"derivation of variability-aware program analyses" may, 2015 fosd 2015 claus brabrand jan...

"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015

ClausBRABRAND

JanMIDTGAARD

AndrzejWASOWSKI

Systematic Derivation of ✔ Variability-Aware Program Analyses

AleksandarDIMOVSKI

DTU ITU ITU ITU

CORRECT

( MODULARITY 2014 && SCP 2015 )

[ 2 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015

< Outline > Introduction & Motivation:

Variability and Analysis (in 1 slide) Abstract Interpretation (in 1 slide)

Derivation of Analyses: (intuition!) Abstract Interpretation (Constant Propagation)

Derivation of LIFTED Analyses: Variational Abstract Interpretation (LIFTED Constant Propagation)

Conclusion

< OUTLINE >

Foundation for "reconfigurator"

(Andrzej's keynote)


Variability and SPLs

Variability (SPLs):

"Brute force" analysis:

x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;

x := 0;

output x;

x := 0; x := x + 1;

output x;

x := 0;

x := -x; output x;

x := 0; x := x + 1; x := -x; output x;

Ø: {INC}: {NEG}: {INC,NEG}:

n = 2|F|

"generate'n'analyze"

...

xx is 0

xx is 1

xx is -

0

xx is -

1


x := 0;

output x;

x := 0; x := x + 1;

output x;

x := 0;

x := -x; output x;

x := 0; x := x + 1; x := -x; output x;


Variability and SPLs

Variability (SPLs):

Previous work on:How to lift (dataflow analysis):

...efficiently (in some cases):


"Intraprocedural Dataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Borba ) / TAOSD 2013

"SPLLIFT: Statically Analyzing SPLs in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini )

AOSD 2012

PLDI 2013

(possibly with sharing)

x

{INC}: x is 1{INC,NEG}: x is -1Ø & {NEG}: x is ±0

Lifted Analysis:


MotivationSYSTEMATICLIFTING in general:

CORRECTNESS ofLifted Analysis:

ABSTRACTIONof Variability:

UNDERSTANDINGLifting + Analysis:


{INC}: x is 1Ø & {NEG}: x is 0{INC,NEG}: x is -1

Systematic

Lifting ?

Understanding ?

Liftedanalysis

Liftedlanguage

analysislanguage

AnalysisCorrect ?

AbstractVariability

?

Lifted...■dataflow analysis?■control-flow analysis?■model checking?■type systems?■verification?■testing?■...?

? ?

? ? x := 0; #ifdef ABS x := x + 1; #endif #ifdef ABS x := -x; #endif output x;

DISABLE: x is 0ENABLED: x is

⊤


Abstract Interpretation

The Abstract Interpretation Process:

Collecting Semantics: Approximate Analysis: Constant Propagation:

C B A

No approximation(Undecidable!)

Some approximation(Undecidable?)

More approximation(Decidable!)derive derive

IMP C B A


Var.Abs.Int

LIFT LIFT LIFT LIFTLIFT LIFT

SPL

Abstract Interpretation: Abstract Interpretation:VariationalIMP

IMP

C B A

C B A


ContributionsSYSTEMATICLIFTING in general:




Correctnessof

analyses !

Systematicderivation

!

Approximate

variability !Understanding

!

Lifted...■dataflow analysis!■control-flow analysis!■model checking!■type systems!■verification!■testing!■...!

! !

! !



Variability and Analysis Abstract Interpretation

Derivation of Analyses: Abstract Interpretation (Constant Propagation)


Conclusion

< OUTLINE >


From SOS to COperational Semantics:

CStore Store➞

Like Semantics, but working on sets of stores!Undecidable analysis prepared for subsequent approximation

Collecting Semantics:

2Store 2➞ Store ...ordered by ' '⊆

IMP C B A

SOS


Galois ConnectionRelating

two domainsvia abstraction:

Concrete Domain:

{[x 1↦ ,y 2↦ ], [x 2↦ ,y 1↦ ]} {[x {1,2↦ },y {1,2}↦ ]}

{[x 1,y 1]↦ ↦ , [x 1↦ ,y 2↦ ],

[x 2↦ ,y 1↦ ],

[x 2,y 2]↦ ↦ }

abstraction

Sets of Stores( 2Var→Val , ⊆ )

Abstract Domain:

Abstract Multi-Value Store

(Var→2Val , ≤ )

⊆concretization

essentiallyorder-preservingInformation Loos

IMP C B A


Galois ConnectionConcrete Domain:

{[x 1↦ ,y 2↦ ], [x 2↦ ,y 1↦ ]} abstraction

Sets of Stores( 2Var→Val , ⊆ )

Abstract Multi-Value Store

(Var→2Val , ≤ )

output x*y;{ 2 }

output x*y;{ 1 , 2 , 4 }⊆

IMP C B A

Abstract Domain:

x*y x*ysoundness!

{[x {1,2↦ },y {1,2}↦ ]}


Abstracting a Function

Given 'f : C ➞ C'...

...we can then derive 'F : A ➞ A' by1) concretize

2) apply ' f '

3) abstract

Hence:

f

C A


IMP C B ADerivation: from C to B

Systematic derivation: from C[if] to B[if] !

Interestingly, this is both a:

systematic derivation and

proof of correctness (soundness)!

B = α ◦ C ◦

γ

expand definition of C

β reduction

α is a CJM

reformulate as function compositionNote: independent of C !IH: B = α ◦ C ◦ γ

for smaller constituents: 's0' and 's1'

overapproximation:C and α monotone

▶

=


From C to B !

B

CCollecting Semantics:

Approximate Analysis:

(2Var Val➞ ) ➞ (2Var Val➞ )

(Var 2➞ Val) (Var 2➞ ➞ Val)

Note: independent of C !

IMP C B A

However: Still undecidable analysis!


Galois ConnectionConcrete Domain:

{[x {1,2}↦ ], [y {1}↦ ]} abstraction

Abstract Domain:

Constant Prop Info

(Var→Const , ⊑ )Abstract Multi-Value Store

(Var→2Val , ≤ )

{[x ↦ ], [y ↦ ]}1

Const:

IMP C B A


=

▶

Derivation: B to A

Systematic derivation: from B[if] to A[if] !

Again, this is both a:

systematic derivation and

proof of correctness (soundness)!

Note: independent of B !

IMP C B A


From B to A !

BApproximate Analysis:

(Var 2➞ Val) (Var 2➞ ➞ Val)

(Var Const) (Var Const)➞ ➞ ➞

AConstant Propagation!

Note: independent of B !

NOW: decidable analysis

IMP C B A

In fact: "constant propagation" !






Conclusion

< OUTLINE >


A domain

=def (i.e., = n copies of )

pointwise!

Lifting Domains

is lifted to: .

a

a 1

a 2

a 3

a 4

a 5

a n

...

a=


Lifting GCs

A Galois Connection is lifted:

...

...

IMP

IMP

C B A

C B A

c

c 1

c 2

c 3

c n

α

α

α

α

α

γ

γ

γ

γ

γ

a 1

a

a 2

a 3

a n

pointwise!= =


Deriving Lifted Analysis

Systematic derivation: from A[if] to A[if] !

Again, derivation & correctness proof !Note: independent of A !

▶

=

IMP

IMP

C B A

C B A


Lifting A to A !Constant Propagation:

(Var Const) (Var Const)➞ ➞ ➞

ALiftedConstant Propagation:

(Var Const)➞ K (Var Const)➞ ➞ K

A

Note: independent of A !






Conclusion

< OUTLINE >


ContributionsSYSTEMATICLIFTING in general:




Correctnessof

analyses !

Systematicderivation

!

Approximate

variability !Understanding

!

Lifted...■dataflow analysis!■control-flow analysis!■model checking!■type systems!■verification!■testing!■...!

! !

! !


Learn More...

Cite (possibly even read) our Papers:"Systematic Derivation of Static Analyses for Software Product Lines" ( Jan Midtgaard, Claus Brabrand, Andrzej Wasowski ) MODULARITY 2014

"Systematic Derivation of Correct Variability-Aware Program Analyses" ( J. Midtgaard, A. Dimovski, C. Brabrand, A. Wasowski ) SCP 2015

"Variability Abstractions: Trading Precision for Speed in Fam.-Based Analyses" ( Aleksandar Dimovski, Claus Brabrand, Andrzej Wasowski ) ECOOP 2015


( THANKS )


Overview: "Var.Abs.Int"IMP

IMP

C B A

C B A


BONUS SLIDES


Lifting AnalysesIMP

IMP

C B A

C B A

1 Complex Function:

Problems:Interference! (tuples not independent)Complicate proofs!

Simple Functions:

Well-behaved subset of

Independent functions!Intuition: run analyses in parallel

ff1

f2

f3

f4

f5

fn

...

✔However, (ab)use this notation!

a 1

a 2

a 3

a 4

a 5

a n

...

a a'

a 1'a 2'a 3'a 4'a 5'

a n'

...

a 1

a 2

a 3

a 4

a 5

a n

...a a'

a 1'a 2'a 3'a 4'a 5'

a n'

...


IMP

IMP

C B A

C B ALifting Analyses

Consider generate-and-analyze:

Note: we end up at the bottom of the diagram!


IMP

IMP

C B A

C B ALifting Analyses

Consider generate-and-analyze:

Lifting: Simply apply , ∀ pointwise:

Specification!

Generic lift combinator


"Intraprocedural Dataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Borba ) AOSD 2012 / TAOSD 2013

"SPLLIFT: Statically Analyzing Software Product Lines in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini ) PLDI 2013

"Variability-Aware Parsing in the Presence of Lexical Macros and Cond. Compilation" ( Kastner, Giarrusso, Rendel, Erdweg, Ostermann, Berger ) OOPSLA 2011

Related Work

Lifted representations:

Lifted dataflow analyses:

Other Lifted analyses:(see citations in paper)

"The Choice Calculus: A Representation for Software Variation"( Erwig, Walkingshaw ) TOSEM 2011

■Type systems■Well-formedness checking■Model checking■Verification■Testing

IMP

IMP

C B A

C B A


Related Work (cont'd)

Multi-staged program analysis:

Abstract Interpretation:

"Static Analysis of Multi-Staged Programs via Unstaging Translation"( Choi, Aktemur, Yi, Tatsuta ) SIGPLAN Not., 2011

"Two-Level Functional Languages"( Nielson, Nielson ) Tracts in Theoretical Computer Science, 1992

"The Calculational Design of a Generic Abstract Interpreter"( Cousot ) Calculational System Design, 1999

"Systematic Design of Program Analysis Frameworks"( Cousot, Cousot ) POPL 1979

"Calculating Graph Algorithms for Dominance and Shortest Path"( Sergey, Midtgaard, Clarke ) MPC 2012

"A Structural Soundness Proof for Shivers’s Escape Technique: ..."( Midtgaard, Adams, Might ) SAS 2012


IMP

IMP

C B A

C B AExample: 'IMP'

Preprocessor: x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;

P : IMP × ➞ IMP

x := 0;

output x;

x := 0; x := x + 1;

output x;

x := 0;

x := -x; output x;

x := 0; x := x + 1; x := -x; output x;



IMP

IMP

C B A

C B AExample: 'IMP'

Syntax of (two-staged) IMP:

Set of Features:

Configurations:

= { INC, NEG }

= { Ø, {INC}, {NEG}, {INC,NEG} }

= 2 (% invalid)

x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;


Lifting Effect of A vs A

Indicative results from SPLLIFT (PLDI 2013):A (TAOSD 2012) ...vs... A (PLDI 2013):

Analyze Software Product Lines in:Minutes (using A) instead of Years (using A)!

Reaching Definitions Possible Types Uninitialized Vars

SPL |F| # validconfigs A A A A A A

Lampiro 2 4 3m30s 42s 13s 4s 3m09s 1m25s

MM 08 9 26 24m29s 59s 2m06s 3s 27m39s 2m13s

GPL 19 1,872 days 8m48s 9h03m39s 42s days 7m09s

BerkeleyDB 39 unknown

years 12m04s years 24s years 10m18s

"Intraprocedural Dataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Borba ) AOSD 2012 / TAOSD 2013

"SPLLIFT: Statically Analyzing Software Product Lines in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini ) PLDI 2013


Short Abstract

We develop a systematic methodology for lifting program analyses to Software Product Lines (SPLs) using abstract interpretation which is a classical framework for deriving static analyses in a compositional, step-by-step manner.

We show how to take an analysis expressed as an abstract interpretation and lift each of the steps to a family of programs.

Systematic Derivation ofStatic Analyses for

Software Product Lines


AbstractA recent line of work lifts particular verification and analysis methods to Software Product Lines (SPL). In an effort to generalize such case-by-case approaches, we develop a systematic methodology for lifting program analyses to SPLs using abstract interpretation.

Abstract interpretation is a classical framework for deriving static analyses in a compositional, step-by-step manner. We show how to take an analysis expressed as an abstract interpretation and lift each of the abstract interpretation steps to a family of programs. This includes schemes for how to lift domain types, Galois connections, and combinators for lifting analyses.

We prove that for analyses developed using our method, the soundness of lifting follows by construction. Finally, we discuss approximating variability in an analysis and we derive variational data-flow equations for an example analysis, a constant propagation analysis for a simple imperative language.


Galois Connection

Lots of interesting properties:


Combinatorial Explosion !332

320 10 000


22 = 4products 233 > Earth's Population

2320 > Atoms in Universe Post-Astronomical # !

independent options options

independent options independent options

[ Thanks

to C

. K

äst

ner

]


The 'Var.Abs.Int' MethodologyBASE (classic abstract interpretation):

1) Develop formal SOS semantics2) Devise collecting semantics3) Compose GC's and derive until "good analysis"

LIFT (from program to program families):4) Extend language with preprocessor5) Apply lifting combinator to get to family level6) Simplify to direct expression for lifted analysis–) Correctness (soundness) follows by construction

Variability abstractions:v1) Decide when to lift to program familiesv2) Apply lifting combinator to get to family levelv3) Devise GC's that abstract configuration space!v4) Simplify to direct expression for lifted analysis ++v–) Correctness (soundness) follows by construction


Example: 'IMP'

Syntax:

Semantics (small-step SOS):

IMP C B A


Galois Connection

Galois Connection:

Pair of functions:abstraction:

concretization:

Satisfying:

Relatingtwo domains

via abstraction:

"order preservinginformation loss"


From C to B...

A Galois Connection: from C to B:

Sets-of-Stores: 2Var Val➞ Multi-Value-Store: Var 2➞ Val

abstract

output x*y;

{ 2 }

output x*y;

{ 1 , 2 , 4 }⊆

IMP C B A

Merge w prev slideAdd concretization


'IMP'

Syntax of (two-staged) IMP:

Set of Features:

Configurations:

Satisfiability of '#if' formulae, :

x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;

= { INC, NEG }

= { Ø, {INC}, {NEG}, {INC,NEG} }

✔

✘

k = {NEG}

= 2 (% invalid)


'IMP'

Semantics via preprocessor: x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;

x := 0;

x := -x; output x;

{NEG}:P : IMP × ➞ IMP

✔

✘

k = {NEG}


Extracting Dataflow EquationsConstant propagation analysis:

A

Dataflow Equations:

TRIVIAL


Lifting Dataflow EquationsLifted Constant Propagation:

A Lifted Dataflow Equations:

Soundnessby construction

TRIVIAL


From C to B...

A Galois Connection: from C to B:Sets-of-Stores: 2Var Val➞ Multi-Value-Store: Var 2➞ Val

abstract

output x*y;

{ 2 }

output x*y;

{ 1 , 2 , 4 }⊆

IMP C B A


GC from B to A...

Another Galois Connection: from B to A:

abstractb =[ x {1,2}, y {1} ]

a = αBA(b) =[ x , y 1 ]

Multi-Value-Store: Var 2➞ Val Const-Prop: Var Const➞

IMP C B A


Software Product Line(Simple Toy Example):

Derived products/variants:

Example: 'IMP' x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;

x := 0;

output x;

x := 0; x := x + 1;

output x;

x := 0;

x := -x; output x;

x := 0; x := x + 1; x := -x; output x;



Generate-and-Analyze:

Example: 'IMP' x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;

x := 0;

output x;

x := 0; x := x + 1;

output x;

x := 0;

x := -x; output x;

x := 0; x := x + 1; x := -x; output x;


x is 0

x is 1

x is -0

x is -1

{INC}: x is 1{INC,NEG}: x is -1Ø & {NEG}: x is 0

Analyze SPL directly!

(possibly with sharing)


Lifted Analyses

Var・ Abs・ IntSCP'15/

(Modularity'14)DFA-4-SPLTAOSD'13

(AOSD'12)

ModelChecking

Testing

TypeSystems

Control-Flow Analysis

SPL LIFTPLDI'13

ReachingDefinitions

ConstantPropagation

CalculationalAbstract Interpretation

MonotoneFramework

IFDS

"derivation of variability-aware program analyses" may, 2015 fosd 2015 claus brabrand jan...

Documents