program analysis mooly sagiv tel aviv university 640-6706 sunday 18-21 scrieber 8 monday 10-12...
DESCRIPTION
Lattice Theory u The Foundation of –Denotational semantics –Program analysis u Special topology theory u Generalizes powersets and integersTRANSCRIPT
![Page 1: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/1.jpg)
Program AnalysisMooly Sagiv
http://www.math.tau.ac.il/~sagiv/courses/pa.html
Tel Aviv University640-6706
Sunday 18-21 Scrieber 8Monday 10-12 Schrieber 317
Textbook: Dataflow Analysis Chapter 2 & Appendix A
Monotone Frameworks and Precision
![Page 2: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/2.jpg)
Outline Lattice Theory Monotone Dataflow Frameworks Precision of Data Flow Analysis
![Page 3: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/3.jpg)
Lattice Theory The Foundation of
– Denotational semantics– Program analysis
Special topology theory Generalizes powersets and integers
![Page 4: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/4.jpg)
Partial Orders Consider a set P A partial order is a relation
: P P{false, true} such that: is reflexive pP: pp is transitive p1, p2, p3 P, p1p2, p2 p3 p1 p3
is anti-symmetric p1, p2 P : p1p2, p2 p1p1=p2
Partially ordered sets (Posets) (P, ) Examples
– (R, )– (P(S), )– (P(S), )– (Alphanumeric-Strings, Lexicographic-order)
![Page 5: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/5.jpg)
Upper Bounds Consider a Poset (P, ) An element uP is an upper bound of a subset
SP if sS: su An element uP is a least upper bound of a subset
SP if– u is an upper bound of S– For every upper bound u’ of S: uu’
The least upper bound of every S is unique if exists (denoted by S)
For S={p1,p2} p1p2= {p1, p2}
![Page 6: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/6.jpg)
Lower Bounds Consider a Poset (P, ) An element lP is a lower bound of a subset
SP if s S: ls An element lP is a greatest lower bound of a subset
SP if– l is a lower bound of S– For every lower bound l’ of S: l’l
The greatest lower bound of every S is unique if exists (denoted by S)
For S={p1, p2} p1 p2= {p1, p2}
![Page 7: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/7.jpg)
Complete Lattices
The Poset (L, ) such that every subset SL S and S are both defined is called complete lattice
Denoted by (L, ) = (L, , , , ,) is the minimum value = = L is the maximum value = L =
![Page 8: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/8.jpg)
Lattices in Program Analysis
The Poset (L, ) describes “potential pieces of abstract information” (known when the analysis begins)
l1l2
– l1 is at least as precise as l2
– l2 describes at least the program states described by l1
describes an empty set of program states describes all the program states (trivial solution)
l1l2 is the effect of integrating l1 and l2 from different control-flow paths
l1l2 is the effect of integrating l1 and l2 from the same control-flow path
![Page 9: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/9.jpg)
Lemma A.2 Given a Poset (P, ) the following claims are
equivalent– (i) P is a complete lattice– (ii) for every subset SP
S is defined
– (iii) for every subset SP S is defined
![Page 10: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/10.jpg)
Chains Consider a Poset (P, ) A chain is subset SP which is totally ordered
– for every s1, s2 S: s1s2 or s1s2 P satisfies the ascending chain condition if all the
ascending chains in L is finite P has a finite height h if all chains contains at
most h+1 elements
![Page 11: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/11.jpg)
Construction of Complete Lattices
It is possible to construct lattices from other lattices (like compound data-types)
Allows natural generalizations of static analysis algorithms
Examples:– Cartesian products– Total function space
![Page 12: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/12.jpg)
Cartesian Products Consider lattices
– (L1, 1, 1, 1, 1,1)
– (L2, 2, 2, 2, 2,2)
Define L = (L1 L2, ) where (l1, l2) (u1, u2) if l1 1 u1 and l2 2 u2
L is a complete lattice S = (1{l1: l2 : (l1, l2) S}, 2 {l2: l1 : (l1, l2) S}) S = ( 1{l1: l2 : (l1, l2) S}, 2 {l2: l1 : (l1, l2) S}) = (1, 2)
= (1,2)– If L1 has a finite height h1and L2 has a finite height h2
then ...
![Page 13: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/13.jpg)
Total Function Space Consider
– A lattice (L1, 1, 1, 1, 1,1)– A set S
Define L = (S L1 , ) where f1 f2 if for every s S: f1(s) 1 f2 (s)
L is a complete lattice– ( Y)(s) = 1{f(s) : f Y}
– ( Y)(s) = 1{f(s) : f Y} (s) = 1
(s)= 1
– If L1 has a finite height h1and S is finite
then ...
![Page 14: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/14.jpg)
Properties of Functions Consider a function f: L1 L2 where
(L1, 1, 1, 1, 1,1) and (L2, 2, 2, 2, 2,2) complete lattice
f is strict if f(1)=2
f is monotone (or order-preserving) if s1, b1 L1: s1 1 b1 f(s1) 2 f(b1)
f is additive (or distributive) if s1, b1 L1: f(s11b1) = f(s1)2 f(b1)
![Page 15: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/15.jpg)
Fixed Points Consider a function f: L L where
(L, , , , ,) is a complete lattice Let Fix(f) be the sets of fixed points of f
Fix(f) = { l | f(l) = l }– lfp(f) is the least element in Fix(f) (unique if exists)– gfp(f) is the greatest element in Fix(f) (unique if exists)
Let Pre(f) be the sets of pre fixed points of fPre(f) = { l | f(l) l } (Red(f))
Let Post(f) be the sets of post fixed points of fPost(f) = { l | l f(l) } (Ext(f))
Tarski’s Theorem: if f is monotone then:– lfp(f) = Pre(f)
– gfp(f) = Post(f)
![Page 16: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/16.jpg)
Constructive Version of Tarski’s Theorem
Define the sequence:– l0 =
– li+1 = f(li)
li lfp(f) If L has height h
lh=lfp(f) Improvements
– stop when no more changes occur – Chaotic iterations
![Page 17: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/17.jpg)
Monotone Frameworks Generalizes Kill/Gen Problems a complete lattice (L, , , , ,) describes the
“potential pieces of information” The initial value at entry is specified by L The effect of every basic block at l is described by
a monotone function fl :L L (transfer function) Solve the following system of equations (forward)
otherwise u )'()}(),'{()(
)(*
*
lDFSflowllSinitl
lexit
DFentry
))(()( lDFentryfl lDFexit
![Page 18: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/18.jpg)
Instances of Monotone Frameworks Kill/Gen Problems
= or =
– fl(entry(l)) = (entry (l) - kill(l)) gen(l)
May be uninitialized (garbage) variables Constant propagation Truly-live variables Points-to analysis
![Page 19: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/19.jpg)
May-be-garbage variables A variable may-be-garbage at a label l if there
may be a path to l in which it is either uninitialized or set using an uninitilized variable[x := 5]1 ;if [z > 2]2
then [y := 17]3 ;else [skip]4 ;
[t := y + x]5 ;
![Page 20: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/20.jpg)
May-be-garbage variables(cont) L = (P(Var*), , , , , Var*) Initial value =Var*
Transfer functions fl(DFentry(l))
[x := a]l if FV(a) DFentry(l) then DFentry(l) {x} else DFentry(l) – {x}
[skip]l DFentry(l)
[b]l DFentry(l)
![Page 21: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/21.jpg)
Constant Propagation Determine variables with constant values Information Lattice
– Extended integer lattice (L1, 1, 1, 1, 1, 1)» L1 = Z {1, 1}
» 1 1 z 1 1
– Define L = (S L1, ) where S=Var*
Transfer functions Acp: AExp (L L1)fl(DFentry(l))
[x := a]l DFentry(l)[x Acpa(DFentry(l))]
[skip]l DFentry(l)
[b]l DFentry(l)
![Page 22: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/22.jpg)
Chaotic Iterations
for l Lab* doDFentry(l) := DFexit(l) :=
DFentry(init(S*)) := WL= Lab*
while WL != do Select and remove an arbitrary l WL
if (temp != DFexit(l))
DFexit(l) := temp for l' such that (l,l') flow(S*) do DFentry(l') := DFentry(l') DFexit(l) WL := WL {l’}
))(( lDFftemp entryl
![Page 23: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/23.jpg)
Complexity of Chaotic Iterations Parameters:
– |Lab| labels– k is the maximum outdegree of flow(S*) – A lattice of height h– c is the maximum cost of
» applying fl » L comparisons
ComplexityO(|Lab| h * c * k)
![Page 24: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/24.jpg)
Soundness of Chaotic Iterations define abstraction : Collecting-States L Show that for every l:
({[b]l(s) | s CS }) fl ((CS)) Conclude that the DF solution of Chaotic
iterations satisfies for every l: (CS entry(l)) DFentry(l) (CS exit(l)) DFexit(l)
But it may be that Chaotic iterations yield DFentry(l) = and yet (CS entry(l))=
How to measure precision?
![Page 25: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/25.jpg)
Precision of Chaotic Iterations Optimal
(CS entry(l)) = DFentry(l) (CS exit(l)) = DFexit(l)
Join-over-all-paths - No loss of information w.r.t. straight line code
Relatively optimal (induced) w.r.t. the abstraction
Compare at run-time Good enough for the used optimization
![Page 26: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/26.jpg)
The Join-Over-All-Paths (JOP) Let paths(init(S*), l) denote the potentially infinite
set paths from init(S*) to l (written as sequences of labels)
For a sequence of labels [l1, l2, …, ln] definef [l1, l2, …, ln]: L L by composing the effects of basic blocksf [l1, l2, …, ln](s) = fln (… (fl2 (fl1 (s)) …)
JOPl = {f[l1, l2, …, l]() [l1, l2, …, l] paths(init(S*), l)}
![Page 27: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/27.jpg)
JOP vs. Least Solution The DF solution obtained by Chaotic iteration
satisfies for every l: – JOPl DFentry(l)
If every fl is additive (distributive) for all the labels l– JOPl = DFentry(l)
![Page 28: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/28.jpg)
Static Analysis problems beyond Monotone Frameworks
Infinite heights– integer intervals– Linear relationships between variables
Bi-directional problems Procedures
![Page 29: Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber](https://reader035.vdocuments.us/reader035/viewer/2022070616/5a4d1be57f8b9ab0599e1b0a/html5/thumbnails/29.jpg)
Conclusions Many dataflow problems can be solved via the
Chaotic Iteration Algorithm Provide a tool to understand precision