Slicing. Rupesh Nasre. CS6843 Program Analysis IIT Madras Jan 2016

Similar documents
Applications. Slicing. Program with Multiple Functionality. Outline. Definition. Program with Single Functionality

Class 6. Review; questions Assign (see Schedule for links) Slicing overview (cont d) Problem Set 3: due 9/8/09. Program Slicing

Static Slicing. Software Maintenance

DEBUGGING: STATIC ANALYSIS

PDS: CS Computer Sc & Engg: IIT Kharagpur 1. for Statement

slicing An example of slicing Consider the following example:

AMCAT Automata Coding Sample Questions And Answers

Lecture Compiler Middle-End

Using the code to measure test adequacy (and derive test cases) Structural Testing

Program Analysis. Readings

Control Structure: Loop

A classic tool: slicing. CSE503: Software Engineering. Slicing, dicing, chopping. Basic ideas. Weiser s approach. Example

Conditioned Slicing. David Jong-hoon An. May 23, Abstract

CS 261 Fall C Introduction. Variables, Memory Model, Pointers, and Debugging. Mike Lam, Professor

ELEC 876: Software Reengineering

Imperative Paradigm. Syntax. Role of Programming Languages. Expressions. Expressions. Role of Programming Languages. Symbols.

Data-Flow Analysis Foundations

CS1100 Introduction to Programming

Software Engineering using Formal Methods

C Program Development and Debugging under Unix SEEM 3460

Overview Graph Coverage Criteria

B.V. Patel Institute of Business Management, Computer & Information Technology, Uka Tarsadia University

Data Flow Analysis. Agenda CS738: Advanced Compiler Optimizations. 3-address Code Format. Assumptions

LECTURE 18. Control Flow

Assignment 4: Semantics

CS 520 Theory and Practice of Software Engineering Fall 2018

Outline. Computer programming. Debugging. What is it. Debugging. Hints. Debugging

MTAT : Software Testing

Iteration: Intro. Two types of loops: 1. Pretest Condition precedes body Iterates 0+ times. 2. Posttest Condition follows body Iterates 1+ times

A brief introduction to C programming for Java programmers

Manual Allocation. CS 1622: Garbage Collection. Example 1. Memory Leaks. Example 3. Example 2 11/26/2012. Jonathan Misurda

COMP 202 Recursion. CONTENTS: Recursion. COMP Recursion 1

C Introduction. Comparison w/ Java, Memory Model, and Pointers

COMP-202. Recursion. COMP Recursion, 2011 Jörg Kienzle and others

Computer Science & Engineering 150A Problem Solving Using Computers

Pointers as Arguments

Qualifying Exam in Programming Languages and Compilers

A3-R3: PROGRAMMING AND PROBLEM SOLVING THROUGH 'C' LANGUAGE

Midterm Review. Short Answer. Short Answer. Practice material from the Winter 2014 midterm. Will cover some (but not all) of the questions.

CS 240 Data Structure Spring 2018 Exam I 03/01/2018

1.7 Recursion. Department of CSE

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Programming in C in a UNIX environment

Intermediate Code Generation

User Defined Functions

Acknowledgement. CS Compiler Design. Intermediate representations. Intermediate representations. Semantic Analysis - IR Generation

Outline Arrays Examples of array usage Passing arrays to functions 2D arrays Strings Searching arrays Next Time. C Arrays.

3. Logical Values. Our Goal. Boolean Values in Mathematics. The Type bool in C++

Program Analysis. Program Analysis

COS 320. Compiling Techniques

Syntax Directed Translation

Pointer Analysis. Outline. Points-to Analysis as a Graph Problem. Points-to Analysis as a Graph Problem. Points-to Analysis as a Graph Problem

Plan for Today. Concepts. Next Time. Some slides are from Calvin Lin s grad compiler slides. CS553 Lecture 2 Optimizations and LLVM 1

Intermediate Code Generation

CS349/SE382 A1 C Programming Tutorial

ECE 2400 Computer Systems Programming Fall 2018 Topic 1: Introduction to C

Formal Specification and Verification

MTAT : Software Testing

4. Logical Values. Our Goal. Boolean Values in Mathematics. The Type bool in C++

Intermediate Representations

Understanding Data Dependences in the Presence of Pointers

CS16 Exam #1 7/17/ Minutes 100 Points total

Lab 3. Pointers Programming Lab (Using C) XU Silei

Foundations: Syntax, Semantics, and Graphs

Software Engineering using Formal Methods

Formal Verification Techniques for GPU Kernels Lecture 1

Iteration. CSE / ENGR 142 Programming I. Chapter 5. Motivating Loops. One More Type of Control Flow. What s Wrong with HW1?

C Review. MaxMSP Developers Workshop Summer 2009 CNMAT

Introduction to C Programming

C programming basics T3-1 -

Outline. Outline. Program needs a representation for the analysis. Understanding the Program Representations. Zhiqiang Lin

Programming refresher and intro to C programming

CS 314 Principles of Programming Languages. Lecture 9

COP 3223 Introduction to Programming with C - Study Union - Fall 2017

Data-flow Analysis. Y.N. Srikant. Department of Computer Science and Automation Indian Institute of Science Bangalore

Register allocation. Register allocation: ffl have value in a register when used. ffl limited resources. ffl changes instruction choices

COP5621 Exam 4 - Spring 2005

Intermediate Code Generation

Data Flow Analysis. Program Analysis

Control structures in C. Going beyond sequential

Shalva Kohen Arunavha Chanda Kai-Zhan Lee Emma Etherington

Areas related to SW verif. Trends in Software Validation. Your Expertise. Research Trends High level. Research Trends - Ex 2. Research Trends Ex 1

Create a Program in C (Last Class)

Chapter 15 Debugging

Alternatives for semantic processing

Outline. Introduction Concepts and terminology The case for static typing. Implementing a static type system Basic typing relations Adding context

Functions. Arash Rafiey. September 26, 2017

C 101. Davide Vernizzi. April 29, 2011

CSCE 548 Building Secure Software Software Analysis Basics

(How Not To Do) Global Optimizations

Applications of Program analysis in Model-Based Design

CS 139 Practice Midterm Questions #2

CSE 401 Final Exam. March 14, 2017 Happy π Day! (3/14) This exam is closed book, closed notes, closed electronics, closed neighbors, open mind,...

Assignment 1 Clarifications

Decision Making -Branching. Class Incharge: S. Sasirekha

n Group of statements that are executed repeatedly while some condition remains true

DECISION CONTROL AND LOOPING STATEMENTS

Goals of this Lecture

CS111: PROGRAMMING LANGUAGE II

CSCI312 Principles of Programming Languages!

Transcription:

Slicing Rupesh Nasre. CS6843 Program Analysis IIT Madras Jan 2016

Outline Introduction and applications Application time static dynamic Direction forward backward 2

Definition A slice is a subset of program statements (possibly) relevant to an event of interest. Program Relevant statements p = q a = b c =*p <segfault> Slicing p = q c =*p <segfault> Event Program Relevant statements b = fun(d) <new stmt> p = q a = b c =*p Slicing Event b = fun(d) <new stmt> a = b 3

Applications Program understanding / debugging Program restructuring Program differencing Test coverage Model checking 4

Program with Multiple Functionality Line + Character counting extern void scanline(file *f, bool *eof, int *nread); void linecharcount(file *f) { int nlines = 0; int nchars = 0; int nread; bool eof = false; do { scanline(f, &eof, &nread); ++nlines; nchars += nread; while (!eof); printf( nlines = %d\n, nlines); printf( nchars = %d\n, nchars); 5

Program with Single Functionality Line + Character counting extern void scanline(file *f, bool *eof, int *nread); void linecharcount(file *f) { int nlines = 0; int nchars = 0; int nread; bool eof = false; do { scanline(f, &eof, &nread); ++nlines; nchars += nread; while (!eof); Line + Character counting extern void scanline(file *f, bool *eof, int *nread); void linecharcount(file *f) { int nlines = 0; int nchars = 0; int nread; bool eof = false; do { scanline(f, &eof, &nread); ++nlines; nchars += nread; while (!eof); printf( nlines = %d\n, nlines); printf( nchars = %d\n, nchars); printf( nlines = %d\n, nlines); printf( nchars = %d\n, nchars); 6

Program with Single Functionality Line + Character counting extern void scanline2(file *f, bool *eof, int *nread); void linecharcount(file *f) { int nlines = 0; int nchars = 0; int nread; bool eof = false; do { scanline2(f, &eof, &nread); ++nlines; nchars += nread; while (!eof); Line + Character counting extern void scanline(file *f, bool *eof, int *nread); void linecharcount(file *f) { int nlines = 0; int nchars = 0; int nread; bool eof = false; do { scanline(f, &eof, &nread); ++nlines; nchars += nread; while (!eof); printf( nlines = %d\n, nlines); printf( nchars = %d\n, nchars); printf( nlines = %d\n, nlines); printf( nchars = %d\n, nchars); 7

Slicing Types Forward The forward slice at program point p is the program subset that may be affected by p Backward The backward slice at program point p is the program subset that may affect p Chop The chop between program points p and q is the program subset that may be affected by p and that may affect q 8

Forward Slice void main() { int sum = 0; int i = 0; Slicing criteria while (i < 11) { sum += i; i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); 9

Forward Slice void main() { int sum = 0; int i = 0; Slicing criteria while (i < 11) { sum += i; i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); 10

Backward Slice void main() { int sum = 0; int i = 0; while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); Slicing criteria 11

Backward Slice void main() { int sum = 0; int i = 0; while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); Slicing criteria 12

Chop void main() { int sum = 0; int i = 0; Slicing / chopping criteria while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); Slicing / chopping criteria 13

Chop void main() { int sum = 0; int i = 0; Slicing / chopping criteria START while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); Slicing / chopping criteria STOP 14

Chop void main() { int sum = 0; int i = 0; Slicing / chopping criteria START while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); Slicing / chopping criteria STOP 15

Slicing Types Static Compile time, without making assumptions about the program inputs Dynamic Execution time or compile time, relying on specific test cases Language features such as functions, unstructured control flow, composite data types, pointers, and concurrency require specific extensions to the slicing algorithms. 16

Static Slicing Whatever we have been looking at so far... There could be multiple valid slices for a given criteria, depending upon analysis precision. There exists at least one slice for a criteria (the program itself). The analysis implicitly assumes that the program halts. Finding a statement-minimal slice is impossible (halting problem). 17

Computing Relevant Variables 1: y = x; 2: a = b; 3: z = y; Indirection level R 0 (3) = {y...by Rule 1 <3,y> R 0 (2) = {y...by Rule 2b <3,y> R 0 (1) = {x...by Rule 2a <3,y> Let Let C = <i, <i, V> V> be be a slicing criteria. Then Then R 0 0 (n) (n) = all all variables v such such that that either C C 1. 1. n == == i i and and v Î V or or 2. 2. n Î pred(m) such such that that either either (a) (a) v Î use(n) and and def(n) Ç R 0 0(m) ¹ Æ C C or or (b) (b) v Ï def(n) but but v Î R 0 0(m) C C Slicing criteria Statement 2a says that if w is a relevant variable at the node following n and w is defined at n, then w is no longer relevant; instead, all the variables used to define w are now relevant. 2b says that if a relevant variable at the next node is not defined at node n, then it is still relevant at node 18 n.

Computing Relevant Statements The relevant statements define relevant variables. S 0 0 = all all statements n such such that that def(n) C Ç R0 (n+1) C R0 (n+1) ¹ C Æ. Æ. C 19

But what about Control Dependence? Let's define a set of statements that influence a set of statements INFL(b) is the set of statements which directly affect execution of statement b. B 0 0 = È INFL(n) such such that C that n Î S0 C S0 C C Branch statements with indirect relevance to a slice To include all the indirect influences, the statements with direct influence on B 0 C must now be considered, and then the branch statements influencing those new statements, and so on. 20

Computing Static Slice Relevance at level n is defined as below Next Next set set of of relevant variables = current set set of of relevant variables È relevant variables in in current set set of of relevant branch statements for for all all i i ³ 0 R i+1 i+1(n) (n) = C Ri (n) C Ri (n) È C R0 (n) C R0 (n) for for b Î BC(b) Bi BC(b) Bi C C where BC(b) is is a branch statement criterion defined as as <b, <b, use(b)> B i+1 i+1 = È INFL(n) for for n Î C Si+1 C Si+1 C C S i+1 i+1 = all all statements n such such that C that def(n) Ç Ri+1 (n+1) C Ri+1 C (n+1) ¹ Æ or or n Î Bi C Bi C C 21

void main() {{ int int y, y, z, z, ii, ii, n; n; int int *a; *a; scanf( %d, &n); &n); a = (int (int*)malloc(n); for for (ii (ii = 0; 0; ii ii < n; n; )){{ scanf( %d, a + ii); ii); ++ii; y = 0; 0; z = 1; 1; Classwork Find backward slice for the program. Slicing criteria: <line number of printf, z> for for (ii (ii = 0; 0; ii ii < n; n; ++ii) {{ y += += a[ii]; a[ii]; z *= *= y; y; printf( %d\n, z); z); 22

Slicing as a DFA 1: a = 1; 2: while (f(k)) { 3: if (g(c)) { 4: b = a; 5: x = 2; 6: else { 7: c = b; 8: y = 3; 9: k = k + 1; 10: z = x + y; Is statement 1 included in the slice? Slicing criterion = <10, z> 23

Slicing as a DFA may not be minimal 1: a = 1; 2: while (f(k)) { 3: if (g(c)) { 4: b = a; 5: x = 2; 6: else { 7: c = b; 8: y = 3; 9: k = k + 1; 10: z = x + y; Is statement 1 included in the slice? Slicing criterion = <10, z> Statements 1 and 4 would not be part of the slice as there is a guarantee that after if block is executed, else block will definitely be not executed. Therefore, there is no dependence from statement 4 to statement 7. 24

Dynamic Slicing Slicing criteria (9 1, x, n=2) 1: read(n); 2: i = 1; 3: while (i <= n) { 4: if (i % 2 == 0) 5: x = 7; 6: else 7: x = 16; 8: ++i; 9: write(x); 1: read(n); 2: i = 1; 3: while (i <= n) { 4: if (i % 2 == 0) 5: x = 7; 6: else 7: ; 8: ++i; 9: write(x); The else branch may be omitted from the dynamic slice because the assignment of 16 to x in the first iteration is killed by the assignment of 7 in the second iteration. 25

Static vs. Dynamic Slicing Across all inputs Less precise Source code Slicing criteria contains statement and variables. Specific set of inputs More precise Source code or trace Slicing criteria contains statement instance, variables and inputs. 26

Computing Slices Reachability in a dependence graph PDG (intra-procedural) SDG (inter-procedural) Dependence graph Control dependence (is it the same as a CFG?) Data dependence 27

Control Dependence Graph void main() { int sum = 0; int i = 0; Entry while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); sum = 0 i = 0 while (i < 11) output(sum) output(i) sum += i ++i Control dependence 28

Data Dependence Graph void main() { int sum = 0; int i = 0; Entry while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); sum = 0 i = 0 while (i < 11) output(sum) output(i) sum += i ++i Data dependence 29

Program Dependence Graph void main() { int sum = 0; int i = 0; Entry while (i < 11) { sum += i; ++i; printf( sum = %d\n, sum); printf( i = %d\n, i); sum = 0 i = 0 while (i < 11) output(sum) output(i) sum += i ++i Control dependence Data dependence 30

Syntactically Valid Slices Include additional statements or reorder statements to make the slice syntactically valid. Operates at the source code level not IR. read(n); i = 1; if (p == null) x = x + 1; else n = n * 2; write(n); Slicing read(n); if (p == null) else n = n * 2; write(n); Syntax error Situation is simpler in C due to ; as statement terminator. 31

Syntactically Valid Slices Include additional statements or reorder statements to make the slice syntactically valid. Operates at the source code level not IR. read(n); i = 1; if (p == null) x = x + 1; else n = n * 2; write(x); Slicing if (p == null) x = x + 1; else write(x); Syntactically valid, but semantically wrong Situation is simpler in C due to ; as statement terminator. 32

Classwork 1 main() { 2 int x = 0; 3 int n = 1; 4 int a[5] = {0, 2; 5 int i = 0; 6 if (n > 0) { 7 for (; i < n; ++i) { 8 a[i] = i * i; 9 if (a[i] < 100) { 10 x += a[i]; 11 else { 12 x = a[i]; 13 14 15 16 printf( %d\n, x); 17 For the given program draw control-dependence graph. draw data-dependence graph find forward slice for <4, a>. find backward slice for <16, x>. 33

Acknowledgments Christopher Lewis (upenn) Laurie Hendren (mcgill) Frank Tip (waterloo) 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback