LectureNotesonStaticAnalysis.pdf资源-CSDN文库

需积分: 10 54 浏览量 2008-06-21 21:29:17 上传评论收藏 347KB PDF 举报

资源推荐

资源详情

资源评论

Lecture Notes on Static Analysis

Michael I. Schwartzbach

BRICS, Department of Computer Science

University of Aarhus, Denmark

mis@brics.dk

Abstract

These notes present principles and applications of static analysis of

programs. We cover type analysis, lattice theory, control ﬂow graphs,

dataﬂow analysis, ﬁxed-point algorithms, narrowing and widening, inter-

procedural analysis, control ﬂow analysis, and pointer analysis. A tiny

imperative programming language with heap pointers and function point-

ers is subjected to numerous diﬀerent static analyses illustrating the tech-

niques that are presented.

The style of presentation is intended to be precise but not overly for-

mal. The readers are assumed to be familiar with advanced programming

language concepts and the basics of compiler construction.

1

1 Introduction

There are many interesting questions that can be asked about a given program:

• does the program terminate?

• how large can the heap become during execution?

• what is the possible output?

Other questions concern individual program points in the source code:

• does the variable x always have the same value?

• will the value of x be read in the future?

• can the pointer p be null?

• which variables can p point to?

• is the variable x initialized before it is read?

• is the value of the integer variable x always positive?

• what is a lower and upper bound on the value of the integer variable x?

• at which program points could x be assigned its current value?

• do p and q point to disjoint structures in the heap?

Rice’s theorem is a general result from 1953 that informally can be paraphrased

as stating that all interesting questions about the behavior of programs are

undecidable. This is easily seen for any special case. Assume for example the

existence of an analyzer that decides if a variable in a program has a constant

value. We could exploit this analyzer to also decide the halting problem by

using as input the program:

x = 17; if (TM(j)) x = 18;

Here x has a constant value if and only if the j’th Turing machine halts on

empty input.

This seems like a discouraging result. However, our real focus is not to decide

such properties but rather to solve practical problems like making the program

run faster or use less space, or ﬁnding bugs in the program. The solution is

to settle for approximative answers that are still precise enough to fuel our

applications.

Most often, such approximations are conservative, meaning that all errors

lean to the same side, which is determined by our intended application.

Consider again the problem of determining if a variable has a constant value.

If our intended application is to perform constant propagation, then the analysis

may only answer yes if the variable really is a constant and must answer no if

the variable may or may not be a constant. The trivial solution is of course to

answer no all the time, so we are facing the engineering challenge of answering

yes as often as possible while obtaining a reasonable performance.

3

剩余53页未读，继续阅读

内容反馈

liuxizhiyi

粉丝: 3
资源: 13

最新资源

资源上传下载、课程学习等过程中有任何疑问或建议，欢迎提出宝贵意见哦~我们会及时处理！点击此处反馈

feedback-tip