Review; questions Discussion of Semester Project Arbitrary interprocedural control flow Assign (see Schedule for links)



Similar documents
Write Barrier Removal by Static Analysis

General Flow-Sensitive Pointer Analysis and Call Graph Construction

Lecture 2 Introduction to Data Flow Analysis

Change Impact Analysis

Address Taken FIAlias, which is equivalent to Steensgaard. CS553 Lecture Alias Analysis II 2

Static Taint-Analysis on Binary Executables

Optimizations. Optimization Safety. Optimization Safety. Control Flow Graphs. Code transformations to improve program

A Scalable Technique for Characterizing the Usage of Temporaries in Framework-intensive Java Applications

Practical Memory Leak Detection using Guarded Value-Flow Analysis

CSE 504: Compiler Design. Data Flow Analysis

A Formal Model of Program Dependences and Its Implications for Software Testing, Debugging, and Maintenance

Measuring the Performance of an Agent

Obfuscation: know your enemy

Static Analysis. Find the Bug! : Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

A Comparison of Online and Dynamic Impact Analysis Algorithms

Persistent Binary Search Trees

Data Structure [Question Bank]

Ordered Lists and Binary Trees

Memory Allocation. Static Allocation. Dynamic Allocation. Memory Management. Dynamic Allocation. Dynamic Storage Allocation

recursion, O(n), linked lists 6/14

An Exception Monitoring System for Java

Keywords: Regression testing, database applications, and impact analysis. Abstract. 1 Introduction

Class notes Program Analysis course given by Prof. Mooly Sagiv Computer Science Department, Tel Aviv University second lecture 8/3/2007

Adaptive Context-sensitive Analysis for JavaScript

Data Structures and Algorithms

Static analysis for detecting taint-style vulnerabilities in web applications

5. A full binary tree with n leaves contains [A] n nodes. [B] log n 2 nodes. [C] 2n 1 nodes. [D] n 2 nodes.

Dynamic Programming. Lecture Overview Introduction

The Union-Find Problem Kruskal s algorithm for finding an MST presented us with a problem in data-structure design. As we looked at each edge,

COMP 356 Programming Language Structures Notes for Chapter 10 of Concepts of Programming Languages Implementing Subprograms.

A staged static program analysis to improve the performance of runtime monitoring

Why have SSA? Birth Points (cont) Birth Points (a notion due to Tarjan)

What Is Recursion? Recursion. Binary search example postponed to end of lecture

Introduction to Data-flow analysis

6.852: Distributed Algorithms Fall, Class 2

Software Testing. Jeffrey Carver University of Alabama. April 7, 2016

2) Write in detail the issues in the design of code generator.

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Technical Report)

TOWARDS THE USE OF PROGRAM SLICING IN THE CHANGE IMPACT ANALYSIS OF ASPECT ORIENTED PROGRAMS

16. Recursion. COMP 110 Prasun Dewan 1. Developing a Recursive Solution

The PageRank Citation Ranking: Bring Order to the Web

gprof: a Call Graph Execution Profiler 1

8.1 Min Degree Spanning Tree

Regression Verification: Status Report

Dataflow approach to testing Java programs supported with DFC

The Tower of Hanoi. Recursion Solution. Recursive Function. Time Complexity. Recursive Thinking. Why Recursion? n! = n* (n-1)!

SAF: Static Analysis Improved Fuzzing

Data Structures and Algorithms

Social Media Mining. Graph Essentials

GSPIM: Graphical Visualization Tool for MIPS Assembly

Problem Set 7 Solutions

Computer Science 210: Data Structures. Searching

Lecture 8: Routing I Distance-vector Algorithms. CSE 123: Computer Networks Stefan Savage

Stack Allocation. Run-Time Data Structures. Static Structures

Automatic Test Data Synthesis using UML Sequence Diagrams

Fairness in Routing and Load Balancing

Course: Programming II - Abstract Data Types. The ADT Stack. A stack. The ADT Stack and Recursion Slide Number 1

Test case design techniques I: Whitebox testing CISS

Binary Search Trees CMPSC 122

1. The memory address of the first element of an array is called A. floor address B. foundation addressc. first address D.

Symbol Tables. Introduction

Cost Model: Work, Span and Parallelism. 1 The RAM model for sequential computation:

Uncovering Performance Problems in Java Applications with Reference Propagation Profiling

Module 2 Stacks and Queues: Abstract Data Types

Applications of obfuscation to software and hardware systems

Test case design techniques I: Whitebox testing CISS

Detecting Critical Defects on the Developer s Desktop

Binary Heap Algorithms

Static Program Transformations for Efficient Software Model Checking

Data Structures and Algorithms Written Examination

10CS35: Data Structures Using C

Transcription:

Class 9 Review; questions Discussion of Semester Project Arbitrary interprocedural control flow Assign (see Schedule for links) Readings on pointer analysis Problem Set 5: due 9/22/09 Project proposal Initial: due by e-mail 9/22/09 Final: due (written, 2 pages) 9/29/09 1 Complicating Factors A. Programs with more than one procedure B. Recursion C. Programs with arbitrary control flow D. Programs with pointers E. Programs with arrays

Review: Interprocedural Analysis Approaches to performing analysis on programs with more than one procedure (data-flow, slicing, etc.) to preserve calling context 1. Compute summary information at the call sites 2. Keep the call stack information Note: Analysis that preserve the calling context are calling context-sensitive; those that don t preserve the calling context are calling contextinsensitive Context-sensitive VS Context-insensitive Which is Weiser s slicing algorithm? Which is the SDG?

Complicating Factors A. Programs with more than one procedure B. Programs with recursion C. Programs with arbitrary control flow D. Programs with pointers E. Programs with complex data structures Recursion Programs containing recursion result in additional complexity in the program-analysis algorithms. For example Recursion results in cycles in the interprocedural graph, making it difficult to order the nodes in the graph for processing Iterative algorithms may need significant processing when these cycles are present Etc. To accommodate analysis of programs with recursion, we can perform analysis on the interprocedural graph to identify cycles similar to analysis to identify loops.

Recursion A call graph can be used to represent the interactions among procedures (or modules) in a system. In a call graph, nodes represent procedures and directed edges represent the interaction between procedures. An edge (M,N) in a call graph means that M calls N. If there is more than one call from M to N in M, the one edge between M and N represents all of them. In the example, A calls B and E, B calls C and D, D calls itself, E calls F, F calls G, and G calls E. A B E C D F G Recursion Additional information about call graphs The call graph defined here has one edge between two nodes even if there are multiple calls between the procedures represented by the nodes. A graph that contains an edge for every call between two nodes, and that then can contain information about parameters passed on each edge, is called a call multi-graph. A B E C D F G

Recursion A common way to analyze an interprocedural graph is to first perform analysis to identify the strongly-connected components. A strongly-connected component is a set of nodes in the graph such that any node in the set is reachable from any other node. You can easily develop or find an algorithm to find strongly-connected components. In the call graph at right, the strongly-connected components are shown in red. A B E C D F G Recursion Given the interprocedural component with stronglyconnected components identified, the analysis can proceed by Ordering the traversal using the strongly-connected components Completing the analysis within a strongly-connected component until it stabilizes; then moving onto the next node A B E C D F G

Complicating Factors A. Programs with more than one procedure B. Programs with recursion C. Programs with arbitrary control flow D. Programs with pointers E. Programs with complex data structures Semantic Dependence Intuitively, n is semantic dependent on m if the semantics of m may affect the execution behavior of n Important because semantic dependence is a necessary condition for certain semantic relationships between statements However, no definitions of syntactic dependence are a sufficient condition for semantic dependence Justification for approximated algorithms based on syntactic dependence

Control Dependence Revisited Two definitions of control dependence Strong termination of loops, number of times executed not considered (Ferrante, Ottenstein, and Warren) Weak doesn t assume termination of loops, etc. (Podgurski and Clarke) Arbitrary Interprocedural CF Three ways in which intra-procedural control dependences can be inaccurate Entry-dependence effect Multiple-context effect Return-dependence effect

Arbitrary Interprocedural Control Flow What are intraprocedural control dependences? procedure M 1. begin M 2. read i, j 3. sum := 0 4. while i < 10 do 5. call B endwhile 6. no-op 7. print sum 8. end M procedure B 9. begin B 10. call C 11. if j >= 0 then 12. sum := sum + j 13. read j 14. i := i + 1 15. end B procedure C 16. begin C 17. if sum > 100 then 18. print( error ) 19. end C Intraprocedural CD Statements 2, 3, 4, 6, 7 10, 11, 14 17 CD on 4, 5 12, 13 18 Arbitrary Interprocedural Control Flow Entry-dependence effect procedure M 1. begin M 2. read i, j 3. sum := 0 4. while i < 10 do 5. call B endwhile 6. no-op 7. print sum 8. end M procedure B 9. begin B 10. call C 11. if j >= 0 then 12. sum := sum + j 13. read j 14. i := i + 1 15. end B procedure C 16. begin C 17. if sum > 100 then 18. print( error ) 19. end C

Arbitrary Interprocedural Control Flow Entry-dependence effect 10a Arbitrary Interprocedural Control Flow Multiple-context effect procedure M 1. begin M 2. read i, j 3. sum := 0 4. while i < 10 do 5. call B endwhile 6. call B 7. print sum 8. end M procedure B 9. begin B 10. call C 11. if j >= 0 then 12. sum := sum + j 13. read j 14. i := i + 1 15. end B procedure C 16. begin C 17. if sum > 100 then 18. print( error ) 19. end C

Arbitrary Interprocedural Control Flow Multiple-context effect 10a Are 10, 11, 14, and 17 still dependent on 4? Arbitrary Interprocedural Control Flow Return-dependence effect procedure M 1. begin M 2. read i, j 3. sum := 0 4. while i < 10 do 5. call B endwhile 6. call B 7. print sum 8. end M procedure B 9. begin B 10. call C 11. if j >= 0 then 12. sum := sum + j 13. read j 14. i := i + 1 15. end B procedure C 16. begin C 17. if sum > 100 then 18. halt 19. end C

Arbitrary Interprocedural Control Flow Return-dependence effect 10a What about 10, 11, 14, and 17 now? Arbitrary Interprocedural Control Flow procedure M 1. begin M 2. read i, j 3. sum := 0 4. while i < 10 do 5. call B endwhile 6. no-op 7. print sum 8. end M procedure B 9. begin B 10. call C 11. if j >= 0 then 12. sum := sum + j 13. read j 14. i := i + 1 CD on 15. end B Intraprocedural CD Statements 2, 3, 4, 6, 7 10, 11, 14 17 4, 5 12, 13 18 Entry M Entry B Entry C 4 11 17 procedure C 16. begin C 17. if sum > 100 then 18. halt 19. end C Interprocedural CD Statements 2, 3, 4 4, 7, 11, 14, 18 5, 6, 10, 17 12, 13 CD on Entry M 17 4 11

Instances of Arbitrary Interprocedural Control Flow Exception-handling constructs throw-catch construct in Java raise-exception when construct in Ada Halt statements exit() call in C, C++ System.exit() call in Java Interprocedural jump statements setjmp()-longjmp() calls in C and C++ Arbitrary Interprocedural Control Flow Sinha, Harrold, Rothermel paper Contributions Ways that intraprocedural CD inaccurately model CDs in whole programs Precise definition of interprocedural CD Approaches for computing interprocedural CD Empirical results suggesting effectiveness and efficiency Later work Extensions to handle other types of interprocedural CD such as longjumps, exception-handling constructs

First Approach: Interprocedural Inlined Flow Graph (IIFG) Each procedure inlined at each call site Precise computation of dependences by adapting approaches defined for the intraprocedural case, but Possibly infinite Exponential in size in the worst case Second approach (less precise) Computation of Interprocedural CD Identify potentially non-returning call sites Construct augmented control-flow graph Compute partial control dependences Construct augmented control-dependence graph Construct interprocedural control-dependence graph Propagate control dependences

Computation of Interprocedural CD Identify potentially non-returning call sites Construct augmented control-flow graph Compute partial control dependences Construct augmented control-dependence graph Construct interprocedural control-dependence graph Propagate control dependences PNRC Analysis Step 1: Identifies three sets DNRPList: Definitely non-returning procedures UnreachList: Statically unreachable nodes HNList: Halt statements reachable from entry Method Build ICFG Depth first traversal along realizable paths marking visited nodes Unmarked nodes are unreachable Unmarked exit nodes indicate DNRPs Marked halt nodes indicate reachable halts

PNRC Analysis Step 1: Identifies three sets DNRPList: Definitely non-returning What s procedures a UnreachList: Statically unreachable realizable nodes path? HNList: Halt statements reachable from entry Method Build ICFG Depth first traversal along realizable paths marking visited nodes Unmarked nodes are unreachable Unmarked exit nodes indicate DNRPs Marked halt nodes indicate reachable halts PNRC Analysis 10a

PNRC Analysis 10a What if we change program? PNRC Analysis Step 2: Compute partial CD Identify PNRCList: Possibly non-returning call-sites Build ACFGs Method Backward traversal of ICFG starting from (1) halt nodes and (2) calls to DNRPs Ascending into callers, but not descending into callees Any call site reached is a PNRC

PNRC Analysis 10a PNRC Analysis 10a

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information