Abstraction Example boolean b = mystery(); if(b) { x = 1; y = 3; - PowerPoint PPT Presentation

Abstraction Example boolean b = mystery(); if(b) { x = 1; y = 3; } else { x = 3; y = 4; } z = x + y;

Abstraction Example boolean b = mystery(); < b is true or false; > if(b) { x = 1; y = 3; } else { x = 3; y = 4; } z = x + y;

Abstraction Example boolean b = mystery(); < b is true or false; > if(b) { x = 1; y = 3; } else { x = 3; y = 4; } < x is 1 or 3; y is 3 or 4; > z = x + y;

Abstraction Example boolean b = mystery(); < b is true or false; > if(b) { x = 1; y = 3; } else { x = 3; y = 4; } < x is 1 or 3; y is 3 or 4; > z = x + y; < z is 4 or 5 or 6 or 7; >

Basic Block Graph

A Path f write(c) ( f c = a+b ( f b = 3 ( f a = 2 ( f n < 0 ( f read(n) (init))))))

Another Path f write(c) ( f c = a+b ( f b = 4 ( f a = 1 ( f n < 0 ( f read(n) (init))))))

Summarizing Paths f write(c) ( f c = a+b ( f b = 3 ( f a = 2 ( f n < 0 ( f read(n) (init)))))) ⊔ f write(c) ( f c = a+b ( f b = 4 ( f a = 1 ( f n < 0 ( f read(n) (init))))))

Definitions Definition A partially ordered set (poset) is a set with a binary relation ⊑ that is reflexive ( x ⊑ x ), transitive ( x ⊑ y ∧ y ⊑ z = ⇒ x ⊑ z ), and antisymmetric ( x ⊑ y ∧ y ⊑ x = ⇒ y = x ).

Definitions Definition z is an upper bound of x and y if x ⊑ z and y ⊑ z . Definition z is a least upper bound of x and y if z is an upper bound of x and y , and for all upper bounds v of x and y , z ⊑ v . Definition A lattice is a poset such that for every pair of elements x , y , there exists a least upper bound = join = x ⊔ y , and a greatest lower bound = meet = x ⊓ y .

Definitions Definition In a complete lattice, ⊔ and ⊓ exist for all (possibly infinite) subsets of elements. Definition A bounded lattice contains two elements: ⊤ = top such that ∀ x . x ⊑ ⊤ ⊥ = bottom such that ∀ x . ⊥ ⊑ x Note: all complete lattices are bounded. (Why?) Note: all finite lattices are complete. (Why?)

Definitions Definition A chain is a set C of elements such that for all x , y ∈ C , x ⊑ y or x ⊒ y . Definition The height of a lattice is the cardinality of the longest chain. In program analysis, we are particularly interested in whether the height of a lattice is finite.

Definitions Powerset Lattice IF F is a set, THEN the powerset P ( F ) with ⊑ defined as ⊆ (or as ⊇ ) is a lattice.

Definitions Powerset Lattice IF F is a set, THEN the powerset P ( F ) with ⊑ defined as ⊆ (or as ⊇ ) is a lattice. Product Lattice IF L A and L B are lattices, THEN their product L A × L B with ⊑ defined as ( a 1 , b 1 ) ⊑ ( a 2 , b 2 ) if a 1 ⊑ a 2 and b 1 ⊑ b 2 is also a lattice.

Definitions Powerset Lattice IF F is a set, THEN the powerset P ( F ) with ⊑ defined as ⊆ (or as ⊇ ) is a lattice. Product Lattice IF L A and L B are lattices, THEN their product L A × L B with ⊑ defined as ( a 1 , b 1 ) ⊑ ( a 2 , b 2 ) if a 1 ⊑ a 2 and b 1 ⊑ b 2 is also a lattice. Map Lattice IF F is a set and L is a lattice, THEN the set of maps F → L with ⊑ defined as m 1 ⊑ m 2 if ∀ f ∈ F . m 1 ( f ) ⊑ m 2 ( f ) is also a lattice.

Dataflow Framework For each statement S in the control-flow graph, define a f S : L → L .

Dataflow Framework For each statement S in the control-flow graph, define a f S : L → L . For a path P = S 0 S 1 S 2 . . . S n through the control-flow graph, define f P ( x ) = f n ( . . . f 2 ( f 1 ( f 0 ( x )))).

Dataflow Framework For each statement S in the control-flow graph, define a f S : L → L . For a path P = S 0 S 1 S 2 . . . S n through the control-flow graph, define f P ( x ) = f n ( . . . f 2 ( f 1 ( f 0 ( x )))). Goal: find the join-over-all-paths (MOP): � MOP( n , x ) = f P ( x ) P is path from S 0 to S n

Dataflow Framework For each statement S in the control-flow graph, define a f S : L → L . For a path P = S 0 S 1 S 2 . . . S n through the control-flow graph, define f P ( x ) = f n ( . . . f 2 ( f 1 ( f 0 ( x )))). Goal: find the join-over-all-paths (MOP): � MOP( n , x ) = f P ( x ) P is path from S 0 to S n This is undecidable in general. [Kam, Ullman 1977]

Dataflow Framework For each statement S in the control-flow graph, choose a f S : L → L . Goal: For each statement S in the control-flow graph, find V Sin ∈ L and V Sout ∈ L satisfying: V Sout = f S ( V Sin ) � V Sin = V Pout P ∈ PRED ( S ) Property: MOP( n , x ) ⊑ LFP( n , x )

MOP vs. fixed point MOP = f D ( f B ( f A (init))) ⊔ f D ( f C ( f A (init))) V Bout = f B ( f A (init)) V Cout = f C ( f A (init)) V Din = f B ( f A (init)) ⊔ f C ( f A (init)) V Dout = f D ( f B ( f A (init)) ⊔ f C ( f A (init)))

Fixed Points Fixed Point x is a fixed point of F if F ( x ) = x .

Fixed Points Fixed Point x is a fixed point of F if F ( x ) = x . Monotone Function A function f : L A → L B is monotone if x ⊑ y = ⇒ f ( x ) ⊑ f ( y ).

Fixed Points Fixed Point x is a fixed point of F if F ( x ) = x . Monotone Function A function f : L A → L B is monotone if x ⊑ y = ⇒ f ( x ) ⊑ f ( y ). Knaster-Tarski Fixed Point Theorem IF L is a complete lattice and f : L → L is monotone, THEN the set of fixed points of f is a complete sub-lattice. � f ( n ) ( ⊥ ) n ≥ 0 is the least fixed point of L (i.e. the ⊥ of the sub-lattice of fixed points).

Sketch of Dataflow Algorithm Define a big product lattice 1 � L = L s in × L s out s ∈ statements Define a big function 2 F : L → L   � F ( V s 1 in , V s 1 out , . . . ) = V p out , f s 1 ( V s 1 in ) , . . .   p ∈ PRED ( s 1 ) Iteratively compute least fixed point 3 � F ( n ) ( ⊥ ) n ≥ 0

An Analogy To solve x = 3 x + 4 y y = 5 x + 2 y Define F ( x , y ) = (3 x + 4 y , 5 x + 2 y ) Find fixed point ( x ′ , y ′ ) of F . Then ( x ′ , y ′ ) = F ( x ′ , y ′ ) = (3 x ′ + 4 y ′ , 5 x ′ + 2 y ′ ) So the fixed point ( x ′ , y ′ ) solves the system.

Dataflow Algorithm initialize out[s] = in[s] = ⊥ for all s add all statements to worklist while worklist not empty remove s from worklist in[s] = � p ∈ PRED(s) . out[p] out[s] = f_s(in[s]) if out[s] has changed add successors of s to worklist end if end while

MOP ⊑ LFP ⊤ GFP Every solution S ⊒ actual is fixed points safe. MOP ⊒ actual LFP LFP ⊒ MOP MOP Distributive flow function = ⇒ LFP = MOP actual ⊥

Distributivity Monotone Function A function f : L A → L B is monotone if x ⊑ y = ⇒ f ( x ) ⊑ f ( y ). Theorem IF f is monotone, THEN f ( x ) ⊔ f ( y ) ⊑ f ( x ⊔ y ). Distributive Function A function f : L A → L B is distributive if f ( x ) ⊔ f ( y ) = f ( x ⊔ y ).

Designing a Dataflow Analysis Forwards or backwards? 1 What are the lattice elements? 2 Must the property hold on all paths, or must there exist a 3 path? (What is the join operator?) On a given path, what are we trying to compute? What 4 are the flow equations? What values hold for program entry points? 5 (What is the initial estimate?) 6 It’s the unique element ⊥ such that ∀ x . ⊥ ⊔ x = x .

Pessimistic vs. Optimistic Analysis ⊤ GFP � F ( n ) ( ⊥ ) LFP = n ≥ 0 fixed points � F ( n ) ( ⊤ ) GFP = n ≥ 0 LFP If we start from ⊤ instead of ⊥ , MOP we can stop early before reaching the fixed point, but we may get an actual imprecise result. ⊥