Motivation Intra-procedural analysis depends upon accurate - PowerPoint PPT Presentation

Motivation Intra-procedural analysis depends upon accurate control-flow information. In the presence of certain language features (e.g. indirect calls) it is nontrivial to predict accurately how control may flow at execution time — the naïve strategy is very imprecise. A constraint-based analysis called 0CFA can compute a more precise estimate of this information.

Constraint-based analysis Many of the analyses in this course can be thought of in terms of solving systems of constraints . For example, in LVA, we generate equality constraints from each instruction in the program: in-live ( m ) = ( out-live ( m ) ∖ def ( m )) ∪ ref ( m ) out-live ( m ) = in-live ( n ) ∪ in-live ( o ) in-live ( n ) = ( out-live ( n ) ∖ def ( n )) ∪ ref ( n ) … and then iteratively compute their minimal solution.

0CFA 0CFA — “zeroth-order control-flow analysis” — is a constraint-based analysis for discovering which values may reach different places in a program. When functions (or pointers to functions) are present, this provides information about which functions may be potentially be called at each call site. We can then build a more precise call graph.

Specimen language Functional languages are a good candidate for this kind of analysis; they have functions as first-class values, so control flow may be complex. We will use a minimal syntax for expressions: e ::= x | c | λ x . e | let x = e 1 in e 2 A program in this language is a closed expression.

Specimen program let id = λ x. x in id id 7

Program points let id = λ x. x in id id 7 let λ id @ x x @ 7 id id

Program points (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 let id = λ x. x in id id 7 let 1 λ id @ 2 3 6 x x @ 7 7 10 4 5 id id 8 9

Program points (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 Each program point i has an associated flow variable α i . Each α i represents the set of flow values which may be yielded at program point i during execution. For this language the flow values are integers and function closures; in this particular program, the only values available are 7 10 and ( λ x 4 . x 5 ) 3 .

Program points (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 The precise value of each α i is undecidable in general, so our analysis will compute a safe overapproximation. From the structure of the program we can generate a set of constraints on the flow variables, which we can then treat as data-flow inequations and iteratively compute their least solution.

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 α a ⊇ { c a } c a

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 α 10 ⊇ { 7 10 } 7 10

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 ( λ x a . e b ) c α c ⊇ { ( λ x a . e b ) c } α 10 ⊇ { 7 10 }

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 ( λ x 4 . x 5 ) 3 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 10 ⊇ { 7 10 }

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 λ x b . ... ... x a α a ⊇ α b let x b = ... ... x a α 10 ⊇ { 7 10 } α 3 ⊇ { ( λ x 4 . x 5 ) 3 }

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 λ x 4 . ... x 5 ... α 5 ⊇ α 4 α 8 ⊇ α 2 let id 2 = ... id 8 ... α 9 ⊇ α 2 let id 2 = ... id 9 ... α 10 ⊇ { 7 10 } α 3 ⊇ { ( λ x 4 . x 5 ) 3 }

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 α d ⊇ α c (let _ a = _ b in _ c ) d α a ⊇ α b α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 α 5 ⊇ α 4

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 α 1 ⊇ α 6 (let _ 2 = _ 3 in _ 6 ) 1 α 2 ⊇ α 3 α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 α 5 ⊇ α 4

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 ( α b ↦ α c ) ⊇ α a (_ a _ b ) c α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 α 5 ⊇ α 4 α 1 ⊇ α 6

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 ( α 9 ↦ α 7 ) ⊇ α 8 (_ 8 _ 9 ) 7 ( α 10 ↦ α 6 ) ⊇ α 7 (_ 7 _ 10 ) 6 α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 α 5 ⊇ α 4 α 1 ⊇ α 6

Generating constraints (let id 2 = ( λ x 4 . x 5 ) 3 in ((id 8 id 9 ) 7 7 10 ) 6 ) 1 α 10 ⊇ { 7 10 } α 1 ⊇ α 6 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 2 ⊇ α 3 α 5 ⊇ α 4 ( α 9 ↦ α 7 ) ⊇ α 8 α 8 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 9 ⊇ α 2

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 1 = { } α 6 = { } α 2 = { } α 7 = { } α 3 = { } α 8 = { } α 4 = { } α 9 = { } α 5 = { } α 10 = { }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 1 = { } α 6 = { } α 2 = { } α 7 = { } α 3 = { } α 8 = { } α 4 = { } α 9 = { } α 5 = { } α 10 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 1 = { } α 6 = { } α 2 = { } α 7 = { } α 3 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { } α 4 = { } α 9 = { } α 5 = { } α 10 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 1 = { } α 6 = { } α 2 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { } α 4 = { } α 9 = { } α 5 = { } α 10 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 1 = { } α 6 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { } α 8 = { ( λ x 4 . x 5 ) 3 } α 4 = { } α 9 = { } α 5 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 1 = { } α 6 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { } α 8 = { ( λ x 4 . x 5 ) 3 } α 4 = { } α 9 = { ( λ x 4 . x 5 ) 3 } α 9 = { } α 5 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 1 = { } α 6 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { } α 8 = { ( λ x 4 . x 5 ) 3 } α 4 = { } α 9 = { ( λ x 4 . x 5 ) 3 } α 9 = { } α 5 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 7 ⊇ α 5 α 4 ⊇ α 9 α 1 = { } α 6 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { ( λ x 4 . x 5 ) 3 } α 8 = { } α 4 = { ( λ x 4 . x 5 ) 3 } α 4 = { } α 9 = { } α 9 = { ( λ x 4 . x 5 ) 3 } α 5 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 7 ⊇ α 5 α 4 ⊇ α 9 α 1 = { } α 6 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { ( λ x 4 . x 5 ) 3 } α 4 = { ( λ x 4 . x 5 ) 3 } α 9 = { ( λ x 4 . x 5 ) 3 } α 5 = { ( λ x 4 . x 5 ) 3 } α 5 = { } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 7 ⊇ α 5 α 4 ⊇ α 9 α 1 = { } α 6 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { ( λ x 4 . x 5 ) 3 } α 4 = { ( λ x 4 . x 5 ) 3 } α 9 = { ( λ x 4 . x 5 ) 3 } α 5 = { } α 5 = { ( λ x 4 . x 5 ) 3 } α 10 = { 7 10 }

Solving constraints α 10 ⊇ { 7 10 } α 8 ⊇ α 2 α 2 ⊇ α 3 ( α 9 ↦ α 7 ) ⊇ α 8 α 3 ⊇ { ( λ x 4 . x 5 ) 3 } α 9 ⊇ α 2 ( α 10 ↦ α 6 ) ⊇ α 7 α 5 ⊇ α 4 α 1 ⊇ α 6 α 7 ⊇ α 5 α 4 ⊇ α 9 α 1 = { } α 6 = { } α 2 = { ( λ x 4 . x 5 ) 3 } α 7 = { ( λ x 4 . x 5 ) 3 } α 7 = { } α 3 = { ( λ x 4 . x 5 ) 3 } α 8 = { ( λ x 4 . x 5 ) 3 } α 4 = { ( λ x 4 . x 5 ) 3 } α 9 = { ( λ x 4 . x 5 ) 3 } α 5 = { } α 5 = { ( λ x 4 . x 5 ) 3 } α 10 = { 7 10 }