Principles of Program Analysis: Data Flow Analysis Transparencies - PowerPoint PPT Presentation

Principles of Program Analysis: Data Flow Analysis Transparencies based on Chapter 2 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag 2005. c � Flemming Nielson & Hanne Riis Nielson & Chris Hankin. PPA Chapter 2 1 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Example Language Syntax of While-programs ::= a x | n | a 1 op a a 2 b ::= true | false | not b | b 1 op b b 2 | a 1 op r a 2 [ x := a ] ` | [ skip ] ` | S 1 ; S 2 | ::= S if [ b ] ` then S 1 else S 2 | while [ b ] ` do S Example: [ z:=1 ] 1 ; while [ x>0 ] 2 do ([ z:=z*y ] 3 ; [ x:=x-1 ] 4 ) Abstract syntax – parentheses are inserted to disambiguate the syntax PPA Section 2.1 2 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Building an “Abstract Flowchart” Example: [ z:=1 ] 1 ; while [ x>0 ] 2 do ([ z:=z*y ] 3 ; [ x:=x-1 ] 4 ) ? init ( · · · ) = 1 [ z:=1 ] 1 final ( · · · ) = { 2 } ? ? no [ x>0 ] 2 - labels ( · · · ) = { 1 , 2 , 3 , 4 } yes ? flow ( · · · ) = { (1 , 2) , (2 , 3) , [ z:=z*y ] 3 (3 , 4) , (4 , 2) } ? flow R ( · · · ) = { (2 , 1) , (2 , 4) , [ x:=x-1 ] 4 (3 , 2) , (4 , 3) } PPA Section 2.1 3 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Initial labels init ( S ) is the label of the first elementary block of S : init : Stmt ! Lab init ([ x := a ] ` ) = ` init ([ skip ] ` ) = ` init ( S 1 ; S 2 ) = init ( S 1 ) init ( if [ b ] ` then S 1 else S 2 ) = ` init ( while [ b ] ` do S ) = ` Example: init ([ z:=1 ] 1 ; while [ x>0 ] 2 do ([ z:=z*y ] 3 ; [ x:=x-1 ] 4 )) = 1 PPA Section 2.1 4 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Final labels final ( S ) is the set of labels of the last elementary blocks of S : final : Stmt ! P ( Lab ) final ([ x := a ] ` ) = { ` } final ([ skip ] ` ) = { ` } final ( S 1 ; S 2 ) = final ( S 2 ) final ( if [ b ] ` then S 1 else S 2 ) = final ( S 1 ) [ final ( S 2 ) final ( while [ b ] ` do S ) = { ` } Example: final ([ z:=1 ] 1 ; while [ x>0 ] 2 do ([ z:=z*y ] 3 ; [ x:=x-1 ] 4 )) = { 2 } PPA Section 2.1 5 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Labels labels ( S ) is the entire set of labels in the statement S : labels : Stmt ! P ( Lab ) labels ([ x := a ] ` ) = { ` } labels ([ skip ] ` ) = { ` } labels ( S 1 ; S 2 ) = labels ( S 1 ) [ labels ( S 2 ) labels ( if [ b ] ` then S 1 else S 2 ) = { ` } [ labels ( S 1 ) [ labels ( S 2 ) labels ( while [ b ] ` do S ) { ` } [ labels ( S ) = Example labels ([ z:=1 ] 1 ; while [ x>0 ] 2 do ([ z:=z*y ] 3 ; [ x:=x-1 ] 4 )) = { 1 , 2 , 3 , 4 } PPA Section 2.1 6 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Flows and reverse flows flow ( S ) and flow R ( S ) are representations of how control flows in S : flow , flow R : Stmt ! P ( Lab ⇥ Lab ) flow ([ x := a ] ` ) = ; flow ([ skip ] ` ) = ; flow ( S 1 ; S 2 ) = flow ( S 1 ) [ flow ( S 2 ) [ { ( ` , init ( S 2 )) | ` 2 final ( S 1 ) } flow ( if [ b ] ` then S 1 else S 2 ) = flow ( S 1 ) [ flow ( S 2 ) [ { ( ` , init ( S 1 )) , ( ` , init ( S 2 )) } flow ( while [ b ] ` do S ) = flow ( S ) [ { ( ` , init ( S )) } [ { ( ` 0 , ` ) | ` 0 2 final ( S ) } { ( ` , ` 0 ) | ( ` 0 , ` ) 2 flow ( S ) } flow R ( S ) = PPA Section 2.1 7 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Elementary blocks A statement consists of a set of elementary blocks blocks : Stmt ! P ( Blocks ) blocks ([ x := a ] ` ) { [ x := a ] ` } = blocks ([ skip ] ` ) { [ skip ] ` } = blocks ( S 1 ; S 2 ) = blocks ( S 1 ) [ blocks ( S 2 ) blocks ( if [ b ] ` then S 1 else S 2 ) { [ b ] ` } [ blocks ( S 1 ) [ blocks ( S 2 ) = blocks ( while [ b ] ` do S ) { [ b ] ` } [ blocks ( S ) = A statement S is label consistent if and only if any two elementary statements [ S 1 ] ` and [ S 2 ] ` with the same label in S are equal: S 1 = S 2 A statement where all labels are unique is automatically label consistent PPA Section 2.1 8 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Intraprocedural Analysis Classical analyses: • Available Expressions Analysis • Reaching Definitions Analysis • Very Busy Expressions Analysis • Live Variables Analysis Derived analysis: • Use-Definition and Definition-Use Analysis PPA Section 2.1 9 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Available Expressions Analysis The aim of the Available Expressions Analysis is to determine For each program point, which expressions must have already been computed, and not later modified, on all paths to the pro- gram point. Example: point of interest + [ x:= a+b ] 1 ; [ y:=a*b ] 2 ; while [ y> a+b ] 3 do ([ a:=a+1 ] 4 ; [ x:= a+b ] 5 ) The analysis enables a transformation into [ x:= a+b ] 1 ; [ y:=a*b ] 2 ; while [ y> x ] 3 do ([ a:=a+1 ] 4 ; [ x:= a+b ] 5 ) PPA Section 2.1 10 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Available Expressions Analysis – the basic idea X 1 X 2 HHHHHHHHHHHHHHHH � � � � � � � � � � � � � � � j � ⇡ N = X 1 \ X 2 x := a kill z }| { X = ( N \ { expressions with an x } ) [ { subexpressions of a without an x } | {z } ? gen PPA Section 2.1 11 c � F.Nielson & H.Riis Nielson & C.Hankin (May 2005)

Available Expressions Analysis kill and gen functions { a 0 2 AExp ? | x 2 FV ( a 0 ) } kill AE ([ x := a ] ` ) = kill AE ([ skip ] ` ) = ; kill AE ([ b ] ` ) = ; { a 0 2 AExp ( a ) | x 62 FV ( a 0 ) } gen AE ([ x := a ] ` ) = gen AE ([ skip ] ` ) = ; gen AE ([ b ] ` ) = AExp ( b ) data flow equations: AE = ( ; if ` = init ( S ? ) AE entry ( ` ) = T { AE exit ( ` 0 ) | ( ` 0 , ` ) 2 flow ( S ? ) } otherwise ( AE entry ( ` ) \ kill AE ( B ` )) [ gen AE ( B ` ) AE exit ( ` ) = where B ` 2 blocks ( S ? ) PPA Section 2.1 12 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Example: [ x:=a+b ] 1 ; [ y:=a*b ] 2 ; while [ y>a+b ] 3 do ([ a:=a+1 ] 4 ; [ x:=a+b ] 5 ) kill and gen functions: kill AE ( ` ) gen AE ( ` ) ` 1 ; { a+b } 2 ; { a*b } 3 ; { a+b } 4 { a+b , a*b , a+1 } ; 5 ; { a+b } PPA Section 2.1 13 c � F.Nielson & H.Riis Nielson & C.Hankin (May 2005)

Example (cont.): [ x:=a+b ] 1 ; [ y:=a*b ] 2 ; while [ y>a+b ] 3 do ([ a:=a+1 ] 4 ; [ x:=a+b ] 5 ) Equations: AE entry (1) = ; AE entry (2) = AE exit (1) AE entry (3) = AE exit (2) \ AE exit (5) AE entry (4) = AE exit (3) AE entry (5) = AE exit (4) AE exit (1) = AE entry (1) [ { a+b } AE exit (2) = AE entry (2) [ { a*b } AE exit (3) = AE entry (3) [ { a+b } AE exit (4) = AE entry (4) \{ a+b , a*b , a+1 } AE exit (5) = AE entry (5) [ { a+b } PPA Section 2.1 14 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Example (cont.): [ x:=a+b ] 1 ; [ y:=a*b ] 2 ; while [ y> a+b ] 3 do ([ a:=a+1 ] 4 ; [ x:=a+b ] 5 ) Largest solution: AE entry ( ` ) AE exit ( ` ) ` 1 ; { a+b } 2 { a+b } { a+b , a*b } 3 { a+b } { a+b } 4 ; { a+b } 5 ; { a+b } PPA Section 2.1 15 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Why largest solution? [ z:=x+y ] ` ; while [ true ] ` 0 do [ skip ] ` 00 Equations: ? [ · · · ] ` AE entry ( ` ) = ; AE entry ( ` 0 ) = AE exit ( ` ) \ AE exit ( ` 00 ) AE entry ( ` 00 ) = AE exit ( ` 0 ) ? ? no [ · · · ] ` 0 - AE exit ( ` ) = AE entry ( ` ) [ { x+y } yes AE exit ( ` 0 ) = AE entry ( ` 0 ) ? [ · · · ] ` 00 AE exit ( ` 00 ) = AE entry ( ` 00 ) After some simplification: AE entry ( ` 0 ) = { x+y } \ AE entry ( ` 0 ) Two solutions to this equation: { x+y } and ; PPA Section 2.1 16 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Reaching Definitions Analysis The aim of the Reaching Definitions Analysis is to determine For each program point, which assignments may have been made and not overwritten, when program execution reaches this point along some path. Example: point of interest + [ x:=5 ] 1 ; [ y:=1 ] 2 ; while [ x>1 ] 3 do ([ y:=x*y ] 4 ; [ x:=x-1 ] 5 ) useful for definition-use chains and use-definition chains PPA Section 2.1 17 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Reaching Definitions Analysis – the basic idea X 1 X 2 HHHHHHHHHHHHHHHH � � � � � � � � � � � � � � � j � ⇡ N = X 1 [ X 2 [ x := a ] ` kill z }| { X = ( N \ { ( x, ?) , ( x, 1) , · · ·} ) [ { ( x, ` ) } | {z } ? gen PPA Section 2.1 18 c � F.Nielson & H.Riis Nielson & C.Hankin (May 2005)

Reaching Definitions Analysis kill and gen functions kill RD ([ x := a ] ` ) = { ( x, ?) } [ { ( x, ` 0 ) | B ` 0 is an assignment to x in S ? } kill RD ([ skip ] ` ) = ; kill RD ([ b ] ` ) = ; gen RD ([ x := a ] ` ) = { ( x, ` ) } gen RD ([ skip ] ` ) = ; gen RD ([ b ] ` ) = ; data flow equations: RD = ( { ( x, ?) | x 2 FV ( S ? ) } if ` = init ( S ? ) RD entry ( ` ) = S { RD exit ( ` 0 ) | ( ` 0 , ` ) 2 flow ( S ? ) } otherwise ( RD entry ( ` ) \ kill RD ( B ` )) [ gen RD ( B ` ) RD exit ( ` ) = where B ` 2 blocks ( S ? ) PPA Section 2.1 19 � F.Nielson & H.Riis Nielson & C.Hankin (May 2005) c

Example: [ x:=5 ] 1 ; [ y:=1 ] 2 ; while [ x>1 ] 3 do ([ y:=x*y ] 4 ; [ x:=x-1 ] 5 ) kill and gen functions: kill RD ( ` ) gen RD ( ` ) ` 1 { ( x , ?) , ( x , 1) , ( x , 5) } { ( x , 1) } 2 { ( y , ?) , ( y , 2) , ( y , 4) } { ( y , 2) } 3 ; ; 4 { ( y , ?) , ( y , 2) , ( y , 4) } { ( y , 4) } 5 { ( x , ?) , ( x , 1) , ( x , 5) } { ( x , 5) } PPA Section 2.1 20 c � F.Nielson & H.Riis Nielson & C.Hankin (May 2005)