Control-Flow Analysis
|
|
- Meryl Pierce
- 7 years ago
- Views:
Transcription
1 Control-Flow Analysis CS5r Spring Includes (a lot of) material from slides for Principles of Program Analysis by Nielson, Nielson, and Hankin
2 Outline What s the problem? -CFA Uniform k-cfa The k-cfa paradox Stephen Chong, Harvard University
3 What is control-flow analysis? Data-flow analysis relied on a control-flow graph How do we construct CFG? For intra-procedural analysis, relatively straightforward Identify basic blocks, control-flow structures We will not delve into this For inter-procedural analysis If functions/procedures are not first-class, relatively simple For languages with dynamic dispatch, it s harder Dynamic dispatch: which procedure/function gets invoked depends on runtime values Functional languages, OO, imperative languages with procedures as parameters,... Stephen Chong, Harvard University 3
4 CFA in higher-order languages We ll mostly focus today on control-flow analysis of functional languages For each function application, which functions may be applied? E.g. let f = fn x => x ; g = fn y => y+; h = fn z => z+3 in ( f g ) + ( f h ) Stephen Chong, Harvard University 4
5 Syntax of language e Exp expressions (or labelled terms) t Term terms (or unlabelled expressions) f, x Var variables c Const constants op Op binary operators Lab labels e ::= t t ::= c x fn x => e fun f x => e e e if e then e else e let x = e in e e op e Stephen Chong, Harvard University 5
6 Examples ((fn x => x ) (fn y => y 3 ) 4 ) 5 (let f = (fn x => (x ) 3 ) 4 ; in (let g = (fn y => y 5 ) 6 ; in (let h = (fn z => z 7 ) 8 in ((f 9 g ) + (f h 3 ) 4 ) 5 ) 6 ) 7 ) 8 (let g = (fun f x => (f (fn y => y ) 3 ) 4 ) 5 in (g 6 (fn z => z 7 ) 8 ) 9 ) Stephen Chong, Harvard University 6
7 -CFA -CFA is an context-insensitive CFA. Result of a -CFA analysis is pair (Ĉ, ^ρ) Ĉ is an abstract cache ^ρ is an abstract environment Actually, just functions v Val = P(Term) abstract values ρ Env = Var Val abstract environments Notes: C Cache = Lab Val abstract caches Could combine these into one entity: (Var Lab) ^Val Could also require A-normal form, where all subterms are appropriately labeled by variables Stephen Chong, Harvard University 7
8 Example ((fn x => x ) (fn y => y 3 ) 4 ) x y ( C e, ρ e ) ( C e, ρ e) ( C e, ρ {fn y => y 3 } {fn x => x } {fn y => y 3 } {fn y => y 3 } {fn y => y 3 } {fn x => x } {fn y => y 3 } {fn y => y 3 } {fn y => y 3 } e ) {fn x => x, fn y => y 3 } {fn x => x, fn y => y 3 } {fn x => x, fn y => y 3 } {fn x => x, fn y => y 3 } {fn x => x, fn y => y 3 } {fn x => x, fn y => y 3 } {fn x => x, fn y => y 3 } Stephen Chong, Harvard University Acceptable Not acceptable Acceptable but less precise 8
9 Abstract specification What does it mean for (Ĉ, ^ρ) to be acceptable? Define relation indicating when (Ĉ, ^ρ) is acceptable -CFA of expression e ( C, ρ) = e = :( Cache Env Exp) {true, false} Stephen Chong, Harvard University 9
10 Abstract specification ( C, ρ) = c always ( C, ρ) = x iff ρ(x) C() ( C, ρ) = (let x = t in t iff ( C, ρ) = t ( C, ρ) = t C( ) ρ(x) C( ) C() ) Stephen Chong, Harvard University
11 Abstract specification ( C, ρ) = (if t then t else t iff ( C, ρ) = t ( C, ρ) = t ( C, ρ) = t C( ) C() C( ) C() ) ( C, ρ) = (t op t iff ( C, ρ) = t ( C, ρ) = t ) Stephen Chong, Harvard University
12 Abstract specification ( C, ρ) = (fn x => t ) iff {fn x => t } C() ( C, ρ) = (t t ) iff ( C, ρ) = t ( C, ρ) = t ( ( fn x => t ) C( ): ( C, ρ) = t C( ) ρ(x) C( ) C()) Stephen Chong, Harvard University
13 Abstract specification ( C, ρ) = (fun f x => e ) iff {fun f x => e } C() ( C, ρ) = (t t ) iff ( C, ρ) = t ( C, ρ) = t ( ( fn x => t ) C( ): ( C, ρ) = t C( ) ρ(x) C( ) C()) ( ( fun f x => t ) C( ): ( C, ρ) = t C( ) ρ(x) C( ) C() {fun f x => t } ρ(f) ) Stephen Chong, Harvard University 3
14 What s acceptable ((fn x => x ) (fn y => y 3 ) 4 ) x y ( C e, ρ e ) ( C e, ρ e) {fn y => y 3 } {fn x => x } {fn y => y 3 } {fn y => y 3 } {fn y => y 3 } {fn y => y 3 } {fn x => x } {fn y => y 3 } {fn y => y 3 } ( C e, ρ e ) = ((fn x => x ) (fn y => y 3 ) 4 ) 5 ( C e, ρ e) = ((fn x => x ) (fn y => y 3 ) 4 ) 5 Stephen Chong, Harvard University 4
15 Abstract specification Note that we can t define by structural induction on expressions ( C, ρ) = (t t ) iff ( C, ρ) = t ( C, ρ) = t ( ( fn x => t ) C( ): ( C, ρ) = t C( ) ρ(x) C( ) C()) ( ( fun f x => t ) C( ): ( C, ρ) = t C( ) ρ(x) C( ) C() {fun f x => t } ρ(f) ) Instead, define coinductively Want the greatest fixed point that satisfies equations for Note: not an algorithm for solving, but a specification Stephen Chong, Harvard University 5
16 Semantic correctness Also need to show that acceptability of analysis results implies semantic correctness That is, ^C and ^p accurately describe the concrete execution. Like a type-soundness statement Stephen Chong, Harvard University 6
17 Syntax-directed -CFA Another formulation of -CFA that approximates the abstract specification i.e., Define s such that if (Ĉ, ^ρ) s e then (Ĉ, ^ρ) e Stephen Chong, Harvard University 7
18 Syntax-directed -CFA ( C, ρ) = s c always ( C, ρ) = s x iff ρ(x) C() ( C, ρ) = s (if t then t else t iff ( C, ρ) = s t ( C, ρ) = s t ( C, ρ) = s t C( ) C() C( ) C() ) ( C, ρ) = s (let x = t in t iff ( C, ρ) = s t ( C, ρ) = s t C( ) ρ(x) C( ) C() ) ( C, ρ) = s (t op t ) iff ( C, ρ) = s t ( C, ρ) = s t Stephen Chong, Harvard University 8
19 Syntax-directed -CFA ( C, ρ) = s (fn x => e ) iff {fn x => e } C() ( C, ρ) = s e ( C, ρ) = s (fun f x => e ) iff ( C, ρ) = s (t {fun f x => e } C() ( C, ρ) = s e {fun f x => e } ρ(f) t ) iff ( C, ρ) = s t ( C, ρ) = s t ( (fn x => t ) C( ): C( ) ρ(x) C( ) C() Note: may check some function bodies that aren t reachable, in return for enabling induction on syntax ( (fun f x => t ) C( ): C( ) ρ(x) C( ) C() ) ) Stephen Chong, Harvard University 9
20 Syntax-directed -CFA For any expression e, there is a least (Ĉ, ^ρ) such that (Ĉ, ^ρ) s e Can turn this syntax-directed -CFA specification into an equivalent algorithm that generates a set of constraints Least solution to set of constraints is least solution to syntax-directed -CFA Stephen Chong, Harvard University
21 Constraint-based -CFA C [[e ]] is a set of constraints of the form lhs rhs {t} rhs lhs rhs where rhs ::= C() r(x) lhs ::= C() r(x) {t} and all occurrences of t are of the form fn x => e or fun f x => e Stephen Chong, Harvard University
22 Constraint-based -CFA C [[c ]] = C [[x ]] = { r(x) C() } C [[(if t then t else t ) ]] = C [[t ]] C [[t ]] C [[t ]] { C( ) C() } { C( ) C() } C [[(let x = t in t ) ]] = C [[t ]] C [[t ]] { C( ) r(x) } { C( ) C() } C [[(t op t ) ]] = C [[t ]] C [[t ]] Stephen Chong, Harvard University
23 Constraint-based -CFA C [[(fn x => e ) ]] = { {fn x => e } C() } C [[e ]] C [[(fun f x => e ) ]] = { {fun f x => e } C() } C [[e ]] { {fun f x => e } r(f) } C [[(t t ) ]] = C [[t ]] C [[t ]] { {t} C( ) C( ) r(x) t =(fn x => t ) Term } { {t} C( ) C( ) C() t =(fn x => t ) Term } { {t} C( ) C( ) r(x) t =(fun f x => t ) Term } { {t} C( ) C( ) C() t =(fun f x => t ) Term } Stephen Chong, Harvard University 3
24 Example C [[((fn x => x ) (fn y => y 3 ) 4 ) 5 ]] = {{fn x => x } C(), r(x) C(), {fn y => y 3 } C(4), r(y) C(3), {fn x => x } C() C(4) r(x), {fn x => x } C() C() C(5), {fn y => y 3 } C() C(4) r(y), {fn y => y 3 } C() C(3) C(5) } Stephen Chong, Harvard University 4
25 Correctness Translating syntactic entities to sets of terms: ( C, ρ)[[c()]] = C() ( C, ρ)[[r(x)]] = ρ(x) ( C, ρ)[[{t}]] = {t} Satisfaction relation for constraints: ( C, ρ) = c (lhs rhs) ( C, ρ) = c (lhs rhs) iff ( C, ρ)[[lhs]] ( C, ρ)[[rhs]] ( C, ρ) = c ({t} rhs lhs rhs) iff ({t} ( C, ρ)[[rhs ]] ( C, ρ)[[lhs]] ( C, ρ)[[rhs]]) ({t} ( C, ρ)[[rhs ]]) Proposition: ( C, ρ) = s e if and only if ( C, ρ) = c C [[e ]]. Stephen Chong, Harvard University 5
26 Adding data-flow analysis Current domain equations Actually, just functions v Val = P(Term) abstract values ρ Env = Var Val abstract environments C Cache = Lab Val abstract caches Idea: extend abstract values to include other things than just functions E.g., let Data be set of abstract data values e.g., {tt, ff, -,, +} v Val d = P(Term Data) abstract values Stephen Chong, Harvard University 6
27 Abstract data values For each constant c, need abstract data value d c For each operator op need abstract operator op : Data Data P(Data) Data sign = {tt, ff, -,, +} d true =tt d 7 = + + is defined from d + tt ff - + tt ff - {-} {-} {-,, +} {-} {} {+} + {-,, +} {+} {+} Stephen Chong, Harvard University 7
28 Data-flow and control-flow spec ( C, ρ) = d c iff {d c } C() ( C, ρ) = d x iff ρ(x) C() ( C, ρ) = d (if t then t else t iff ( C, ρ) = d t Is flow sensitive: can determine whether true or false branches can be taken ) (d true C( ) ( ( C, ρ) = d t C( ) C())) (d false C( ) ( ( C, ρ) = d t C( ) C())) ( C, ρ) = d (let x = t in t iff ( C, ρ) = d t ( C, ρ) = d t C( ) ρ(x) C( ) C() ( C, ρ) = d (t op t ) ) iff ( C, ρ) = d t ( C, ρ) = d t C( ) op C( ) C() Stephen Chong, Harvard University 8
29 Arbitrary lattices ^Val = P(Term Data) = P(Term) P(Data) Could also use an arbitrary lattice ^Val = P(Term Data) = P(Term) L Stephen Chong, Harvard University 9
30 Adding contexts -CFA is a context-insensitive (or mono-variant) analysis Does not distinguish various instances of program variables and program points from each other Context-sensitive (or poly-variant) analysis does distingtuish Stephen Chong, Harvard University 3
31 Uniform k-cfa v Val = P(Term) abstract values ρ Env = Var Val abstract environments C Cache = Lab Val abstract caches Idea: extend ^Val to include context information Contexts δ will record last k dynamic call-sites δ = Lab k context information Definition point of free variables of terms ce CEnv = Var context environments v Val = P(Term CEnv) abstract values ρ Env = (Var ) Val abstract environments Called uniform because both environment and cache use same precision Stephen Chong, Harvard University C Cache = (Lab ) Val abstract caches 3
32 Acceptability relation ( C, ρ) = ce δ e ce is current context environment i.e., for free variables of e, in which context were they bound? Changes as variables are bound δ is current context Changes as functions are applied Stephen Chong, Harvard University 3
33 Acceptability relation ( C, ρ) = ce δ c always ( C, ρ) = ce δ x iff ρ(x, ce(x) ) C(, δ) ( C, ρ) = ce δ (if t then t else t ) iff ( C, ρ) = ce δ t ( C, ρ) = ce δ t ( C, ρ) = ce C(, δ) C(, δ) C(, δ) C(, δ) δ t ( C, ρ) = ce δ (let x = t in t ) iff ( C, ρ) = ce δ t ( C, ρ) = ce δ t C(, δ) ρ(x, δ) C(, δ) C(, δ) where ce = ce[x δ] ( C, ρ) = ce δ (t op t ) iff ( C, ρ) = ce δ t ( C, ρ) = ce δ t Stephen Chong, Harvard University 33
34 Acceptability relation ( C, ρ) = ce δ (fn x => e ) iff {(fn x => e, ce )} C(, δ) ( C, ρ) = ce δ (fun f x => e ) iff {(fun f x => e, ce )} C(, δ) ( C, ρ) = ce δ (t iff t ) ( C, ρ) = ce δ t ( C, ρ) = ce δ t ( (fn x => t, ce ) C(, δ) : ( C, ρ) = ce δ t C(, δ) ρ(x, δ ) C(, δ ) C(, δ) where δ = δ, k and ce = ce [x δ ]) ( (fun f x => t, ce ) C(, δ) : ( C, ρ) = ce δ t C(, δ) ρ(x, δ ) C(, δ ) C(, δ) {(fun f x => t, ce )} ρ(f,δ ) where δ = δ, k and ce = ce [f δ,x δ ]) Stephen Chong, Harvard University 34
35 Example (let f = (fn x => x ) in ((f 3 f 4 ) 5 (fn y => y 6 ) 7 ) 8 ) 9 Contexts of interest for uniform -CFA Λ: the initial context 5: the context when the application point labelled 5 has been passed 8: the context when the application point labelled 8 has been passed Context environments of interest for uniform -CFA ce = [ ] ce = ce [f Λ] ce = ce [x 5] ce 3 = ce [x 8] the initial (empty) context environment the context environment for the analysis of the body of the let-construct the context environment used for the analysis of the body of f initiated at the application point 5 the context environment used for the analysis of the body of f initiated at the application point 8. Stephen Chong, Harvard University 35
36 Example C id (, 5) = {(fn x => x,ce )} C id (, 8) = {(fn y => y 6,ce )} C id (, Λ) ={(fn x => x,ce )} C id (3, Λ) ={(fn x => x,ce )} C id (4, Λ) ={(fn x => x,ce )} C id (5, Λ) ={(fn x => x,ce )} C id (7, Λ) ={(fn y => y 6,ce )} C id (8, Λ) ={(fn y => y 6,ce )} C id (9, Λ) ={(fn y => y 6,ce )} ρ id (f, Λ) ={(fn x => x,ce )} ρ id (x, 5) = {(fn x => x,ce )} ρ id (x, 8) = {(fn y => y 6,ce )} This is an acceptable analysis result: ( C id, ρ id ) = ce Λ (let f = (fn x => x ) in ((f 3 f 4 ) 5 (fn y => y 6 ) 7 ) 8 ) 9 Stephen Chong, Harvard University 36
37 Complexity δ = Lab k context information ce CEnv = Var context environments v Val = P(Term CEnv) abstract values ρ Env = (Var ) Val abstract environments C Cache = (Lab ) Val abstract caches k-cfa has worst-case exponential complexity in size of program Size n program, p variables Δ has O(n) elements Size of CEnv is O(n p ) ^Val is powerset of pairs (t, ce), and there are O(n n p ) pairs, so Val has height O(n n p ) p = O(n) -CFA has worst-case polynomial complexity Stephen Chong, Harvard University 37
38 Variations on k-cfa Uniform k-cfa ce CEnv = Var context environments v Val = P(Term CEnv) abstract values ρ Env = (Var ) Val abstract environments C Cache = (Lab ) Val abstract caches k-cfa C Cache = (Lab CEnv) Val abstract caches Polynomial k-cfa v Val = P(Term ) abstract values Stephen Chong, Harvard University 38
39 k-cfa Paradox [Might, Smaragdakis, van Horn, PLDI ] k-cfa is exponential for k But k-cfa is like using context of k most recent call-sites Polynomial for OO languages Doop implemented in Datalog, which only allows polynomial time alogrithms OO has dynamic dispatch What gives? Stephen Chong, Harvard University 39
40 Wait, which k-cfa? In OO world, translate k-cfa to k-call-site sensitive interprocedural pointer analysis with a k-context-sensitive heap and onthe-fly call-graph construction i.e., data flow (points-to relation) and call-graph dependent on each other Is it the same analysis? Yes. And paradox still holds. Stephen Chong, Harvard University 4
41 Paradox resolved In functional languages, closures are created incrementally Each variable in a closure could be bound in a different context Source of exponentiallity In OO languages, closures created explicitly by invoking constructor Variables are copied, and so effectively all variables bound in same context CEnv = Δ instead of Var Δ δ = Lab k context information ce CEnv = Var context environments v Val = P(Term CEnv) abstract values ρ Env = (Var ) Val abstract environments C Cache = (Lab ) Val abstract caches Stephen Chong, Harvard University 4
42 Example OO program caller() { foo(ox);... foo(oxn); } + foo(object x) { ClosureX cx = new ClosureX(x); cx.bar(oy);... cx.bar(oym); } + class ClosureX { Object x; ClosureX(Object x) { class ClosureXY { x = x; } // constructor } bar(object y) { ClosureXY cxy = new ClosureXY(x,y); cxy.baz( );... } } Object x,y; ClosureXY(Object x, Object y) { x = x; y = y; } // constructor baz( ) {... x... y... } Equivalent functional program caller() { foo(ox);! foo(object x) {... Closure cx = foo(oxn); } cx(oy);... cx(oym); }! lambda(object y) { Closure cxy = } cxy( );... lambda( ) {... x... y... } Stephen Chong, Harvard University 4
43 m-cfa From this insight, Might, Smaragdakis and Van Horn develop m-cfa Contexts are the top m stack frames (Different from last k call sites when in continuationpassing style) Essentially CEnv = Δ instead of Var Δ Polynomial-time analysis, seems as precise a k- CFA for significantly less time Stephen Chong, Harvard University 43
Class notes Program Analysis course given by Prof. Mooly Sagiv Computer Science Department, Tel Aviv University second lecture 8/3/2007
Constant Propagation Class notes Program Analysis course given by Prof. Mooly Sagiv Computer Science Department, Tel Aviv University second lecture 8/3/2007 Osnat Minz and Mati Shomrat Introduction This
More informationTesting LTL Formula Translation into Büchi Automata
Testing LTL Formula Translation into Büchi Automata Heikki Tauriainen and Keijo Heljanko Helsinki University of Technology, Laboratory for Theoretical Computer Science, P. O. Box 5400, FIN-02015 HUT, Finland
More informationStatic Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled
Static Analysis 15-654: Analysis of Software Artifacts Jonathan Aldrich 1 Find the Bug! Source: Engler et al., Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, OSDI
More informationHECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London
HECTOR a software model checker with cooperating analysis plugins Nathaniel Charlton and Michael Huth Imperial College London Introduction HECTOR targets imperative heap-manipulating programs uses abstraction
More informationChapter 7: Functional Programming Languages
Chapter 7: Functional Programming Languages Aarne Ranta Slides for the book Implementing Programming Languages. An Introduction to Compilers and Interpreters, College Publications, 2012. Fun: a language
More informationAddress Taken FIAlias, which is equivalent to Steensgaard. CS553 Lecture Alias Analysis II 2
Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias, which is equivalent to Steensgaard Today Alias analysis II (pointer analysis) Anderson Emami Next time Midterm review
More informationAndrew Pitts chapter for D. Sangorgi and J. Rutten (eds), Advanced Topics in Bisimulation and Coinduction, Cambridge Tracts in Theoretical Computer
Andrew Pitts chapter for D. Sangorgi and J. Rutten (eds), Advanced Topics in Bisimulation and Coinduction, Cambridge Tracts in Theoretical Computer Science No. 52, chapter 5, pages 197 232 ( c 2011 CUP)
More informationWrite Barrier Removal by Static Analysis
Write Barrier Removal by Static Analysis Karen Zee and Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology Cambridge, MA 02139 {kkz, rinard@lcs.mit.edu ABSTRACT We present
More informationInstruction Set Architecture (ISA)
Instruction Set Architecture (ISA) * Instruction set architecture of a machine fills the semantic gap between the user and the machine. * ISA serves as the starting point for the design of a new machine
More informationSoftware Analysis (POPA Sec. 2.5.3, 2.5.4, 2.5.6)
Software Analysis (POPA Sec. 2.5.3, 2.5.4, 2.5.6) Klaus Ostermann Based on slides by Jurriaan Hage Towards embellished monotone frameworks From monotone framework to embellished monotone framework. We
More informationSimulation-Based Security with Inexhaustible Interactive Turing Machines
Simulation-Based Security with Inexhaustible Interactive Turing Machines Ralf Küsters Institut für Informatik Christian-Albrechts-Universität zu Kiel 24098 Kiel, Germany kuesters@ti.informatik.uni-kiel.de
More information2) Write in detail the issues in the design of code generator.
COMPUTER SCIENCE AND ENGINEERING VI SEM CSE Principles of Compiler Design Unit-IV Question and answers UNIT IV CODE GENERATION 9 Issues in the design of code generator The target machine Runtime Storage
More informationSymbol Tables. Introduction
Symbol Tables Introduction A compiler needs to collect and use information about the names appearing in the source program. This information is entered into a data structure called a symbol table. The
More informationStatic Taint-Analysis on Binary Executables
Static Taint-Analysis on Binary Executables Sanjay Rawat, Laurent Mounier, Marie-Laure Potet VERIMAG University of Grenoble October 2011 Static Taint-Analysis on Binary Executables 1/29 Outline 1 Introduction
More information5.1 Bipartite Matching
CS787: Advanced Algorithms Lecture 5: Applications of Network Flow In the last lecture, we looked at the problem of finding the maximum flow in a graph, and how it can be efficiently solved using the Ford-Fulkerson
More information15-150 Lecture 11: Tail Recursion; Continuations
15-150 Lecture 11: Tail Recursion; Continuations Lecture by Dan Licata February 21, 2011 In this lecture we will discuss space usage: analyzing the memory it takes your program to run tail calls and tail
More informationReducing Clocks in Timed Automata while Preserving Bisimulation
Reducing Clocks in Timed Automata while Preserving Bisimulation Shibashis Guha Chinmay Narayan S. Arun-Kumar Indian Institute of Technology Delhi {shibashis, chinmay, sak}@cse.iitd.ac.in arxiv:1404.6613v2
More informationLecture 19: Introduction to NP-Completeness Steven Skiena. Department of Computer Science State University of New York Stony Brook, NY 11794 4400
Lecture 19: Introduction to NP-Completeness Steven Skiena Department of Computer Science State University of New York Stony Brook, NY 11794 4400 http://www.cs.sunysb.edu/ skiena Reporting to the Boss Suppose
More informationSoftware Model Checking. Equivalence Hierarchy
Software Equivalence Hierarchy Moonzoo Kim CS Dept. KAIST CS750B Software Korea Advanced Institute of Science and Technology Equivalence semantics and SW design Preliminary Hierarchy Diagram Trace-based
More informationRigorous Software Development CSCI-GA 3033-009
Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 11 Semantics of Programming Languages Denotational Semantics Meaning of a program is defined as the mathematical
More informationReading 13 : Finite State Automata and Regular Expressions
CS/Math 24: Introduction to Discrete Mathematics Fall 25 Reading 3 : Finite State Automata and Regular Expressions Instructors: Beck Hasti, Gautam Prakriya In this reading we study a mathematical model
More informationCS510 Software Engineering
CS510 Software Engineering Propositional Logic Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-cs510-se
More informationCartesian Products and Relations
Cartesian Products and Relations Definition (Cartesian product) If A and B are sets, the Cartesian product of A and B is the set A B = {(a, b) :(a A) and (b B)}. The following points are worth special
More informationEfficiency of algorithms. Algorithms. Efficiency of algorithms. Binary search and linear search. Best, worst and average case.
Algorithms Efficiency of algorithms Computational resources: time and space Best, worst and average case performance How to compare algorithms: machine-independent measure of efficiency Growth rate Complexity
More informationLecture Notes on Static Analysis
Lecture Notes on Static Analysis Michael I. Schwartzbach BRICS, Department of Computer Science University of Aarhus, Denmark mis@brics.dk Abstract These notes present principles and applications of static
More informationAn Open Framework for Reverse Engineering Graph Data Visualization. Alexandru C. Telea Eindhoven University of Technology The Netherlands.
An Open Framework for Reverse Engineering Graph Data Visualization Alexandru C. Telea Eindhoven University of Technology The Netherlands Overview Reverse engineering (RE) overview Limitations of current
More informationObfuscation: know your enemy
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Prelude Prelude Plan 1 Introduction What is obfuscation? 2 Control flow obfuscation 3 Data flow
More informationCOMP 356 Programming Language Structures Notes for Chapter 10 of Concepts of Programming Languages Implementing Subprograms.
COMP 356 Programming Language Structures Notes for Chapter 10 of Concepts of Programming Languages Implementing Subprograms 1 Activation Records activation declaration location Recall that an activation
More informationIntroduction to Logic in Computer Science: Autumn 2006
Introduction to Logic in Computer Science: Autumn 2006 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Plan for Today Now that we have a basic understanding
More informationWelcome to... Problem Analysis and Complexity Theory 716.054, 3 VU
Welcome to... Problem Analysis and Complexity Theory 716.054, 3 VU Birgit Vogtenhuber Institute for Software Technology email: bvogt@ist.tugraz.at office hour: Tuesday 10:30 11:30 slides: http://www.ist.tugraz.at/pact.html
More informationAUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS
TKK Reports in Information and Computer Science Espoo 2009 TKK-ICS-R26 AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS Kari Kähkönen ABTEKNILLINEN KORKEAKOULU TEKNISKA HÖGSKOLAN HELSINKI UNIVERSITY OF
More informationUsing Datalog for Fast and Easy Program Analysis
Using Datalog for Fast and Easy Program Analysis Yannis Smaragdakis 1,2 and Martin Bravenboer 3 1 University of Massachusetts, Amherst, MA 01003, USA, yannis@cs.umass.edu 2 University of Athens, Athens
More informationµz An Efficient Engine for Fixed points with Constraints
µz An Efficient Engine for Fixed points with Constraints Kryštof Hoder, Nikolaj Bjørner, and Leonardo de Moura Manchester University and Microsoft Research Abstract. The µz tool is a scalable, efficient
More informationAlgorithmic Software Verification
Algorithmic Software Verification (LTL Model Checking) Azadeh Farzan What is Verification Anyway? Proving (in a formal way) that program satisfies a specification written in a logical language. Formal
More informationFOUNDATIONS OF ALGEBRAIC GEOMETRY CLASS 22
FOUNDATIONS OF ALGEBRAIC GEOMETRY CLASS 22 RAVI VAKIL CONTENTS 1. Discrete valuation rings: Dimension 1 Noetherian regular local rings 1 Last day, we discussed the Zariski tangent space, and saw that it
More informationDedekind s forgotten axiom and why we should teach it (and why we shouldn t teach mathematical induction in our calculus classes)
Dedekind s forgotten axiom and why we should teach it (and why we shouldn t teach mathematical induction in our calculus classes) by Jim Propp (UMass Lowell) March 14, 2010 1 / 29 Completeness Three common
More informationTermination Checking: Comparing Structural Recursion and Sized Types by Examples
Termination Checking: Comparing Structural Recursion and Sized Types by Examples David Thibodeau Decemer 3, 2011 Abstract Termination is an important property for programs and is necessary for formal proofs
More informationCompleting Description Logic Knowledge Bases using Formal Concept Analysis
Completing Description Logic Knowledge Bases using Formal Concept Analysis Franz Baader, 1 Bernhard Ganter, 1 Barış Sertkaya, 1 and Ulrike Sattler 2 1 TU Dresden, Germany and 2 The University of Manchester,
More informationCSC 373: Algorithm Design and Analysis Lecture 16
CSC 373: Algorithm Design and Analysis Lecture 16 Allan Borodin February 25, 2013 Some materials are from Stephen Cook s IIT talk and Keven Wayne s slides. 1 / 17 Announcements and Outline Announcements
More informationFall 2006 CS/ECE 333 Lab 1 Programming in SRC Assembly
Lab Objectives: Fall 2006 CS/ECE 333 Lab 1 Programming in SRC Assembly 1. How to assemble an assembly language program for the SRC using the SRC assembler. 2. How to simulate and debug programs using the
More informationLimitations of E-R Designs. Relational Normalization Theory. Redundancy and Other Problems. Redundancy. Anomalies. Example
Limitations of E-R Designs Relational Normalization Theory Chapter 6 Provides a set of guidelines, does not result in a unique database schema Does not provide a way of evaluating alternative schemas Normalization
More informationCMPSCI611: Approximating MAX-CUT Lecture 20
CMPSCI611: Approximating MAX-CUT Lecture 20 For the next two lectures we ll be seeing examples of approximation algorithms for interesting NP-hard problems. Today we consider MAX-CUT, which we proved to
More informationAnalysis of Partitioned Global Address Space Programs. Research Project
Analysis of Partitioned Global Address Space Programs by Amir Kamil Research Project Submitted to the Department of Electrical Engineering and Computer Sciences, University of California at Berkeley, in
More informationSoftware Testing. Jeffrey Carver University of Alabama. April 7, 2016
Software Testing Jeffrey Carver University of Alabama April 7, 2016 Warm-up Exercise Software testing Graphs Control-flow testing Data-flow testing Input space testing Test-driven development Introduction
More informationP NP for the Reals with various Analytic Functions
P NP for the Reals with various Analytic Functions Mihai Prunescu Abstract We show that non-deterministic machines in the sense of [BSS] defined over wide classes of real analytic structures are more powerful
More informationArtificial Intelligence
Artificial Intelligence ICS461 Fall 2010 1 Lecture #12B More Representations Outline Logics Rules Frames Nancy E. Reed nreed@hawaii.edu 2 Representation Agents deal with knowledge (data) Facts (believe
More informationDisjunction of Non-Binary and Numeric Constraint Satisfaction Problems
Disjunction of Non-Binary and Numeric Constraint Satisfaction Problems Miguel A. Salido, Federico Barber Departamento de Sistemas Informáticos y Computación, Universidad Politécnica de Valencia Camino
More informationA STUDY OF SEMANTICS, TYPES AND LANGUAGES FOR DATABASES AND OBJECT-ORIENTED PROGRAMMING ATSUSHI OHORI. Computer and Information Science
A STUDY OF SEMANTICS, TYPES AND LANGUAGES FOR DATABASES AND OBJECT-ORIENTED PROGRAMMING ATSUSHI OHORI A DISSERTATION in Computer and Information Science Presented to the Faculties of the University of
More informationLecture 17 : Equivalence and Order Relations DRAFT
CS/Math 240: Introduction to Discrete Mathematics 3/31/2011 Lecture 17 : Equivalence and Order Relations Instructor: Dieter van Melkebeek Scribe: Dalibor Zelený DRAFT Last lecture we introduced the notion
More informationPushdown automata. Informatics 2A: Lecture 9. Alex Simpson. 3 October, 2014. School of Informatics University of Edinburgh als@inf.ed.ac.
Pushdown automata Informatics 2A: Lecture 9 Alex Simpson School of Informatics University of Edinburgh als@inf.ed.ac.uk 3 October, 2014 1 / 17 Recap of lecture 8 Context-free languages are defined by context-free
More informationApplication-only Call Graph Construction
Application-only Call Graph Construction Karim Ali and Ondřej Lhoták David R. Cheriton School of Computer Science, University of Waterloo Abstract. Since call graphs are an essential starting point for
More informationUniversity of Ostrava. Reasoning in Description Logic with Semantic Tableau Binary Trees
University of Ostrava Institute for Research and Applications of Fuzzy Modeling Reasoning in Description Logic with Semantic Tableau Binary Trees Alena Lukasová Research report No. 63 2005 Submitted/to
More information6.852: Distributed Algorithms Fall, 2009. Class 2
.8: Distributed Algorithms Fall, 009 Class Today s plan Leader election in a synchronous ring: Lower bound for comparison-based algorithms. Basic computation in general synchronous networks: Leader election
More informationlanguage 1 (source) compiler language 2 (target) Figure 1: Compiling a program
CS 2112 Lecture 27 Interpreters, compilers, and the Java Virtual Machine 1 May 2012 Lecturer: Andrew Myers 1 Interpreters vs. compilers There are two strategies for obtaining runnable code from a program
More informationeach college c i C has a capacity q i - the maximum number of students it will admit
n colleges in a set C, m applicants in a set A, where m is much larger than n. each college c i C has a capacity q i - the maximum number of students it will admit each college c i has a strict order i
More informationPick Your Contexts Well: Understanding Object-Sensitivity
Pick Your Contexts Well: Understanding Object-Sensitivity The Making of a Precise and Scalable Pointer Analysis Yannis Smaragdakis Department of Computer Science, University of Massachusetts, Amherst,
More information! " # The Logic of Descriptions. Logics for Data and Knowledge Representation. Terminology. Overview. Three Basic Features. Some History on DLs
,!0((,.+#$),%$(-&.& *,2(-$)%&2.'3&%!&, Logics for Data and Knowledge Representation Alessandro Agostini agostini@dit.unitn.it University of Trento Fausto Giunchiglia fausto@dit.unitn.it The Logic of Descriptions!$%&'()*$#)
More informationDiagonalization. Ahto Buldas. Lecture 3 of Complexity Theory October 8, 2009. Slides based on S.Aurora, B.Barak. Complexity Theory: A Modern Approach.
Diagonalization Slides based on S.Aurora, B.Barak. Complexity Theory: A Modern Approach. Ahto Buldas Ahto.Buldas@ut.ee Background One basic goal in complexity theory is to separate interesting complexity
More informationLecture 1: Course overview, circuits, and formulas
Lecture 1: Course overview, circuits, and formulas Topics in Complexity Theory and Pseudorandomness (Spring 2013) Rutgers University Swastik Kopparty Scribes: John Kim, Ben Lund 1 Course Information Swastik
More informationKrishna Institute of Engineering & Technology, Ghaziabad Department of Computer Application MCA-213 : DATA STRUCTURES USING C
Tutorial#1 Q 1:- Explain the terms data, elementary item, entity, primary key, domain, attribute and information? Also give examples in support of your answer? Q 2:- What is a Data Type? Differentiate
More informationLinear Programming. Widget Factory Example. Linear Programming: Standard Form. Widget Factory Example: Continued.
Linear Programming Widget Factory Example Learning Goals. Introduce Linear Programming Problems. Widget Example, Graphical Solution. Basic Theory:, Vertices, Existence of Solutions. Equivalent formulations.
More informationTowards practical reactive security audit using extended static checkers 1
Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted
More informationData Structures Fibonacci Heaps, Amortized Analysis
Chapter 4 Data Structures Fibonacci Heaps, Amortized Analysis Algorithm Theory WS 2012/13 Fabian Kuhn Fibonacci Heaps Lacy merge variant of binomial heaps: Do not merge trees as long as possible Structure:
More informationOverview. Essential Questions. Grade 2 Mathematics, Quarter 4, Unit 4.4 Representing and Interpreting Data Using Picture and Bar Graphs
Grade 2 Mathematics, Quarter 4, Unit 4.4 Representing and Interpreting Data Using Picture and Bar Graphs Overview Number of instruction days: 7 9 (1 day = 90 minutes) Content to Be Learned Draw a picture
More informationBASIC ANALYSIS OF TCP/IP NETWORKS
BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks
More informationBoolean Expressions, Conditions, Loops, and Enumerations. Precedence Rules (from highest to lowest priority)
Boolean Expressions, Conditions, Loops, and Enumerations Relational Operators == // true if two values are equivalent!= // true if two values are not equivalent < // true if left value is less than the
More informationFun with Henry. Dirk Pattinson Department of Computing Imperial College London
Fun with Henry Dirk Pattinson Department of Computing Imperial College London 1 Example: The Tudors Henry VIII Henry Carey Mary Boleyn There have been speculation that Mary s two children, Catherine and
More informationMassachusetts Institute of Technology Department of Electrical Engineering and Computer Science
Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.035, Spring 2010 Handout Semantic Analysis Project Tuesday, Feb 16 DUE: Monday, Mar 1 Extend your compiler
More informationQuestion 2: How do you solve a linear programming problem with a graph?
Question 2: How do you solve a linear programming problem with a graph? Now that we have several linear programming problems, let s look at how we can solve them using the graph of the system of inequalities.
More informationDegrees of Truth: the formal logic of classical and quantum probabilities as well as fuzzy sets.
Degrees of Truth: the formal logic of classical and quantum probabilities as well as fuzzy sets. Logic is the study of reasoning. A language of propositions is fundamental to this study as well as true
More informationSemantic Analysis: Types and Type Checking
Semantic Analysis Semantic Analysis: Types and Type Checking CS 471 October 10, 2007 Source code Lexical Analysis tokens Syntactic Analysis AST Semantic Analysis AST Intermediate Code Gen lexical errors
More informationOPERATIONAL TYPE THEORY by Adam Petcher Prepared under the direction of Professor Aaron Stump A thesis presented to the School of Engineering of
WASHINGTON NIVERSITY SCHOOL OF ENGINEERING AND APPLIED SCIENCE DEPARTMENT OF COMPTER SCIENCE AND ENGINEERING DECIDING JOINABILITY MODLO GROND EQATIONS IN OPERATIONAL TYPE THEORY by Adam Petcher Prepared
More informationCS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 20: Stack Frames 7 March 08
CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 20: Stack Frames 7 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Where We Are Source code if (b == 0) a = b; Low-level IR code
More informationDynamic programming formulation
1.24 Lecture 14 Dynamic programming: Job scheduling Dynamic programming formulation To formulate a problem as a dynamic program: Sort by a criterion that will allow infeasible combinations to be eli minated
More information1 The Java Virtual Machine
1 The Java Virtual Machine About the Spec Format This document describes the Java virtual machine and the instruction set. In this introduction, each component of the machine is briefly described. This
More informationCSE 135: Introduction to Theory of Computation Decidability and Recognizability
CSE 135: Introduction to Theory of Computation Decidability and Recognizability Sungjin Im University of California, Merced 04-28, 30-2014 High-Level Descriptions of Computation Instead of giving a Turing
More informationAnalyzing Strategic Business Rules through Simulation Modeling
Analyzing Strategic Business Rules through Simulation Modeling Elena Orta 1, Mercedes Ruiz 1 and Miguel Toro 2 1 Department of Computer Languages and Systems Escuela Superior de Ingeniería C/ Chile, 1
More informationCreating, Solving, and Graphing Systems of Linear Equations and Linear Inequalities
Algebra 1, Quarter 2, Unit 2.1 Creating, Solving, and Graphing Systems of Linear Equations and Linear Inequalities Overview Number of instructional days: 15 (1 day = 45 60 minutes) Content to be learned
More informationChecking Access to Protected Members in the Java Virtual Machine
Checking Access to Protected Members in the Java Virtual Machine Alessandro Coglio Kestrel Institute 3260 Hillview Avenue, Palo Alto, CA 94304, USA Ph. +1-650-493-6871 Fax +1-650-424-1807 http://www.kestrel.edu/
More informationLogic in general. Inference rules and theorem proving
Logical Agents Knowledge-based agents Logic in general Propositional logic Inference rules and theorem proving First order logic Knowledge-based agents Inference engine Knowledge base Domain-independent
More information[Refer Slide Time: 05:10]
Principles of Programming Languages Prof: S. Arun Kumar Department of Computer Science and Engineering Indian Institute of Technology Delhi Lecture no 7 Lecture Title: Syntactic Classes Welcome to lecture
More informationThe programming language C. sws1 1
The programming language C sws1 1 The programming language C invented by Dennis Ritchie in early 1970s who used it to write the first Hello World program C was used to write UNIX Standardised as K&C (Kernighan
More informationIntroduction CORBA Distributed COM. Sections 9.1 & 9.2. Corba & DCOM. John P. Daigle. Department of Computer Science Georgia State University
Sections 9.1 & 9.2 Corba & DCOM John P. Daigle Department of Computer Science Georgia State University 05.16.06 Outline 1 Introduction 2 CORBA Overview Communication Processes Naming Other Design Concerns
More informationHow to Write a Checker in 24 Hours
How to Write a Checker in 24 Hours Clang Static Analyzer Anna Zaks and Jordan Rose Apple Inc. What is this talk about? The Clang Static Analyzer is a bug finding tool It can be extended with custom checkers
More informationCompiling Object Oriented Languages. What is an Object-Oriented Programming Language? Implementation: Dynamic Binding
Compiling Object Oriented Languages What is an Object-Oriented Programming Language? Last time Dynamic compilation Today Introduction to compiling object oriented languages What are the issues? Objects
More informationHow To Compare A Markov Algorithm To A Turing Machine
Markov Algorithm CHEN Yuanmi December 18, 2007 1 Abstract Markov Algorithm can be understood as a priority string rewriting system. In this short paper we give the definition of Markov algorithm and also
More informationNon-deterministic Semantics and the Undecidability of Boolean BI
1 Non-deterministic Semantics and the Undecidability of Boolean BI DOMINIQUE LARCHEY-WENDLING, LORIA CNRS, Nancy, France DIDIER GALMICHE, LORIA Université Henri Poincaré, Nancy, France We solve the open
More informationHabanero Extreme Scale Software Research Project
Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead
More informationBasic Logic Gates. Logic Gates. andgate: accepts two binary inputs x and y, emits x & y. orgate: accepts two binary inputs x and y, emits x y
Basic andgate: accepts two binary inputs x and y, emits x & y x y Output orgate: accepts two binary inputs x and y, emits x y x y Output notgate: accepts one binary input x, emits!y x Output Computer Science
More informationRelational Databases
Relational Databases Jan Chomicki University at Buffalo Jan Chomicki () Relational databases 1 / 18 Relational data model Domain domain: predefined set of atomic values: integers, strings,... every attribute
More informationMidlands Graduate School in the Foundations of Computer Science
Midlands Graduate chool in the Foundations of omputer cience Operational emantics, Abstract Machines, and orrectness Roy L. role University of Leicester, 8th to 12th April 2006 University of Nottingham,
More informationComplexity of Higher-Order Queries
Complexity of Higher-Order Queries Huy Vu Oxford University Computing Laboratory Parks Road, Oxford, UK huy.vu@comlab.ox.ac.uk Michael Benedikt Oxford University Computing Laboratory Parks Road, Oxford,
More informationPolicy Analysis for Administrative Role Based Access Control without Separate Administration
Policy nalysis for dministrative Role Based ccess Control without Separate dministration Ping Yang Department of Computer Science, State University of New York at Binghamton, US Mikhail I. Gofman Department
More informationThe Graphical Method: An Example
The Graphical Method: An Example Consider the following linear program: Maximize 4x 1 +3x 2 Subject to: 2x 1 +3x 2 6 (1) 3x 1 +2x 2 3 (2) 2x 2 5 (3) 2x 1 +x 2 4 (4) x 1, x 2 0, where, for ease of reference,
More informationBindings, mobility of bindings, and the -quantifier
ICMS, 26 May 2007 1/17 Bindings, mobility of bindings, and the -quantifier Dale Miller, INRIA-Saclay and LIX, École Polytechnique This talk is based on papers with Tiu in LICS2003 & ACM ToCL, and experience
More informationChapter 3. Cartesian Products and Relations. 3.1 Cartesian Products
Chapter 3 Cartesian Products and Relations The material in this chapter is the first real encounter with abstraction. Relations are very general thing they are a special type of subset. After introducing
More informationClass Overview. CSE 326: Data Structures. Goals. Goals. Data Structures. Goals. Introduction
Class Overview CSE 326: Data Structures Introduction Introduction to many of the basic data structures used in computer software Understand the data structures Analyze the algorithms that use them Know
More informationA Survey of Static Program Analysis Techniques
A Survey of Static Program Analysis Techniques Wolfgang Wögerer Technische Universität Wien October 18, 2005 Abstract Computer program analysis is the process of automatically analysing the bahavior of
More informationA binary search tree or BST is a binary tree that is either empty or in which the data element of each node has a key, and:
Binary Search Trees 1 The general binary tree shown in the previous chapter is not terribly useful in practice. The chief use of binary trees is for providing rapid access to data (indexing, if you will)
More informationMaster of Sciences in Informatics Engineering Programming Paradigms 2005/2006. Final Examination. January 24 th, 2006
Master of Sciences in Informatics Engineering Programming Paradigms 2005/2006 Final Examination January 24 th, 2006 NAME: Please read all instructions carefully before start answering. The exam will be
More information