Optimizing the SPARKOptimizing the SPARKTMTM Program SlicerProgram Slicer

Ricky E. Sward and Leemon C. Baird IIIRicky E. Sward and Leemon C. Baird IIIDept of Computer ScienceDept of Computer Science

USAF AcademyUSAF Academyricky.sward@usafa.af.milricky.sward@usafa.af.mil

leemon.baird@usafa.af.milleemon.baird@usafa.af.mil

OverviewOverview

• Background on program slicing

• SPARK program slicer

• Glue code

• Useful SPARK features

• Proving functional equivalence

• Optimizations

Previous WorkPrevious Work

• Weiser [1] first defined program slicing– Slicers exist for C and Java– AdaSlicer has been built using ASIS [2]

• Program slicing is used in– Reengineering [3]– Program understanding– Testing and debugging

Program SlicingProgram Slicing

A

BC

E

D

Foo

A

B

D

Foo_D

A

CE

Foo_E

Functional EquivalenceFunctional Equivalence

• Must preserve functionality during slicing

• Avoid huge test suites

• Prove mathematically that functionality of original procedure is equivalent to functionality of collection of slices

• We need some way to “glue” slices back together to prove functional equivalence

SPARK Program SlicerSPARK Program Slicer

Num_Students

Min_ChoiceMax_Choice

Highest_Max

Lowest_Min

Gather_Summary_Info

Increment_Local : Integer := Increment_In;begin Increment_Local := Increment_Local + 1; Increment_Out := Increment_Local;end Gather_Summary_Info_Increment;

Increment_In Increment_Out

Gather_Summary_Info_Increment

IncrementIncrement

Gather_Summary_Info_Highest_Max

Gather_Summary_Info_Lowest_Min

Glue CodeGlue Code

Increment_Local : Integer := Increment;begin Gather_Summary_Info_Highest_Max( Num_Students, Max_Choice, Highest_Max); Gather_Summary_Info_Lowest_Min( Num_Students, Min_Choice, Lowest_Min); Gather_Summary_Info_Increment( Increment_Local, Increment);end Gather_Summary_Info_Glue;

Num_Students

Min_Choice

Max_Choice

Highest_Max

Lowest_Min

Gather_Summary_Info_Glue

IncrementIncrement

Useful SPARK FeaturesUseful SPARK Features

• Dynamic storage allocations not allowed– No pointers or dynamic allocation of memory– Can determine which variables are given

values in the procedure for slicing

• No aliasing of variables or parameters– Inputs and outputs of procedures are clearly

defined

Useful SPARK FeaturesUseful SPARK Features

• No recursive procedures– Slicing algorithms for recursive procedures is

not defined– Build our proof for non-recursive procedures

• Limiting statements such as goto...• No tasking...• No exceptions...• No generics...

Proving Functional EquivalenceProving Functional Equivalence

P P' P2 P0 Modify Slice Call

Pn

.

.

.

P1 P’ is P with any in/out parameter,X, replaced with X_in and X_out.

X_local := X when declared in P’.X_local replaces X in P’.X_out := X_local at end of P’.

P0 is glue procedure

Slices called inarbitrary order.

X_local := X when declared in P0.X_local passed to X_in params.X passed to X_out params.

Proving Functional EquivalenceProving Functional Equivalence

Theorem: P0 is functionally equivalent to PProof• P and P’ will return same outputs given same

inputs since SPARK does not allow aliasing.• Assume slicing produces correct projection of

behavior to produce the output parameter• For P’ and P0 consider the three types of

parameters...

Proving Functional EquivalenceProving Functional Equivalence– The “in” parameters are the same in P’ and P0

– Each “out” parameter is changed by only one of the slices, thus the same in P’ and P0

– For “in out” parameters, glue code:• First copies parameter X to a local variable, X_local• X_local is passed as “in” parameter when needed• Original “in out” parameter, X, passed as “out”• Only one of the slices will change X

• Thus, P and P0 are functionally equivalentQED

Proving Functional EquivalenceProving Functional EquivalenceIn English please...

• P’ and P0 designed to prevent slices from interfering when called in arbitrary order

• Not a problem for “in” or “out” parameters

• P0 provides original “in” value as needed for any “in out” parameters

• This means it doesn’t matter when a slice changes the value of an “in out” parameter

OptimizationsOptimizations

• Examine REF and DEF sets for slices– Use copy-in and copy-out only when needed– Much more efficient for arrays and records

• Build hash table of changes– Roll back changes between slices

Glue CodeGlue Code

Increment_Local : Integer := Increment;begin Gather_Summary_Info_Highest_Max( Num_Students, Max_Choice, Highest_Max); Gather_Summary_Info_Lowest_Min( Num_Students, Min_Choice, Lowest_Min); Gather_Summary_Info_Increment( Increment_Local, Increment);end Gather_Summary_Info_Glue;

Num_Students

Min_Choice

Max_Choice

Highest_Max

Lowest_Min

Gather_Summary_Info_Glue

IncrementIncrement

Increment is needed only in one slice, so no need to copy in & copy out

Proving Functional EquivalenceProving Functional Equivalence

P P2 P0 Slice Call

Pn

.

.

.

P1 P0 is glue procedure

Slices called inarbitrary order.No need to copy in/out

parameters.May need to track changes.

Proving Functional EquivalenceProving Functional EquivalenceIn English please...• P’ and P0 designed to prevent slices from

interfering when called in arbitrary order• Not a problem for “in” or “out” parameters• With REF/DEF analysis, determine overlap of

slice parameters• Track changes in hash table if needed• This means it doesn’t matter when a slice

changes the value of an “in out” parameter

Future WorkFuture Work

• Possibly slice the SPARK annotations

• Rewrite SPARKSlicer in SPARK

ConclusionsConclusions

• SPARK features quite useful

• Proved functional equivalence

• Proof technique may be useful to other transformations

• ASIS very useful

Questions?

ReferencesReferences

• [1] Weiser, M. Program slicing. IEEE Transactions on Software Engineering, SE-10(4):352-357, July 1984.

• [2] Sward, R.E. and Chamillard, A. T. AdaSlicer: A Program Slicer for Ada. Proceedings of the ACM International SIGAda 03 Conference, Dec 2003, San Diego, CA.

• [3] The Wisconsin Program-Slicing Tool, Version 1.1. Retrieved June 4, 2003, from www.cs.wisc.edu/wpis/slicing_tool/, 2000.