Chapter 1 Data flow analysis Course “Static analysis and all that” Martin Steffen INF5906 / autum 2017
Chapter 1 Learning Targets of Chapter “Data flow analysis”. various DFAs monotone frameworks operational semantics foundations special topics (SSA, context-sensitive analysis ...)
Chapter 1 Outline of Chapter “Data flow analysis”. Interprocedural analysis Introduction Semantics Analysis Paths Context-sensitive analysis Static single assignment
Section Interprocedural analysis Introduction Semantics Analysis Paths Context-sensitive analysis Chapter 1 “Data flow analysis” Course “Static analysis and all that” Martin Steffen INF5906 / autum 2017
Adding procedures • so far: very simplified language: Static analysis and all that • minimalistic imperative language Martin Steffen • reading and writing to variables plus • simple controlflow, given as flow graph Targets & Outline Interprocedural analysis • now: procedures : interprocedural analysis Introduction Semantics • complications: Analysis Paths • calls/return (control flow) Context-sensitive analysis • parameter passing (call-by-value vs. call-by-reference) Static single assignment • scopes • potential aliasing (with call-by-reference) • higher-order functions/procedures • here: top-level procedures, mutual recursion, call-by-value parameter + call-by-result 1-5
Syntax • begin D ∗ S ∗ end Static analysis and all that l n l x D ::= proc p ( val x, res y ) is S end | D D Martin Steffen Targets & Outline Interprocedural • procedure names p analysis Introduction • statements Semantics Analysis S ::= . . . [ call p ( a, z )] l c Paths l r Context-sensitive analysis Static single assignment • note: call statement with 2 labels • statically scoped language, CBV parameter passing (1st parameter), and CBN for second • mutual recursion possible • assumption: unique labelling, only declared procedures are called, all procedures have different names. 1-6
Example: Fibonacci Static analysis and all that Martin Steffen Targets & Outline Interprocedural analysis Introduction Semantics Analysis Paths Context-sensitive analysis Static single assignment 1-7
Static analysis and all that Martin Steffen Targets & Outline Interprocedural analysis Introduction Semantics Analysis Paths Context-sensitive analysis Static single proc fib ( val z, u, res v ) is 1 assignment begin [ z < 3] 2 if [ v := u + 1] 3 then [ call fib ( z − 1 , u, v )] 4 5 ; else [ call fib ( z − 2 , v, v )] 6 7 end 8 ; [ call fib ( x, 0 , y )] 9 10 1-8 end
Block, labels, etc. Static analysis and all that Martin Steffen init ([ call p ( a, z )] l c l r ) = l c final ([ call p ( a, z )] l c { l r } Targets & Outline l r ) = Interprocedural blocks ([ call p ( a, z )] l c { [ call p ( a, z )] l c l r ) = l r } analysis labels ([ call p ( a, z )] l c Introduction l r ) = { l c , l r } Semantics flow ([ call p ( a, z )] l c Analysis l r ) = Paths Context-sensitive analysis Static single assignment 1-8
Block, labels, etc. Static analysis and all that init ([ call p ( a, z )] l c l r ) = l c Martin Steffen final ([ call p ( a, z )] l c l r ) = { l r } Targets & Outline blocks ([ call p ( a, z )] l c { [ call p ( a, z )] l c l r } l r ) = Interprocedural analysis labels ([ call p ( a, z )] l c l r ) = { l c , l r } Introduction Semantics flow ([ call p ( a, z )] l c l r ) = { ( l c ; l n ) , ( l x ; l r ) } Analysis Paths Context-sensitive analysis where proc p ( val x, res y ) is l n S end l x is in D ∗ . Static single assignment • two new kinds of flows (written slightly different(!)): calling and returning • static dispatch only 1-8
For procedure declaration Static analysis and all that Martin Steffen Targets & Outline init ( p ) = Interprocedural analysis final ( p ) = Introduction Semantics blocks ( p ) = ∪ blocks ( S ) Analysis Paths labels ( p ) = Context-sensitive analysis flow ( p ) = Static single assignment 1-9
For procedure declaration Static analysis and all that Martin Steffen Targets & Outline Interprocedural init ( p ) = l n analysis { l x } Introduction final ( p ) = Semantics { is l n , end l x } ∪ blocks ( S ) blocks ( p ) = Analysis Paths labels ( p ) = { l n , l x } ∪ labels ( S ) Context-sensitive analysis Static single flow ( p ) = { ( l n , init ( S )) } ∪ flow ( S ) ∪ { ( l, l x ) | l ∈ final ( S ) } assignment 1-9
“Standard” flow of complete program not yet interprocedural flow (IF) = init ( S ∗ ) init ∗ final ∗ = final ( S ∗ ) � { blocks ( p ) | proc p ( val x, res y ) is l n S end l x ∈ D ∗ } = blocks ∗ ∪ blocks ( S ∗ ) � { labels ( p ) | proc p ( val x, res y ) is l n S end l x ∈ D ∗ } = labels ∗ ∪ labels ( S ∗ ) � { flow ( p ) | proc p ( val x, res y ) is l n S end l x ∈ D ∗ } = flow ∗ ∪ flow ( S ∗ ) side remark: S ∗ : notation for complete program “of interest”
New kind of edges: Interprocedural flow (IF) • inter-procedural: from call-site to procedure, and back: ( l c ; l n ) and ( l x ; l r ) . • more precise (= better) capture of flow • abbreviation: IF for inter - flow ∗ or inter - flow R ∗ IF inter - flow ∗ = { ( l c , l n , l x , l r ) | P ∗ contains [ call p ( a, z )] l c } l r and proc ( val x, res y ) is l n S end l x
Example: fibonacci flow Static analysis and all that Martin Steffen Targets & Outline Interprocedural analysis Introduction Semantics Analysis Paths Context-sensitive analysis Static single assignment 1-12
Semantics: stores, locations,. . . • not only new syntax Static analysis • new semantical concept: local data! and all that • different “incarnations” of a variable ⇒ locations Martin Steffen • remember: σ ∈ State = Var ∗ → Z Targets & Outline Interprocedural Representation of “memory” analysis Introduction Semantics Analysis Paths ξ ∈ locations Loc Context-sensitive analysis ∈ Env = Var ∗ → Loc ρ environment Static single assignment ς ∈ Store = Loc → fin Z store • σ = ς ◦ ρ : total ⇒ ran ( ρ ) ⊆ dom ( ς ) • top-level environment: ρ ∗ : all var’s are mapped to unique locations (no aliasing !!!!) 1-13
SOS steps Static analysis and all that Martin Steffen • steps relative to environment ρ Targets & Outline ρ ⊢ ∗ � S, ς � → � ´ S, ´ ς � Interprocedural analysis or Introduction Semantics Analysis Paths ρ ⊢ ∗ � S, ς � → ´ ς Context-sensitive analysis Static single assignment • old rules needs to be adapted • “global” environment ρ ∗ 1-14
Call-rule ξ 1 , ξ 2 / ∈ dom ( ς ) proc p ( val x, res y ) is l n S end l x ∈ D ∗ ς = ´ Call ρ ⊢ ∗ � [ call p ( a, z )] l c l r , ς � → � bind ρ ∗ [ x �→ ξ 1 ][ y �→ ξ 2 ] in S then z := y, ´ ς �
Call-rule ξ 1 , ξ 2 / ∈ dom ( ς ) v ∈ Z proc p ( val x, res y ) is l n S end l x ∈ D ∗ ] A ς = ς [ ξ 1 �→ [ ς ◦ ρ ][ ξ 2 �→ v ] ´ [ a ] Call ρ ⊢ ∗ � [ call p ( a, z )] l c l r , ς � → � bind ρ ∗ [ x �→ ξ 1 ][ y �→ ξ 2 ] in S then z := y, ´ ς �
Bind-construct Static analysis and all that ρ ⊢ ∗ � S, ς � → � ´ ´ S, ´ ς � Martin Steffen Bind 1 Targets & Outline ρ ⊢ ∗ � bind ´ ρ in S then z := y, ς � → Interprocedural analysis Introduction ρ ⊢ ∗ � S, ς � → ´ ´ ς Semantics Analysis Bind 2 Paths ρ ⊢ ∗ � bind ´ ρ in S then z := y, ς � → Context-sensitive analysis Static single assignment • bind-syntax: “runtime syntax” ⇒ formulation of correctness must be adapted, too (Chap. 3) 1 1-16 1 Not covered in the lecture.
Bind-construct Static analysis and all that ρ ⊢ ∗ � S, ς � → � ´ ´ S, ´ ς � Martin Steffen Bind 1 Targets & Outline ρ in ´ ρ ⊢ ∗ � bind ´ ρ in S then z := y, ς � → � bind ´ S then z := y, ´ ς � Interprocedural analysis Introduction ρ ⊢ ∗ � S, ς � → ´ ´ ς Semantics Analysis Bind 2 Paths ρ ⊢ ∗ � bind ´ ρ in S then z := y, ς � → ´ ς [ ρ ( z ) �→ ´ ς (´ ρ ( y ))] Context-sensitive analysis Static single assignment • bind-syntax: “runtime syntax” ⇒ formulation of correctness must be adapted, too (Chap. 3) 1 1-16 1 Not covered in the lecture.
Transfer function: Naive formulation • first attempt Static analysis and all that • assumptions: Martin Steffen • for each proc. call: 2 transfer functions: f l c (call) and f l r (return) Targets & Outline • for each proc. definition: 2 transfer functions: f l n Interprocedural analysis (enter) and f l x (exit) Introduction Semantics • given: mon. framework ( L, F , F, E, ι, f ) Analysis Paths Context-sensitive analysis Naive Static single assignment • treat IF edges ( l c ; l n ) and ( l x ; l r ) as ordinary flow edges ( l 1 , l 2 ) • ignore parameter passing: transfer functions for proc. calls and proc definitions are identity 1-17
Recommend
More recommend
