Lecture 9: Interprocedural Analysis
20
Lecture 9: Interprocedural Analysis 17-355/17-655/17-819: Program Analysis Rohan Padhye and Jonathan Aldrich March 4, 2021 * Course materials developed with Claire Le Goues 1 (c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Transcript of Lecture 9: Interprocedural Analysis
Lecture 9: InterproceduralAnalysis
17-355/17-655/17-819: Program AnalysisRohan Padhye and Jonathan Aldrich
March 4, 2021
* Course materials developed with Claire Le Goues
1(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Extend WHILE with functions
2(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Extend WHILE3ADDR with functions
3(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Extend WHILE3ADDR with functions
4(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Extend WHILE3ADDR with functions
5(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
HOW DO WE ANALYZE THESE PROGRAMS?Data-Flow Analysis
6(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Approach #1: Analyze functions independently• Pretend function f() cannot see the source of function g()• Simulates separate compilation and dynamic linking (e.g. C, Java)• Create CFG for each function body and run intraprocedural analysis• Q: What should be is 𝜎! and𝑓" 𝑥 ≔ 𝑔(𝑦) and 𝑓" return 𝑥 for zero
analysis?
7(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Can we show that division on line 2 is safe?
8(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Approach #2: User-defined Annotations
9(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
@NonZero -> @NonZero
Approach #2: User-defined Annotations
10(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
@NonZero -> @NonZero @NonZero -> @NonZero
Error!
Approach #2: User-defined Annotations
11(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
@NonZero -> @NonZero @Any -> @NonZero
Error!
Approach #3: Interprocedural CFG
12(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
3:return𝑦
1:fun 𝑑𝑜𝑢𝑏𝑙𝑒(𝑥)
2:𝑦 ≔ 2 ∗ 𝑥
4:fun 𝑚𝑎𝑖𝑛()
7:…
5:𝑧 ≔ 0
local
6:𝑤 ≔ 𝑑𝑜𝑢𝑏𝑙𝑒(𝑧)returnw
call
𝑓! return 𝑥 "#$ 𝜎 = 𝑧 → 𝜎 𝑧 𝑧 ∈ 𝐺𝑙𝑜𝑏𝑎𝑙𝑠} ∪ {𝑟𝑒𝑡 → 𝜎(𝑥)}
𝑓! 𝑥 ≔ 𝑔 𝑦 %&'(% 𝜎 = 𝜎 \ ( 𝑥 ∪ 𝐺𝑙𝑜𝑏𝑎𝑙𝑠)𝑓! 𝑥 ≔ 𝑔 𝑦 '(%% 𝜎 = {𝑓𝑜𝑟𝑚𝑎𝑙 𝑔 → 𝜎 𝑦 }
Approach #3: Interprocedural CFG
13(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Exercise: What would be the result of zero analysis for this program on line 7 and at the end?
Approach #3: Interprocedural CFG
14(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
3:return𝑦
1:fun 𝑑𝑜𝑢𝑏𝑙𝑒(𝑥)
2:𝑦 ≔ 2 ∗ 𝑥
4:fun 𝑚𝑎𝑖𝑛()
7:z:=10/w
5:𝑧 ≔ 5
local
6:𝑤 ≔ 𝑑𝑜𝑢𝑏𝑙𝑒(𝑧)returnw
call
8:𝑧 ≔ 0
9:𝑤 ≔ 𝑑𝑜𝑢𝑏𝑙𝑒(𝑧)call
10:…localreturnw
Problems with Interprocedural CFG• Merges ( joins) information across call sites to same function• Loses precision• Models infeasible paths (call from one site and return to another)• Can we “remember” where to return data-flow values?
15(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
CONTEXT-SENSITIVE ANALYSISEnter:
16(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Context-Sensitive Analysis Example
17(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Key idea: Separate analyses for functions called in different ”contexts”.
(“context” = some statically definable condition)
Context-Sensitive Analysis Example
18(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Context 𝝈𝒊𝒏 𝝈𝒐𝒖𝒕
Line 6 {x->N} {x->N, y->N}
Line 9 {x->Z} {x->Z, y->Z}
Context-Sensitive Analysis Example
19(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Context 𝝈𝒊𝒏 𝝈𝒐𝒖𝒕
<main, T> T {w->Z, Z->Z}
<double, N> {x->N} {x->N, y->N}
<double, Z> {x->Z} {x->Z, y->Z}
20(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Context 𝝈𝒊𝒏 𝝈𝒐𝒖𝒕
<main, T> T {w->Z, Z->Z}
<double, N> {x->N} {x->N, y->N}
<double, Z> {x->Z} {x->Z, y->Z}
Works for non-recursive contexts!
