Principles of Program Analysis: A Sampler of Approaches

Similar documents
Intra-procedural Data Flow Analysis Introduction

Principles of Program Analysis: Data Flow Analysis

Chapter 1 Introduction

Static analysis and all that

PROGRAM ANALYSIS & SYNTHESIS

A Gentle Introduction to Program Analysis

Advanced Programming Methods. Introduction in program analysis

Static Program Analysis

Writing Evaluators MIF08. Laure Gonnord

CS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014

Thursday, December 23, The attack model: Static Program Analysis

Static Program Analysis

Semantics with Applications 3. More on Operational Semantics

COS 320. Compiling Techniques

Introduction to Shape and Pointer Analysis

1 Introduction. 3 Syntax

Program Syntax; Operational Semantics

CSE 501: Compiler Construction. Course outline. Goals for language implementation. Why study compilers? Models of compilation

Combining Static and Dynamic Contract Checking for Curry

CS4215 Programming Language Implementation. Martin Henz

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

Tracing Ambiguity in GADT Type Inference

Foundations of Dataflow Analysis

Variables. Substitution

CS 242. Fundamentals. Reading: See last slide

Semantic Subtyping. Alain Frisch (ENS Paris) Giuseppe Castagna (ENS Paris) Véronique Benzaken (LRI U Paris Sud)

CS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

COP5621 Exam 4 - Spring 2005

Programming Languages Lecture 15: Recursive Types & Subtyping

Once Upon a Polymorphic Type

Lecture #23: Conversion and Type Inference

1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.

Induction and Semantics in Dafny

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Conversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";

Programming Languages and Compilers (CS 421)

Loop Optimizations. Outline. Loop Invariant Code Motion. Induction Variables. Loop Invariant Code Motion. Loop Invariant Code Motion

Type Inference with Inequalities

Compiler Passes. Optimization. The Role of the Optimizer. Optimizations. The Optimizer (or Middle End) Traditional Three-pass Compiler

Data-Flow Analysis Foundations

Lecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference

Compiler Optimization and Code Generation

CMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics

Programming Languages Third Edition

Part VI. Imperative Functional Programming

Sardar Vallabhbhai Patel Institute of Technology (SVIT), Vasad M.C.A. Department COSMOS LECTURE SERIES ( ) (ODD) Code Optimization

Programming Languages

Introduction to Machine-Independent Optimizations - 1

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security

APA Interprocedural Dataflow Analysis

Certified Memory Usage Analysis

Lecture 2: SML Basics

Lecture 6. Abstract Interpretation

Data Flow Analysis. Agenda CS738: Advanced Compiler Optimizations. 3-address Code Format. Assumptions

1. Abstract syntax: deep structure and binding. 2. Static semantics: typing rules. 3. Dynamic semantics: execution rules.

Lecture Notes on Program Equivalence

Applications of Program analysis in Model-Based Design

The syntax and semantics of Beginning Student

The syntax and semantics of Beginning Student

CS 6110 S11 Lecture 12 Naming and Scope 21 February 2011

Lecture 5 - Axiomatic semantics

The Substitution Model

CS611 Lecture 33 Equirecursive types & Recursive domain equations November 19, 2001

Some instance messages and methods

Compiler Construction 2010/2011 Loop Optimizations

axiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.

Data Flow Analysis using Program Graphs

λ calculus is inconsistent

Compiler Code Generation COMP360

Adding GADTs to OCaml the direct approach

Lambda Calculus. Variables and Functions. cs3723 1

Compiler Construction 2016/2017 Loop Optimizations

Compiler Optimizations. Chapter 8, Section 8.5 Chapter 9, Section 9.1.7

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

Application: Programming Language Semantics

Why Global Dataflow Analysis?

Programmiersprachen (Programming Languages)

Abstract Interpretation

Semantics of programming languages

Flow Logic: A Multi-paradigmatic Approach to Static Analysis

Lectures 20, 21: Axiomatic Semantics

Languages and Compiler Design II IR Code Optimization

Programs with infinite loops: from primitive recursive predicates to the arithmetic hierarchy

Outline. Introduction Concepts and terminology The case for static typing. Implementing a static type system Basic typing relations Adding context

Review. CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Let bindings (CBV) Adding Stuff. Booleans and Conditionals

About the Authors... iii Introduction... xvii. Chapter 1: System Software... 1

Sémantique des Langages de Programmation (SemLP) DM : Region Types

Lambda Calculus and Type Inference

The Apron Library. Bertrand Jeannet and Antoine Miné. CAV 09 conference 02/07/2009 INRIA, CNRS/ENS

Type checking. Jianguo Lu. November 27, slides adapted from Sean Treichler and Alex Aiken s. Jianguo Lu November 27, / 39

3.7 Denotational Semantics

CS 4110 Programming Languages & Logics. Lecture 35 Typed Assembly Language

Programming Languages Lecture 14: Sum, Product, Recursive Types

Where is ML type inference headed?

Conditional Elimination through Code Duplication

Data Flow Analysis. Program Analysis

Lambda Calculus and Type Inference

Hoare Logic: Proving Programs Correct

Iterative Program Analysis Abstract Interpretation

Transcription:

Principles of Program Analysis: A Sampler of Approaches Transparencies based on Chapter 1 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis Springer Verlag 2005 cflemming Nielson & Hanne Riis Nielson & Chris Hankin PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 1

Compiler Optimisation The classical use of program analysis is to facilitate the construction of compilers generating optimal code We begin by outlining the structure of optimising compilers We then prepare the setting for a worked example where we optimise a naive implementation of Algol-like arrays in a C-like language by performing a series of analyses and transformations PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 2

The structure of a simple compiler lexical analysis syntactic analysis static semantic checking code generation string of characters string of tokens symbol table & syntax tree syntax tree machine code Characteristics of a simple compiler: many phases one or more passes the compiler is fast but the code is not very efficient PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 3

The structure of an optimising compiler lexical analysis syntactic analysis static semantic checking high-level or intermediate-level representation machine independent optimisations code generation machine dependent optimisations Characteristics of the optimising compiler: low-level representation high-level optimisations: easy to adapt to new architectures low-level optimisations: less likely to port to new architectures PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 4

The structure of the optimisation phase front end program analysis program optimiser transformation back end Avoid redundant computations: reuse available results, move loop invariant computations out of loops, Avoid superfluous computations: results known not to be needed, results known already at compile time, PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 5

Example: Array Optimisation program with Algol-like arrays program with C-like arrays sequence of analysis and transformation steps optimised program with C-like arrays PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 6

Array representation: Algol vs C A: array [0:n, 0:m] of integer Base(A) 01 0 m 1 n j i Accessing the (i,j) th element of A: in Algol: A[i,j] in C: Cont(Base(A) + i * (m+1) + j) PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 7

An example program and its naive realisation Algol-like arrays: i := 0; while i <= n do j := 0; while j <= m do A[i,j] := B[i,j] + C[i,j]; j := j+1 od; i := i+1 od C-like arrays: i := 0; while i <= n do j := 0; while j <= m do temp := Base(A) + i * (m+1) + j; Cont(temp) := Cont(Base(B) + i * (m+1) + j) + Cont(Base(C) + i * (m+1) + j); j := j+1 od; i := i+1 od PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 8

Available Expressions analysis and Common Subexpression Elimination i := 0; while i <= n do first computation j := 0; while j <= m do temp := Base(A) + i*(m+1) + j; Cont(temp) := Cont(Base(B) + i*(m+1) + j) od j := j+1 od; i := i+1 + Cont(Base(C) + i*(m+1) + j); re-computations t1 := i * (m+1) + j; temp := Base(A) + t1; Cont(temp) := Cont(Base(B)+t1) + Cont(Base(C)+t1); PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 9

Detection of Loop Invariants and Invariant Code Motion i := 0; while i <= n do j := 0; loop invariant while j <= m do t1 := i * (m+1) + j; temp := Base(A) + t1; Cont(temp) := Cont(Base(B) + t1) + Cont(Base(C) + t1); j := j+1 od; i := i+1 od t2 := i * (m+1); while j <= m do t1 := t2 + j; temp := Cont(temp) := j := od PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 10

Detection of Induction Variables and Reduction of Strength i := 0; 2 while i <= n do j := 0; t2 := i * induction variable (m+1); while j <= m do t1 := t2 + j; temp := Base(A) + t1; Cont(temp) := Cont(Base(B) + t1) + Cont(Base(C) + t1); j := j+1 od; i := i+1 od i := 0; t3 := 0; while i <= n do j := 0; t2 := t3; while j <= m do od i := i + 1; t3 := t3 + (m+1) od PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 11

Equivalent Expressions analysis and Copy Propagation i := 0; t3 := 0; while i <= n do j := 0; t2 := t3; od t2 = t3 while j <= m do t1 := t2 + j; temp := Base(A) + t1; Cont(temp) := Cont(Base(B) + t1) + Cont(Base(C) + t1); j := j+1 od; i := i+1; t3 := t3 + (m+1) while j <= m do t1 := t3 + j; temp := ; Cont(temp) := ; j := od PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 12

Live Variables analysis and Dead Code Elimination i := 0; t3 := 0; while i <= n do dead variable j := 0; t2 := t3; while j <= m do t1 := t3 + j; temp := Base(A) + t1; Cont(temp) := Cont(Base(B) + t1) + Cont(Base(C) + t1); j := j+1 od; i := i+1; t3 := t3 + (m+1) od i := 0; t3 := 0; while i <= n do j := 0; while j <= m do t1 := t3 + j; temp := Base(A) + t1; Cont(temp) := Cont(Base(B) + t1) + Cont(Base(C) + t1); j := j+1 od; i := i+1; t3 := t3 + (m+1) od PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 13

Summary of analyses and transformations Analysis Available expressions analysis Detection of loop invariants Detection of induction variables Equivalent expression analysis Live variables analysis Transformation Common subexpression elimination Invariant code motion Strength reduction Copy propagation Dead code elimination PPA Chapter 1 c FNielson & HRiis Nielson & CHankin (May 2005) 14

The Essence of Program Analysis Program analysis offers techniques for predicting statically at compile-time safe & efficient approximations to the set of configurations or behaviours arising dynamically at run-time we cannot expect exact answers! Safe: faithful to the semantics Efficient: implementation with good time performance and low space consumption PPA Section 12 c FNielson & HRiis Nielson & CHankin (May 2005) 15

The Nature of Approximation The exact world Over-approximation Under-approximation universe exact set of configurations or behaviours overapproximation underapproximation Slogans: Err on the safe side! Trade precision for efficiency! PPA Section 12 c FNielson & HRiis Nielson & CHankin (May 2005) 16

Approaches to Program Analysis A family of techniques data flow analysis constraint based analysis abstract interpretation type and effect systems flow logic: a unifying framework that differ in their focus: algorithmic methods semantic foundations language paradigms imperative/procedural object oriented logical functional concurrent/distributive mobile PPA Section 12 c FNielson & HRiis Nielson & CHankin (May 2005) 17

Data Flow Analysis Technique: Data Flow Analysis Example: Reaching Definitions analysis idea constructing an equation system solving the equations theoretical underpinnings PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 18

Example program Program with labels for elementary blocks: Flow graph: [y := x] 1 [z := 1] 2 [y := x] 1 ; [z := 1] 2 ; [y > 0] 3 [y := 0] 6 while [y > 0] 3 do [z := z y] 4 ; [z := z y] 4 [y := y 1] 5 od; [y := y 1] 5 [y := 0] 6 PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 19

Example: Reaching Definitions [y := x] 1 The assignment [x := a] reaches if there is an execution where x was last assigned at [z := 1] 2 [y > 0] 3 [z := z y] 4 [y := 0] 6 [y := y 1] 5 PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 20

Reaching Definitions analysis (1) [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 od; [y := 0] 6 {(x,?), (y,?), (z,?)} {(x,?), (y, 1), (z,?)} {(x,?), (y, 1), (z, 2)} {(x,?), (y, 1), (z, 2)} {(x,?), (y, 1), (z, 2)} PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 21

Reaching Definitions analysis (2) [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 od; [y := 0] 6 {(x,?), (y,?), (z,?)} {(x,?), (y, 1), (z,?)} {(x,?), (y, 1), (z, 2)} {(y, 5), (z, 4)} {(x,?), (y, 1), (z, 2)} {(x,?), (y, 1), (z, 4)} {(x,?), (y, 5), (z, 4)} {(x,?), (y, 1), (z, 2)} PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 22

Reaching Definitions analysis (3) [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 od; [y := 0] 6 {(x,?), (y,?), (z,?)} {(x,?), (y, 1), (z,?)} {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} {(y, 5), (z, 4)} {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x,?), (y, 1), (y, 5), (z, 4)} {(x,?), (y, 5), (z, 4)} {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 23

The best solution [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 od; [y := 0] 6 {(x,?), (y,?), (z,?)} {(x,?), (y, 1), (z,?)} {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x,?), (y, 1), (y, 5), (z, 4)} {(x,?), (y, 5), (z, 4)} {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x,?), (y, 6), (z, 2), (z, 4)} PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 24

A safe solution but not the best {(x,?), (y,?), (z,?)} [y := x] 1 ; {(x,?), (y, 1), (z,?)} [z := 1] 2 ; {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} while [y > 0] 3 do {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} [z := z y] 4 ; [y := y 1] 5 od; [y := 0] 6 {(x,?), (y, 1), (y, 5), (z,2), (z, 4)} {(x,?), (y,1), (y, 5), (z,2), (z, 4)} {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x,?), (y, 6), (z, 2), (z, 4)} PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 25

An unsafe solution [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 od; [y := 0] 6 {(x,?), (y,?), (z,?)} {(x,?), (y, 1), (z,?)} {(x,?), (y, 1), (z, 2), (y, 5), (z, 4)} {(x,?), (y,1), (y, 5), (z,2), (z, 4)} {(x,?), (y,1), (y, 5), (z, 4)} {(x,?), (y, 5), (z, 4)} {(x,?), (y,1), (y, 5), (z,2), (z, 4)} {(x,?), (y, 6), (z, 2), (z, 4)} PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 26

How to automate the analysis extract equations from the program compute the least solution to the equations Analysis information: RD (): information available at the entry of block RD (): information available at the exit of block PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 27

Two kinds of equations [x := a] RD () RD () RD () \ {(x, ) Lab} {(x, )} = RD () [] 1 [] 2 RD ( 1 ) RD ( 2 ) RD () [] RD ( 1 ) RD ( 2 )=RD () PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 28

Flow through assignments and tests [y := x] 1 ; RD (1) = RD (1) \ {(y,) Lab} {(y, 1)} [z := 1] 2 ; RD (2) = RD (2) \ {(z,) Lab} {(z, 2)} while [y > 0] 3 do RD (3) = RD (3) [z := z y] 4 ; [y := y 1] 5 RD (4) = RD (4) \ {(z,) Lab} {(z, 4)} RD (5) = RD (5) \ {(y,) Lab} {(y, 5)} od; [y := 0] 6 RD (6) = RD (6) \ {(y,) Lab} {(y, 6)} Lab = {1,2,3,4,5,6} 6 equations in RD (1),, RD (6) PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 29

Flow along the control [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 od; [y := 0] 6 RD (1) = {(x,?), (y,?), (z,?)} RD (2) = RD (1) RD (3) = RD (2) RD (5) RD (4) = RD (3) RD (5) = RD (4) RD (6) = RD (3) Lab = {1,2,3,4,5,6} 6 equations in RD (1),, RD (6) PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 30

Summary of equation system RD (1) = RD (1) \{(y,) Lab} {(y, 1)} RD (2) = RD (2) \{(z,) Lab} {(z, 2)} RD (3) = RD (3) RD (4) = RD (4) \{(z,) Lab} {(z, 4)} RD (5) = RD (5) \{(y,) Lab} {(y, 5)} RD (6) = RD (6) \{(y,) Lab} {(y, 6)} RD (1) = {(x,?), (y,?), (z,?)} RD (2) = RD (1) RD (3) = RD (2) RD (5) RD (4) = RD (3) RD (5) = RD (4) 12 sets: RD (1),, RD (6) all being subsets of Var Lab 12 equations: RD j = F j (RD (1),, RD (6)) one function: F : P(Var Lab) 12 P(Var Lab) 12 we want the least fixed point of F this is the best solution to the equation system RD (6) = RD (3) PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 31

How to solve the equations A simple iterative algorithm Initialisation RD 1 := ; ; RD 12 := ; Iteration while RD j = F j (RD 1,, RD 12 ) for some j do RD j := F j (RD 1,, RD 12 ) The algorithm terminates and computes the least fixed point of F PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 32

The example equations RD 1 2 3 4 5 6 0 1 x?, y?, z? 2 x?, y?, z? 3 x?, y?, z? x?, y 1, z? 4 x?, y?, z? x?, y 1, z? 5 x?, y?, z? x?, y 1, z? x?, y 1, z 2 6 x?, y?, z? x?, y 1, z? x?, y 1, z 2 RD 1 2 3 4 5 6 0 1 2 x?, y 1, z? 3 x?, y 1, z? 4 x?, y 1, z? x?, y 1, z 2 5 x?, y 1, z? x?, y 1, z 2 6 x?, y 1, z? x?, y 1, z 2 x?, y 1, z 2 The equations: RD (1) = RD (1) \{(y,) } {(y, 1)} RD (2) = RD (2) \{(z,) } {(z, 2)} RD (3) = RD (3) RD (4) = RD (4) \{(z,) } {(z, 4)} RD (5) = RD (5) \{(y,) } {(y, 5)} RD (6) = RD (6) \{(y,) } {(y, 6)} RD (1) = {(x,?), (y,?), (z,?)} RD (2) = RD (1) RD (3) = RD (2) RD (5) RD (4) = RD (3) RD (5) = RD (4) RD (6) = RD (3) PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 33

Why does it work? (1) A function f : P(S) P(S) is a monotone function if V V f(v ) f(v ) (the larger the argument the larger the result) V V f PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 34

Why does it work? (2) A set L equipped with an ordering satisfies the Ascending Chain Condition if all chains V 0 V 1 V 2 V 3 stabilise, that is, if there exists some n such that V n = V n+1 = V n+2 = If S is a finite set then P(S) equipped with the subset ordering satisfies the Ascending Chain Condition the chains cannot grow forever since each element is a subset of a finite set Fact For a given program Var Lab will be a finite set so P(Var Lab) with the subset ordering satisfies the Ascending Chain Condition PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 35

Why does it work? (3) Let f : P(S) P(S) be a monotone function Then f( ) f 2 ( ) f 3 ( ) Assume that S is a finite set; then the Ascending Chain Condition is satisfied This means that the chain cannot be growing infinitely so there exists n such that f n ( ) =f n+1 ( ) = f n ( ) is the least fixed point of f lfp(f) =f n ( ) =f n+1 ( ) for some n f 3 ( ) f 2 ( ) f 1 ( ) PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 36

Correctness of the algorithm Initialisation RD 1 := ; ; RD 12 := ; Invariant: RD F n ( ) since RD = is the least element Iteration while RD j = F j (RD 1,, RD 12 ) for some j do assume RD is RD and RD F n ( ) RD j := F j (RD 1,, RD 12 ) then RD F( RD ) F n+1 ( )=F n ( ) when lfp(f) =F n ( ) If the algorithm terminates then it computes the least fixed point of F The algorithm terminates because RD j F j (RD 1,, RD 12 ) is only possible finitely many times since P(Var Lab) 12 satisfies the Ascending Chain Condition PPA Section 13 c FNielson & HRiis Nielson & CHankin (May 2005) 37

Contraint Based Analysis Technique: Constraint Based Analysis Example: Control Flow Analysis idea constructing a constraint system solving the constraints theoretical underpinnings PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 38

Example: Control Flow Analysis let f = fn x => x 7 g = fn y => y h = fn z => 3 in f g + f (g h) g 7 f h h 7 Aim: For each function application, which function abstractions may be applied? function applications x 7 f g g h f (g h) function abstractions that may be applied g, h f g f PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 39

Solutions let f = fn x => x 7 g = fn y => y h = fn z => 3 in f g + f (g h) The best solution: function applications function abstractions that may be applied x 7 g, h f g f g h g f (g h) f A safe solution but not the best: function applications function abstractions that may be applied x 7 g, h, f f g f g h g f (g h) f An unsafe solution: function applications function abstractions that may be applied x 7 g, h f g f g h g f (g h) f PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 40

An application of control flow analysis let f = fn x => x 7 g = fn y => y h = fn z => 3 in f g + f (g h) Aim: For each function application, which function abstractions may be applied? Partial evaluation of function call: let f = fn x => case x of g: 7 h: 3 g = fn y => y h = fn z => 3 in f g + f (g h) function applications x 7 f g g h f (g h) function abstractions that may be applied g, h f g f PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 41

The underlying analysis problem let f = fn x => x 7 g = fn y => y h = fn z => 3 in f g + f (g h) Aim: for each function application, which function abstractions may be applied? The analysis will compute: for each subexpression, which function abstractions may it denote? eg (g h) may evaluate to h introduce abstract cache C for each variable, which function abstractions may it denote? eg x may be g or h introduce abstract environment R PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 42

The best solution to the analysis problem Add labels to subexpressions: let f = fn x => (x 1 7 2 ) 3 g = fn y => y 4 h = fn z => 3 5 in (f 6 g 7 ) 8 + (f 9 (g 10 h 11 ) 12 ) 13 R variable may be bound to x {fn y => y 4, fn z => 3 5 } y {fn z => 3 5 } z f {fn x => (x 1 7 2 ) 3 } g {fn y => y 4 } h {fn z => 3 5 } C subexpression may evaluate to 1 {fn y => y 4, fn z => 3 5 } 2 3 4 {fn z => 3 5 } 5 6 {fn x => (x 1 7 2 ) 3 } 7 {fn y => y 4 } 8 9 {fn x => (x 1 7 2 ) 3 } 10 {fn y => y 4 } 11 {fn z => 3 5 } 12 {fn z => 3 5 } 13 PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 43

How to automate the analysis extract constraints from the program compute the least solution to the constraints Analysis information: R(x): information available for the variable x C(): information available at the subexpression labelled PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 44

Three kinds of constraints let-bound variables evaluate to their abstraction variables evaluate to their (abstract) values if a function abstraction is applied to an argument then the argument is a possible value of the formal parameter the value of the body of the abstraction is a possible value of the application PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 45

let-bound variables let-bound variables evaluate to their abstractions let f =fnx => e gives rise to the constraint {fn x => e} R(f) let f = fn x => (x 1 7 2 ) 3 g = fn y => y 4 in (f 5 g 6 ) 7 {fn x => (x 1 7 2 ) 3 } R(f) {fn y => y 4 } R(g) PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 46

Variables Variables evaluate to their abstract values x gives rise to the constraint R(x) C() let f = fn x => (x 1 7 2 ) 3 g = fn y => y 4 in (f 5 g 6 ) 7 R(x) C(1) R(y) C(4) R(f) C(5) R(g) C(6) PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 47

Function application (1) if a function abstraction is applied to an argument then the argument is a possible value of the formal parameter the value of the body of the abstraction is a possible value of the application let f = fn x => (x 1 7 2 ) 3 g = fn y => y 4 in (f 5 g 6 ) 7 Conditional constraints if (fn y => y 4 ) C(1) then C(2) R(y) and C(4) C(3) if (fn x => (x 1 7 2 ) 3 ) C(1) then C(2) R(x) and C(3) C(3) PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 48

Function application (2) if a function abstraction is applied to an argument then the argument is a possible value of the formal parameter the value of the body of the abstraction is a possible value of the application let f = fn x => (x 1 7 2 ) 3 g = fn y => y 4 in (f 5 g 6 ) 7 if (fn y => y 4 ) C(5) then C(6) R(y) and C(4) C(7) if (fn x => (x 1 7 2 ) 3 ) C(5) then C(6) R(x) and C(3) C(7) PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 49

Summary of constraint system {fn x => (x 1 7 2 ) 3 } R(f) {fn y => y 4 } R(g) R(x) C(1) R(y) C(4) R(f) C(5) R(g) C(6) (fn y => y 4 ) C(1) C(2) R(y) (fn y => y 4 ) C(1) C(4) C(3) (fn x => (x 1 7 2 ) 3 ) C(1) C(2) R(x) (fn x => (x 1 7 2 ) 3 ) C(1) C(3) C(3) (fn y => y 4 ) C(5) C(6) R(y) (fn y => y 4 ) C(5) C(4) C(7) (fn x => (x 1 7 2 ) 3 ) C(5) C(6) R(x) 11 sets: R(x), R(y), R(f), R(g), C(1),, C(7); all being subsets of the set Abstr of function abstractions the constraints can be reformulated as a function: F : P(Abstr) 11 P(Abstr) 11 we want the least fixed point of F this is the best solution to the constraint system P(S) is the set of all subsets of the set S; eg P({0, 1}) ={, {0}, {1}, {0, 1}} (fn x => (x 1 7 2 ) 3 ) C(5) C(3) C(7) PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 50

The constraints define a function {fn x => (x 1 7 2 ) 3 } R(f) {fn y => y 4 } R(g) R(x) C(1) R(y) C(4) R(f) C(5) R(g) C(6) (fn y => y 4 ) C(1) C(2) R(y) (fn y => y 4 ) C(1) C(4) C(3) (fn x => (x 1 7 2 ) 3 ) C(1) C(2) R(x) (fn x => (x 1 7 2 ) 3 ) C(1) C(3) C(3) (fn y => y 4 ) C(5) C(6) R(y) (fn y => y 4 ) C(5) C(4) C(7) (fn x => (x 1 7 2 ) 3 ) C(5) C(6) R(x) (fn x => (x 1 7 2 ) 3 ) C(5) C(3) C(7) F : P(Abstr) 11 P(Abstr) 11 is defined by F R(f) (, R f, )= R f {fn x => (x 1 7 2 ) 3 } F C(1) (R x,, C 1, )=C 1 R x F R(y) (, R y,,c 1,C 2,,C 5,C 6, )= R y {a C 2 fn y => y 4 C 1 } {a C 6 fn y => y 4 C 5 } PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 51

How to solve the constraints Initialisation X 1 := ; ; X 11 := ; writing X 1,,X 11 for R(x),, R(g), C(1),, C(7) Iteration while X j = F Xj (X 1,,X 11 ) for some j do X j := F Xj (X 1,,X 11 ) The algorithm terminates and computes the least fixed point of F In practice we propagate smaller contributions than F Xj, eg a constraint at a time PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 52

The example constraint system The constraints: R x y f g 0 1 fn x => 3 2 fn x => 3 fn y => 4 3 fn x => 3 fn y => 4 4 fn x => 3 fn y => 4 5 fn y => 4 fn x => 3 fn y => 4 6 fn y => 4 fn x => 3 fn y => 4 C 1 2 3 4 5 6 7 0 1 2 3 fn x => 3 4 fn x => 3 fn y => 4 5 fn x => 3 fn y => 4 6 fn y => 4 fn x => 3 fn y => 4 {fn x => 3} R(f) (1) {fn y => 4} R(g) (2) R(x) C(1) (6) R(y) C(4) R(f) C(5) (3) R(g) C(6) (4) (fn y => 4) C(1) C(2) R(y) (fn y => 4) C(1) C(4) C(3) (fn x => 3) C(1) C(2) R(x) (fn x => 3) C(1) C(3) C(3) (fn y => 4) C(5) C(6) R(y) (fn y => 4) C(5) C(4) C(7) (fn x => 3) C(5) C(6) R(x) (5) (fn x => 3) C(5) C(3) C(7) PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 53

Why does it work? (1) A function f : P(S) P(S) is a monotone function if V V f(v ) f(v ) (the larger the argument the larger the result) V V f PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 54

Why does it work? (2) A set L equipped with an ordering satisfies the Ascending Chain Condition if all chains V 0 V 1 V 2 V 3 stabilise, that is, if there exists some n such that V n = V n+1 = V n+2 = If S is a finite set then P(S) equipped with the subset ordering satisfies the Ascending Chain Condition the chains cannot grow forever since each element is a subset of a finite set Fact For a given program Abstr will be a finite set so P(Abstr) with the subset ordering satisfies the Ascending Chain Condition PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 55

Why does it work? (3) Let f : P(S) P(S) be a monotone function Then f( ) f 2 ( ) f 3 ( ) Assume that S is a finite set; then the Ascending Chain Condition is satisfied This means that the chain cannot grow infinitely so there exists n such that f n ( ) =f n+1 ( ) = f n ( ) is the least fixed point of f lfp(f) =f n ( ) =f n+1 ( ) for some n f 3 ( ) f 2 ( ) f 1 ( ) PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 56

Correctness of the algorithm Initialisation X 1 := ; ; X 11 := ; Invariant: X F n ( ) since X = is the least element Iteration while X j = F Xj (X 1,,X 11 ) for some j do assume X is X and X F n ( ) X j := F Xj (X 1,,X 11 ) then X F( X ) F n+1 ( )=F n ( ) when lfp(f) =F n ( ) If the algorithm terminates then it computes the least fixed point of F The algorithm terminates because X j F Xj (X 1,,X 11 ) is only possible finitely many times since P(AbsExp) 11 satisfies the Ascending Chain Condition PPA Section 14 c FNielson & HRiis Nielson & CHankin (May 2005) 57

Abstract Interpretation Technique: Abstract Interpretation Example: Reaching Definitions analysis idea collecting semantics Galois connections Inducing the analysis PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 58

Abstract Interpretation program analysis old? program analysis new We have the analysis old: it has already been proved correct but it is inefficient, or maybe even uncomputable We want the analysis new: it has to be correct as well as efficient! Can we develop new from old? abstract interpretation! PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 59

Example: Collecting Semantics and Reaching Definitions collecting semantics CS calculate reaching definitions RD The collecting semantics CS collects the set of traces that can reach a given program point has an easy correctness proof is uncomputable The reaching definitions analysis RD is as before PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 60

Example: Collecting Semantics Collect the set of traces that reach a given program point {(x,?):(y,?):(z,?):(y,1):(z,2), (x,?):(y,?):(z,?):(y,1):(z,2):(z,4):(y,5), (x,?):(y,?):(z,?):(y,1):(z,2):(z,4):(y,5):(z,4):(y,5), } [y := x] 1 [z := 1] 2 [y > 0] 3 [z := z y] 4 [y := y 1] 5 {(x,?):(y,?):(z,?)} {(x,?):(y,?):(z,?):(y,1)} {(x,?):(y,?):(z,?):(y,1):(z,2)} [y := 0] 6 PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 61

How to proceed As before: extract a set of equations defining the possible sets of traces compute the least fixed point of the set of equations And furthermore: prove the correctness: the set of traces computed by the analysis is a superset of the possible traces PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 62

Two kinds of equations [x := a] CS () CS () {trace : (x, ) trace CS ()} = CS () [] 1 [] 2 CS ( 1 ) CS ( 2 ) CS () [] CS ( 1 ) CS ( 2 )=CS () PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 63

Flow through assignments and tests [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 od; CS (1) = {trace : (y, 1) trace CS (1)} CS (2) = {trace : (z, 2) trace CS (2)} CS (3) = CS (3) CS (4) = {trace : (z, 4) trace CS (4)} CS (5) = {trace : (y, 5) trace CS (5)} [y := 0] 6 CS (6) = {trace : (y, 6) trace CS (6)} 6 equations in CS (1),, CS (6) PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 64

Flow along the control [y := x] 1 ; [z := 1] 2 ; while [y > 0] 3 do [z := z y] 4 ; [y := y 1] 5 CS (1) = {(x,?) : (y,?) : (z,?)} CS (2) = CS (1) CS (3) = CS (2) CS (5) CS (4) = CS (3) CS (5) = CS (4) od; [y := 0] 6 CS (6) = CS (3) 6 equations in CS (1),, CS (6) PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 65

Summary of Collecting Semantics CS (1) = {trace :(y, 1) trace CS (1)} CS (2) = {trace :(z, 2) trace CS (2)} CS (3) = CS (3) CS (4) = {trace :(z, 4) trace CS (4)} CS (5) = {trace :(y, 5) trace CS (5)} CS (6) = {trace :(y, 6) trace CS (6)} CS (1) = {(x,?) : (y,?) : (z,?)} CS (2) = CS (1) CS (3) = CS (2) CS (5) CS (4) = CS (3) CS (5) = CS (4) 12 sets: CS (1),, CS (6) all being subsets of Trace 12 equations: CS j = G j (CS (1),, CS (6)) one function: G : P(Trace) 12 P(Trace) 12 we want the least fixed point of G but it is uncomputable! CS (6) = CS (3) PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 66

Example: Inducing an analysis Galois Connections A Galois connection between two sets is a pair of (α, γ) of functions between the sets satisfying X γ(y ) α(x) Y P(Trace) collecting semantics P(Var Lab) reaching definitions X γ(y ) α(x) Y γ α α: abstraction function γ: concretisation function PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 67

Semantically Reaching Definitions For a single trace: trace: SRD(trace): (x,?):(y,?):(z,?):(y,1):(z,2) {(x,?),(y,1),(z,2)} For a set of traces: X P(Trace): SRD(X): {(x,?):(y,?):(z,?):(y,1):(z,2), (x,?):(y,?):(z,?):(y,1):(z,2):(z,4):(y,5)} {(x,?),(y,1),(z,2),(z,4),(y,5)} PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 68

Galois connection for Reaching Definitions analysis α(x) = SRD(X) γ(y ) = {trace SRD(trace) Y } P(Trace) P(Var Lab) X γ(y ) α(x) Y γ α Galois connection: X γ(y ) α(x) Y PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 69

Inducing the Reaching Definitions analysis (1) Known: G (4) defined on P(Trace) the Galois connection (α, γ) Calculate: F (4) defined on P(Var Lab) as F (4) = α G (4) γ P(Trace) P(Var Lab) γ α G (4) F (4) = α G (4) γ PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 70

Inducing the Reaching Definitions analysis (2) RD (4) = F (4)(, RD (4), ) = α(g (4)(γ(, RD (4), ))) using F (4) = α G (4) γ = α({tr :(z, 4) tr γ(rd (4))}) using G (4)(, CS (4), )={tr :(z, 4) tr CS (4)} = SRD({tr :(z, 4) tr γ(rd (4))}) using α = SRD = (SRD({tr tr γ(rd (4))})\{(z,) Lab}) {(z, 4)} = (α(γ(rd (4))\{(z,) Lab}) {(z, 4)} using α = SRD = (RD (4)\{(z,) Lab}) {(z, 4)} using α γ = id just as before! PPA Section 15 c FNielson & HRiis Nielson & CHankin (May 2005) 71

Type and Effect Systems Technique: Annotated Type Systems Example: Reaching Definitions analysis idea annotated base types annotated type constructors PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 72

The while language syntax of statements: S ::= [x:=a] S 1 ; S 2 if [b] then S 1 else S 2 fi while [b] do S od semantics: statements map states to states types: Σ is the type of states; all statements S have type Σ Σ written S :Σ Σ PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 73

Annotated base types type of initial state type of final state(s) Analysis: S : Σ Σ Idea: RD 1 RD (init(s)) final(s) : RD () RD 2 S : RD 1 RD 2 analysis information analysis information for initial state for final state(s) PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 74

Annotated type system (1) [x:=a] : RD before (RD \ {(x, ) Lab}) {(x, )} after S 1 : RD 1 RD 2 S 2 : RD 2 RD 3 S 1 ; S 2 : RD 1 before RD 3 after assumptions conclusion Implicit: the analysis information at the exit of S 1 equals the analysis information at the entry of S 2 PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 75

Annotated type system (2) S 1 : RD 1 RD 2 S 2 : RD 1 RD 2 if [b] then S 1 else S 2 fi : RD 1 RD 2 Implicit: the two branches have the same analysis information at their respective entry and exit points S : RD RD while [b] do S od : RD RD Implicit: the occurrences of RD express an invariance ie a fixed point property! PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 76

Annotated type system (3) The subsumption rule: S : RD 1 RD 2 S : RD 1 RD 2 if RD 1 RD 1 and RD 2 RD 2 The rule is essential for the rules for conditional and iteration to work RD 1 RD 1 : strengthen the analysis information for the initial state RD 2 RD 2: weaken the analysis information for the final states PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 77

Example inference in the annotated type system Abbreviation: RD = {(x,?), (y, 1), (y, 5), (z, 2), (z, 4)} [z:=z*y] 4 : RD {(x,?), (y, 1), (y, 5), (z, 4)} [y:=y-1] 5 : {(x,?), (y, 1), (y, 5), (z, 4)} {(x,?), (y, 5), (z, 4)} [z:=z*y] 4 ; [y:=y-1] 5 : RD {(x,?), (y, 5), (z, 4)} [z:=z*y] 4 ; [y:=y-1] 5 : RD RD using {(x,?), (y, 5), (z, 4)} RD while [y>1] 3 do [z:=z*y] 4 ; [y:=y-1] 5 od: RD RD [y:=x] 1 ; [z:=1] 2 ; while [y>1] 3 do [z:=z*y] 4 ; [y:=y-1] 5 od; [y:=0] 6 : {(x,?), (y,?), (z,?)} {(x,?), (y, 6), (z, 2), (z, 4)} PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 78

How to automate the analysis Specification Implementation annotated type system (axioms and rules) extract constraints from the program compute the least solution to the constraints PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 79

Change of abstraction level: annotated type constructors Until now: given a statement and a specific entry information RD we determine the specific exit information RD Now: given a statement we determine how entry information is transformed into exit information PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 80

Annotated type constructors type of initial state type of final state(s) Analysis: S : Σ Σ S : Σ X RD reaching definitions that set of variables might be produced by S definitely assigned by S Σ PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 81

Annotated type constructors (1) [x:=a] :Σ {x} {(x,)} Σ {x} : variables definitely assigned {(x, )} : potential reaching definitions S 1 :Σ X 1 RD Σ S 1 2 :Σ X 2 RD Σ 2 X S 1 ; S 2 :Σ 1 X 2 Σ (RD 1 \X 2 ) RD 2 X 1 X 2 : variables definitely assigned (RD 1 \ X 2 ) RD 2 : potential reaching definitions PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 82

Annotated type constructors (2) S 1 :Σ X 1 RD 1 Σ S 2 :Σ X 2 RD 2 Σ if [b] then S 1 else S 2 fi :Σ X 1 X 2 RD 1 RD 2 Σ X 1 X 2 : variables definitely assigned RD 1 RD 2 : potential reaching definitions S :Σ X RD Σ while [b] do S od : Σ RD Σ : variables definitely assigned RD : potential reaching definitions PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 83

Annotated type constructors (3) Subsumption rule: S :Σ S :Σ X RD Σ X RD Σ if X X and RD RD (variables definite assigned) (potential reaching definitions) the rule can be omitted! PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 84

Example inference in the annotated type system [z:=z*y] 4 : Σ {z} {(z,4)} Σ [y:=y-1] 5 : Σ [z:=z*y] 4 ; [y:=y-1] 5 : Σ {y} {(y,5)} Σ {y,z} {(y,5),(z,4)} Σ while [y>1] 3 do [z:=z*y] 4 ; [y:=y-1] 5 od: Σ {(y,5),(z,4)} Σ [y:=x] 1 ; [z:=1] 2 ; while [y>1] 3 do [z:=z*y] 4 ; [y:=y-1] 5 od; [y:=0] 6 : Σ {y,z} {(y,6),(z,2),(z,4)} Σ PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 85

How to automate the analysis Specification Implementation annotated type system (axioms and rules) extract constraints from the program compute the least solution to the constraints PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 86

Type and Effect Systems Technique: Effect systems Example: Call Tracking analysis idea simple type system effect system PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 87

The fun language syntax of expressions e ::= x fn π x => e e 1 e 2 π names the function abstraction types τ ::= int bool τ 1 τ 2 f has type τ 1 τ 2 means that f expects a parameter of type τ 1 f returns a value of type τ 2 PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 88

Call Tracking analysis let f = fn F x => x 7 g = fn G y => y h = fn H z => z in f g + f (h g) g 7 f g g 7 Aim: For each function application, which function abstractions might be applied during its execution? function applications x 7 f g h g f (h g) function abstractions that might be applied during its execution G, H F, G H, G F, H, G PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 89

Simple types let f = fn F x => x 7 f: (int int) int g = fn G y => y g: int int h = fn H z => z h: (int int) (int int) in f g + f (h g) int Simple type system type environment: Γ gives types to the variables (like R) an expression e has type τ relative to type environment Γ (like C) Γ e : τ PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 90

A simple type system Γ x : τ x if Γ(x) =τ x Γ[x τ x ] e : τ Γ fn π x => e : τ x τ guess: τ x is the type of the argument x Γ e 1 : τ 2 τ, Γ e 2 : τ 2 Γ e 1 e 2 : τ the type of the formal parameter equals that of the actual parameter PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 91

Effect systems Call Tracking analysis: For each function application, which function abstractions might be applied during its execution? Idea: Annotate the function arrows with sets of names of function abstractions that might be applied when calling the function the type of functions ϕ τ 1 from τ τ2 1 to τ 2 that might call functions with names in ϕ PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 92

Example: Types and Effects let f = fn F x => x 7 f: (int {G} int) {F,G} int g = fn G y => y g: int {G} int h = fn H z => z h: (int {G} int) {H} (int {G} int) in f g + f (h g) int & {F, G, H} the effect of executing f g + f (g h) PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 93

The effect system Γ x : τ x & if Γ(x) =τ x variables have no effect Γ[x τ x ] e : τ & ϕ ϕ {π} Γ fn π x => e : τ x τ & Γ e 1 : τ 2 ϕ τ & ϕ1 Γ e 2 : τ 2 & ϕ 2 Γ e 1 e 2 : τ & ϕ 1 ϕ 2 ϕ the latent effect consists of that of the function body the function itself the function abstraction itself has no effect the overall effect comes from evaluating the function evaluating the argument evaluating the function application: the latent effect! PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 94

The effect system The subsumption rule: Γ e : τ & ϕ Γ e : τ & ϕ ϕ the names of functions that may be applied PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 95

Example (1) let f = fn F x => x 7 g = fn G y => y h = fn H z => z in f g + f (h g) Γ[x τ x ] e : τ & ϕ ϕ Γ fn π x => e : τ {π} x τ & Γ e 1 : τ ϕ 2 τ & ϕ 1 Γ e 2 : τ 2 & ϕ 2 Γ e 1 e 2 : τ & ϕ 1 ϕ 2 ϕ [x int {G} int] x : int {G} int & [x int {G} int] 7 : int & [x int {G} int] x7: int & {G} [] fn F x => x7:(int {G} int) {F,G} int & PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 96

Example (2) let f = fn F x => x 7 g = fn G y => y h = fn H z => z in f g + f (h g) Γ[x τ x ] e : τ & ϕ ϕ Γ fn π x => e : τ {π} x τ & Γ e 1 : τ ϕ 2 τ & ϕ 1 Γ e 2 : τ 2 & ϕ 2 Γ e 1 e 2 : τ & ϕ 1 ϕ 2 ϕ Γ h :(int {G} int) {H} (int {G} int) & Γ g : int {G} int & Γ f :(int {G} int) {F,G} int & Γ hg: int {G} int & {H} Γ f (h g) : int & {F, G, H} PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 97

How to automate the analysis Specification Implementation annotated type system (axioms and rules) extract constraints from the program compute the least solution to the constraints PPA Section 16 c FNielson & HRiis Nielson & CHankin (May 2005) 98

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback