lecture 1 introduction to program analysis
play

Lecture 1: Introduction to Program Analysis 17-355/17-655/17-819: - PowerPoint PPT Presentation

Jul 30, 2023 •286 likes •788 views

Lecture 1: Introduction to Program Analysis 17-355/17-655/17-819: Program Analysis Claire Le Goues January 14, 2020 * Course materials developed with Jonathan Aldrich (c) 2020 C. Le Goues 1 Learning objectives Provide a high level

  1. Lecture 1: Introduction to Program Analysis 17-355/17-655/17-819: Program Analysis Claire Le Goues January 14, 2020 * Course materials developed with Jonathan Aldrich (c) 2020 C. Le Goues 1

  2. Learning objectives • Provide a high level definition of program analysis and give examples of why it is useful. • Sketch the explanation for why all analyses must approximate. • Understand the course mechanics, and be motivated to read the syllabus. • Describe the function of an AST and outline the principles behind AST walkers for simple bug-finding analyses. • Recognize the basic WHILE demonstration language and translate between WHILE and While3Addr. (c) 2020 C. Le Goues 2

  3. What is this course about? • Program analysis is the systematic examination of a program to determine its properties. • From 30,000 feet, this requires: o Precise program representations o Tractable, systematic ways to reason over those representations. • We will learn: o How to unambiguously define the meaning of a program, and a programming language. o How to prove theorems about the behavior of particular programs. o How to use, build, and extend tools that do the above, automatically. (c) 2020 C. Le Goues 3

  4. Why might you care? • Program analysis, and the skills that underlie it, have implications for: o Automatic bug finding. o Language design and implementation. o Program synthesis. o Program transformation (refactoring, optimization, repair). (c) 2020 C. Le Goues 4

  5. (c) 2020 C. Le Goues 5

  6. (c) 2020 C. Le Goues 6

  7. https://github.com/marketplace?category=code-quality 7 (c) 2020 C. Le Goues

  8. 8 (c) 2020 C. Le Goues

  9. (c) 2020 C. Le Goues 9

  10. IS THERE A BUG IN THIS CODE? (c) 2020 C. Le Goues 10

  11. 1. /* from Linux 2.3.99 drivers/block/raid5.c */ 2. static struct buffer_head * 3. get_free_buffer( struct stripe_head * sh, 4. int b_size) { 5. struct buffer_head *bh; ERROR: function returns with 6. unsigned long flags; interrupts disabled! 7. save_flags(flags); 8. cli(); // disables interrupts 9. if ((bh = sh->buffer_pool) == NULL) 10. return NULL; 11. sh->buffer_pool = bh -> b_next; 12. bh->b_size = b_size; 13. restore_flags(flags); // re-enables interrupts Example from Engler et al., Checking system rules Using 14. return bh; System-Specific, Programmer-Written Compiler Extensions , OSDI ‘000 15.} (c) 2020 C. Le Goues 11

  12. 1. sm check_interrupts { 2. // variables; used in patterns 3. decl { unsigned } flags; 4. // patterns specify enable/disable functions enable è err(double enable) 5. pat enable = { sti() ; } 6. | { restore_flags(flags); } ; is_enabled 7. pat disable = { cli() ; } 8. //states; first state is initial disable enable 9. is_enabled : disable è is_disabled disable è err(double disable) | enable è { err(“double enable”); } 10. 11.; 12. is_disabled : enable è is_enabled is_disabled | disable è { err(“double disable”); } 13. 14.//special pattern that matches when 15.// end of path is reached in this state end path è err(exiting with inter disabled) | $end_of_path$ è Example from Engler et al., Checking system rules Using 16. System-Specific, Programmer-Written Compiler Extensions , OSDI ‘000 17. { err(“exiting with inter disabled!”); } 18.; (c) 2020 C. Le Goues 12 19.}

  13. 1. /* from Linux 2.3.99 drivers/block/raid5.c */ 2. static struct buffer_head * 3. get_free_buffer( struct stripe_head * sh, 4. int b_size) { 5. struct buffer_head *bh; Initial state: is_enabled 6. unsigned long flags; 7. save_flags(flags); 8. cli(); // disables interrupts 9. if ((bh = sh->buffer_pool) == NULL) 10. return NULL; 11. sh->buffer_pool = bh -> b_next; 12. bh->b_size = b_size; 13. restore_flags(flags); // re-enables interrupts Example from Engler et al., Checking system rules Using 14. return bh; System-Specific, Programmer-Written Compiler Extensions , OSDI ‘000 15.} (c) 2020 C. Le Goues 13

  14. 1. /* from Linux 2.3.99 drivers/block/raid5.c */ 2. static struct buffer_head * 3. get_free_buffer( struct stripe_head * sh, 4. int b_size) { 5. struct buffer_head *bh; Transition to: is_disabled 6. unsigned long flags; 7. save_flags(flags); 8. cli(); // disables interrupts 9. if ((bh = sh->buffer_pool) == NULL) 10. return NULL; 11. sh->buffer_pool = bh -> b_next; 12. bh->b_size = b_size; 13. restore_flags(flags); // re-enables interrupts Example from Engler et al., Checking system rules Using 14. return bh; System-Specific, Programmer-Written Compiler Extensions , OSDI ‘000 15.} (c) 2020 C. Le Goues 14

  15. 1. /* from Linux 2.3.99 drivers/block/raid5.c */ 2. static struct buffer_head * 3. get_free_buffer( struct stripe_head * sh, 4. int b_size) { 5. struct buffer_head *bh; Final state: is_disabled 6. unsigned long flags; 7. save_flags(flags); 8. cli(); // disables interrupts 9. if ((bh = sh->buffer_pool) == NULL) 10. return NULL; 11. sh->buffer_pool = bh -> b_next; 12. bh->b_size = b_size; 13. restore_flags(flags); // re-enables interrupts Example from Engler et al., Checking system rules Using 14. return bh; System-Specific, Programmer-Written Compiler Extensions , OSDI ‘000 15.} (c) 2020 C. Le Goues 15

  16. 1. /* from Linux 2.3.99 drivers/block/raid5.c */ 2. static struct buffer_head * 3. get_free_buffer( struct stripe_head * sh, 4. int b_size) { 5. struct buffer_head *bh; 6. unsigned long flags; Transition to: is_enabled 7. save_flags(flags); 8. cli(); // disables interrupts 9. if ((bh = sh->buffer_pool) == NULL) 10. return NULL; 11. sh->buffer_pool = bh -> b_next; 12. bh->b_size = b_size; 13. restore_flags(flags); // re-enables interrupts Example from Engler et al., Checking system rules Using 14. return bh; System-Specific, Programmer-Written Compiler Extensions , OSDI ‘000 15.} (c) 2020 C. Le Goues 16

  17. 1. /* from Linux 2.3.99 drivers/block/raid5.c */ 2. static struct buffer_head * 3. get_free_buffer( struct stripe_head * sh, 4. int b_size) { 5. struct buffer_head *bh; 6. unsigned long flags; 7. save_flags(flags); 8. cli(); // disables interrupts Final state: is_enabled 9. if ((bh = sh->buffer_pool) == NULL) 10. return NULL; 11. sh->buffer_pool = bh -> b_next; 12. bh->b_size = b_size; 13. restore_flags(flags); // re-enables interrupts Example from Engler et al., Checking system rules Using 14. return bh; System-Specific, Programmer-Written Compiler Extensions , OSDI ‘000 15.} (c) 2020 C. Le Goues 17

  18. Behavior of interest… • Is on uncommon execution paths. o Hard to exercise when testing. • Executing (or analyzing) all paths is infeasible • Instead: (abstractly) check the entire possible state space of the program. (c) 2020 C. Le Goues 18

  19. What is this course about? • Program analysis is the systematic examination of a program to determine its properties . • From 30,000 feet, this requires: o Precise program representations o Tractable, systematic ways to reason over those representations. • We will learn: o How to unambiguously define the meaning of a program, and a programming language. o How to prove theorems about the behavior of particular programs. o How to use, build, and extend tools that do the above, automatically. (c) 2020 C. Le Goues 19

  20. The Bad News: Rice's Theorem "Any nontrivial property about the language recognized by a Turing machine is undecidable. “ Henry Gordon Rice, 1953 (c) 2020 C. Le Goues 20

  21. Proof by contradiction (sketch) Assume that you have a function that can determine if a program p has some nontrivial property (like divides_by_zero ): 1. int silly(program p, input i) { 2. p(i); 3. return 5/0; 4. } 5. bool halts(program p, input i) { 6. return divides_by_zero(`silly(p,i)`); 7. } (c) 2020 C. Le Goues 21

  22. Error exists No error exists Error Reported True positive False positive (correct analysis result) No Error Reported False negative True negative (correct analysis result) Sound Analysis: reports all defects -> no false negatives typically overapproximated Complete Analysis: every reported defect is an actual defect -> no false positives typically underapproximated (c) 2020 C. Le Goues 22

  23. Sound Analysis Unsound and All Defects Incomplete Analysis Complete Analysis (c) 2020 C. Le Goues 23

  24. https://yanniss.github.io/Soundiness-CACM.pdf 24 (c) 2020 C. Le Goues

  25. What is this course about? • Program analysis is the systematic examination of a program to determine its properties . • From 30,000 feet, this requires: o Precise program representations o Tractable, systematic ways to reason over those representations. • We will learn: o How to unambiguously define the meaning of a program, and a programming language. o How to prove theorems about the behavior of particular programs. o How to use, build, and extend tools that do the above, automatically. (c) 2020 C. Le Goues 25

  26. What is this course about? • Program analysis is the systematic examination of a program to determine its properties . • Principal techniques: o Dynamic: Testing: Direct execution of code on test data in a controlled environment. § Analysis: Tools extracting data from test runs. § o Static: Inspection: Human evaluation of code, design documents (specs and models), § modifications. Analysis: Tools reasoning about the program without executing it. § o …and their combination. (c) 2020 C. Le Goues 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EDA045F: Program Analysis LECTURE 2: DATAFLOW ANALYSIS 1 Christoph Reichenbach In the last

EDA045F: Program Analysis LECTURE 2: DATAFLOW ANALYSIS 1 Christoph Reichenbach In the last

EDA045F: Program Analysis LECTURE 2: DATAFLOW ANALYSIS 1 Christoph Reichenbach In the last lecture. . . Uses of Program Analysis Static vs. Dynamic Program Analysis Soundness, Precision, Termination Abstraction and Simplification

4.44k views • 52 slides
Program analysis INF4140 - Models of concurrency Program Analysis, lecture 5 Hsten 2015 28.

Program analysis INF4140 - Models of concurrency Program Analysis, lecture 5 Hsten 2015 28.

Program analysis INF4140 - Models of concurrency Program Analysis, lecture 5 Hsten 2015 28. 9. 2016 2 / 43 Program correctness Is my program correct? Central question for this and the next lecture. Does a given program behave as intended?

880 views • 43 slides
EDA045F: Program Analysis LECTURE 8: DYNAMIC ANALYSIS 1 Christoph Reichenbach In the last

EDA045F: Program Analysis LECTURE 8: DYNAMIC ANALYSIS 1 Christoph Reichenbach In the last

EDA045F: Program Analysis LECTURE 8: DYNAMIC ANALYSIS 1 Christoph Reichenbach In the last lecture. . . More Points-to Analysis Memory Errors 2 / 44 Challenges to Static Analysis Static analysis is far from solved Very active

574 views • 42 slides
EDA045F: Program Analysis LECTURE 6: DATALOG Christoph Reichenbach In the last lecture. . .

EDA045F: Program Analysis LECTURE 6: DATALOG Christoph Reichenbach In the last lecture. . .

EDA045F: Program Analysis LECTURE 6: DATALOG Christoph Reichenbach In the last lecture. . . Pointer Analysis Points-To Analysis Alias Analysis Concrete Heap Graphs Abstract Heap Graphs Access Paths Heap Summarisation

822 views • 53 slides
Linear Structural Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Finite

Linear Structural Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Finite

Week 9 - Lecture Linear Structural Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Finite Element Analysis (FEA) Overview FEA Parameters FEA Best Practices FEA Software Introduction Linear Structure Analysis

2.43k views • 54 slides
Lecture Outline 1. The lecturer DD2457 Program 2. Introduction to semantics 3. Course syllabus

Lecture Outline 1. The lecturer DD2457 Program 2. Introduction to semantics 3. Course syllabus

Lecture Outline 1. The lecturer DD2457 Program 2. Introduction to semantics 3. Course syllabus Semantics and Analysis 4. Course objectives Introductory Lecture 5. Course organization Lecturer What is semantics ? Dilian Gurov

535 views • 4 slides
Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda

Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda

Be a Binary Rockst r An Introduction to Program Analysis with Binary Ninja Agenda Motivation Current State of Program Analysis Design Goals of Binja Program Analysis Building Tools 2 Motivation 3 Tooling - Concrete ->

963 views • 77 slides
CS 126 Lecture P4: An Example Program Outline Introduction Program - Data structures -

CS 126 Lecture P4: An Example Program Outline Introduction Program - Data structures -

CS 126 Lecture P4: An Example Program Outline Introduction Program - Data structures - Code Conclusions CS126 5-1 Randy Wang Goals Gain insight of how to put together a large program Learn how to read a large

430 views • 24 slides
Introduction to Program Analysis Uday Khedker (www.cse.iitb.ac.in/uday) Department of Computer

Introduction to Program Analysis Uday Khedker (www.cse.iitb.ac.in/uday) Department of Computer

Introduction to Program Analysis Uday Khedker (www.cse.iitb.ac.in/uday) Department of Computer Science and Engineering, Indian Institute of Technology, Bombay Dec 2017 WSSE Pune Intro to PA: Outline 1/1 Introduction to Program Analysis:

1.3k views • 107 slides
CFD Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Team Project 2 Discussion

CFD Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Team Project 2 Discussion

Week 14 - Lecture CFD Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Team Project 2 Discussion Simulation Drivers CFD Overview CFD Use Cases and Examples Common Requirements for CFD Introduction to

917 views • 27 slides
CEE 772: Instrumental Methods in Environmental Analysis Lecture #1 Introduction: Course

CEE 772: Instrumental Methods in Environmental Analysis Lecture #1 Introduction: Course

CEE 772 Lecture #1 8/31/2014 Print version CEE 772: Instrumental Methods in Environmental Analysis Lecture #1 Introduction: Course Administration and Analytical Review (Skoog, Chapt. 1A-1D) (Harris, Chapt. 0) (pp.1-11) (pp.xvi-12)

368 views • 8 slides
CS453 INTRODUCTION TO DATAFLOW ANALYSIS CS453 Lecture Register allocation using liveness

CS453 INTRODUCTION TO DATAFLOW ANALYSIS CS453 Lecture Register allocation using liveness

CS453 INTRODUCTION TO DATAFLOW ANALYSIS CS453 Lecture Register allocation using liveness analysis 1 Introduction to Data-flow analysis Last Time Register allocation for expression trees and local and param vars Today Register

412 views • 19 slides
Introduction This lecture we will revisit the hello world program CEG2400 - Microcomputer

Introduction This lecture we will revisit the hello world program CEG2400 - Microcomputer

28-Feb-07 28-Feb-07 (1) 28-Feb-07 (2) Introduction This lecture we will revisit the hello world program CEG2400 - Microcomputer Main difference is that we will develop an Systems interrupt driven version Entire program (linked

272 views • 5 slides
Analysis and Optimizations Program Analysis P3 / 2006 Discovers properties of a program

Analysis and Optimizations Program Analysis P3 / 2006 Discovers properties of a program

Analysis and Optimizations Program Analysis P3 / 2006 Discovers properties of a program Optimizations Using Program Analysis Use analysis results to transform program for Optimization Goal: improve some aspect of program

232 views • 12 slides
Lecture 8 Aircraft Mission Text: Constraints analysis Introduction Concept of Constraints

Lecture 8 Aircraft Mission Text: Constraints analysis Introduction Concept of Constraints

Aircraft Mission Lecture 8 Aircraft Mission Text: Constraints analysis Introduction Concept of Constraints Motori Aeronautici Mathematical model Mar. 22, 2016 Aerodynamic Polar Throttle Lapse Flight phases Mission analysis Introduction

672 views • 46 slides
Lecture 14: Discriminant Analysis CS109A Introduction to Data Science Pavlos Protopapas and Kevin

Lecture 14: Discriminant Analysis CS109A Introduction to Data Science Pavlos Protopapas and Kevin

Lecture 14: Discriminant Analysis CS109A Introduction to Data Science Pavlos Protopapas and Kevin Rader Lecture Outline Discriminant Analysis LDA for one predictor LDA for p > 1 QDA Comparison of Classification Methods (so

731 views • 38 slides
The Foundations: Logic and Proofs Chapter 1, Part III: Proofs Summary Valid Arguments and Rules

The Foundations: Logic and Proofs Chapter 1, Part III: Proofs Summary Valid Arguments and Rules

The Foundations: Logic and Proofs Chapter 1, Part III: Proofs Summary Valid Arguments and Rules of Inference Proof Methods Proof Strategies Rules of Inference Section 1.6 Section Summary Valid Arguments Inference Rules for Propositional

1.05k views • 78 slides
3.064 - Polymer Engineering Time & Place (Fall Term 2007): MWF12, 2-135. Instructor: Prof.

3.064 - Polymer Engineering Time & Place (Fall Term 2007): MWF12, 2-135. Instructor: Prof.

3.064 home page http://web.mit.edu/course/3/3.064/www/ 3.064 - Polymer Engineering Time & Place (Fall Term 2007): MWF12, 2-135. Instructor: Prof. David Roylance, room 6-202, phone 3-3309), email roylance@mit.edu. Office hours: MWF 1-3 pm, TTh

347 views • 7 slides
Virtual Cinematography Theory and Practice for Automatic Real-Time Camera Control and

Virtual Cinematography Theory and Practice for Automatic Real-Time Camera Control and

Virtual Cinematography Theory and Practice for Automatic Real-Time Camera Control and Directing Liwei He Microsoft Research http://research.microsoft.com/users/lhe Motivation There are 3 elements in computer graphics lights, scene

1.35k views • 94 slides
Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago

Quantum algorithms for the subset-sum problem D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven cr.yp.to/qsubsetsum.html Joint work with: Stacey Jeffery University of Waterloo Tanja Lange Technische

1.2k views • 98 slides
Using technology to reduce social isolation: research on dementia and social isolation Professor

Using technology to reduce social isolation: research on dementia and social isolation Professor

Using technology to reduce social isolation: research on dementia and social isolation Professor Josie Tetley Dr Emma-Reetta Koivunen Ageing and Long Term Conditions Group Faculty of Health, Psychology & Social Care Manchester

338 views • 19 slides
Near Neighbor Search in High Dimensional Data (1) Motivation Distance Measures Shingling

Near Neighbor Search in High Dimensional Data (1) Motivation Distance Measures Shingling

Near Neighbor Search in High Dimensional Data (1) Motivation Distance Measures Shingling Min-Hashing Anand Rajaraman Tycho Brahe Johannes Kepler and Isaac Newton The Classical Model F = ma Theory Applications Data Fraud Detection

851 views • 66 slides
1 Implicit Classification Function Efficient Indexing Although it is not necessary to

1 Implicit Classification Function Efficient Indexing Although it is not necessary to

Instance-Based Learning Unlike other learning algorithms, does not involve construction of an explicit abstract generalization but classifies new instances based on direct comparison and similarity to known training instances. CS 391L:

289 views • 3 slides
Graph-based Proximity Measures Nagiza F. Samatova William Hendrix John Jenkins Kanchana

Graph-based Proximity Measures Nagiza F. Samatova William Hendrix John Jenkins Kanchana

Practical Graph Mining with R Graph-based Proximity Measures Nagiza F. Samatova William Hendrix John Jenkins Kanchana Padmanabhan Arpan Chakraborty Department of Computer Science North Carolina State University Outline Defining

742 views • 53 slides

More recommend