Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Transparencies based on Chapter 1 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. c Springer Verlag 2005. Flemming Nielson & Hanne Riis Nielson & Chris Hankin.
PPA Chapter 1
Compiler Optimisation
The classical use of program analysis is to facilitate the construction of compilers generating optimal code. We begin by outlining the structure of optimising compilers. We then prepare the setting for a worked example where we optimise a naive implementation of Algol-like arrays in a C-like language by performing a series of analyses and transformations.
PPA Chapter 1
lexical analysis
syntactic analysis
code generation
string of characters
string of tokens
syntax tree
machine code
Characteristics of a simple compiler: many phases one or more passes the compiler is fast but the code is not very ecient
PPA Chapter 1
c F.Nielson & H.Riis Nielson & C.Hankin (May 2005)
code generation
low-level representation
Characteristics of the optimising compiler: high-level optimisations: easy to adapt to new architectures low-level optimisations: less likely to port to new architectures
PPA Chapter 1
c F.Nielson & H.Riis Nielson & C.Hankin (May 2005)
front end
program optimiser
back end
program analysis
transformation
Avoid redundant computations: reuse available results, move loop invariant computations out of loops, ... Avoid superuous computations: results known not to be needed, results known already at compile time, ...
PPA Chapter 1
c F.Nielson & H.Riis Nielson & C.Hankin (May 2005)
...
PPA Chapter 1
Base(A)
0 1 . . . n
01
PPA Chapter 1
C-like arrays:
i := 0; while i <= n do j := 0; while j <= m do temp := Base(A) + i * (m+1) + j; Cont(temp) := Cont(Base(B) + i * (m+1) + j) + Cont(Base(C) + i * (m+1) + j); j := j+1 od; i := i+1 od
PPA Chapter 1
PPA Chapter 1
PPA Chapter 1
10
od
PPA Chapter 1
11
PPA Chapter 1
12
PPA Chapter 1
13
PPA Chapter 1
14
15
Over-approximation
................. ................. ..... ...... ...... ........... .......... ..... . ..... ................. .... ..... ..... .... .... ....... .... ... .... ....... .... ... .. ... ... .... .. .. ... ... .. .. .. ... .. .. . . .. .. .. .. .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . .. . . . . . .. .. . .. .. .. .. ... . .. .. ... .. .... .... ... .. .... .... ... ... ... .... .... ..... ... .... .... . .. ... ..... ................. ..... ................ .... ..... ..... .... ... .. ...... ......................................
Under-approximation
..... ........... ........... ......... .............. ..... ...... ..... .... .... ..... .... .... .... .... .... .... ... ... .... ... .. .. ... .. . .. .. . . . . . . . . . . . . . . . . . . . . . . . .. . .. . . . .. . .. ... .. ... .. .... .... .... ... .... .... ... .... ..... ... ..... ... . ... . . ..... ....................................................
universe
overapproximation
underapproximation
Slogans:
16
17
Technique: Example:
idea
18
Example program
Program with labels for elementary blocks:
[y := x]1 ; [z := 1]2 ; while [y > 0]3 do [z := z od; [y := 0]6
[y := x]1
Flow graph:
[y := 0]6
y]4;
[z := z y]4 [y := y 1]5
[y := y 1]5
19
[z := 1]2
[y > 0]3
[y := 0]6
[z := z y]4
[y := y 1]5
20
[y := x]1 ;
{(x, ?), (y, ?), (z, ?)} {(x, ?), (y, 1), (z, ?)} {(x, ?), (y, 1), (z, 2)} {(x, ?), (y, 1), (z, 2)}
[y := 0]6
21
[y := x]1 ;
{(x, ?), (y, ?), (z, ?)} {(x, ?), (y, 1), (z, ?)} {(x, ?), (y, 1), (z, 2)} {(y, 5), (z, 4)} {(x, ?), (y, 1), (z, 2)} {(x, ?), (y, 1), (z, 4)} {(x, ?), (y, 5), (z, 4)} {(x, ?), (y, 1), (z, 2)}
[y := 0]6
22
[y := x]1 ;
{(x, ?), (y, ?), (z, ?)} {(x, ?), (y, 1), (z, ?)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(y, 5), (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 4)} {(x, ?), (y, 5), (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)}
[y := 0]6
23
[y := x]1 ;
{(x, ?), (y, ?), (z, ?)} {(x, ?), (y, 1), (z, ?)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 4)} {(x, ?), (y, 5), (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x, ?), (y, 6), (z, 2), (z, 4)} 24
[y := 0]6
[y := x]1 ;
{(x, ?), (y, ?), (z, ?)} {(x, ?), (y, 1), (z, ?)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x, ?), (y, 1), (y, 5), (z,2) , (z, 4)} {(x, ?), (y,1) , (y, 5), (z,2) , (z, 4)} {(x, ?), (y, 1), (y, 5), (z, 2), (z, 4)} {(x, ?), (y, 6), (z, 2), (z, 4)} 25
[y := 0]6
An unsafe solution
{(x, ?), (y, ?), (z, ?)} {(x, ?), (y, 1), (z, ?)} {(x, ?), (y, 1), (z, 2), (y, 5), (z, 4)} {(x, ?), (y,1) , (y, 5), (z,2) , (z, 4)} {(x, ?), (y,1) , (y, 5), (z, 4)} {(x, ?), (y, 5), (z, 4)} {(x, ?), (y,1) , (y, 5), (z,2) , (z, 4)} {(x, ?), (y, 6), (z, 2), (z, 4)} 26
[y := x]1 ;
[y :=
0]6
Analysis information:
RD(): information available at the entry of block RD(): information available at the exit of block
PPA Section 1.3
c F.Nielson & H.Riis Nielson & C.Hankin (May 2005)
27
[...]1
RD(1)
[...]2
RD(2) RD () [...]
[x := a]
28
RD(1) = RD(1) \ {(y, ) | Lab} {(y, 1)} RD(2) = RD(2) \ {(z, ) | Lab} {(z, 2)} RD(3) = RD(3) RD(4) = RD(4) \ {(z, ) | Lab} {(z, 4)} RD(5) = RD(5) \ {(y, ) | Lab} {(y, 5)}
RD(1) = {(x, ?), (y, ?), (z, ?)} RD(2) = RD(1) RD(3) = RD(2) RD(5) RD(4) = RD(3) RD(5) = RD(4)
[y :=
0]6
RD(6) = RD(3)
30
we want the least xed point of F this is the best solution to the equation system
P(Var Lab)12
31
Iteration while RDj = Fj (RD1, , RD12) for some j do RDj := Fj (RD1, , RD12)
32
The equations:
RD (1) = RD (1) \ {(y, ) | } {(y, 1)} RD (2) = RD (2) \ {(z, ) | } {(z, 2)} RD (3) = RD (3) RD (4) = RD (4) \ {(z, ) | } {(z, 4)} RD (5) = RD (5) \ {(y, ) | } {(y, 5)} RD (6) = RD (6) \ {(y, ) | } {(y, 6)} RD (1) = {(x, ?), (y, ?), (z, ?)} RD (2) = RD (1) RD (4) = RD (3) RD (5) = RD (4) RD (6) = RD (3) RD (3) = RD (2) RD (5)
33
.............. ................ .. .. ... .... ... ... ... .. ... .. .. .. .. . .. .. .. . . .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. . .. . .. . .. .. .. .. .. .. .. .. ... ... ... .... ... .... ................. ................
34
35
.. .
36
37
Technique: Example:
idea
38
function applications x 7 f g g h f (g h)
39
Solutions
let f = fn g = fn h = fn in f g + f x => x 7 y => y z => 3 (g h) A safe solution but not the best:
function applications x 7 f g g h f (g h) function abstractions that may be applied g, h, f f g f
An unsafe solution:
function applications x 7 f g g h f (g h) function abstractions that may be applied g, h f g f
40
Aim: For each function application, which function abstractions may be applied?
function applications x 7 f g g h f (g h)
41
42
43
Analysis information:
R(x): information available for the variable x C(): information available at the subexpression labelled
PPA Section 1.4
c F.Nielson & H.Riis Nielson & C.Hankin (May 2005)
44
45
let-bound variables
let-bound variables evaluate to their abstractions
46
Variables
Variables evaluate to their abstract values x gives rise to the constraint R(x) C()
47
the argument is a possible value of the formal parameter the value of the body of the abstraction is a possible value of the application
if (fn y => y4) C(1) then C(2) R(y) and C(4) C(3) if (fn x => (x1 72)3) C(1) then C(2) R(x) and C(3) C(3)
48
the argument is a possible value of the formal parameter the value of the body of the abstraction is a possible value of the application
if (fn y => y4) C(5) then C(6) R(y) and C(4) C(7) if (fn x => (x1 72)3) C(5) then C(6) R(x) and C(3) C(7)
49
11
sets:
of the set Abstr of function abstractions the constraints can be reformulated as a function: we want the least xed point of F this is the best solution to the constraint system
P(S) is the set of all subsets of the set S; e.g. P({0, 1}) = {, {0}, {1}, {0, 1}}.
(fn x => (x1 72 )3 ) C(1) C(2) R(x) (fn y => y4 ) C(5) C(6) R(y) (fn x => (x1 72 )3 )
F : P(Abstr)11 P(Abstr)11
(fn x => (x1 72 )3 ) C(1) C(3) C(3) (fn y => y4 ) C(5) C(4) C(7)
50
C(1) C(2) R(y) C(1) C(4) C(3) 72 )3 ) C(1) C(2) R(x) 72 )3 ) C(1) C(3) C(3) C(5) C(6) R(y) C(5) C(4) C(7) 72 )3 ) C(5) C(6) R(x) 72 )3 ) C(5) C(3) C(7)
51
52
fn fn fn fn fn fn 3
3 3 3 3 3 3
(fn y => 4 ) C(1) C(2) R(y) (fn x => 3 ) C(1) C(2) R(x) (fn y => 4 ) C(5) C(6) R(y) (fn x => 3 ) C(5) C(6) R(x)
(fn y => 4 ) C(1) C(4) C(3) (fn x => 3 ) C(1) C(3) C(3) (fn y => 4 ) C(5) C(4) C(7) (fn x => 3 ) C(5) C(3) C(7)
fn fn fn fn
3 3 3 3
(5)
53
54
55
.. .
56
Iteration while Xj = FXj (X1, , X11) for some j do assume X is X and X Fn( ) Xj := FXj (X1, , X11) then X F(X ) Fn+1( = Fn( ) ) when lfp(F) = Fn( ) If the algorithm terminates then it computes the least xed point of F The algorithm terminates because Xj FXj (X1, , X11) is only possible nitely many times since P(AbsExp)11 satises the Ascending Chain Condition
PPA Section 1.4
c F.Nielson & H.Riis Nielson & C.Hankin (May 2005)
57
Abstract Interpretation
Technique: Example:
idea
Abstract Interpretation
58
Abstract Interpretation
We have the analysis old: it has already been proved correct but it is inecient, or maybe even uncomputable We want the analysis new: it has to be correct as well as ecient! Can we develop new from old?
PPA Section 1.5
abstract interpretation !
59
60
[y := x]1
[z := 1]2
[y > 0]3
[y := 0]6
{(x,?):(y,?):(z,?):(y,1):(z,2),
(x,?):(y,?):(z,?):(y,1):(z,2):(z,4):(y,5),
(x,?):(y,?):(z,?):(y,1):(z,2):(z,4):(y,5):(z,4):(y,5), }
[z := z y]4
[y := y 1]5
61
How to proceed
As before:
extract a set of equations dening the possible sets of traces compute the least xed point of the set of equations And furthermore:
prove the correctness: the set of traces computed by the analysis is a superset of the possible traces
62
[...]1
CS(1)
[...]2
CS(2) CS () [...]
[x := a]
63
[y := x]1 ;
CS(1) = {trace : (y, 1) | trace CS(1)} CS(2) = {trace : (z, 2) | trace CS(2)} CS(3) = CS(3) CS(4) = {trace : (z, 4) | trace CS(4)} CS(5) = {trace : (y, 5) | trace CS(5)}
[z := z
y]4;
64
CS(1) = {(x, ?) : (y, ?) : (z, ?)} CS(2) = CS(1) CS(3) = CS(2) CS(5) CS(4) = CS(3) CS(5) = CS(4)
0]3
do
[z := z
y]4;
[y := y od;
1]5
[y := 0]6
CS(6) = CS(3)
65
66
(X) Y
(Y ) X
................ ................ .... ... .... ... .. ... .. ... .. .. .. .. . .. .. .. . . .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. . . .. . .. . .. .. .. .. .. .. .. .. ... . ... .. .... ... .... ................ ................
(X)
P(Trace)
P(Var Lab)
{(x,?),(y,1),(z,2)}
{(x,?):(y,?):(z,?):(y,1):(z,2), (x,?):(y,?):(z,?):(y,1):(z,2):(z,4):(y,5)}
SRD(X):
PPA Section 1.5
{(x,?),(y,1),(z,2),(z,4),(y,5)}
68
............... ................ ... .... ... .... ... ... .. ... .. .. .. .. . .. .. .. . . .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. . .. .. .. .. .. .. .. .. .. .. . ... ... ... .... ... .... ... ................. ............. ..
(Y ) X
............... ................ ... .... ... .... ... ... .. ... .. .. .. .. . .. .. .. . . .. . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. . .. .. .. .. .. .. .. .. .. .. . ... ... ... .... ... .... ... ................. ............. ..
(X)
P(Trace)
P(Var Lab)
69
.. ..... ... ... . ........ ...... ......... .. . ... .... ... ... .. .. .. . . . . .. . ....... . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..... . . .. .. . .. .. .. .. .. .. .. .. .. .. .. . ... .. ... .... .. .... .... ................. .......... ....
G(4)
.. ..... ... ... . ........ ...... ......... .. . ... .... ... ... .. .. .. . . .. .. .. . .. . .. . . .. . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. . .. .. .. .. .. .. .. .. .. .. .. . ... .. ... .... .. .... .... ................. .......... ....
F(4) = G(4)
P(Trace)
P(Var Lab)
70
= (SRD({tr | tr (RD (4))})\{(z, ) | Lab}){(z, 4)} = (((RD (4))\{(z, ) | Lab}){(z, 4)} using = SRD = (RD (4)\{(z, ) | Lab}){(z, 4)} using = id just as before!
71
Technique: Example:
idea
72
semantics:
types:
written S :
73
Analysis:
S:
Idea:
S:
RD1
RD2
assumptions conclusion
Implicit:
the analysis information at the exit of S1 equals the analysis information at the entry of S2
75
S : RD RD while [b] do S od : RD RD Implicit: the occurrences of RD express an invariance i.e. a xed point property!
76
The rule is essential for the rules for conditional and iteration to work RD1 RD : strengthen the analysis information for the initial state 1 RD RD2: weaken the analysis information for the nal states 2
77
78
79
Until now:
given a statement and a specic entry information RD we determine the specic exit information RD
Now:
given a statement we determine how entry information is transformed into exit information
80
Analysis: S:
S:
X RD
[x:=a] :
{x} {(x,)}
82
X S : RD while [b] do S od : RD
83
RD
if X X (variables denite assigned) and RD RD (potential reaching denitions) the rule can be omitted!
84
85
86
Technique: Example:
idea
Eect systems
87
88
function applications x 7 f g h g f (h g)
89
Simple types
let f = fnF x g = fnG y h = fnH z in f g + f (h => x 7 => y => z g) f: (int int) int g: int int h: (int int) (int int) int
[x x] e : fn x => e : x e1 : 2 , e2 : 2 e1 e2 :
the type of the formal parameter equals that of the actual parameter
91
Eect systems
Call Tracking analysis: For each function application, which function abstractions might be applied during its execution?
Idea: Annotate the function arrows with sets of names of function abstractions that might be applied when calling the function.
1 2 the type of functions from 1 to 2 that might call functions with names in .
92
int
int)
{F,G} { H}
int
{G}
int)
93
fn x => e : x
[x x] e : &
{}
&
e1 : 2 & 1 e2 : 2 & 2 evaluating the argument e1 e2 : & 1 2 evaluating the function application: the latent eect! PPA Section 1.6
c F.Nielson & H.Riis Nielson & C.Hankin (May 2005)
94
95
Example (1)
let f = fnF x g = fnG y h = fnH z in f g + f (h => x 7 => y => z g)
fn x => e : x [x x ] e : &
{}
&
e1 : 2 & 1
e1 e2 : & 1 2
e2 : 2 & 2
[x int {G} int] x : int {G} int & [x int {G} int] 7 : int & [x int {G} int] x 7 : int & {G} [ ] fnF x => x 7 : (int {G} int) {F,G} int &
96
Example (2)
let f = fnF x g = fnG y h = fnH z in f g + f (h => x 7 => y => z g)
fn x => e : x [x x ] e : &
{}
&
e1 : 2 & 1
e1 e2 : & 1 2
e2 : 2 & 2
h : (int f : (int
{G}
{G}
int)
(int
{G}
int) &
int)
{F,G}
int &
int &
97
98