) = AE exit (l) AE exit (l ) [ ] l AE entry (l ) = AE exit (l ) [ ] l AE exit (l) = AE entry (l) {x+y} yes AE exit (l ) = AE entry (l ) AE exit (l ) = AE entry (l ) [ ] l no After some simplification: AE entry (l ) = {x+y} AE entry (l ) Two solutions to this equation: {x+y} and 17
18 Live Variable Analysis A variable is live at the exit from a label if there is a path from the label to a use of the variable that does not re-define the variable. The aim of the Live Variables Analysis is to determine For each program point, which variables may be live at the exit from the point. Example: point of interest [ x :=2] 1 ; [y:=4] 2 ; [x:=1] 3 ; (if [y>x] 4 then [z:=y] 5 else [z:=y*y] 6 ); [x:=z] 7 The analysis enables a transformation into [y:=4] 2 ; [x:=1] 3 ; (if [y>x] 4 then [z:=y] 5 else [z:=y*y] 6 ); [x:=z] 7 18
19 Live Variable Analysis {}}{ kill N = (X\{x} ) {all variables of a} }{{} gen x := a X = N 1 N 2 N 1 N 2 19
20 Specification kill and gen functions kill LV ([x := a] l ) = {x} kill LV ([skip] l ) = kill LV ([b] l ) = gen LV ([x := a] l ) = FV(a) gen LV ([skip] Text l ) = gen LV ([b] l ) = FV(b) Transfer functions data flow equations: LV = { if l final(s ) LV exit (l) = {LVentry (l ) (l, l) flow R (S )} otherwise LV entry (l) = (LV exit (l)\kill LV (B l )) gen LV (B l ) where B l blocks(s ) 20
21 Example [x:=2] 1 ; [y:=4] 2 ; [x:=1] 3 ; (if [y>x] 4 then [z:=y] 5 else [z:=y*y] 6 ); [x:=z] 7 kill and gen functions: l kill LV (l) gen LV (l) 1 {x} 2 {y} 3 {x} 4 {x, y} 5 {z} {y} 6 {z} {y} 7 {x} {z} 21
22 Example [x:=2] 1 ; [y:=4] 2 ; [x:=1] 3 ; (if [y>x] 4 then [z:=y] 5 else [z:=y*y] 6 ); [x:=z] 7 Equations: LV entry (1) = LV exit (1)\{x} LV entry (2) = LV exit (2)\{y} LV entry (3) = LV exit (3)\{x} LV entry (4) = LV exit (4) {x, y} LV entry (5) = (LV exit (5)\{z}) {y} LV entry (6) = (LV exit (6)\{z}) {y} LV entry (7) = {z} LV exit (1) = LV entry (2) LV exit (2) = LV entry (3) LV exit (3) = LV entry (4) LV exit (4) = LV entry (5) LV entry (6) LV exit (5) = LV entry (7) LV exit (6) = LV entry (7) LV exit (7) = 22
23 Solutions Live variable analysis is an example of a backwards analysis: We are interested in the smallest solution that satisfies the equations. [x:=2] 1 ; [y:=4] 2 ; [x:=1] 3 ; (if [y>x] 4 then [z:=y] 5 else [z:=y*y] 6 ); [x:=z] 7 l LV entry (l) LV exit (l) 1 2 {y} 3 {y} {x, y} 4 {x, y} {y} 5 {y} {z} 6 {y} {z} 7 {z} 23
24 Smallest Solutions Why smallest solution? Equations: (while [x>1] l do [skip] l ); [x:=x+1] l LV entry (l) = LV exit (l) {x} LV entry (l ) = LV exit (l ) LV entry (l ) = {x} LV exit (l) = LV entry (l ) LV entry (l ) LV exit (l ) = LV entry (l) [ ] l yes [ ] l no [ ] l LV exit (l ) = After some calculations: LV exit (l) = LV exit (l) {x} Many solutions to this equation: any superset of {x} 24
25 Reaching Definitions Recall that a reaching definitions analysis determines: For each program point, the set of assignments made, but not overwritten, when execution reaches this point along some path. 25
26 Reaching Definitions X 1 X 2 N = X 1 X 2 [x := a] l { kill }}{ X = (N\{(x,?), (x, 1), } ) {(x, l)} }{{} gen 26
27 Analysis kill and gen functions kill RD ([x := a] l ) = {(x,?)} {(x, l ) B l is an assignment to x in S } kill RD ([skip] l ) = kill RD ([b] l ) = gen RD ([x := a] l ) = {(x, l)} gen RD ([skip] l ) = gen RD ([b] l ) = Transfer functions data flow equations: RD = { {(x,?) x FV(S )} if l = init(s RD entry (l) = ) {RDexit (l ) (l, l) flow(s )} otherwise RD exit (l) = (RD entry (l)\kill RD (B l )) gen RD (B l ) where B l blocks(s ) 27
28 Example [x:=5] 1 ; [y:=1] 2 ; while [x>1] 3 do ([y:=x*y] 4 ; [x:=x-1] 5 ) l kill RD (l) gen RD (l) 1 {(x,?), (x, 1), (x, 5)} {(x, 1)} 2 {(y,?), (y, 2), (y, 4)} {(y, 2)} 3 4 {(y,?), (y, 2), (y, 4)} {(y, 4)} 5 {(x,?), (x, 1), (x, 5)} {(x, 5)} 28
29 Equations [x:=5] 1 ; [y:=1] 2 ; while [x>1] 3 do ([y:=x*y] 4 ; [x:=x-1] 5 ) RD entry (1) = {(x,?), (y,?)} RD entry (2) = RD exit (1) RD entry (3) = RD exit (2) RD exit (5) RD entry (4) = RD exit (3) RD entry (5) = RD exit (4) RD exit (1) = (RD entry (1)\{(x,?), (x, 1), (x, 5)}) {(x, 1)} RD exit (2) = (RD entry (2)\{(y,?), (y, 2), (y, 4)}) {(y, 2)} RD exit (3) = RD entry (3) RD exit (4) = (RD entry (4)\{(y,?), (y, 2), (y, 4)}) {(y, 4)} RD exit (5) = (RD entry (5)\{(x,?), (x, 1), (x, 5)}) {(x, 5)} 29
30 Solutions [x:=5] 1 ; [y:=1] 2 ; while [x>1] 3 do ([y:= x*y ] 4 ; [x:=x-1] 5 ) lest solution: l RD entry (l) RD exit (l) 1 {(x,?), (y,?)} {(y,?), (x, 1)} 2 {(y,?), (x, 1)} {(x, 1), (y, 2)} 3 {(x, 1), (y, 2), (y, 4), (x, 5)} {(x, 1), (y, 2), (y, 4), (x, 5)} 4 {(x, 1), (y, 2), (y, 4), (x, 5)} {(x, 1), (y, 4), (x, 5)} 5 {(x, 1), (y, 4), (x, 5)} {(y, 4), (x, 5)} 30
31 Solutions [z:=x+y] l ; while [true] l do [skip] l Equations: RD entry (l) = {(x,?), (y,?), (z,?)} RD entry (l ) = RD exit (l) RD exit (l ) RD entry (l ) = RD exit (l ) RD exit (l) = (RD entry (l) \ {(z,?)}) {(z, l)} RD exit (l ) = RD entry (l ) [ ] l [ ] l RD exit (l ) = RD entry (l ) [ ] l yes no After some simplification: RD entry (l ) = {(x,?), (y,?), (z, l)} RD entry (l ) Many solutions to this equation: any superset of {(x,?), (y,?), (z, l)} 31
Principles of Program Analysis: Data Flow Analysis
Principles of Program Analysis: Data Flow Analysis Transparencies based on Chapter 2 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag
More informationIntra-procedural Data Flow Analysis Backwards analyses
Live variables Dead code elimination Very Busy Expressions Code hoisting Bitvector frameworks Monotone frameworks Intra-procedural Data Flow Analysis Backwards analyses Hanne Riis Nielson and Flemming
More informationProbabilistic Model Checking and [Program] Analysis (CO469)
Probabilistic Model Checking and [Program] Analysis (CO469) Program Analysis Herbert Wiklicky herbert@doc.ic.ac.uk Spring 208 / 64 Overview Topics we will cover in this part will include:. Language WHILE
More informationIntroduction to data-flow analysis. Data-flow analysis. Control-flow graphs. Data-flow analysis. Example: liveness. Requirements
Data-flow analysis Michel Schinz based on material by Erik Stenman and Michael Schwartzbach Introduction to data-flow analysis Data-flow analysis Example: liveness Data-flow analysis is a global analysis
More informationGeneralizing Data-flow Analysis
Generalizing Data-flow Analysis Announcements PA1 grades have been posted Today Other types of data-flow analysis Reaching definitions, available expressions, reaching constants Abstracting data-flow analysis
More informationProbabilistic data flow analysis: a linear equational approach
Probabilistic data flow analysis: a linear equational approach Alessandra Di Pierro University of Verona Verona, Italy alessandra.dipierro@univr.it Herbert Wiklicky Imperial College London London, UK herbert@doc.ic.ac.uk
More informationData Flow Analysis. Lecture 6 ECS 240. ECS 240 Data Flow Analysis 1
Data Flow Analysis Lecture 6 ECS 240 ECS 240 Data Flow Analysis 1 The Plan Introduce a few example analyses Generalize to see the underlying theory Discuss some more advanced issues ECS 240 Data Flow Analysis
More informationProbabilistic Program Analysis
Probabilistic Program Analysis Data Flow Analysis and Regression Alessandra Di Pierro University of Verona, Italy alessandra.dipierro@univr.it Herbert Wiklicky Imperial College London, UK herbert@doc.ic.ac.uk
More informationDataflow Analysis. Chapter 9, Section 9.2, 9.3, 9.4
Dataflow Analysis Chapter 9, Section 9.2, 9.3, 9.4 2 Dataflow Analysis Dataflow analysis is a sub area of static program analysis Used in the compiler back end for optimizations of three address code and
More informationPrinciples of Program Analysis: A Sampler of Approaches
Principles of Program Analysis: A Sampler of Approaches Transparencies based on Chapter 1 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis Springer Verlag
More informationWe define a dataflow framework. A dataflow framework consists of:
So far been talking about various dataflow problems (e.g. reaching definitions, live variable analysis) in very informal terms. Now we will discuss a more fundamental approach to handle many of the dataflow
More informationProgram verification
Program verification Data-flow analyses, numerical domains Laure Gonnord and David Monniaux University of Lyon / LIP September 29, 2015 1 / 75 Context Program Verification / Code generation: Variables
More informationDataflow Analysis. Dragon book, Chapter 9, Section 9.2, 9.3, 9.4
Dataflow Analysis Dragon book, Chapter 9, Section 9.2, 9.3, 9.4 2 Dataflow Analysis Dataflow analysis is a sub-area of static program analysis Used in the compiler back end for optimizations of three-address
More informationLecture 5 Introduction to Data Flow Analysis
Lecture 5 Introduction to Data Flow Analysis I. Structure of data flow analysis II. III. IV. Example 1: Reaching definition analysis Example 2: Liveness analysis Framework Phillip B. Gibbons 15-745: Intro
More informationDataflow Analysis. A sample program int fib10(void) { int n = 10; int older = 0; int old = 1; Simple Constant Propagation
-74 Lecture 2 Dataflow Analysis Basic Blocks Related Optimizations SSA Copyright Seth Copen Goldstein 200-8 Dataflow Analysis Last time we looked at code transformations Constant propagation Copy propagation
More informationA DARK GREY P O N T, with a Switch Tail, and a small Star on the Forehead. Any
Y Y Y X X «/ YY Y Y ««Y x ) & \ & & } # Y \#$& / Y Y X» \\ / X X X x & Y Y X «q «z \x» = q Y # % \ & [ & Z \ & { + % ) / / «q zy» / & / / / & x x X / % % ) Y x X Y $ Z % Y Y x x } / % «] «] # z» & Y X»
More informationProbabilistic Semantics and Program Analysis
Probabilistic Semantics and Program Analysis Alessandra Di Pierro 1, Chris Hankin 2, and Herbert Wiklicky 2 1 University of Verona, Ca Vignal 2 - Strada le Grazie 15, 714 Verona, Italy dipierro@sci.univr.it
More informationDataflow analysis. Theory and Applications. cs6463 1
Dataflow analysis Theory and Applications cs6463 1 Control-flow graph Graphical representation of runtime control-flow paths Nodes of graph: basic blocks (straight-line computations) Edges of graph: flows
More informationData flow analysis. DataFlow analysis
Data flow analysis DataFlow analysis compile time reasoning about the runtime flow of values in the program represent facts about runtime behavior represent effect of executing each basic block propagate
More informationCompiler Design. Data Flow Analysis. Hwansoo Han
Compiler Design Data Flow Analysis Hwansoo Han Control Flow Graph What is CFG? Represents program structure for internal use of compilers Used in various program analyses Generated from AST or a sequential
More informationCMSC 631 Program Analysis and Understanding. Spring Data Flow Analysis
CMSC 631 Program Analysis and Understanding Spring 2013 Data Flow Analysis Data Flow Analysis A framework for proving facts about programs Reasons about lots of little facts Little or no interaction between
More informationInter-procedural Data Flow Analysis
Flow insensitive analysis Context insensitive analysis Context sensitive analysis Inter-procedural Data Flow Analysis Hanne Riis Nielson and Flemming Nielson email: {riis,nielson}@imm.dtu.dk Informatics
More informationProofs of Correctness: Introduction to Axiomatic Verification
Proofs of Correctness: Introduction to Axiomatic Verification Introduction Weak correctness predicate Assignment statements Sequencing Selection statements Iteration 1 Introduction What is Axiomatic Verification?
More informationDataflow Analysis Lecture 2. Simple Constant Propagation. A sample program int fib10(void) {
-4 Lecture Dataflow Analysis Basic Blocks Related Optimizations Copyright Seth Copen Goldstein 00 Dataflow Analysis Last time we looked at code transformations Constant propagation Copy propagation Common
More informationDFA of non-distributive properties
DFA of non-distributive properties The general pattern of Dataflow Analysis GA (p)= i if p E { GA (q) q F } otherwise GA (p)= f p ( GA (p) ) where : E is the set of initial/final points of the control-flow
More informationStatic Analysis of Programs: A Heap-Centric View
Static Analysis of Programs: A Heap-Centric View (www.cse.iitb.ac.in/ uday) Department of Computer Science and Engineering, Indian Institute of Technology, Bombay 5 April 2008 Part 1 Introduction ETAPS
More informationCausal Dataflow Analysis for Concurrent Programs
Causal Dataflow Analysis for Concurrent Programs Azadeh Farzan P. Madhusudan Department of Computer Science, University of Illinois at Urbana-Champaign. {afarzan,madhu}@cs.uiuc.edu Abstract. We define
More informationDataflow Analysis - 2. Monotone Dataflow Frameworks
Dataflow Analysis - 2 Monotone dataflow frameworks Definition Convergence Safety Relation of MOP to MFP Constant propagation Categorization of dataflow problems DataflowAnalysis 2, Sp06 BGRyder 1 Monotone
More informationTopic 17. Analysis of Algorithms
Topic 17 Analysis of Algorithms Analysis of Algorithms- Review Efficiency of an algorithm can be measured in terms of : Time complexity: a measure of the amount of time required to execute an algorithm
More informationCompilation and Program Analysis (#8) : Abstract Interpretation
Compilation and Program Analysis (#8) : Abstract Interpretation Laure Gonnord http://laure.gonnord.org/pro/teaching/capm.html Laure.Gonnord@ens-lyon.fr Master, ENS de Lyon Nov 7 Objective Compilation vs
More informationAxioms of Kleene Algebra
Introduction to Kleene Algebra Lecture 2 CS786 Spring 2004 January 28, 2004 Axioms of Kleene Algebra In this lecture we give the formal definition of a Kleene algebra and derive some basic consequences.
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements
Axiomatic Semantics: Verification Conditions Meeting 12, CSCI 5535, Spring 2009 Announcements Homework 4 is due tonight Wed forum: papers on automated testing using symbolic execution 2 Questions? Review
More informationStatic Program Analysis
Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aiken s Michael D. Ernst s Sorin Lerner s A Scary Outline Type-based analysis Data-flow analysis Abstract interpretation Theorem
More informationTopic-I-C Dataflow Analysis
Topic-I-C Dataflow Analysis 2012/3/2 \course\cpeg421-08s\topic4-a.ppt 1 Global Dataflow Analysis Motivation We need to know variable def and use information between basic blocks for: constant folding dead-code
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-18/spa/ Recap: Interprocedural Dataflow Analysis Outline of
More informationCSC D70: Compiler Optimization Dataflow-2 and Loops
CSC D70: Compiler Optimization Dataflow-2 and Loops Prof. Gennady Pekhimenko University of Toronto Winter 2018 The content of this lecture is adapted from the lectures of Todd Mowry and Phillip Gibbons
More informationSoftware Verification
Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA
More informationSpring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University Agenda Basic concepts of correctness Axiomatic semantics (pages 175-183) Hoare Logic
More informationLESSON 7.1 FACTORING POLYNOMIALS I
LESSON 7.1 FACTORING POLYNOMIALS I LESSON 7.1 FACTORING POLYNOMIALS I 293 OVERVIEW Here s what you ll learn in this lesson: Greatest Common Factor a. Finding the greatest common factor (GCF) of a set of
More informationMechanics of Static Analysis
Escuela 03 III / 1 Mechanics of Static Analysis David Schmidt Kansas State University www.cis.ksu.edu/~schmidt Escuela 03 III / 2 Outline 1. Small-step semantics: trace generation 2. State generation and
More informationAdventures in Dataflow Analysis
Adventures in Dataflow Analysis CSE 401 Section 9-ish Jack Eggleston, Aaron Johnston, & Nate Yazdani Announcements - Code Generation due Announcements - Code Generation due - Compiler Additions due next
More informationCSC D70: Compiler Optimization Static Single Assignment (SSA)
CSC D70: Compiler Optimization Static Single Assignment (SSA) Prof. Gennady Pekhimenko University of Toronto Winter 08 The content of this lecture is adapted from the lectures of Todd Mowry and Phillip
More informationDefinition: A binary relation R from a set A to a set B is a subset R A B. Example:
Chapter 9 1 Binary Relations Definition: A binary relation R from a set A to a set B is a subset R A B. Example: Let A = {0,1,2} and B = {a,b} {(0, a), (0, b), (1,a), (2, b)} is a relation from A to B.
More informationSection Summary. Relations and Functions Properties of Relations. Combining Relations
Chapter 9 Chapter Summary Relations and Their Properties n-ary Relations and Their Applications (not currently included in overheads) Representing Relations Closures of Relations (not currently included
More informationContents. Chapter 2 Digital Circuits Page 1 of 30
Chapter 2 Digital Circuits Page 1 of 30 Contents Contents... 1 2 Digital Circuits... 2 2.1 Binary Numbers... 2 2.2 Binary Switch... 4 2.3 Basic Logic Operators and Logic Expressions... 5 2.4 Truth Tables...
More informationLecture 10: Data Flow Analysis II
CS 515 Programming Language and Compilers I Lecture 10: Data Flow Analysis II (The lectures are based on the slides copyrighted by Keith Cooper and Linda Torczon from Rice University.) Zheng (Eddy) Zhang
More informationComplexity. Complexity Theory Lecture 3. Decidability and Complexity. Complexity Classes
Complexity Theory 1 Complexity Theory 2 Complexity Theory Lecture 3 Complexity For any function f : IN IN, we say that a language L is in TIME(f(n)) if there is a machine M = (Q, Σ, s, δ), such that: L
More informationScalar Optimisation Part 2
Scalar Optimisation Part 2 Michael O Boyle January 2014 1 Course Structure L1 Introduction and Recap 4-5 lectures on classical optimisation 2 lectures on scalar optimisation Last lecture on redundant expressions
More informationHoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples
Hoare Logic I Introduction to Deductive Program Verification Işıl Dillig Program Spec Deductive verifier FOL formula Theorem prover valid contingent Example specs: safety (no crashes), absence of arithmetic
More informationWhat is SSA? each assignment to a variable is given a unique name all of the uses reached by that assignment are renamed
Another Form of Data-Flow Analysis Propagation of values for a variable reference, where is the value produced? for a variable definition, where is the value consumed? Possible answers reaching definitions,
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More informationName: Class: IM8 Block:
Name: Block: Class: IM8 Investigation 1: Mathematical Properties and Order of Operations Mathematical Properties 2 Practice Level 1: Write the name of the property shown in the examples below. 1. 4 + 5
More informationCompiler Design Spring 2017
Compiler Design Spring 2017 8.6 Live variables Dr. Zoltán Majó Compiler Group Java HotSpot Virtual Machine Oracle Corporation Last lecture Definition: A variable V is live at point P if there is a path
More informationAxiomatic Semantics. Lecture 9 CS 565 2/12/08
Axiomatic Semantics Lecture 9 CS 565 2/12/08 Axiomatic Semantics Operational semantics describes the meaning of programs in terms of the execution steps taken by an abstract machine Denotational semantics
More informationThe Assignment Axiom (Hoare)
The Assignment Axiom (Hoare) Syntax: V := E Semantics: value of V in final state is value of E in initial state Example: X:=X+ (adds one to the value of the variable X) The Assignment Axiom {Q[E/V ]} V
More informationcontrol in out in out Figure 1. Binary switch: (a) opened or off; (b) closed or on.
Chapter 2 Digital Circuits Page 1 of 18 2. Digital Circuits Our world is an analog world. Measurements that we make of the physical objects around us are never in discrete units but rather in a continuous
More informationSpring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2016 Program Analysis and Verification Lecture 3: Axiomatic Semantics I Roman Manevich Ben-Gurion University Warm-up exercises 1. Define program state: 2. Define structural semantics configurations:
More informationPolynomial Functions
Polynomial Functions NOTE: Some problems in this file are used with permission from the engageny.org website of the New York State Department of Education. Various files. Internet. Available from https://www.engageny.org/ccss-library.
More informationCHAPTER 12 Boolean Algebra
318 Chapter 12 Boolean Algebra CHAPTER 12 Boolean Algebra SECTION 12.1 Boolean Functions 2. a) Since x 1 = x, the only solution is x = 0. b) Since 0 + 0 = 0 and 1 + 1 = 1, the only solution is x = 0. c)
More informationLecture 2: Axiomatic semantics
Chair of Software Engineering Trusted Components Prof. Dr. Bertrand Meyer Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see course page) Axiomatic semantics
More informationCS 154 Formal Languages and Computability Assignment #2 Solutions
CS 154 Formal Languages and Computability Assignment #2 Solutions Department of Computer Science San Jose State University Spring 2016 Instructor: Ron Mak www.cs.sjsu.edu/~mak Assignment #2: Question 1
More informationProgram Analysis. Lecture 5. Rayna Dimitrova WS 2016/2017
Program Analysis Lecture 5 Rayna Dimitrova WS 2016/2017 2/21 Recap: Constant propagation analysis Goal: For each program point, determine whether a variale has a constant value whenever an execution reaches
More informationScalar Optimisation Part 1
calar Optimisation Part 1 Michael O Boyle January, 2014 1 Course tructure L1 Introduction and Recap 4/5 lectures on classical optimisation 2 lectures on scalar optimisation Today example optimisations
More informationDemonstration of the Coupled Evolution Rules 163 APPENDIX F: DEMONSTRATION OF THE COUPLED EVOLUTION RULES
Demonstration of the Coupled Evolution Rules 163 APPENDIX F: DEMONSTRATION OF THE COUPLED EVOLUTION RULES Before going into the demonstration we need to point out two limitations: a. It assumes I=1/2 for
More informationLecture 4 Introduc-on to Data Flow Analysis
Lecture 4 Introduc-on to Data Flow Analysis I. Structure of data flow analysis II. Example 1: Reaching defini?on analysis III. Example 2: Liveness analysis IV. Generaliza?on 15-745: Intro to Data Flow
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements
Axiomatic Semantics: Verification Conditions Meeting 18, CSCI 5535, Spring 2010 Announcements Homework 6 is due tonight Today s forum: papers on automated testing using symbolic execution Anyone looking
More informationCS422 - Programming Language Design
1 CS422 - Programming Language Design Denotational Semantics Grigore Roşu Department of Computer Science University of Illinois at Urbana-Champaign 2 Denotational semantics, also known as fix-point semantics,
More informationIntroduction to Kleene Algebras
Introduction to Kleene Algebras Riccardo Pucella Basic Notions Seminar December 1, 2005 Introduction to Kleene Algebras p.1 Idempotent Semirings An idempotent semiring is a structure S = (S, +,, 1, 0)
More informationDefinition: A binary relation R from a set A to a set B is a subset R A B. Example:
Section 9.1 Rela%onships Relationships between elements of sets occur in many contexts. Every day we deal with relationships such as those between a business and its telephone number, an employee and his
More informationx 9 or x > 10 Name: Class: Date: 1 How many natural numbers are between 1.5 and 4.5 on the number line?
1 How many natural numbers are between 1.5 and 4.5 on the number line? 2 How many composite numbers are between 7 and 13 on the number line? 3 How many prime numbers are between 7 and 20 on the number
More informationAdequate set of connectives, logic gates and circuits
Adequate set of connectives, logic gates and circuits Lila Kari University of Waterloo Adequate set of connectives, logic gates and circuits CS245, Logic and Computation 1 / 59 Connectives We have mentioned
More informationIn this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows how a program can sometimes be systematically constructed
More information(4.2) Equivalence Relations. 151 Math Exercises. Malek Zein AL-Abidin. King Saud University College of Science Department of Mathematics
King Saud University College of Science Department of Mathematics 151 Math Exercises (4.2) Equivalence Relations Malek Zein AL-Abidin 1440 ه 2018 Equivalence Relations DEFINITION 1 A relation on a set
More informationPrinciples of Program Analysis: Data Flow Analysis
Principles of Program Analysis: Data Flow Analysis Transparencies based on Chapter 2 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag
More informationLecture Notes: Axiomatic Semantics and Hoare-style Verification
Lecture Notes: Axiomatic Semantics and Hoare-style Verification 17-355/17-665/17-819O: Program Analysis (Spring 2018) Claire Le Goues and Jonathan Aldrich clegoues@cs.cmu.edu, aldrich@cs.cmu.edu It has
More informationHoare Examples & Proof Theory. COS 441 Slides 11
Hoare Examples & Proof Theory COS 441 Slides 11 The last several lectures: Agenda Denotational semantics of formulae in Haskell Reasoning using Hoare Logic This lecture: Exercises A further introduction
More informationIntroduction to Axiomatic Semantics
#1 Introduction to Axiomatic Semantics #2 How s The Homework Going? Remember that you can t just define a meaning function in terms of itself you must use some fixed point machinery. #3 Observations A
More informationCOSE312: Compilers. Lecture 17 Intermediate Representation (2)
COSE312: Compilers Lecture 17 Intermediate Representation (2) Hakjoo Oh 2017 Spring Hakjoo Oh COSE312 2017 Spring, Lecture 17 May 31, 2017 1 / 19 Common Intermediate Representations Three-address code
More informationDesigning Information Devices and Systems I Fall 2018 Lecture Notes Note Introduction to Linear Algebra the EECS Way
EECS 16A Designing Information Devices and Systems I Fall 018 Lecture Notes Note 1 1.1 Introduction to Linear Algebra the EECS Way In this note, we will teach the basics of linear algebra and relate it
More informationLecture 21: Boolean Logic. To Wrap up AVR
18 100 Lecture 21: oolean Logic S 15 L21 1 James C. Hoe Dept of ECE, CMU pril 7, 2015 Today s Goal: Introduce oolean logic nnouncements: Read Rizzoni 12.3 and 11.5 HW8 due Thursday Office Hours: Wed 12:30~2:30
More informationCS 323: Numerical Analysis and Computing
CS 323: Numerical Analysis and Computing MIDTERM #1 Instructions: This is an open notes exam, i.e., you are allowed to consult any textbook, your class notes, homeworks, or any of the handouts from us.
More informationFlow grammars a flow analysis methodology
Flow grammars a flow analysis methodology James S. Uhl and R. Nigel Horspool Dept. of Computer Science, University of Victoria P.O. Box 3055, Victoria, BC, Canada V8W 3P6 E-mail: juhl@csr.uvic.ca, nigelh@csr.uvic.ca
More informationVerification of String Manipulating Programs Using Multi-Track Automata
Verification of String Manipulating Programs Using Multi-Track Automata Fang Yu University of California, Santa Barbara yuf@cs.ucsb.edu Tevfik Bultan University of California, Santa Barbara bultan@cs.ucsb.edu
More informationTo hand in: (a) Prove that a group G is abelian (= commutative) if and only if (xy) 2 = x 2 y 2 for all x, y G.
Homework #6. Due Thursday, October 14th Reading: For this homework assignment: Sections 3.3 and 3.4 (up to page 167) Before the class next Thursday: Sections 3.5 and 3.4 (pp. 168-171). Also review the
More informationHeuristics for Efficient SAT Solving. As implemented in GRASP, Chaff and GSAT.
Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT. Formulation of famous problems as SAT: k-coloring (1/2) The K-Coloring problem: Given an undirected graph G(V,E) and a natural
More informationSimply Typed Lambda Calculus
Simply Typed Lambda Calculus Language (ver1) Lambda calculus with boolean values t ::= x variable x : T.t abstraction tt application true false boolean values if ttt conditional expression Values v ::=
More informationDiscrete Fixpoint Approximation Methods in Program Static Analysis
Discrete Fixpoint Approximation Methods in Program Static Analysis P. Cousot Département de Mathématiques et Informatique École Normale Supérieure Paris
More informationFirst Order Logic vs Propositional Logic CS477 Formal Software Dev Methods
First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods Elsa L Gunter 2112 SC, UIUC egunter@illinois.edu http://courses.engr.illinois.edu/cs477 Slides based in part on previous lectures
More informationLogic in Automatic Verification
Logic in Automatic Verification Javier Esparza Sofware Reliability and Security Group Institute for Formal Methods in Computer Science University of Stuttgart Many thanks to Abdelwaheb Ayari, David Basin,
More informationBasic Algebra. CAPS Mathematics
Basic Algebra CAPS Mathematics 1 Outcomes for this TOPIC In this TOPIC you will: Revise factorization. LESSON 1. Revise simplification of algebraic fractions. LESSON. Discuss when trinomials can be factorized.
More informationCHAPTER 3 BOOLEAN ALGEBRA
CHAPTER 3 BOOLEAN ALGEBRA (continued) This chapter in the book includes: Objectives Study Guide 3.1 Multiplying Out and Factoring Expressions 3.2 Exclusive-OR and Equivalence Operations 3.3 The Consensus
More informationModels of Computation, Recall Register Machines. A register machine (sometimes abbreviated to RM) is specified by:
Models of Computation, 2010 1 Definition Recall Register Machines A register machine (sometimes abbreviated M) is specified by: Slide 1 finitely many registers R 0, R 1,..., R n, each capable of storing
More informationTHEODORE VORONOV DIFFERENTIABLE MANIFOLDS. Fall Last updated: November 26, (Under construction.)
4 Vector fields Last updated: November 26, 2009. (Under construction.) 4.1 Tangent vectors as derivations After we have introduced topological notions, we can come back to analysis on manifolds. Let M
More informationCOP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen Assertions and Preconditions Assertions are used by programmers to verify run-time execution An assertion is a
More informationGroups. 3.1 Definition of a Group. Introduction. Definition 3.1 Group
C H A P T E R t h r e E Groups Introduction Some of the standard topics in elementary group theory are treated in this chapter: subgroups, cyclic groups, isomorphisms, and homomorphisms. In the development
More informationData Flow Analysis (I)
Compiler Design Data Flow Analysis (I) Hwansoo Han Control Flow Graph What is CFG? Represents program structure for internal use of compilers Used in various program analyses Generated from AST or a sequential
More information( ) R kj. = y k y j. y A ( ) z A. y a. z a. Derivatives of the second order electrostatic tensor with respect to the translation of ( ) δ yβ.
Supporting information Derivatives of R with respect to the translation of fragment along the y and z axis: y = y k y j (S1) z ( = z z k j) (S2) Derivatives of S with respect to the translation of fragment
More informationPrinciples of Program Analysis: Control Flow Analysis
Principles of Program Analysis: Control Flow Analysis Transparencies based on Chapter 3 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag
More informationSymmetry. PlayMath, Summer, 2018
This essay is about the use of symmetry in solving algebra and geometry problems From Wikipedia we learn that symmetry (from Greek symmetra measure together ) generally conveys two primary meanings The
More information2 Plain Kolmogorov Complexity
2 Plain Kolmogorov Complexity In this section, we introduce plain Kolmogorov Complexity, prove the invariance theorem - that is, the complexity of a string does not depend crucially on the particular model
More information