Ridiculously Generic Program Analysis Overview

Ridiculously Generic Program Analysis Overview
Slide Note
Embed
Share

Analyzing the challenges and goals of the Ridiculously Generic Program Analysis by James Koppel from MIT. Exploring problems faced, ideas for improvement, and the concept of parametric interpretation. Unveiling the ambitions to define analyzers semantically, share knowledge automatically, and combine different tools efficiently.

  • Program Analysis
  • Generic
  • Problems
  • Goals
  • Parametric Interpretation
lsout
lsout Follow

Uploaded on Apr 19, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Ridiculously Generic Program Analysis James Koppel, MIT

  2. Actually writing a static analyzer Value val=null; if (left==NullConstant.v()) { if (right!=NullConstant.v()) { val = right; } } else if (right==NullConstant.v()) { if (left!=NullConstant.v()) { val = left; } } NullnessAnalysis Source: Soot Framework if (val!=null && val instanceof Local) { if (eqExpr instanceof JEqExpr) //a==null handleEquality(val,outBranch); else if .. }

  3. Problems Syntactic pattern-matching Runs on IR Lots of cases; easy to miss Specific to one version of one language Must hard-code use of other analyzers

  4. Goals Define analyzers semantically Derive most of tool automatically Reuse work between languages Reuse work between tools Analyzers can automatically share knowledge

  5. Ideas Parametric interpretation, parametric syntax From one program, multiple tools for multiple languages Type-level obligations Constrain what analyzers and languages may combine Generalized nodes One type definition gives AST, CFG, etc Modular monadic semantics Automatically combine different analyzers Monads without lambdas!

  6. General Type public interface Exp<C,L,S> { .} Eval Context Language Sort

  7. Parametric Interpretation Interpreter cond.eval(); // returns false elseBranch.eval(); ConcreteEvalContext Compiler <cond code> test eax jnz else_branch <stmt 1 code> jmp end else_branch: <stmt2 code> end: Single Source of Truth public class If { . public void eval(EvalContext ctx) { ctx.eval(cond).branch( () -> ctx.eval(thenBranch), () -> ctx.eval(elseBranch)); } } DeferredEvalContext Abstract boolean type Control flow graph FlowGraphContext Dataflow analysis Symbolic execution

  8. Parametric Syntax (C_PP, Assign) Has (C_PP, Deref) ) Has (Java, Assign) Has public class Assign<L> { . public Assign(Var<L> lhs, Exp<L> rhs, Has<L, Assign> h) { . } }

  9. Statically checking compatibility Assign[U Stateful[U]] CallCC[U Cont [U]] Each expression constrains what EvalContext s the program can run in prog :: c Stateful[c] Cont[c], Exp[c] prog[ConcreteEvalContext] prog[FlowGraphContext]

  10. Generalized representation 1 + * x ConcreteExp public class BinOp extends ConcreteExp { private Exp lhs; private Exp rhs; } y z DataflowExp t1 := y *z t2 := x + t1

  11. Generalized Representation 2 public class Seq<C> extends ConcreteExp<C, Void> { public ContextVal<C, Void> eval(C c) { } } public class IntLit<C> extends ConcreteExp<C, Integer> { public ContextVal<C, Integer> eval(C c) { } }

  12. Monadic Combination Transfer: (Label -> Bool, Var -> NullnessLattice) -> (Var -> NullnessLattice, Label -> Bool) ReachabilityAnalyzer lift NullnessAnalyzer Transfer: (Var -> NullnessLattice) -> (Var -> NullnessLattice)

  13. Monads without Lambdas public class Seq { public void eval(EvalContext ctx) { ctx.eval(stmt1); ctx.eval(stmt2); } } Could both be nondeterministic

  14. Result: Nullness Analysis Analyzer a = new Analyzer(); a.addDataflowState( new NullnessLattice()); a.overrideTransferFunction( new BooleanConstantProp()); Evaluation will automatically case-split on (x == null) if (x != null || y != null) { } else { } Evaluate condition; propagate states to branches

Related


Generics in Java

Generics in Java

ayat
Function Templates and Generic Programming in C++

Function Templates and Generic Programming in C++

mya
Generic Medicines: European Patients Academy

Generic Medicines: European Patients Academy

miro
Internal Medicine Stage 1 Curriculum Teaching Toolkit: Capabilities in Practice

Internal Medicine Stage 1 Curriculum Teaching Toolkit: Capabilities in Practice

solaris
Revamping Medical Store Procurement to Reduce Out-of-Pocket Expenses in West Bengal

Revamping Medical Store Procurement to Reduce Out-of-Pocket Expenses in West Bengal

kaylie
Generic Drugs and Brand Name Medications

Generic Drugs and Brand Name Medications

emmalyn
The Hatch-Waxman Act: Promoting Affordable Generic Drugs

The Hatch-Waxman Act: Promoting Affordable Generic Drugs

brylee
Overview of ACTD Guidelines for Generic Product Registration in ASEAN

Overview of ACTD Guidelines for Generic Product Registration in ASEAN

isaias
The Modern Generic LinkedList Collection Class

The Modern Generic LinkedList Collection Class

jak_st
Heapsort and Heaps: A Generic Algorithm for Sorting

Heapsort and Heaps: A Generic Algorithm for Sorting

chines
GenICam: A Comprehensive Overview

GenICam: A Comprehensive Overview

maur_34
Botanical Names and Common Plant Names

Botanical Names and Common Plant Names

keirst
Constraint Satisfaction Problems and Search

Constraint Satisfaction Problems and Search

ehoef
C++ Templates: Generic Programming and Function Templates

C++ Templates: Generic Programming and Function Templates

opopp
Impact of Generic HIV Drugs on HIV Treatment Affordability and Innovation

Impact of Generic HIV Drugs on HIV Treatment Affordability and Innovation

gphi
Swift Generics and Data Structures

Swift Generics and Data Structures

ogia
Generics

Generics

courtlynn
Based on Group Actions and Generic Isogenies

Based on Group Actions and Generic Isogenies

asidd
Competitive Strategy Formulation: Steps and Tools

Competitive Strategy Formulation: Steps and Tools" (40 characters)

duganpo
Generic Output Review Process for Research Projects

Generic Output Review Process for Research Projects

rspea
HMACs and Generic Attacks: Constructing MACs from Hash Functions

HMACs and Generic Attacks: Constructing MACs from Hash Functions

lian_783
Cryptography CS 555

Cryptography CS 555

charlier

More Related Content