Static Program Analysis

Similar documents
Static Program Analysis

Compiler Construction

Compiler Construction Lecture 1: Introduction Summer Semester 2017 Thomas Noll Software Modeling and Verification Group RWTH Aachen University

Compiler Construction Lecture 1: Introduction Winter Semester 2018/19 Thomas Noll Software Modeling and Verification Group RWTH Aachen University

Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.

Compiler Construction

Semantics with Applications 3. More on Operational Semantics

PROGRAM ANALYSIS & SYNTHESIS

Program Analysis And Its Support in Software Development

Formal Semantics of Programming Languages

Compiler Construction I

Formal Semantics of Programming Languages

Static Program Analysis

Compiler Construction I

In Our Last Exciting Episode

CS 406/534 Compiler Construction Putting It All Together

Compiler Construction

Principles of Programming Languages

Compiler Construction

Exercises on Semantics of Programming Languages

Thursday, December 23, The attack model: Static Program Analysis

Semantics and Verification of Software

Principles of Program Analysis. Lecture 1 Harry Xu Spring 2013

Compiler Construction

Intra-procedural Data Flow Analysis Introduction

Application: Programming Language Semantics

Compiler Construction

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

CMPE 152 Compiler Design

EI326 ENGINEERING PRACTICE & TECHNICAL INNOVATION (III-G) Kenny Q. Zhu Dept. of Computer Science Shanghai Jiao Tong University

axiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.

CS/SE 153 Concepts of Compiler Design

Compiler Construction

Principles of Program Analysis: A Sampler of Approaches

A CRASH COURSE IN SEMANTICS

Compilation 2012 Static Analysis

Theory of Computer Science

Contents. Chapter 1 SPECIFYING SYNTAX 1

Principles of Compiler Construction ( )

Static Program Analysis

Lecture 6. Abstract Interpretation

CMPE 152 Compiler Design

Principles of Compiler Construction ( )

Intro to semantics; Small-step semantics Lecture 1 Tuesday, January 29, 2013

Compiler Construction

(How Not To Do) Global Optimizations

CS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014

Global Optimization. Lecture Outline. Global flow analysis. Global constant propagation. Liveness analysis. Local Optimization. Global Optimization

Program Analysis: Lecture 02 Page 1 of 32

About the Authors... iii Introduction... xvii. Chapter 1: System Software... 1

ICS 252 Introduction to Computer Design

Static analysis and all that

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY COMPILER THEORY COURSE SYLLABUS

Formal Syntax and Semantics of Programming Languages

CMPSC 497: Static Analysis

CS2104 Prog. Lang. Concepts

CSE 501: Compiler Construction. Course outline. Goals for language implementation. Why study compilers? Models of compilation

Theory of Computer Science. D2.1 Introduction. Theory of Computer Science. D2.2 LOOP Programs. D2.3 Syntactic Sugar. D2.

Compiler Construction

CMPE 152 Compiler Design

Abstract Interpretation

Programming Languages

Applications of Formal Verification

Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1

Compiler Construction

Introduction to Shape and Pointer Analysis

Outline. Database Theory. Prerequisites and Admission. Classes VU , SS 2018

Operational Semantics. One-Slide Summary. Lecture Outline

CIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)

CS Lecture 2. The Front End. Lecture 2 Lexical Analysis

Fall Compiler Principles Lecture 5: Intermediate Representation. Roman Manevich Ben-Gurion University of the Negev

Chapter 3. Describing Syntax and Semantics

7. Introduction to Denotational Semantics. Oscar Nierstrasz

INTRODUCTION PRINCIPLES OF PROGRAMMING LANGUAGES. Norbert Zeh Winter Dalhousie University 1/10

CS 242. Fundamentals. Reading: See last slide

Formal Semantics of Programming Languages

Principles of Program Analysis: Data Flow Analysis

Type Systems. Today. 1. Organizational Matters. 1. Organizational Matters. Lecture 1 Oct. 20th, 2004 Sebastian Maneth. 1. Organizational Matters

Introduction to Denotational Semantics. Class Likes/Dislikes Survey. Dueling Semantics. Denotational Semantics Learning Goals. You re On Jeopardy!

Simply-Typed Lambda Calculus

Torben./Egidius Mogensen. Introduction. to Compiler Design. ^ Springer

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

ECE573 Introduction to Compilers & Translators

University of Waterloo Undergraduate Catalog Report Faculty of Mathematics Page No. 1 Run Date 20-AUG-2007 Meeting Number(s) 25

Applications of Formal Verification

Applications of Formal Verification

Complexity Theory VU , SS General Information. Reinhard Pichler

Semantics via Syntax. f (4) = if define f (x) =2 x + 55.

Advanced Compiler Design. CSE 231 Instructor: Sorin Lerner

Software Engineering using Formal Methods

Chapter 1 Introduction

About the Tutorial. Audience. Prerequisites. Copyright & Disclaimer. Compiler Design

Compilers. Computer Science 431

Data Structures and Algorithms

Lectures 20, 21: Axiomatic Semantics

2 Introduction to operational semantics

Foundations: Syntax, Semantics, and Graphs

COMPUTER SCIENCE/INFORMATION SYSTEMS DEGREE PLAN

SRM UNIVERSITY FACULTY OF ENGINEERING AND TECHNOLOGY SCHOOL OF COMPUTING DEPARTMENT OF CSE COURSE PLAN

CSE 413 Languages & Implementation. Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341)

Transcription:

Static Program Analysis Lecture 1: Introduction to Program Analysis Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de http://moves.rwth-aachen.de/teaching/ws-1415/spa/ Winter Semester 2014/15

Outline 1 Preliminaries 2 Introduction 3 The Imperative Model Language WHILE 4 Overview of the Lecture 5 Additional Literature Static Program Analysis Winter Semester 2014/15 1.2

People Lectures: Thomas Noll (noll@cs.rwth-aachen.de) Christina Jansen (christina.jansen@cs.rwth-aachen.de) Exercise classes: Christian Dehnert (dehnert@cs.rwth-aachen.de) Benjamin Kaminski (benjamin.kaminski@cs.rwth-aachen.de) Student assistant: Frederick Prinz Static Program Analysis Winter Semester 2014/15 1.3

Target Audience MSc Informatik: Theoretische Informatik MSc Software Systems Engineering: Theoretical Foundations Static Program Analysis Winter Semester 2014/15 1.4

Expectations What you can expect: Foundations of static analysis of computer software Implementation and tool support Applications in, e.g., program optimization and software validation Static Program Analysis Winter Semester 2014/15 1.5

Expectations What you can expect: Foundations of static analysis of computer software Implementation and tool support Applications in, e.g., program optimization and software validation What we expect: basic knowledge in Programming (essential concepts of imperative and object-oriented programming languages and elementary programming techniques) helpful: Theory of Programming (such as Semantics of Programming Languages or Software Verification) Static Program Analysis Winter Semester 2014/15 1.5

Organization Schedule: Lecture Mon 14:15 15:45 AH 1 (starting October 13) Lecture Thu 14:15 15:45 AH 2 (starting October 23) Exercise class Mon 10:15 11:45 AH 6 (starting October 27) see overview at http://moves.rwth-aachen.de/teaching/ws-1415/spa/ Static Program Analysis Winter Semester 2014/15 1.6

Organization Schedule: Lecture Mon 14:15 15:45 AH 1 (starting October 13) Lecture Thu 14:15 15:45 AH 2 (starting October 23) Exercise class Mon 10:15 11:45 AH 6 (starting October 27) see overview at http://moves.rwth-aachen.de/teaching/ws-1415/spa/ 1st assignment sheet next week, presented October 27 Work on assignments in groups of two Static Program Analysis Winter Semester 2014/15 1.6

Organization Schedule: Lecture Mon 14:15 15:45 AH 1 (starting October 13) Lecture Thu 14:15 15:45 AH 2 (starting October 23) Exercise class Mon 10:15 11:45 AH 6 (starting October 27) see overview at http://moves.rwth-aachen.de/teaching/ws-1415/spa/ 1st assignment sheet next week, presented October 27 Work on assignments in groups of two Oral/written exam (6 credits) depending on number of participants Admission requires at least 50% of the points in the exercises Static Program Analysis Winter Semester 2014/15 1.6

Organization Schedule: Lecture Mon 14:15 15:45 AH 1 (starting October 13) Lecture Thu 14:15 15:45 AH 2 (starting October 23) Exercise class Mon 10:15 11:45 AH 6 (starting October 27) see overview at http://moves.rwth-aachen.de/teaching/ws-1415/spa/ 1st assignment sheet next week, presented October 27 Work on assignments in groups of two Oral/written exam (6 credits) depending on number of participants Admission requires at least 50% of the points in the exercises Written material in English, lecture and exercise classes on demand, rest up to you Static Program Analysis Winter Semester 2014/15 1.6

Outline 1 Preliminaries 2 Introduction 3 The Imperative Model Language WHILE 4 Overview of the Lecture 5 Additional Literature Static Program Analysis Winter Semester 2014/15 1.7

What Is It All About? Static (Program) Analysis Static analysis is a general method for automated reasoning on artefacts such as requirements, design models, and programs. Static Program Analysis Winter Semester 2014/15 1.8

What Is It All About? Static (Program) Analysis Static analysis is a general method for automated reasoning on artefacts such as requirements, design models, and programs. Distinguishing features: Static: based on source code, not on (dynamic) execution (in contrast to testing, profiling, or run-time verification) Automated: push-button technology, i.e., little user intervention (in contrast to theorem-proving approaches) Static Program Analysis Winter Semester 2014/15 1.8

What Is It All About? Static (Program) Analysis Static analysis is a general method for automated reasoning on artefacts such as requirements, design models, and programs. Distinguishing features: Static: based on source code, not on (dynamic) execution (in contrast to testing, profiling, or run-time verification) Automated: push-button technology, i.e., little user intervention (in contrast to theorem-proving approaches) (Main) Applications: Optimizing compilers: exploit program properties to improve runtime or memory efficiency of generated code (dead code elimination, constant propagation,...) Software validation: verify program correctness (bytecode verification, shape analysis,...) Static Program Analysis Winter Semester 2014/15 1.8

Dream of Static Program Analysis Program Analyzer Result Property specification Static Program Analysis Winter Semester 2014/15 1.9

Fundamental Limits Theorem 1.1 (Theorem of Rice (1953)) All non-trivial semantic questions about programs from a universal programming language are undecidable. Static Program Analysis Winter Semester 2014/15 1.10

Fundamental Limits Theorem 1.1 (Theorem of Rice (1953)) All non-trivial semantic questions about programs from a universal programming language are undecidable. Example 1.2 (Detection of constants) read(x); if x > 0 then P; y := x; else y := 1; end; write(y);? read(x); if x > 0 then P; y := x; else y := 1; end; write(1); write(y) can be equivalently replaced by write(1) iff program P does never terminate Static Program Analysis Winter Semester 2014/15 1.10

Fundamental Limits Theorem 1.1 (Theorem of Rice (1953)) All non-trivial semantic questions about programs from a universal programming language are undecidable. Example 1.2 (Detection of constants) read(x); if x > 0 then P; y := x; else y := 1; end; write(y);? read(x); if x > 0 then P; y := x; else y := 1; end; write(1); write(y) can be equivalently replaced by write(1) iff program P does never terminate Thus: constant detection is undecidable Static Program Analysis Winter Semester 2014/15 1.10

Two Solutions 1 Weaker models: employ abstract models of systems finite automata, labeled transition systems,... perform exact analyses model checking, theorem proving,... Static Program Analysis Winter Semester 2014/15 1.11

Two Solutions 1 Weaker models: employ abstract models of systems finite automata, labeled transition systems,... perform exact analyses model checking, theorem proving,... 2 Weaker analyses (here): employ concrete models of systems source code perform approximate analyses dataflow analysis, abstract interpretation, type checking,... Static Program Analysis Winter Semester 2014/15 1.11

Soundness vs. Completeness Soundness: Predicted results must apply to every system execution Examples: constant detection: replacing expression by appropriate constant does not change program results pointer analysis: analysis finds pointer variable x 0 = no run-time exception when dereferencing x Absolutely mandatory for trustworthiness of analysis results! Static Program Analysis Winter Semester 2014/15 1.12

Soundness vs. Completeness Soundness: Predicted results must apply to every system execution Examples: constant detection: replacing expression by appropriate constant does not change program results pointer analysis: analysis finds pointer variable x 0 = no run-time exception when dereferencing x Absolutely mandatory for trustworthiness of analysis results! Completeness: Behavior of every system execution catched by analysis Examples: program always terminates = analysis must be able to detect value of variable in [0, 255] = interval analysis finds out Usually not guaranteed due to approximation Degree of completeness determines quality of analysis Static Program Analysis Winter Semester 2014/15 1.12

Soundness vs. Completeness Soundness: Predicted results must apply to every system execution Examples: constant detection: replacing expression by appropriate constant does not change program results pointer analysis: analysis finds pointer variable x 0 = no run-time exception when dereferencing x Absolutely mandatory for trustworthiness of analysis results! Completeness: Behavior of every system execution catched by analysis Examples: program always terminates = analysis must be able to detect value of variable in [0, 255] = interval analysis finds out Usually not guaranteed due to approximation Degree of completeness determines quality of analysis Correctness := Soundness Completeness (often for logical axiomatizations and such, usually not guaranteed for program analyses) Static Program Analysis Winter Semester 2014/15 1.12

Outline 1 Preliminaries 2 Introduction 3 The Imperative Model Language WHILE 4 Overview of the Lecture 5 Additional Literature Static Program Analysis Winter Semester 2014/15 1.13

Syntactic Categories WHILE: simple imperative programming language without procedures or advanced data structures Static Program Analysis Winter Semester 2014/15 1.14

Syntactic Categories WHILE: simple imperative programming language without procedures or advanced data structures Syntactic categories: Category Domain Meta variable Numbers Z = {0, 1, 1,...} z Truth values B = {true, false} t Variables Var = {x, y,...} x Arithmetic expressions AExp (next slide) a Boolean expressions BExp (next slide) b Commands (statements) Cmd (next slide) c Static Program Analysis Winter Semester 2014/15 1.14

Syntax of WHILE Programs Definition 1.3 (Syntax of WHILE) The syntax of WHILE Programs is defined by the following context-free grammar: a ::= z x a 1 +a 2 a 1 -a 2 a 1 *a 2 AExp b ::= t a 1 =a 2 a 1 >a 2 b b 1 b 2 b 1 b 2 BExp c ::= skip x := a c 1 ;c 2 if b then c 1 else c 2 while b do c Cmd Static Program Analysis Winter Semester 2014/15 1.15

Syntax of WHILE Programs Definition 1.3 (Syntax of WHILE) The syntax of WHILE Programs is defined by the following context-free grammar: a ::= z x a 1 +a 2 a 1 -a 2 a 1 *a 2 AExp b ::= t a 1 =a 2 a 1 >a 2 b b 1 b 2 b 1 b 2 BExp c ::= skip x := a c 1 ;c 2 if b then c 1 else c 2 while b do c Cmd Remarks: we assume that the syntax of numbers, truth values and variables is predefined (i.e., no lexical analysis ) the syntax of ambiguous constructs is uniquely determined (by brackets, priorities, or indentation) Static Program Analysis Winter Semester 2014/15 1.15

A WHILE Program Example 1.4 x := 6; y := 7; z := 0; while x > 0 do x := x - 1; v := y; while v > 0 do v := v - 1; z := z + 1 Static Program Analysis Winter Semester 2014/15 1.16

A WHILE Program and its Flow Diagram Example 1.4 x := 6 x > 0? T F STOP x := 6; y := 7; z := 0; while x > 0 do x := x - 1; v := y; while v > 0 do v := v - 1; z := z + 1 y := 7 z := 0 x := x 1 v := y v > 0? T F v := v 1 z := z + 1 Static Program Analysis Winter Semester 2014/15 1.16

A WHILE Program and its Flow Diagram Example 1.4 x := 6 x > 0? T F STOP x := 6; y := 7; z := 0; while x > 0 do x := x - 1; v := y; while v > 0 do v := v - 1; z := z + 1 y := 7 z := 0 x := x 1 v := y v > 0? T F v := v 1 z := z + 1 Effect: z := x * y = 42 Static Program Analysis Winter Semester 2014/15 1.16

Outline 1 Preliminaries 2 Introduction 3 The Imperative Model Language WHILE 4 Overview of the Lecture 5 Additional Literature Static Program Analysis Winter Semester 2014/15 1.17

(Preliminary) Overview of Contents 1 Introduction to Program Analysis 2 Dataflow analysis (DFA) 1 Available expressions problem 2 Live variables problem 3 The DFA framework 4 Solving DFA equations 5 The meet-over-all-paths (MOP) solution 6 Case study: Java bytecode verifier 3 Abstract interpretation (AI) 1 Working principle 2 Program semantics & correctness 3 Galois connections 4 Instantiations (sign analysis, interval analysis,...) 5 Case study: 16-bit multiplication 4 Interprocedural analysis 5 Pointer analysis Static Program Analysis Winter Semester 2014/15 1.18

Outline 1 Preliminaries 2 Introduction 3 The Imperative Model Language WHILE 4 Overview of the Lecture 5 Additional Literature Static Program Analysis Winter Semester 2014/15 1.19

Additional Literature Flemming Nielson, Hanne R. Nielson, Chris Hankin: Principles of Program Analysis, 2nd edition, Springer, 2005 [available in CS Library] Michael I. Schwartzbach: Lecture Notes on Static Analysis [http://www.itu.dk/people/brabrand/ufpe/ Data-Flow-Analysis/static.pdf] Helmut Seidl, Reinhard Wilhelm, Sebastian Hack: Übersetzerbau 3: Analyse und Transformation, Springer, 2010 [available in CS Library] Static Program Analysis Winter Semester 2014/15 1.20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback