interprocedural analysis sharir pnueli s call strings
play

Interprocedural Analysis: Sharir-Pnuelis Call-strings Approach - PowerPoint PPT Presentation

Jan 14, 2024 •554 likes •1.08k views

Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Interprocedural Analysis: Sharir-Pnuelis Call-strings Approach Deepak DSouza Department of Computer Science and Automation Indian

  1. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Interprocedural Analysis: Sharir-Pnueli’s Call-strings Approach Deepak D’Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 04 September 2013

  2. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Outline Motivation 1 Call-strings method 2 Correctness 3 Approximate call-string method 4 Bounded call-string method 5

  3. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Handling programs with procedure calls How would we extend an abstract interpretation to handle programs with procedures? main(){ f(){ g(){ x := 0; x := x+1; f(); f(); return; return; g(); } } print x; }

  4. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Handling programs with procedure calls How would we extend an abstract interpretation to handle programs with procedures? main(){ f(){ g(){ x := 0; x := x+1; f(); f(); return; return; g(); } } print x; } Question: what is the collecting state before the print x statement in main ?

  5. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Handling programs with procedure calls main f g Add extra edges call edges: from A J F H call site ( call D x:=x+1 x := 0 call f p ) to start of G B procedure ( p ) I ret ret call f ret edges: from E return statement L (in p ) to point call g after call sites K (“ret sites”) ( call p ). print x C

  6. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Handling programs with procedure calls Assume variables are uniquely named main f g across program. Transfer functions A J F H for call/return D x:=x+1 x := 0 call f edges? B G I ret ret call f E L call g K print x C

  7. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Handling programs with procedure calls Assume variables are uniquely named main f g across program. Transfer functions A J F H for call/return D x:=x+1 x := 0 call f edges? Identity if B G I we assume no ret ret call f parameters/return E L values; else treat call g like assignment K statement. print x C

  8. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Handling programs with procedure calls Assume variables are uniquely named main f g across program. Transfer functions A J F H for call/return D x:=x+1 x := 0 call f edges? Identity if B G I we assume no ret ret call f parameters/return E L values; else treat call g like assignment K statement. Now compute JOP print x C in this extended control-flow graph.

  9. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Problem with JOP in this graph Ex. 1. Actual collecting state at C? main f g A J F H D x := 0 x:=x+1 call f G B I ret call f ret E L call g K print x C

  10. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Problem with JOP in this graph Ex. 1. Actual collecting state at C? { x �→ 2 } . main f g A J F H D x := 0 x:=x+1 call f G B I ret call f ret E L call g K print x C

  11. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Problem with JOP in this graph Ex. 1. Actual collecting state at C? { x �→ 2 } . Ex. 2. JOP at C for the main f g collecting semantics A J F abstract interpretation? H D x := 0 x:=x+1 call f G B I ret call f ret E L call g K print x C

  12. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Problem with JOP in this graph Ex. 1. Actual collecting state at C? { x �→ 2 } . Ex. 2. JOP at C for the main f g collecting semantics A J F abstract interpretation? H D x := 0 x:=x+1 call f { x �→ 1 , x �→ 2 , x �→ G B 3 , . . . } . I ret call f ret E L call g K print x C

  13. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Problem with JOP in this graph Ex. 1. Actual collecting state at C? { x �→ 2 } . Ex. 2. JOP at C for the main f g collecting semantics A J F abstract interpretation? H D x := 0 x:=x+1 call f { x �→ 1 , x �→ 2 , x �→ G B 3 , . . . } . I ret call f ret JOP is sound but E very imprecise. L call g Some paths don’t K correspond to executions of the print x program: Eg. C ABDFGILC.

  14. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Problem with JOP in this graph Ex. 1. Actual collecting state at C? { x �→ 2 } . Ex. 2. JOP at C for the main f g collecting semantics A J F abstract interpretation? H D x := 0 x:=x+1 call f { x �→ 1 , x �→ 2 , x �→ G B 3 , . . . } . I ret call f ret JOP is sound but E very imprecise. L call g Some paths don’t K correspond to executions of the print x program: Eg. C ABDFGILC. What we want is Join over “Interprocedurally-Valid” Paths (JVP).

  15. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Interprocedurally valid paths and their call-strings Informally a path ρ in the extended CFG G ′ is inter-procedurally valid if every return edge in ρ “corresponds” to the most recent “pending” call edge. For example, in the example program the ret edge E corresponds to the call edge D . The call-string of a valid path ρ is a subsequence of call edges which have not been “returned” as yet in ρ . For example, cs ( ABDFGEKJHF ) is “ KH ”.

  16. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Interprocedurally valid paths and their call-strings A path ρ = ABDFGEKJHF in IVP G ′ for example program: 3 2 1 0 A B D F G E K J H F Associated call-string cs ( ρ ) is KH . For ρ = ABDFGEK cs ( ρ ) = K . For ρ = ABDFGE cs ( ρ ) = ǫ .

  17. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Interprocedurally valid paths and their call-strings More formally: Let ρ be a path in G ′ . We define when ρ is interprocedurally valid (and we say ρ ∈ IVP ( G ′ )) and what is its call-string cs ( ρ ), by induction on the length of ρ . If ρ = ǫ then ρ ∈ IVP ( G ′ ). In this case cs ( ρ ) = ǫ . If ρ = ρ ′ · N then ρ ∈ IVP ( G ′ ) iff ρ ′ ∈ IVP ( G ′ ) with cs ( ρ ′ ) = γ say, and one of the following holds: N is neither a call nor a ret edge. 1 In this case cs ( ρ ) = γ . N is a call edge. 2 In this case cs ( ρ ) = γ · N . N is ret edge, and γ is of the form γ ′ · C , and N corresponds 3 to the call edge C . In this case cs ( ρ ) = γ ′ . We denote the set of (potential) call-strings in G ′ by Γ. Thus Γ = C ∗ , where C is the set of call edges in G ′ .

  18. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Join over interprocedurally-valid paths (JVP) Let P be a given program, with extended CFG G ′ . Let path I , N ( G ′ ) be the set of paths from the initial point I to point N in G ′ . Let A = (( D , ≤ ) , f MN , d 0 ) be a given abstract interpretation. Then we define the join over all interprocedurally valid paths (JVP) at point N in G ′ to be: � f ρ ( d 0 ) . ρ ∈ path I , N ( G ′ ) ∩ IVP ( G ′ )

  19. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method One approach to obtain JVP Find JOP over same graph, but modify the abs int. main f g Modify transfer A J F functions for H D x:=x+1 x := 0 call f call/ret edges to B G detect and I invalidate invalid ret ret call f E edges. L Augment call g K underlying data values with some print x information for this. C Natural thing to try: “call-strings”.

  20. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Overall plan Define an abs int A ′ which extends LFP ( G ′ , A ′ ) given abs int A with call-string data. Show that JOP of A ′ on G ′ coincides with JVP of A on G ′ . Use Kildall (or any other technique) to compute LFP of A ′ on G ′ . This value JOP ( G ′ , A ′ ) JVP ( G ′ , A ) over-approximates JVP of A on G ′ .

  21. Motivation Call-strings method Correctness Approximate call-string method Bounded call-string method Call-string abs int A ′ : Lattice ( D ′ , ≤ ′ ) Elements of D ′ are maps ξ : Γ → D ǫ c 1 c 1 c 2 c 1 c 2 c 2 ξ : d 0 d 1 d 2 d 3 Ordering on D ′ : ≤ ′ is the pointwise extension of ≤ in D . That is ξ 1 ≤ ′ ξ 2 iff for each γ ∈ Γ, ξ 1 ( γ ) ≤ ξ 2 ( γ ). ǫ c 1 c 1 c 2 c 1 c 2 c 2 ξ 1 ⊔ ξ 2 : d 0 ⊔ e 0 d 1 ⊔ e 1 d 2 ⊔ e 2 d 3 ⊔ e 3 ǫ c 1 c 1 c 2 c 1 c 2 c 2 ǫ c 1 c 1 c 2 c 1 c 2 c 2 ξ 1 : ξ 2 : d 0 d 1 d 2 d 3 e 0 e 1 e 2 e 3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Interprocedural Analysis: Sharir-Pnuelis Call-strings Approach Deepak DSouza Department of

Interprocedural Analysis: Sharir-Pnuelis Call-strings Approach Deepak DSouza Department of

Interprocedural Analysis: Sharir-Pnuelis Call-strings Approach Deepak DSouza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 06 October 2010 Call strings approach For a given program P and analysis

430 views • 24 slides
Interprocedural Analysis and Abstract Interpretation cs6463 1 Outline Interprocedural

Interprocedural Analysis and Abstract Interpretation cs6463 1 Outline Interprocedural

Interprocedural Analysis and Abstract Interpretation cs6463 1 Outline Interprocedural analysis control-flow graph MVP: Meet over Valid Paths Making context explicit Context based on call-strings Context based on

528 views • 34 slides
Interprocedural Analysis Last time Interprocedural analysis Today Interprocedural alias

Interprocedural Analysis Last time Interprocedural analysis Today Interprocedural alias

Interprocedural Analysis Last time Interprocedural analysis Today Interprocedural alias analysis Interprocedural optimization CS553 Lecture Interprocedural Analysis and Optimization 2 Improving the Efficiency of the Iterative

276 views • 10 slides
Interprocedural Analysis 15819M 15819M Program Analysis Jonathan Aldrich Interprocedural

Interprocedural Analysis 15819M 15819M Program Analysis Jonathan Aldrich Interprocedural

Interprocedural Analysis 15819M 15819M Program Analysis Jonathan Aldrich Interprocedural Analysis Strategies Make default assumptions Assume and check annotations Build Interprocedural CFG Compute Summaries

656 views • 21 slides
Interprocedural Analysis Last time Alias analysis Today Interprocedural analysis CS553

Interprocedural Analysis Last time Alias analysis Today Interprocedural analysis CS553

Interprocedural Analysis Last time Alias analysis Today Interprocedural analysis CS553 Lecture Interprocedural Analysis 2 Using Alias Information Example: reaching definitions Compute at each point in the program a set of ( s,v

99 views • 9 slides
Two Approaches to Inte terprocedural l Data ta Flow w Analys lysis is Micha Sharir ir

Two Approaches to Inte terprocedural l Data ta Flow w Analys lysis is Micha Sharir ir

Two Approaches to Inte terprocedural l Data ta Flow w Analys lysis is Micha Sharir ir Amir Pnueli li Part Two: The Call String g Approach ch 12.06.2010 Nikolai Knopp 1 Recap cap Functional approach main p if a=0 T

1.54k views • 115 slides
Interprocedural control-flow analysis Nate Nystrom CS 711 6 Sep 05 Call graphs Statically

Interprocedural control-flow analysis Nate Nystrom CS 711 6 Sep 05 Call graphs Statically

Interprocedural control-flow analysis Nate Nystrom CS 711 6 Sep 05 Call graphs Statically compute a precise call graph Maps call sites to functions called Challenge: Methods Higher-order functions Can use precise call

425 views • 19 slides
Interprocedural Analysis and Optimization Mod/Ref Analysis Alias Analysis Constant Propagation

Interprocedural Analysis and Optimization Mod/Ref Analysis Alias Analysis Constant Propagation

Interprocedural Analysis and Optimization Mod/Ref Analysis Alias Analysis Constant Propagation Procedure Inlining and Cloning cs6363 1 Introduction Interprocedural Analysis Gathering information about the whole program instead of a

496 views • 22 slides
Interprocedural Analysis The Problem: match entries with exits proc fib(val z, u; res v) The

Interprocedural Analysis The Problem: match entries with exits proc fib(val z, u; res v) The

Interprocedural Analysis The Problem: match entries with exits proc fib(val z, u; res v) The problem is 1 MVP: Meet over Valid Paths no [ z<3 ] 2 Making context explicit yes [ call

341 views • 7 slides
Interprocedural Analysis with Data-Dependent Calls Circularity dilemma In languages with function

Interprocedural Analysis with Data-Dependent Calls Circularity dilemma In languages with function

Interprocedural Analysis with Data-Dependent Calls Circularity dilemma In languages with function pointers, first-class functions, or Problem: dynamically dispatched messages, callee(s) at call site 1. to compute possible callees, depend on

286 views • 6 slides
Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1 Aliasing What is aliasing? When two expressions denote the same mutable memory location e.g.,

812 views • 19 slides
Towards Dynamic Interprocedural Analysis in JVMs Feng Qian and Laurie Hendren { fqian,hendren }

Towards Dynamic Interprocedural Analysis in JVMs Feng Qian and Laurie Hendren { fqian,hendren }

Towards Dynamic Interprocedural Analysis in JVMs Feng Qian and Laurie Hendren { fqian,hendren } @cs.mcgill.ca. School of Computer Science, McGill University http://www.sable.mcgill.ca VM 2004 p.1/23 Motivation Goal: do interprocedural

476 views • 23 slides
Interprocedural Heap Analysis using Access Graphs and Value Contexts with applications to

Interprocedural Heap Analysis using Access Graphs and Value Contexts with applications to

Interprocedural Heap Analysis using Access Graphs and Value Contexts with applications to liveness-based garbage collection Rohan Padhye under the guidance of Prof. Uday Khedker Department of Computer Science & Engineering Indian

1.58k views • 142 slides
Newtonian Program Analysis: Solving Sharir and Pnuelis Equations Javier Esparza Technische

Newtonian Program Analysis: Solving Sharir and Pnuelis Equations Javier Esparza Technische

Newtonian Program Analysis: Solving Sharir and Pnuelis Equations Javier Esparza Technische Universit at M unchen Joint work with Stefan Kiefer and Michael Luttenberger From programs to equations: Intraprocedural x > 0 x = 0 x x

791 views • 58 slides
Interprocedural Optimisation Seminar Static Program Analysis Barbara D orr Sources :

Interprocedural Optimisation Seminar Static Program Analysis Barbara D orr Sources :

Introduction Simple Optimisations Operational Semantic Functional Approach Related Approaches Summary Interprocedural Optimisation Seminar Static Program Analysis Barbara D orr Sources : Ubersetzerbau - Analyse und Transformation (H.

982 views • 77 slides
Computing Summaries for Interprocedural Analysis Ashish Tiwari Tiwari@csl.sri.com Computer

Computing Summaries for Interprocedural Analysis Ashish Tiwari Tiwari@csl.sri.com Computer

Computing Summaries for Interprocedural Analysis Ashish Tiwari Tiwari@csl.sri.com Computer Science Laboratory SRI International Menlo Park CA 94025 http://www.csl.sri.com/tiwari Joint work with Sumit Gulwani, Microsoft Research

373 views • 23 slides
LibreOffice ON A PERSONAL BASES FBIT Retired LtCol FT (Fekke) Bakker MSc BSc CIPP/e CISSP CISA

LibreOffice ON A PERSONAL BASES FBIT Retired LtCol FT (Fekke) Bakker MSc BSc CIPP/e CISSP CISA

Classification and Signing LibreOffice ON A PERSONAL BASES FBIT Retired LtCol FT (Fekke) Bakker MSc BSc CIPP/e CISSP CISA Sr Innovation Manager 16-10-2017 Agenda 1. The problem 2. About collaboration TSCP (focus F35) The military

621 views • 20 slides
Vector and baryon spectra via holography in an AdS deformed background Miguel Angel Mart

Vector and baryon spectra via holography in an AdS deformed background Miguel Angel Mart

Motivation: AdS and Confinement AdS with quadratic deformations Baryons spectra Mesons Spectra Conclusions and Outlook Vector and baryon spectra via holography in an AdS deformed background Miguel Angel Mart n Contreras With A.

366 views • 23 slides
Modeling the structure and function of proteins and macromolecular assemblies Marc A. Marti-Renom

Modeling the structure and function of proteins and macromolecular assemblies Marc A. Marti-Renom

Modeling the structure and function of proteins and macromolecular assemblies Marc A. Marti-Renom http://bioinfo.cipf.es/sgu/ Structural Genomics Unit Bioinformatics Department Prince Felipe Resarch Center (CIPF), Valencia, Spain Structural

443 views • 12 slides
Metric Aspects of the Moyal Algebra ( with: E. Cagnache, P . Martinetti, J.-C. Wallet J.

Metric Aspects of the Moyal Algebra ( with: E. Cagnache, P . Martinetti, J.-C. Wallet J.

Metric Aspects of the Moyal Algebra ( with: E. Cagnache, P . Martinetti, J.-C. Wallet J. Geom. Phys. 2011 ) Francesco DAndrea Department of Mathematics and Applications, University of Naples Federico II P .le Tecchio 80, Naples, Italy

543 views • 22 slides
Topics on N orlund logarithmic means Nacima Memi c University of Sarajevo, Bosnia and

Topics on N orlund logarithmic means Nacima Memi c University of Sarajevo, Bosnia and

Topics on N orlund logarithmic means Topics on N orlund logarithmic means Nacima Memi c Topics on N orlund logarithmic means Nacima Memi c University of Sarajevo, Bosnia and Herzegovina 28.08.2017 Nacima Memi c (University

299 views • 19 slides
Fluctuations of BPS Wilson loop and AdS 2 /CFT 1 Arkady Tseytlin S. Giombi, R. Roiban, AT

Fluctuations of BPS Wilson loop and AdS 2 /CFT 1 Arkady Tseytlin S. Giombi, R. Roiban, AT

Fluctuations of BPS Wilson loop and AdS 2 /CFT 1 Arkady Tseytlin S. Giombi, R. Roiban, AT arXiv:1706.00756 novel sector of observables in AdS/CFT: gauge-invariant correlators of operators inserted on Wilson loop described by an effective

828 views • 51 slides
Spectral distance: Results for Moyal plane and Noncommutative Torus Jean-Christophe Wallet

Spectral distance: Results for Moyal plane and Noncommutative Torus Jean-Christophe Wallet

Spectral distance: Results for Moyal plane and Noncommutative Torus Jean-Christophe Wallet Laboratoire de Physique Th eorique, CNRS, Universit e Paris-Sud 11 * coll. with: E. Cagnache, F. dAndrea, E. Jolibois, P. Martinetti Workshop

917 views • 67 slides
Techniques from harmonic analysis and asymptotic results in probability theory Pierre-Loc

Techniques from harmonic analysis and asymptotic results in probability theory Pierre-Loc

Techniques from harmonic analysis and asymptotic results in probability theory Pierre-Loc Mliot 2018, July 3rd University Paris-Sud (Orsay) Objective: present some mathematical tools combinatorics, arithmetics, random matrix theory, etc. ),

500 views • 32 slides

More recommend