Static Program Analysis
|
|
- Brice Shaw
- 5 years ago
- Views:
Transcription
1 Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University
2 Recap: Interprocedural Dataflow Analysis Outline of Lecture 18 Recap: Interprocedural Dataflow Analysis The Interprocedural Fixpoint Solution Correctness of Fixpoint Solution 2 of 19 Static Program Analysis
3 Recap: Interprocedural Dataflow Analysis Extending the Syntax Syntactic categories: Category Domain Meta variable Procedure identifiers Pid = {P, Q,...} P Procedure declarations PDec p Commands (statements) Cmd c Context-free grammar p ::= proc [P(val x,res y)] l n is c [end]l x ;p ε PDec c ::= [skip] l [x := a] l c 1 ;c 2 if [b] l then c 1 else c 2 end while [b] l do c end [call P(a,x)] l c lr Cmd All labels and procedure names in program p c distinct In proc [P(val x,res y)] l n is c [end]l x, l n / l x refers to the entry / exit of P In [call P(a,x)] l c lr, l c / l r refers to the call of / return from P First parameter call-by-value (input), second call-by-result (output) 3 of 19 Static Program Analysis
4 Recap: Interprocedural Dataflow Analysis Naive Formulation Attempt: directly transfer techniques from intraprocedural analysis = treat (l c ; l n ) like (l c, l n ) and (l x ; l r ) like (l x, l r ) Given: dataflow system S = (Lab, E, F, (D, ), ι, ϕ) For each procedure call [call P(a,x)] l c lr : transfer functions ϕ lc, ϕ lr : D D (definition later) For each procedure declaration proc [P(val x,res y)] l n is c [end]l x : transfer functions ϕ ln, ϕ lx : D D (definition later) Induces equation system { ι if l E AI l = {ϕl (AI l ) (l, l) F or (l ; l) F} otherwise Problem: procedure calls (l c ; l n ) and procedure returns (l x ; l r ) treated like goto s = nesting of calls and returns ignored = too many paths considered = analysis information possibly imprecise (but still sound as all valid paths covered) 4 of 19 Static Program Analysis
5 Recap: Interprocedural Dataflow Analysis Valid Paths Consider only paths with correct nesting of procedure calls and returns Yields MVP solution (Meet over all Valid Paths) Definition (Valid path fragments) Given a dataflow system S = (Lab, E, F, (D, ), ι, ϕ) and l 1, l 2 Lab, the set of valid paths from l 1 to l 2 is generated by the nonterminal symbol P[l 1, l 2 ] according to the following context-free grammar: P[l 1, l 2 ] l 1 whenever l 1 = l 2 P[l 1, l 3 ] l 1, P[l 2, l 3 ] whenever (l 1, l 2 ) F P[l c, l] l c, P[l n, l x ], P[l r, l] whenever (l c, l n, l x, l r ) iflow 5 of 19 Static Program Analysis
6 Recap: Interprocedural Dataflow Analysis The MVP Solution I Definition (Complete valid paths) Let S = (Lab, E, F, (D, ), ι, ϕ) be a dataflow system. For every l Lab, the set of valid paths up to l is given by VPath(l) := {[l 1,..., l k 1 ] k 1, l 1 E, l k = l, [l 1,..., l k ] valid path from l 1 to l k }. For π = [l 1,..., l k 1 ] VPath(l), we define the transfer function ϕ π : D D by (so that ϕ [] = id D ). ϕ π := ϕ lk 1... ϕ l1 id D 6 of 19 Static Program Analysis
7 Recap: Interprocedural Dataflow Analysis The MVP Solution II Definition (MVP solution) Let S = (Lab, E, F, (D, ), ι, ϕ) be a dataflow system where Lab = {l 1,..., l n }. The MVP solution for S is determined by mvp(s) := (mvp(l 1 ),..., mvp(l n )) D n where, for every l Lab, mvp(l) := {ϕ π (ι) π VPath(l)}. Corollary 1. mvp(s) mop(s) 2. The MVP solution is undecidable. Proof. 1. since VPath(l) Path(l) for every l Lab 2. as mvp(s) = mop(s) in intraprocedural case and MOP solution undecidable (Thm. 6.6) 7 of 19 Static Program Analysis
8 The Interprocedural Fixpoint Solution Outline of Lecture 18 Recap: Interprocedural Dataflow Analysis The Interprocedural Fixpoint Solution Correctness of Fixpoint Solution 8 of 19 Static Program Analysis
9 The Interprocedural Fixpoint Solution The Interprocedural Fixpoint Solution Goal: adapt fixpoint solution to avoid invalid paths For simplification: consider only forward problems 9 of 19 Static Program Analysis
10 The Interprocedural Fixpoint Solution The Interprocedural Fixpoint Solution Goal: adapt fixpoint solution to avoid invalid paths For simplification: consider only forward problems Approach: represent combined effect of procedure execution by procedure summaries (to be used in node transfer function of return label) 9 of 19 Static Program Analysis
11 The Interprocedural Fixpoint Solution The Interprocedural Fixpoint Solution Goal: adapt fixpoint solution to avoid invalid paths For simplification: consider only forward problems Approach: represent combined effect of procedure execution by procedure summaries (to be used in node transfer function of return label) Two types of functions: Node transfer functions ϕ l : for non-procedural constructs (skip, assignments, tests): as before (specific to analysis) for procedure call (l c ): parameter passing (specific to analysis) for procedure entry (l n ): initialisation (specific to analysis) for procedure exit (l x ): always identity for procedure return (l r ): combine call context with procedure result obtained from summary function (combine specific to analysis) ϕ lr (d) = combine(d, Φ lx (ϕ lc (d))) 9 of 19 Static Program Analysis
12 The Interprocedural Fixpoint Solution The Interprocedural Fixpoint Solution Goal: adapt fixpoint solution to avoid invalid paths For simplification: consider only forward problems Approach: represent combined effect of procedure execution by procedure summaries (to be used in node transfer function of return label) Two types of functions: Node transfer functions ϕ l : for non-procedural constructs (skip, assignments, tests): as before (specific to analysis) for procedure call (l c ): parameter passing (specific to analysis) for procedure entry (l n ): initialisation (specific to analysis) for procedure exit (l x ): always identity for procedure return (l r ): combine call context with procedure result obtained from summary function ϕ lr (d) = combine(d, Φ lx (ϕ lc (d))) (combine specific to analysis) Procedure summary functions Φ l : for procedure entry (l n ): identity for procedure exit (l x ): full effect inductively defined by stepwise composition of node transfer functions 9 of 19 Static Program Analysis
13 The Interprocedural Fixpoint Solution Procedure Summaries [P(val x,res y)] l n Φ ln = id D [...] l 1 Φ l1 = ϕ ln [...] l 2 Φ l2 = ϕ l1 ϕ ln = Φ l3 [...] l 3 [end] l x Φ lx = ϕ l2 ϕ l1 ϕ ln ϕ l3 ϕ l1 ϕ ln 10 of 19 Static Program Analysis
14 The Interprocedural Fixpoint Solution Information Flow. [P(val x,res y)] l n [call P(a,z)] l c lr.. [end] l x 11 of 19 Static Program Analysis
15 The Interprocedural Fixpoint Solution Information Flow 1. Parameter passing (ϕ lc ). [P(val x,res y)] l n d (1) ϕ lc (d) [call P(a,z)] l c lr.. [end] l x 11 of 19 Static Program Analysis
16 The Interprocedural Fixpoint Solution Information Flow 1. Parameter passing (ϕ lc ) 2. Procedure entry (ϕ ln ). [P(val x,res y)] l n d (1) ϕ lc (d) (2) ϕ ln (ϕ lc (d)) [call P(a,z)] l c lr.. [end] l x 11 of 19 Static Program Analysis
17 The Interprocedural Fixpoint Solution Information Flow 1. Parameter passing (ϕ lc ) 2. Procedure entry (ϕ ln ). [P(val x,res y)] l n 3. Procedure summary (Φ lx ) d (1) ϕ lc (d) (2) ϕ ln (ϕ lc (d)) [call P(a,z)] l c lr. (3) Φ lx (ϕ lc (d)) (3) Φ lx (ϕ lc (d)). [end] l x 11 of 19 Static Program Analysis
18 The Interprocedural Fixpoint Solution Information Flow 1. Parameter passing (ϕ lc ) 2. Procedure entry (ϕ ln ). [P(val x,res y)] l n 3. Procedure summary (Φ lx ) 4. Return (combine) d (1) ϕ lc (d) (2) ϕ ln (ϕ lc (d)) [call P(a,z)] l c lr. (4) combine(d, Φ lx (ϕ lc (d))) (3) Φ lx (ϕ lc (d)) (3) Φ lx (ϕ lc (d)). [end] l x 11 of 19 Static Program Analysis
19 The Interprocedural Fixpoint Solution Example: Constant Propagation Example 18.1 (Constant Propagation; cf. Lecture 5/6) Ŝ := (Lab, E, F, (D, ), ι, ϕ, Φ) is determined by D := {δ δ : Var c Z {, }} (constant/undefined/overdefined) z for every z Z ι := δ D For each l Lab \ {l c, l n, l x, l r (l c, l n, l x, l r ) iflow}, { δ if B l = skip or B ϕ l (δ) := l BExp δ[x val δ (a)] if B l = (x := a) 12 of 19 Static Program Analysis
20 The Interprocedural Fixpoint Solution Example: Constant Propagation Example 18.1 (Constant Propagation; cf. Lecture 5/6) Ŝ := (Lab, E, F, (D, ), ι, ϕ, Φ) is determined by D := {δ δ : Var c Z {, }} (constant/undefined/overdefined) z for every z Z ι := δ D For each l Lab \ {l c, l n, l x, l r (l c, l n, l x, l r ) iflow}, { δ if B l = skip or B ϕ l (δ) := l BExp δ[x val δ (a)] if B l = (x := a) Whenever p c contains [call P(a,z)] l c lr and proc [P(val x,res y)] l n is c [end]l x : call/entry: set input and reset output parameter ϕ lc (δ) := δ[x val δ (a), y ], ϕ ln (δ) := δ return: reset parameters (x, y possibly used in calling context) and set return value ϕ lr (δ) := combine(δ, Φ lx (ϕ lc (δ))), combine(δ, δ ) := δ [x δ(x), y δ(y), z δ (y)] (note: order of δ updates important in case z {x, y}; definition of Φ: later) 12 of 19 Static Program Analysis
21 Outline of Lecture 18 Recap: Interprocedural Dataflow Analysis The Interprocedural Fixpoint Solution Correctness of Fixpoint Solution 13 of 19 Static Program Analysis
22 Types of Equations For an interprocedural dataflow system Ŝ := (Lab, E, F, (D, ), ι, ϕ, Φ) the intraprocedural equation system (cf. Definition 4.3) AI l = { ι if l E {ϕl (AI l ) (l, l) F} otherwise is extended to a system with three kinds of equations (for l Lab): 14 of 19 Static Program Analysis
23 Types of Equations For an interprocedural dataflow system Ŝ := (Lab, E, F, (D, ), ι, ϕ, Φ) the intraprocedural equation system (cf. Definition 4.3) AI l = { ι if l E {ϕl (AI l ) (l, l) F} otherwise is extended to a system with three kinds of equations (for l Lab): for actual dataflow information: AI l D counterpart of intraprocedural AI 14 of 19 Static Program Analysis
24 Types of Equations For an interprocedural dataflow system Ŝ := (Lab, E, F, (D, ), ι, ϕ, Φ) the intraprocedural equation system (cf. Definition 4.3) AI l = { ι if l E {ϕl (AI l ) (l, l) F} otherwise is extended to a system with three kinds of equations (for l Lab): for actual dataflow information: AI l D counterpart of intraprocedural AI for node transfer functions: ϕ l : D D extension of intraprocedural transfer functions by handling of procedure calls 14 of 19 Static Program Analysis
25 Types of Equations For an interprocedural dataflow system Ŝ := (Lab, E, F, (D, ), ι, ϕ, Φ) the intraprocedural equation system (cf. Definition 4.3) AI l = { ι if l E {ϕl (AI l ) (l, l) F} otherwise is extended to a system with three kinds of equations (for l Lab): for actual dataflow information: AI l D counterpart of intraprocedural AI for node transfer functions: ϕ l : D D extension of intraprocedural transfer functions by handling of procedure calls for procedure summary functions of complete procedures: Φ l : D D Φ l (d) yields information at (entry of) l if corresponding procedure is called with information d thus Φ ln (d) = d and complete procedure effect represented by Φ lx (d) 14 of 19 Static Program Analysis
26 Formal Definition of Equation System Dataflow equations (for each l Lab): ι AI l = AI lc {ϕl (AI l ) (l, l) F or (l ; l) F} if l E if l = l r for some (l c, l n, l x, l r ) iflow otherwise 15 of 19 Static Program Analysis
27 Formal Definition of Equation System Dataflow equations (for each l Lab): ι AI l = AI lc {ϕl (AI l ) (l, l) F or (l ; l) F} if l E if l = l r for some (l c, l n, l x, l r ) iflow otherwise Node transfer functions (for each l Lab \ {l x (l c, l n, l x, l r ) iflow}): { combine(d, Φlx (ϕ ϕ l (d) = lc (d))) if l = l r for some (l c, l n, l x, l r ) iflow specific to analysis otherwise 15 of 19 Static Program Analysis
28 Formal Definition of Equation System Dataflow equations (for each l Lab): ι AI l = AI lc {ϕl (AI l ) (l, l) F or (l ; l) F} if l E if l = l r for some (l c, l n, l x, l r ) iflow otherwise Node transfer functions (for each l Lab \ {l x (l c, l n, l x, l r ) iflow}): { combine(d, Φlx (ϕ ϕ l (d) = lc (d))) if l = l r for some (l c, l n, l x, l r ) iflow specific to analysis otherwise Procedure summary functions (for each l Lab occurring in some procedure): d if l = l n for some (l c, l n, l x, l r ) iflow Φ l (d) = Φ lc (d) if l = l r for some (l c, l n, l x, l r ) iflow {ϕl (Φ l (d)) (l, l) F} otherwise 15 of 19 Static Program Analysis
29 Formal Definition of Equation System Dataflow equations (for each l Lab): ι AI l = AI lc {ϕl (AI l ) (l, l) F or (l ; l) F} if l E if l = l r for some (l c, l n, l x, l r ) iflow otherwise Node transfer functions (for each l Lab \ {l x (l c, l n, l x, l r ) iflow}): { combine(d, Φlx (ϕ ϕ l (d) = lc (d))) if l = l r for some (l c, l n, l x, l r ) iflow specific to analysis otherwise Procedure summary functions (for each l Lab occurring in some procedure): d if l = l n for some (l c, l n, l x, l r ) iflow Φ l (d) = Φ lc (d) if l = l r for some (l c, l n, l x, l r ) iflow {ϕl (Φ l (d)) (l, l) F} otherwise Note: introduces recursive equations for AI l (of type D) and Φ l (of type D D) 15 of 19 Static Program Analysis
30 Solving the Equation System Monotonicity of ϕ l implies monotonicity of Φ l (Φ l : D mon D) 16 of 19 Static Program Analysis
31 Solving the Equation System Monotonicity of ϕ l implies monotonicity of Φ l (Φ l : D mon D) Complete lattice property of (D, ) ensures that (D mon D, ) is complete lattice Φ 1 Φ 2 iff d D : Φ 1 (d) Φ 2 (d) (pointwise extension) 16 of 19 Static Program Analysis
32 Solving the Equation System Monotonicity of ϕ l implies monotonicity of Φ l (Φ l : D mon D) Complete lattice property of (D, ) ensures that (D mon D, ) is complete lattice Φ 1 Φ 2 iff d D : Φ 1 (d) Φ 2 (d) (pointwise extension) Equation system induces monotonic functional on complete lattice ΨŜ : }{{} D n (D mon D) m D }{{} n (D mon D) m AI Φ where n = Lab and m n (procedure labels) 16 of 19 Static Program Analysis
33 Solving the Equation System Monotonicity of ϕ l implies monotonicity of Φ l (Φ l : D mon D) Complete lattice property of (D, ) ensures that (D mon D, ) is complete lattice Φ 1 Φ 2 iff d D : Φ 1 (d) Φ 2 (d) (pointwise extension) Equation system induces monotonic functional on complete lattice ΨŜ : D n }{{} AI (D mon D) m }{{} Φ D n (D mon D) m where n = Lab and m n (procedure labels) Thus least solution effectively computable by fixpoint iteration (Theorem 3.15): where = ( n D, [d D d D] m ) fix(ψŝ) = {Ψ k Ŝ ( ) k N} Dn (D mon D) m 16 of 19 Static Program Analysis
34 Solving the Equation System Monotonicity of ϕ l implies monotonicity of Φ l (Φ l : D mon D) Complete lattice property of (D, ) ensures that (D mon D, ) is complete lattice Φ 1 Φ 2 iff d D : Φ 1 (d) Φ 2 (d) (pointwise extension) Equation system induces monotonic functional on complete lattice ΨŜ : D n }{{} AI (D mon D) m }{{} Φ D n (D mon D) m where n = Lab and m n (procedure labels) Thus least solution effectively computable by fixpoint iteration (Theorem 3.15): fix(ψŝ) = {Ψ k Ŝ ( ) k N} Dn (D mon D) m where = ( n D, [d D d D] m ) Moreover: (D mon D, ) satisfies ACC if (D, ) satisfies ACC Φ l distributive if ϕ l distributive 16 of 19 Static Program Analysis
35 Solving the Equation System Monotonicity of ϕ l implies monotonicity of Φ l (Φ l : D mon D) Complete lattice property of (D, ) ensures that (D mon D, ) is complete lattice Φ 1 Φ 2 iff d D : Φ 1 (d) Φ 2 (d) (pointwise extension) Equation system induces monotonic functional on complete lattice ΨŜ : D n }{{} AI (D mon D) m }{{} Φ D n (D mon D) m where n = Lab and m n (procedure labels) Thus least solution effectively computable by fixpoint iteration (Theorem 3.15): fix(ψŝ) = {Ψ k Ŝ ( ) k N} Dn (D mon D) m where = ( n D, [d D d D] m ) Moreover: (D mon D, ) satisfies ACC if (D, ) satisfies ACC Φ l distributive if ϕ l distributive Problem: effective and efficient representation of procedure summaries D finite = D mon D finite = can use (compact representation of) value tables often: demand-driven approach (restrict analysis to values occurring in calls) example: Constant Propagation (see following slide) 16 of 19 Static Program Analysis
36 Example of Equation System Example 18.2 (Constant Propagation) Program: proc [P(val x, res y)] 1 is [y := 2*(x-1)] 2 ; [end] 3 ; [call P(2, z)] 4 5; [call P(z, z)] 6 7; [skip] 8 17 of 19 Static Program Analysis
37 Example of Equation System Example 18.2 (Constant Propagation) Program: proc [P(val x, res y)] 1 is [y := 2*(x-1)] 2 ; [end] 3 ; [call P(2, z)] 4 5; [call P(z, z)] 6 7; [skip] 8 Dataflow equations: AI 1 = ϕ 4 (AI 4 ) ϕ 6 (AI 6 ) AI 2 = ϕ 1 (AI 1 ) AI 3 = ϕ 2 (AI 2 ) AI 4 = ι = [x, y, z ] AI 5 = AI 4 AI 6 = ϕ 5 (AI 5 ) AI 7 = AI 6 AI 8 = ϕ 7 (AI 7 ) 17 of 19 Static Program Analysis
38 Example of Equation System Example 18.2 (Constant Propagation) Program: proc [P(val x, res y)] 1 is [y := 2*(x-1)] 2 ; [end] 3 ; [call P(2, z)] 4 5; [call P(z, z)] 6 7; [skip] 8 Dataflow equations: AI 1 = ϕ 4 (AI 4 ) ϕ 6 (AI 6 ) AI 2 = ϕ 1 (AI 1 ) AI 3 = ϕ 2 (AI 2 ) AI 4 = ι = [x, y, z ] AI 5 = AI 4 AI 6 = ϕ 5 (AI 5 ) AI 7 = AI 6 AI 8 = ϕ 7 (AI 7 ) Node transfer functions: ϕ 1 (δ) = δ ϕ 2 (δ) = δ[y val δ (2*(x-1))] ϕ 4 (δ) = δ[x 2, y ] ϕ 5 (δ) = combine(δ, Φ 3 (ϕ 4 (δ))) ϕ 6 (δ) = δ[x δ(z), y ] ϕ 7 (δ) = combine(δ, Φ 3 (ϕ 6 (δ))) combine(δ, δ ) = δ [x δ(x), y δ(y), z δ (y)] 17 of 19 Static Program Analysis
39 Example of Equation System Example 18.2 (Constant Propagation) Program: proc [P(val x, res y)] 1 is [y := 2*(x-1)] 2 ; [end] 3 ; [call P(2, z)] 4 5; [call P(z, z)] 6 7; [skip] 8 Dataflow equations: AI 1 = ϕ 4 (AI 4 ) ϕ 6 (AI 6 ) AI 2 = ϕ 1 (AI 1 ) AI 3 = ϕ 2 (AI 2 ) AI 4 = ι = [x, y, z ] AI 5 = AI 4 AI 6 = ϕ 5 (AI 5 ) AI 7 = AI 6 AI 8 = ϕ 7 (AI 7 ) Node transfer functions: ϕ 1 (δ) = δ ϕ 2 (δ) = δ[y val δ (2*(x-1))] ϕ 4 (δ) = δ[x 2, y ] ϕ 5 (δ) = combine(δ, Φ 3 (ϕ 4 (δ))) ϕ 6 (δ) = δ[x δ(z), y ] ϕ 7 (δ) = combine(δ, Φ 3 (ϕ 6 (δ))) combine(δ, δ ) = δ [x δ(x), y δ(y), z δ (y)] Procedure summary functions: Φ 1 (δ) = δ Φ 2 (δ) = ϕ 1 (Φ 1 (δ)) = δ Φ 3 (δ) = ϕ 2 (Φ 2 (δ)) = δ[y val δ (2*(x-1))] 17 of 19 Static Program Analysis
40 Example of Equation System Example 18.2 (Constant Propagation) Program: proc [P(val x, res y)] 1 is [y := 2*(x-1)] 2 ; [end] 3 ; [call P(2, z)] 4 5; [call P(z, z)] 6 7; [skip] 8 Dataflow equations: AI 1 = ϕ 4 (AI 4 ) ϕ 6 (AI 6 ) AI 2 = ϕ 1 (AI 1 ) AI 3 = ϕ 2 (AI 2 ) AI 4 = ι = [x, y, z ] AI 5 = AI 4 AI 6 = ϕ 5 (AI 5 ) AI 7 = AI 6 AI 8 = ϕ 7 (AI 7 ) Node transfer functions: ϕ 1 (δ) = δ ϕ 2 (δ) = δ[y val δ (2*(x-1))] ϕ 4 (δ) = δ[x 2, y ] ϕ 5 (δ) = combine(δ, Φ 3 (ϕ 4 (δ))) ϕ 6 (δ) = δ[x δ(z), y ] ϕ 7 (δ) = combine(δ, Φ 3 (ϕ 6 (δ))) combine(δ, δ ) = δ [x δ(x), y δ(y), z δ (y)] Procedure summary functions: Φ 1 (δ) = δ Φ 2 (δ) = ϕ 1 (Φ 1 (δ)) = δ Φ 3 (δ) = ϕ 2 (Φ 2 (δ)) = δ[y val δ (2*(x-1))] Fixpoint iteration: on the board 17 of 19 Static Program Analysis
41 Correctness of Fixpoint Solution Outline of Lecture 18 Recap: Interprocedural Dataflow Analysis The Interprocedural Fixpoint Solution Correctness of Fixpoint Solution 18 of 19 Static Program Analysis
42 Correctness of Fixpoint Solution Soundness and Completeness The following results carry over from the intraprocedural case: Theorem 18.3 Let S := (Lab, E, F, (D, ), ι, ϕ) be a dataflow system with interprocedural extension Ŝ := (Lab, E, F, (D, ), ι, ϕ, Φ) with MVP solution mvp(s) (Def. 17.9) and fixpoint solution fix(ψŝ) = (d 1,..., d n, f 1,..., f m ). Then: 1. (cf. Theorem 6.2) 2. (cf. Theorem 6.5) Proof. mvp(s) n (d 1,..., d n ) mvp(s) = (d 1,..., d n ) if all ϕ l are distributive see J. Knoop, B. Steffen: The Interprocedural Coincidence Theorem, Proc. CC 92, LNCS 641, Springer, 1992, of 19 Static Program Analysis
Static Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Online Registration for Seminars and Practical Courses
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Software Architektur Praxis-Workshop Bringen Sie Informatik
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Software Architektur Praxis-Workshop Bringen Sie Informatik
More informationSemantics and Verification of Software
Semantics and Verification of Software Thomas Noll Software Modeling and Verification Group RWTH Aachen University http://moves.rwth-aachen.de/teaching/ss-15/sv-sw/ The Denotational Approach Denotational
More informationDFA of non-distributive properties
DFA of non-distributive properties The general pattern of Dataflow Analysis GA (p)= i if p E { GA (q) q F } otherwise GA (p)= f p ( GA (p) ) where : E is the set of initial/final points of the control-flow
More informationSemantics and Verification of Software
Semantics and Verification of Software Thomas Noll Software Modeling and Verification Group RWTH Aachen University http://moves.rwth-aachen.de/teaching/ws-1718/sv-sw/ Recap: The Denotational Approach Semantics
More informationStatic Program Analysis
Static Program Analysis Lecture 13: Abstract Interpretation III (Abstract Interpretation of WHILE Programs) Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de
More informationStatic Program Analysis
Static Program Analysis Lecture 16: Abstract Interpretation VI (Counterexample-Guided Abstraction Refinement) Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de
More informationProgram Analysis. Lecture 5. Rayna Dimitrova WS 2016/2017
Program Analysis Lecture 5 Rayna Dimitrova WS 2016/2017 2/21 Recap: Constant propagation analysis Goal: For each program point, determine whether a variale has a constant value whenever an execution reaches
More informationInter-procedural Data Flow Analysis
Flow insensitive analysis Context insensitive analysis Context sensitive analysis Inter-procedural Data Flow Analysis Hanne Riis Nielson and Flemming Nielson email: {riis,nielson}@imm.dtu.dk Informatics
More informationPrinciples of Program Analysis: Control Flow Analysis
Principles of Program Analysis: Control Flow Analysis Transparencies based on Chapter 3 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag
More informationTwo Approaches to Interprocedural Data Flow Analysis
Two Approaches to Interprocedural Data Flow Analysis Micha Sharir Amir Pnueli Part one: The Functional Approach 12.06.2010 Klaas Boesche Intraprocedural analysis procedure main read a, b procedure p if
More informationFlow grammars a flow analysis methodology
Flow grammars a flow analysis methodology James S. Uhl and R. Nigel Horspool Dept. of Computer Science, University of Victoria P.O. Box 3055, Victoria, BC, Canada V8W 3P6 E-mail: juhl@csr.uvic.ca, nigelh@csr.uvic.ca
More informationDataflow Analysis - 2. Monotone Dataflow Frameworks
Dataflow Analysis - 2 Monotone dataflow frameworks Definition Convergence Safety Relation of MOP to MFP Constant propagation Categorization of dataflow problems DataflowAnalysis 2, Sp06 BGRyder 1 Monotone
More informationModel Checking & Program Analysis
Model Checking & Program Analysis Markus Müller-Olm Dortmund University Overview Introduction Model Checking Flow Analysis Some Links between MC and FA Conclusion Apology for not giving proper credit to
More informationDataflow Analysis. Chapter 9, Section 9.2, 9.3, 9.4
Dataflow Analysis Chapter 9, Section 9.2, 9.3, 9.4 2 Dataflow Analysis Dataflow analysis is a sub area of static program analysis Used in the compiler back end for optimizations of three address code and
More informationPrinciples of Program Analysis: Data Flow Analysis
Principles of Program Analysis: Data Flow Analysis Transparencies based on Chapter 2 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag
More informationIntra-procedural Data Flow Analysis Backwards analyses
Live variables Dead code elimination Very Busy Expressions Code hoisting Bitvector frameworks Monotone frameworks Intra-procedural Data Flow Analysis Backwards analyses Hanne Riis Nielson and Flemming
More informationProbabilistic Model Checking and [Program] Analysis (CO469)
Probabilistic Model Checking and [Program] Analysis (CO469) Program Analysis Herbert Wiklicky herbert@doc.ic.ac.uk Spring 208 / 64 Overview Topics we will cover in this part will include:. Language WHILE
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Recap: LR(0) Grammars LR(0) Grammars The case k = 0 is
More informationFormal Methods in Software Engineering
Formal Methods in Software Engineering An Introduction to Model-Based Analyis and Testing Vesal Vojdani Department of Computer Science University of Tartu Fall 2014 Vesal Vojdani (University of Tartu)
More informationInterprocedural Analysis: Sharir-Pnueli s Call-strings Approach
Interprocedural Analysis: Sharir-Pnueli s Call-strings Approach Deepak D Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 04 September 2013 Outline 1 Motivation
More informationCMSC 631 Program Analysis and Understanding. Spring Data Flow Analysis
CMSC 631 Program Analysis and Understanding Spring 2013 Data Flow Analysis Data Flow Analysis A framework for proving facts about programs Reasons about lots of little facts Little or no interaction between
More informationProbabilistic Program Analysis
Probabilistic Program Analysis Data Flow Analysis and Regression Alessandra Di Pierro University of Verona, Italy alessandra.dipierro@univr.it Herbert Wiklicky Imperial College London, UK herbert@doc.ic.ac.uk
More informationAxiomatic Semantics. Lecture 9 CS 565 2/12/08
Axiomatic Semantics Lecture 9 CS 565 2/12/08 Axiomatic Semantics Operational semantics describes the meaning of programs in terms of the execution steps taken by an abstract machine Denotational semantics
More informationStatic Program Analysis
Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aiken s Michael D. Ernst s Sorin Lerner s A Scary Outline Type-based analysis Data-flow analysis Abstract interpretation Theorem
More informationCSC D70: Compiler Optimization Dataflow-2 and Loops
CSC D70: Compiler Optimization Dataflow-2 and Loops Prof. Gennady Pekhimenko University of Toronto Winter 2018 The content of this lecture is adapted from the lectures of Todd Mowry and Phillip Gibbons
More informationEDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach
EDA045F: Program Analysis LECTURE 10: TYPES 1 Christoph Reichenbach In the last lecture... Performance Counters Challenges in Dynamic Performance Analysis Taint Analysis Binary Instrumentation 2 / 44 Types
More informationProgram Slicing. Author: Mark Weiser Published in TSE, Presented by Peeratham (Karn) Techapalokul 10/13/2015
Program Slicing Author: Mark Weiser Published in TSE, 1984 Presented by Peeratham (Karn) Techapalokul 1/13/215 About Mark Weiser a chief scientist at Xerox PARC Widely considered to be the father of ubiquitous
More informationReading: Chapter 9.3. Carnegie Mellon
I II Lecture 3 Foundation of Data Flow Analysis Semi-lattice (set of values, meet operator) Transfer functions III Correctness, precision and convergence IV Meaning of Data Flow Solution Reading: Chapter
More informationFoundations of Informatics: a Bridging Course
Foundations of Informatics: a Bridging Course Week 3: Formal Languages and Semantics Thomas Noll Lehrstuhl für Informatik 2 RWTH Aachen University noll@cs.rwth-aachen.de http://www.b-it-center.de/wob/en/view/class211_id948.html
More informationComputing Procedure Summaries for Interprocedural Analysis
Computing Procedure Summaries for Interprocedural Analysis Sumit Gulwani 1 and Ashish Tiwari 2 1 Microsoft Research, Redmond, WA 98052, sumitg@microsoft.com 2 SRI International, Menlo Park, CA 94025, tiwari@csl.sri.com
More informationCS156: The Calculus of Computation
CS156: The Calculus of Computation Zohar Manna Winter 2010 It is reasonable to hope that the relationship between computation and mathematical logic will be as fruitful in the next century as that between
More informationRoy L. Crole. Operational Semantics Abstract Machines and Correctness. University of Leicester, UK
Midlands Graduate School, University of Birmingham, April 2008 1 Operational Semantics Abstract Machines and Correctness Roy L. Crole University of Leicester, UK Midlands Graduate School, University of
More informationAbstract Interpretation II
Abstract Interpretation II Semantics and Application to Program Verification Antoine Miné École normale supérieure, Paris year 2015 2016 Course 11 13 May 2016 Course 11 Abstract Interpretation II Antoine
More information1 Introduction. 2 Recap The Typed λ-calculus λ. 3 Simple Data Structures
CS 6110 S18 Lecture 21 Products, Sums, and Other Datatypes 1 Introduction In this lecture, we add constructs to the typed λ-calculus that allow working with more complicated data structures, such as pairs,
More informationAbstract Interpretation and Static Analysis
/ 1 Abstract Interpretation and Static Analysis David Schmidt Kansas State University www.cis.ksu.edu/~schmidt Welcome! / 2 / 3 Four parts 1. Introduction to static analysis what it is and how to apply
More informationCOSE312: Compilers. Lecture 17 Intermediate Representation (2)
COSE312: Compilers Lecture 17 Intermediate Representation (2) Hakjoo Oh 2017 Spring Hakjoo Oh COSE312 2017 Spring, Lecture 17 May 31, 2017 1 / 19 Common Intermediate Representations Three-address code
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements
Axiomatic Semantics: Verification Conditions Meeting 12, CSCI 5535, Spring 2009 Announcements Homework 4 is due tonight Wed forum: papers on automated testing using symbolic execution 2 Questions? Review
More informationData Flow Analysis. Lecture 6 ECS 240. ECS 240 Data Flow Analysis 1
Data Flow Analysis Lecture 6 ECS 240 ECS 240 Data Flow Analysis 1 The Plan Introduce a few example analyses Generalize to see the underlying theory Discuss some more advanced issues ECS 240 Data Flow Analysis
More informationPrecise Interprocedural Analysis using Random Interpretation
Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani gulwani@cs.berkeley.edu George C. Necula necula@cs.berkeley.edu Department of Electrical Engineering and Computer Science University
More informationContext Free Grammars
Automata and Formal Languages Context Free Grammars Sipser pages 101-111 Lecture 11 Tim Sheard 1 Formal Languages 1. Context free languages provide a convenient notation for recursive description of languages.
More informationSpring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University Agenda Basic concepts of correctness Axiomatic semantics (pages 175-183) Hoare Logic
More informationGerwin Klein, June Andronick, Ramana Kumar S2/2016
COMP4161: Advanced Topics in Software Verification {} Gerwin Klein, June Andronick, Ramana Kumar S2/2016 data61.csiro.au Content Intro & motivation, getting started [1] Foundations & Principles Lambda
More informationInterprocedurally Analyzing Polynomial Identities
Interprocedurally Analyzing Polynomial Identities Markus Müller-Olm 1, Michael Petter 2, and Helmut Seidl 2 1 Westfälische Wilhelms-Universität Münster, Institut für Informatik Einsteinstr. 62, 48149 Münster,
More informationWe define a dataflow framework. A dataflow framework consists of:
So far been talking about various dataflow problems (e.g. reaching definitions, live variable analysis) in very informal terms. Now we will discuss a more fundamental approach to handle many of the dataflow
More informationModular Lattices for Compositional Interprocedural Analysis. by Ghila Castelnuovo
Tel Aviv University Raymond and Beverly Sackler Faculty of Exact Sciences School of Computer Science Modular Lattices for Compositional Interprocedural Analysis by Ghila Castelnuovo under the supervision
More informationA Logic for Information Flow Analysis with an Application to Forward Slicing of Simple Imperative Programs
A Logic for Information Flow Analysis with an Application to Forward Slicing of Simple Imperative Programs Torben Amtoft and Anindya Banerjee a,1,2 a Department of Computing and Information Sciences Kansas
More informationSpring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2016 Program Analysis and Verification Lecture 3: Axiomatic Semantics I Roman Manevich Ben-Gurion University Warm-up exercises 1. Define program state: 2. Define structural semantics configurations:
More informationCS156: The Calculus of Computation Zohar Manna Autumn 2008
Page 3 of 52 Page 4 of 52 CS156: The Calculus of Computation Zohar Manna Autumn 2008 Lecturer: Zohar Manna (manna@cs.stanford.edu) Office Hours: MW 12:30-1:00 at Gates 481 TAs: Boyu Wang (wangboyu@stanford.edu)
More informationAdventures in Dataflow Analysis
Adventures in Dataflow Analysis CSE 401 Section 9-ish Jack Eggleston, Aaron Johnston, & Nate Yazdani Announcements - Code Generation due Announcements - Code Generation due - Compiler Additions due next
More informationLecture 11 Sections 4.5, 4.7. Wed, Feb 18, 2009
The s s The s Lecture 11 Sections 4.5, 4.7 Hampden-Sydney College Wed, Feb 18, 2009 Outline The s s 1 s 2 3 4 5 6 The LR(0) Parsing s The s s There are two tables that we will construct. The action table
More informationCausal Dataflow Analysis for Concurrent Programs
Causal Dataflow Analysis for Concurrent Programs Azadeh Farzan P. Madhusudan Department of Computer Science, University of Illinois at Urbana-Champaign. {afarzan,madhu}@cs.uiuc.edu Abstract. We define
More informationPrecise Program Analysis through (Linear) Algebra
Precise Program Analysis through (Linear) Algebra Markus Müller-Olm FernUniversität Hagen (on leave from Universität Dortmund) Joint work with Helmut Seidl (TU München) CP+CV 4, Barcelona, March 8, 4 Overview
More informationG54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV
G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV Henrik Nilsson University of Nottingham, UK G54FOP: Lecture 17 & 18 p.1/33 These Two Lectures Revisit attempt to define denotational
More informationLecture Notes: Program Analysis Correctness
Lecture Notes: Program Analysis Correctness 15-819O: Program Analysis Jonathan Aldrich jonathan.aldrich@cs.cmu.edu Lecture 5 1 Termination As we think about the correctness of program analysis, let us
More informationTopic-I-C Dataflow Analysis
Topic-I-C Dataflow Analysis 2012/3/2 \course\cpeg421-08s\topic4-a.ppt 1 Global Dataflow Analysis Motivation We need to know variable def and use information between basic blocks for: constant folding dead-code
More informationTemporal Reasoning for Procedural Programs
Temporal Reasoning for Procedural Programs Rajeev Alur 1 and Swarat Chaudhuri 2 1 University of Pennsylvania, USA 2 Pennsylvania State University, USA Abstract. While temporal verification of programs
More informationLanguages. Languages. An Example Grammar. Grammars. Suppose we have an alphabet V. Then we can write:
Languages A language is a set (usually infinite) of strings, also known as sentences Each string consists of a sequence of symbols taken from some alphabet An alphabet, V, is a finite set of symbols, e.g.
More informationStaging Static Analyses for Program Generation
Staging Static Analyses for Program Generation (Extended Version) Sam Kamin Baris Aktemur Michael Katelman University of Illinois at Urbana-Champaign 201 N. Goodwin, Urbana, IL 61801 USA {kamin,aktemur,katelman}@cs.uiuc.edu
More informationRecurrent Neural Networks and Logic Programs
Recurrent Neural Networks and Logic Programs The Very Idea Propositional Logic Programs Propositional Logic Programs and Learning Propositional Logic Programs and Modalities First Order Logic Programs
More informationBASIC CONCEPTS OF ABSTRACT INTERPRETATION
BASIC CONCEPTS OF ABSTRACT INTERPRETATION Patrick Cousot École Normale Supérieure 45 rue d Ulm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr Radhia Cousot CNRS & École Polytechnique 91128 Palaiseau
More informationProgram verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program
Program verification Assertional semantics of a program Meaning of a program: relation between its inputs and outputs; specified by input assertions (pre-conditions) and output assertions (post-conditions)
More informationClasses of data dependence. Dependence analysis. Flow dependence (True dependence)
Dependence analysis Classes of data dependence Pattern matching and replacement is all that is needed to apply many source-to-source transformations. For example, pattern matching can be used to determine
More informationDependence analysis. However, it is often necessary to gather additional information to determine the correctness of a particular transformation.
Dependence analysis Pattern matching and replacement is all that is needed to apply many source-to-source transformations. For example, pattern matching can be used to determine that the recursion removal
More informationSyntactic Analysis. Top-Down Parsing
Syntactic Analysis Top-Down Parsing Copyright 2015, Pedro C. Diniz, all rights reserved. Students enrolled in Compilers class at University of Southern California (USC) have explicit permission to make
More informationChapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011
Chapter 2 An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011 Assertions In this chapter, we give a more detailed exposition of the assertions of separation logic: their meaning,
More informationProgram verification using Hoare Logic¹
Program verification using Hoare Logic¹ Automated Reasoning - Guest Lecture Petros Papapanagiotou Part 2 of 2 ¹Contains material from Mike Gordon s slides: Previously on Hoare Logic A simple while language
More informationExtended Weighted Pushdown Systems
Extended Weighted Pushdown Systems Akash Lal, Thomas Reps, and Gogul Balakrishnan University of Wisconsin, Madison, Wisconsin 53706 {akash, reps, bgogul}@cs.wisc.edu Abstract. Recent work on weighted-pushdown
More informationDiscrete Fixpoint Approximation Methods in Program Static Analysis
Discrete Fixpoint Approximation Methods in Program Static Analysis P. Cousot Département de Mathématiques et Informatique École Normale Supérieure Paris
More informationImproved Algorithms for Module Extraction and Atomic Decomposition
Improved Algorithms for Module Extraction and Atomic Decomposition Dmitry Tsarkov tsarkov@cs.man.ac.uk School of Computer Science The University of Manchester Manchester, UK Abstract. In recent years modules
More informationOn Fixed Point Equations over Commutative Semirings
On Fixed Point Equations over Commutative Semirings Javier Esparza, Stefan Kiefer, and Michael Luttenberger Universität Stuttgart Institute for Formal Methods in Computer Science Stuttgart, Germany {esparza,kiefersn,luttenml}@informatik.uni-stuttgart.de
More informationPrecise Interprocedural Analysis through Linear Algebra
Precise Interprocedural Analysis through Linear Algebra Markus Müller-Olm FernUniversität Hagen, LG Praktische Informatik 5 58084 Hagen, Germany mmo@ls5csuni-dortmundde Helmut Seidl TU München, Lehrstuhl
More informationAST rewriting. Part I: Specifying Transformations. Imperative object programs. The need for path queries. fromentry, paths, toexit.
Part I: Specifying Transformations Oege de Moor Ganesh Sittampalam Programming Tools Group, Oxford focus AST rewriting To apply rule: rewrite(pat 0, pat 1 ) Match: focus = φ(pat 0 ) Replace: focus := φ(pat
More informationA Functional Perspective
A Functional Perspective on SSA Optimization Algorithms Patryk Zadarnowski jotly with Manuel M. T. Chakravarty Gabriele Keller 19 April 2004 University of New South Wales Sydney THE PLAN ➀ Motivation an
More informationA Behavioral Congruence for Concurrent Constraint Programming with Nondeterministic Choice
A Behavioral Congruence for Concurrent Constraint Programming with Nondeterministic Choice Luis Pino*, Filippo Bonchi** and Frank Valencia* (Presented by: Jorge A. Pe rez) *E quipe Come te, LIX, Laboratoire
More informationDenotational semantics
Denotational semantics The method define syntax (syntactic domains) define semantic domains define semantic functions use compositional definitions Andrzej Tarlecki: Semantics & Verification - 63 - Syntactic
More informationPrinciples of Program Analysis: A Sampler of Approaches
Principles of Program Analysis: A Sampler of Approaches Transparencies based on Chapter 1 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis Springer Verlag
More informationIntroduction to Kleene Algebras
Introduction to Kleene Algebras Riccardo Pucella Basic Notions Seminar December 1, 2005 Introduction to Kleene Algebras p.1 Idempotent Semirings An idempotent semiring is a structure S = (S, +,, 1, 0)
More informationLogical Abstract Domains and Interpretations
Logical Abstract Domains and Interpretations Patrick Cousot 2,3, Radhia Cousot 3,1, and Laurent Mauborgne 3,4 1 Centre National de la Recherche Scientifique, Paris 2 Courant Institute of Mathematical Sciences,
More information185.A09 Advanced Mathematical Logic
185.A09 Advanced Mathematical Logic www.volny.cz/behounek/logic/teaching/mathlog13 Libor Běhounek, behounek@cs.cas.cz Lecture #1, October 15, 2013 Organizational matters Study materials will be posted
More informationSmoothing a Program Soundly and Robustly
Smoothing a Program Soundly and Robustly Swarat Chaudhuri 1 and Armando Solar-Lezama 2 1 Rice University 2 MIT Abstract. We study the foundations of smooth interpretation, a recentlyproposed program approximation
More informationFoundations of Abstract Interpretation
Escuela 03 II / 1 Foundations of Abstract Interpretation David Schmidt Kansas State University www.cis.ksu.edu/~schmidt Escuela 03 II / 2 Outline 1. Lattices and continuous functions 2. Galois connections,
More informationCMSC 631 Program Analysis and Understanding Fall Abstract Interpretation
Program Analysis and Understanding Fall 2017 Abstract Interpretation Based on lectures by David Schmidt, Alex Aiken, Tom Ball, and Cousot & Cousot What is an Abstraction? A property from some domain Blue
More informationModularity in Lattices: A Case Study on the Correspondence between Top-Down and Bottom-Up Analysis
Modularity in Lattices: A Case Study on the Correspondence between Top-Down and Bottom-Up Analysis G. Castelnuovo 1, M. Naik 2, N. Rinetzky 3, M. Sagiv 1, and H. Yang 3 1 Tel Aviv University 2 Georgia
More informationThe Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security
The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique Motivation Concurrent
More informationTermination of LCTRSs
Termination of LCTRSs Cynthia Kop 1 1 Department of Computer Science, University of Innsbruck Technikerstraße 21a, 6020 Innsbruck, Austria Cynthia.Kop@uibk.ac.at Abstract Logically Constrained Term Rewriting
More informationMechanics of Static Analysis
Escuela 03 III / 1 Mechanics of Static Analysis David Schmidt Kansas State University www.cis.ksu.edu/~schmidt Escuela 03 III / 2 Outline 1. Small-step semantics: trace generation 2. State generation and
More informationReal-Time Systems. Lecture 10: Timed Automata Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany main
Real-Time Systems Lecture 10: Timed Automata 2013-06-04 10 2013-06-04 main Dr. Bernd Westphal Albert-Ludwigs-Universität Freiburg, Germany Contents & Goals Last Lecture: PLC, PLC automata This Lecture:
More informationThe Trace Partitioning Abstract Domain
The Trace Partitioning Abstract Domain XAVIER RIVAL and LAURENT MAUBORGNE École Normale Supérieure In order to achieve better precision of abstract interpretation based static analysis, we introduce a
More information«ATutorialon Abstract Interpretation»
«ATutorialon Abstract Interpretation» Patrick Cousot École normale supérieure 45 rue d Ulm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot VMCAI 05 Industrial Day VMCAI 05 Industrial
More informationIntroduction to Axiomatic Semantics
#1 Introduction to Axiomatic Semantics #2 How s The Homework Going? Remember that you can t just define a meaning function in terms of itself you must use some fixed point machinery. #3 Observations A
More informationPrecise Fixpoint-Based Analysis of Programs with Thread-Creation and Procedures
Precise Fixpoint-Based Analysis of Programs with Thread-Creation and Procedures Peter Lammich and Markus Müller-Olm Institut für Informatik, Fachbereich Mathematik und Informatik Westfälische Wilhelms-Universität
More informationProgram Analysis Part I : Sequential Programs
Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for
More informationWhat is SSA? each assignment to a variable is given a unique name all of the uses reached by that assignment are renamed
Another Form of Data-Flow Analysis Propagation of values for a variable reference, where is the value produced? for a variable definition, where is the value consumed? Possible answers reaching definitions,
More informationThe Stevens-Stirling-Algorithm For Solving Parity Games Locally Requires Exponential Time
The Stevens-Stirling-Algorithm For Solving Parity Games Locally Requires Exponential Time Oliver Friedmann Institut für Informatik, LMU München Oliver.Friedmann@googlemail.com Abstract. This paper presents
More informationSyntax Analysis Part I
1 Syntax Analysis Part I Chapter 4 COP5621 Compiler Construction Copyright Robert van Engelen, Florida State University, 2007-2013 2 Position of a Parser in the Compiler Model Source Program Lexical Analyzer
More informationComputational Models Lecture 8 1
Computational Models Lecture 8 1 Handout Mode Nachum Dershowitz & Yishay Mansour. Tel Aviv University. May 17 22, 2017 1 Based on frames by Benny Chor, Tel Aviv University, modifying frames by Maurice
More informationComputational Models Lecture 8 1
Computational Models Lecture 8 1 Handout Mode Ronitt Rubinfeld and Iftach Haitner. Tel Aviv University. May 11/13, 2015 1 Based on frames by Benny Chor, Tel Aviv University, modifying frames by Maurice
More information