Generating program analyzers

In this work the automatic generation of program analyzers from concise specifications is presented. It focuses on provably correct and complex interprocedural analyses for real world sized imperative programs. Thus, a powerful and flexible specification mechanism is required, enabling both correctness proofs and efficient implementations. The generation process relies on the theory of data flow analysis and on abstract interpretation. The theory of data flow analysis provides methods to efficiently implement analyses. Abstract interpretation provides the relation to the semantics of the programming language. This allows the systematic derivation of efficient provably correct, and terminating analyses. The approach has been implemented in the program analyzer generator PAG. It addresses analyses ranging from “simple” intraprocedural bit vector frameworks to complex interprocedural alias analyses. A high level specialized functional language is used as specification mechanism enabling elegant and concise specifications even for complex analyses. Additionally, it allows the automatic selection of efficient implementations for the underlying abstract datatypes, such as balanced binary trees, binary decision diagrams, bit vectors, and arrays. For the interprocedural analysis the functional approach, the call string approach, and a novel approach especially targeting on the precise analysis of loops can be chosen. In this work the implementation of PAG as well as a large number of applications of PAG are presented.

[1]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[2]  Christopher W. Fraser,et al.  Engineering a simple, efficient code-generator generator , 1992, LOPL.

[3]  Georg Sander,et al.  Graph Layout through the VCG Tool , 1994, GD.

[4]  Guang R. Gao,et al.  Designing the McCAT Compiler Based on a Family of Structured Intermediate Representations , 1992, LCPC.

[5]  Barbara G. Ryder,et al.  Elimination algorithms for data flow analysis , 1986, CSUR.

[6]  Bernhard Steffen,et al.  Property-Oriented Expansion , 1996, SAS.

[7]  Jörn Schneider,et al.  Pipeline behavior prediction for superscalar processors by abstract interpretation , 1999, LCTES '99.

[8]  Florian Martin Experimental Comparison of call string and functional Approaches to Interprocedural Analysis , 1999, CC.

[9]  Bernhard Steffen,et al.  The Interprocedural Coincidence Theorem , 1992, CC.

[10]  Fritz Henglein,et al.  AnnoDomini: from type theory to Year 2000 conversion tool , 1999, POPL '99.

[11]  Richard S. Bird,et al.  Introduction to functional programming using haskeu , 1998 .

[12]  John M. Mellor-Crummey,et al.  FIAT: A Framework for Interprocedural Analysis and Transfomation , 1993, LCPC.

[13]  Martin Alt,et al.  GRAPH VISUALISATION IN A COMPILER PROJECT , 1996 .

[14]  Helmut Emmelmann,et al.  BEG: a generator for efficient back ends , 1989, PLDI '89.

[15]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[16]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[17]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[18]  Larry Wall,et al.  Programming Perl , 1991 .

[19]  Bernhard Steffen,et al.  DFA&OPT-METAFrame: A Tool Kit for Program Analysis and Optimazation , 1996, TACAS.

[20]  Martin Alt,et al.  Generation of Efficient Interprocedural Analyzers with PAG , 1995, SAS.

[21]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[22]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[23]  Thomas Reps,et al.  The Synthesizer Generator: A System for Constructing Language-Based Editors , 1988 .

[24]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[25]  Luca Cardelli,et al.  Basic Polymorphic Typechecking , 1987, Sci. Comput. Program..

[26]  Thomas R. Gross,et al.  Code reuse in an optimizing compiler , 1996, OOPSLA '96.

[27]  Flemming Nielson,et al.  Abstract interpretation: a semantics-based tool for program analysis , 1995, LICS 1995.

[28]  Georg Sander,et al.  Graph Layout for Applications in Compiler Construction , 1999, Theor. Comput. Sci..

[29]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[30]  David Grove,et al.  Frameworks for Intra- and Interprocedural Dataflow Analysis , 1998 .

[31]  Richard M. Stallman,et al.  Using and Porting GNU CC , 1998 .

[32]  Bernhard Steffen,et al.  Expansion-Based Removal of Semantic Partial Redundancies , 1999, CC.

[33]  Flemming Nielson,et al.  Semantics-Directed Program Analysis: A Tool-Maker's Perspective , 1996, SAS.

[34]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[35]  Lori A. Clarke,et al.  A flexible architecture for building data flow analyzers , 1995, Proceedings of IEEE 18th International Conference on Software Engineering.

[36]  Michael Rodeh,et al.  Detecting memory errors via static pointer analysis , 1998 .

[37]  Bernhard Steffen,et al.  Towards a tool kit for the automatic generation of interprocedural data flow analyses , 1996, J. Program. Lang..

[38]  Charles N. Fischer,et al.  Crafting a Compiler , 1988 .

[39]  Rafael Dueire Lins,et al.  Garbage collection: algorithms for automatic dynamic memory management , 1996 .

[40]  Mark N. Wegman,et al.  Constant propagation with conditional branches , 1985, POPL.

[41]  Uwe Aßmann,et al.  Cosy Compiler Phase Embedding with the CoSy Compiler Model , 1994, CC.

[42]  Michael Rodeh,et al.  Virtual Cache Line: A New Technique to Improve Cache Exploitation for Recursive Data Structures , 1999, CC.

[43]  Stephan Thesing,et al.  Cache-Sensitive Pre-runtime Scheduling , 1998, LCTES.

[44]  Micha Sharir,et al.  An Automatic Technique for Selection of Data Representations in SETL Programs , 1981, TOPL.

[45]  Matthew S. Hecht,et al.  Flow Analysis of Computer Programs , 1977 .

[46]  Uwe Aßmann,et al.  How to Uniformly Specify Program Analysis and Transformation with Graph Rewrite Systems , 1996, CC.

[47]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[48]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[49]  Henrik Theiling,et al.  Run-Time Guarantees for Real-Time Systems - The USES Approach , 1999, GI Jahrestagung.

[50]  David Grove,et al.  Vortex: an optimizing compiler for object-oriented languages , 1996, OOPSLA '96.

[51]  Flemming Nielson,et al.  Bounded fixed point iteration , 1991, POPL '92.

[52]  Reinhard Wilhelm,et al.  CLaX - A Visualized Compiler , 1995, Graph Drawing.

[53]  Richard M. Stallman Using and porting gnu cc (version 2 , 1992 .

[54]  Reinhard Wilhelm,et al.  Cache Behavior Prediction by Abstract Interpretation , 1996, Sci. Comput. Program..

[55]  Kwangkeun Yi,et al.  Automatic generation and management of interprocedural program analyses , 1993, POPL '93.

[56]  Flemming Nielson,et al.  Interprocedural Control Flow Analysis , 1999, ESOP.

[57]  Charles N. Fischer,et al.  SPARE: A Development Environment For Program Analysis Algorithms , 1992, IEEE Trans. Software Eng..

[58]  Florian Martin,et al.  PAG – an efficient program analyzer generator , 1998, International Journal on Software Tools for Technology Transfer.

[59]  Christian Fecht,et al.  Abstrakte Interpretation logischer Programme - Theorie, Implementierung, Generierung , 1997 .

[60]  Christian Ferdinand,et al.  Cache behavior prediction for real-time systems , 1997 .

[61]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[62]  Steven W. K. Tjiang,et al.  Sharlit—a tool for building optimizers , 1992, PLDI '92.

[63]  Steven W. K. Tjiang,et al.  SUIF: an infrastructure for research on parallelizing and optimizing compilers , 1994, SIGP.

[64]  Simon L. Peyton Jones,et al.  The Implementation of Functional Programming Languages , 1987 .

[65]  Maurice Bruynooghe,et al.  Improving abstract interpretations by combining domains , 1995, TOPL.

[66]  William M. Waite,et al.  An efficient machine-independent procedure for garbage collection in various list structures , 1967, CACM.