"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
ClausBRABRAND
JanMIDTGAARD
AndrzejWASOWSKI
Systematic Derivation of ✔ Variability-Aware Program Analyses
AleksandarDIMOVSKI
DTU ITU ITU ITU
CORRECT
( MODULARITY 2014 && SCP 2015 )
[ 2 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
< Outline > Introduction & Motivation:
Variability and Analysis (in 1 slide) Abstract Interpretation (in 1 slide)
Derivation of Analyses: (intuition!) Abstract Interpretation (Constant Propagation)
Derivation of LIFTED Analyses: Variational Abstract Interpretation (LIFTED Constant Propagation)
Conclusion
< OUTLINE >
Foundation for "reconfigurator"
(Andrzej's keynote)
[ 3 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Variability and SPLs
Variability (SPLs):
"Brute force" analysis:
x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;
x := 0;
output x;
x := 0; x := x + 1;
output x;
x := 0;
x := -x; output x;
x := 0; x := x + 1; x := -x; output x;
Ø: {INC}: {NEG}: {INC,NEG}:
n = 2|F|
"generate'n'analyze"
...
xx is 0
xx is 1
xx is -
0
xx is -
1
[ 4 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
x := 0;
output x;
x := 0; x := x + 1;
output x;
x := 0;
x := -x; output x;
x := 0; x := x + 1; x := -x; output x;
Ø: {INC}: {NEG}: {INC,NEG}:
Variability and SPLs
Variability (SPLs):
Previous work on:How to lift (dataflow analysis):
...efficiently (in some cases):
x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;
"Intraprocedural Dataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Borba ) / TAOSD 2013
"SPLLIFT: Statically Analyzing SPLs in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini )
AOSD 2012
PLDI 2013
(possibly with sharing)
x
{INC}: x is 1{INC,NEG}: x is -1Ø & {NEG}: x is ±0
Lifted Analysis:
[ 5 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
MotivationSYSTEMATICLIFTING in general:
CORRECTNESS ofLifted Analysis:
ABSTRACTIONof Variability:
UNDERSTANDINGLifting + Analysis:
x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;
{INC}: x is 1Ø & {NEG}: x is 0{INC,NEG}: x is -1
Systematic
Lifting ?
Understanding ?
Liftedanalysis
Liftedlanguage
analysislanguage
AnalysisCorrect ?
AbstractVariability
?
Lifted...■dataflow analysis?■control-flow analysis?■model checking?■type systems?■verification?■testing?■...?
? ?
? ? x := 0; #ifdef ABS x := x + 1; #endif #ifdef ABS x := -x; #endif output x;
DISABLE: x is 0ENABLED: x is
⊤
[ 6 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Abstract Interpretation
The Abstract Interpretation Process:
Collecting Semantics: Approximate Analysis: Constant Propagation:
C B A
No approximation(Undecidable!)
Some approximation(Undecidable?)
More approximation(Decidable!)derive derive
IMP C B A
[ 7 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Var.Abs.Int
LIFT LIFT LIFT LIFTLIFT LIFT
SPL
Abstract Interpretation: Abstract Interpretation:VariationalIMP
IMP
C B A
C B A
[ 8 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
ContributionsSYSTEMATICLIFTING in general:
CORRECTNESS ofLifted Analysis:
ABSTRACTIONof Variability:
UNDERSTANDINGLifting + Analysis:
Correctnessof
analyses !
Systematicderivation
!
Approximate
variability !Understanding
!
Lifted...■dataflow analysis!■control-flow analysis!■model checking!■type systems!■verification!■testing!■...!
! !
! !
[ 9 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
< Outline > Introduction & Motivation:
Variability and Analysis Abstract Interpretation
Derivation of Analyses: Abstract Interpretation (Constant Propagation)
Derivation of LIFTED Analyses: Variational Abstract Interpretation (LIFTED Constant Propagation)
Conclusion
< OUTLINE >
[ 10 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
From SOS to COperational Semantics:
CStore Store➞
Like Semantics, but working on sets of stores!Undecidable analysis prepared for subsequent approximation
Collecting Semantics:
2Store 2➞ Store ...ordered by ' '⊆
IMP C B A
SOS
[ 11 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Galois ConnectionRelating
two domainsvia abstraction:
Concrete Domain:
{[x 1↦ ,y 2↦ ], [x 2↦ ,y 1↦ ]} {[x {1,2↦ },y {1,2}↦ ]}
{[x 1,y 1]↦ ↦ , [x 1↦ ,y 2↦ ],
[x 2↦ ,y 1↦ ],
[x 2,y 2]↦ ↦ }
abstraction
Sets of Stores( 2Var→Val , ⊆ )
Abstract Domain:
Abstract Multi-Value Store
(Var→2Val , ≤ )
⊆concretization
essentiallyorder-preservingInformation Loos
IMP C B A
[ 12 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Galois ConnectionConcrete Domain:
{[x 1↦ ,y 2↦ ], [x 2↦ ,y 1↦ ]} abstraction
Sets of Stores( 2Var→Val , ⊆ )
Abstract Multi-Value Store
(Var→2Val , ≤ )
output x*y;{ 2 }
output x*y;{ 1 , 2 , 4 }⊆
IMP C B A
Abstract Domain:
x*y x*ysoundness!
{[x {1,2↦ },y {1,2}↦ ]}
[ 13 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Abstracting a Function
Given 'f : C ➞ C'...
...we can then derive 'F : A ➞ A' by1) concretize
2) apply ' f '
3) abstract
Hence:
f
C A
[ 14 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
IMP C B ADerivation: from C to B
Systematic derivation: from C[if] to B[if] !
Interestingly, this is both a:
systematic derivation and
proof of correctness (soundness)!
B = α ◦ C ◦
γ
expand definition of C
β reduction
α is a CJM
reformulate as function compositionNote: independent of C !IH: B = α ◦ C ◦ γ
for smaller constituents: 's0' and 's1'
overapproximation:C and α monotone
▶
=
[ 15 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
From C to B !
B
CCollecting Semantics:
Approximate Analysis:
(2Var Val➞ ) ➞ (2Var Val➞ )
(Var 2➞ Val) (Var 2➞ ➞ Val)
Note: independent of C !
IMP C B A
However: Still undecidable analysis!
[ 16 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Galois ConnectionConcrete Domain:
{[x {1,2}↦ ], [y {1}↦ ]} abstraction
Abstract Domain:
Constant Prop Info
(Var→Const , ⊑ )Abstract Multi-Value Store
(Var→2Val , ≤ )
{[x ↦ ], [y ↦ ]}1
Const:
IMP C B A
[ 17 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
=
▶
Derivation: B to A
Systematic derivation: from B[if] to A[if] !
Again, this is both a:
systematic derivation and
proof of correctness (soundness)!
Note: independent of B !
IMP C B A
[ 18 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
From B to A !
BApproximate Analysis:
(Var 2➞ Val) (Var 2➞ ➞ Val)
(Var Const) (Var Const)➞ ➞ ➞
AConstant Propagation!
Note: independent of B !
NOW: decidable analysis
IMP C B A
In fact: "constant propagation" !
[ 19 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
< Outline > Introduction & Motivation:
Variability and Analysis Abstract Interpretation
Derivation of Analyses: Abstract Interpretation (Constant Propagation)
Derivation of LIFTED Analyses: Variational Abstract Interpretation (LIFTED Constant Propagation)
Conclusion
< OUTLINE >
[ 20 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
A domain
=def (i.e., = n copies of )
pointwise!
Lifting Domains
is lifted to: .
a
a 1
a 2
a 3
a 4
a 5
a n
...
a=
[ 21 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Lifting GCs
A Galois Connection is lifted:
...
...
IMP
IMP
C B A
C B A
c
c 1
c 2
c 3
c n
α
α
α
α
α
γ
γ
γ
γ
γ
a 1
a
a 2
a 3
a n
pointwise!= =
[ 22 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Deriving Lifted Analysis
Systematic derivation: from A[if] to A[if] !
Again, derivation & correctness proof !Note: independent of A !
▶
=
IMP
IMP
C B A
C B A
[ 23 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Lifting A to A !Constant Propagation:
(Var Const) (Var Const)➞ ➞ ➞
ALiftedConstant Propagation:
(Var Const)➞ K (Var Const)➞ ➞ K
A
Note: independent of A !
[ 24 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
< Outline > Introduction & Motivation:
Variability and Analysis Abstract Interpretation
Derivation of Analyses: Abstract Interpretation (Constant Propagation)
Derivation of LIFTED Analyses: Variational Abstract Interpretation (LIFTED Constant Propagation)
Conclusion
< OUTLINE >
[ 25 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
ContributionsSYSTEMATICLIFTING in general:
CORRECTNESS ofLifted Analysis:
ABSTRACTIONof Variability:
UNDERSTANDINGLifting + Analysis:
Correctnessof
analyses !
Systematicderivation
!
Approximate
variability !Understanding
!
Lifted...■dataflow analysis!■control-flow analysis!■model checking!■type systems!■verification!■testing!■...!
! !
! !
[ 26 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Learn More...
Cite (possibly even read) our Papers:"Systematic Derivation of Static Analyses for Software Product Lines" ( Jan Midtgaard, Claus Brabrand, Andrzej Wasowski ) MODULARITY 2014
"Systematic Derivation of Correct Variability-Aware Program Analyses" ( J. Midtgaard, A. Dimovski, C. Brabrand, A. Wasowski ) SCP 2015
"Variability Abstractions: Trading Precision for Speed in Fam.-Based Analyses" ( Aleksandar Dimovski, Claus Brabrand, Andrzej Wasowski ) ECOOP 2015
"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
( THANKS )
[ 28 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Overview: "Var.Abs.Int"IMP
IMP
C B A
C B A
"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
BONUS SLIDES
[ 30 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Lifting AnalysesIMP
IMP
C B A
C B A
1 Complex Function:
Problems:Interference! (tuples not independent)Complicate proofs!
Simple Functions:
Well-behaved subset of
Independent functions!Intuition: run analyses in parallel
ff1
f2
f3
f4
f5
fn
...
✔However, (ab)use this notation!
a 1
a 2
a 3
a 4
a 5
a n
...
a a'
a 1'a 2'a 3'a 4'a 5'
a n'
...
a 1
a 2
a 3
a 4
a 5
a n
...a a'
a 1'a 2'a 3'a 4'a 5'
a n'
...
[ 31 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
IMP
IMP
C B A
C B ALifting Analyses
Consider generate-and-analyze:
Note: we end up at the bottom of the diagram!
[ 32 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
IMP
IMP
C B A
C B ALifting Analyses
Consider generate-and-analyze:
Lifting: Simply apply , ∀ pointwise:
Specification!
Generic lift combinator
[ 33 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
"Intraprocedural Dataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Borba ) AOSD 2012 / TAOSD 2013
"SPLLIFT: Statically Analyzing Software Product Lines in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini ) PLDI 2013
"Variability-Aware Parsing in the Presence of Lexical Macros and Cond. Compilation" ( Kastner, Giarrusso, Rendel, Erdweg, Ostermann, Berger ) OOPSLA 2011
Related Work
Lifted representations:
Lifted dataflow analyses:
Other Lifted analyses:(see citations in paper)
"The Choice Calculus: A Representation for Software Variation"( Erwig, Walkingshaw ) TOSEM 2011
■Type systems■Well-formedness checking■Model checking■Verification■Testing
IMP
IMP
C B A
C B A
[ 34 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Related Work (cont'd)
Multi-staged program analysis:
Abstract Interpretation:
"Static Analysis of Multi-Staged Programs via Unstaging Translation"( Choi, Aktemur, Yi, Tatsuta ) SIGPLAN Not., 2011
"Two-Level Functional Languages"( Nielson, Nielson ) Tracts in Theoretical Computer Science, 1992
"The Calculational Design of a Generic Abstract Interpreter"( Cousot ) Calculational System Design, 1999
"Systematic Design of Program Analysis Frameworks"( Cousot, Cousot ) POPL 1979
"Calculating Graph Algorithms for Dominance and Shortest Path"( Sergey, Midtgaard, Clarke ) MPC 2012
"A Structural Soundness Proof for Shivers’s Escape Technique: ..."( Midtgaard, Adams, Might ) SAS 2012
[ 35 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
IMP
IMP
C B A
C B AExample: 'IMP'
Preprocessor: x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;
P : IMP × ➞ IMP
x := 0;
output x;
x := 0; x := x + 1;
output x;
x := 0;
x := -x; output x;
x := 0; x := x + 1; x := -x; output x;
Ø: {INC}: {NEG}: {INC,NEG}:
[ 36 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
IMP
IMP
C B A
C B AExample: 'IMP'
Syntax of (two-staged) IMP:
Set of Features:
Configurations:
= { INC, NEG }
= { Ø, {INC}, {NEG}, {INC,NEG} }
= 2 (% invalid)
x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;
[ 37 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Lifting Effect of A vs A
Indicative results from SPLLIFT (PLDI 2013):A (TAOSD 2012) ...vs... A (PLDI 2013):
Analyze Software Product Lines in:Minutes (using A) instead of Years (using A)!
Reaching Definitions Possible Types Uninitialized Vars
SPL |F| # validconfigs A A A A A A
Lampiro 2 4 3m30s 42s 13s 4s 3m09s 1m25s
MM 08 9 26 24m29s 59s 2m06s 3s 27m39s 2m13s
GPL 19 1,872 days 8m48s 9h03m39s 42s days 7m09s
BerkeleyDB 39 unknown
years 12m04s years 24s years 10m18s
"Intraprocedural Dataflow Analysis for Software Product Lines" ( Brabrand, Ribeiro, Toledo, Borba ) AOSD 2012 / TAOSD 2013
"SPLLIFT: Statically Analyzing Software Product Lines in Minutes instead of Years" ( Bodden, Toledo, Ribeiro, Brabrand, Borba, Mezini ) PLDI 2013
[ 38 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Short Abstract
We develop a systematic methodology for lifting program analyses to Software Product Lines (SPLs) using abstract interpretation which is a classical framework for deriving static analyses in a compositional, step-by-step manner.
We show how to take an analysis expressed as an abstract interpretation and lift each of the steps to a family of programs.
Systematic Derivation ofStatic Analyses for
Software Product Lines
[ 39 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
AbstractA recent line of work lifts particular verification and analysis methods to Software Product Lines (SPL). In an effort to generalize such case-by-case approaches, we develop a systematic methodology for lifting program analyses to SPLs using abstract interpretation.
Abstract interpretation is a classical framework for deriving static analyses in a compositional, step-by-step manner. We show how to take an analysis expressed as an abstract interpretation and lift each of the abstract interpretation steps to a family of programs. This includes schemes for how to lift domain types, Galois connections, and combinators for lifting analyses.
We prove that for analyses developed using our method, the soundness of lifting follows by construction. Finally, we discuss approximating variability in an analysis and we derive variational data-flow equations for an example analysis, a constant propagation analysis for a simple imperative language.
[ 40 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Galois Connection
Lots of interesting properties:
[ 41 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Combinatorial Explosion !332
320 10 000
x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;
22 = 4products 233 > Earth's Population
2320 > Atoms in Universe Post-Astronomical # !
independent options options
independent options independent options
[ Thanks
to C
. K
äst
ner
]
[ 42 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
The 'Var.Abs.Int' MethodologyBASE (classic abstract interpretation):
1) Develop formal SOS semantics2) Devise collecting semantics3) Compose GC's and derive until "good analysis"
LIFT (from program to program families):4) Extend language with preprocessor5) Apply lifting combinator to get to family level6) Simplify to direct expression for lifted analysis–) Correctness (soundness) follows by construction
Variability abstractions:v1) Decide when to lift to program familiesv2) Apply lifting combinator to get to family levelv3) Devise GC's that abstract configuration space!v4) Simplify to direct expression for lifted analysis ++v–) Correctness (soundness) follows by construction
[ 43 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Example: 'IMP'
Syntax:
Semantics (small-step SOS):
IMP C B A
[ 44 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Galois Connection
Galois Connection:
Pair of functions:abstraction:
concretization:
Satisfying:
Relatingtwo domains
via abstraction:
"order preservinginformation loss"
[ 45 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
From C to B...
A Galois Connection: from C to B:
Sets-of-Stores: 2Var Val➞ Multi-Value-Store: Var 2➞ Val
abstract
output x*y;
{ 2 }
output x*y;
{ 1 , 2 , 4 }⊆
IMP C B A
Merge w prev slideAdd concretization
[ 46 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
'IMP'
Syntax of (two-staged) IMP:
Set of Features:
Configurations:
Satisfiability of '#if' formulae, :
x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;
= { INC, NEG }
= { Ø, {INC}, {NEG}, {INC,NEG} }
✔
✘
k = {NEG}
= 2 (% invalid)
[ 47 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
'IMP'
Semantics via preprocessor: x := 0; #if INC x := x + 1; #endif #if NEG x := -x; #endif output x;
x := 0;
x := -x; output x;
{NEG}:P : IMP × ➞ IMP
✔
✘
k = {NEG}
[ 48 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Extracting Dataflow EquationsConstant propagation analysis:
A
Dataflow Equations:
TRIVIAL
[ 49 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Lifting Dataflow EquationsLifted Constant Propagation:
A Lifted Dataflow Equations:
Soundnessby construction
TRIVIAL
[ 50 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
From C to B...
A Galois Connection: from C to B:Sets-of-Stores: 2Var Val➞ Multi-Value-Store: Var 2➞ Val
abstract
output x*y;
{ 2 }
output x*y;
{ 1 , 2 , 4 }⊆
IMP C B A
[ 51 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
GC from B to A...
Another Galois Connection: from B to A:
abstractb =[ x {1,2}, y {1} ]
a = αBA(b) =[ x , y 1 ]
Multi-Value-Store: Var 2➞ Val Const-Prop: Var Const➞
IMP C B A
[ 52 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Software Product Line(Simple Toy Example):
Derived products/variants:
Example: 'IMP' x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;
x := 0;
output x;
x := 0; x := x + 1;
output x;
x := 0;
x := -x; output x;
x := 0; x := x + 1; x := -x; output x;
Ø: {INC}: {NEG}: {INC,NEG}:
[ 53 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Generate-and-Analyze:
Example: 'IMP' x := 0; #ifdef INC x := x + 1; #endif #ifdef NEG x := -x; #endif output x;
x := 0;
output x;
x := 0; x := x + 1;
output x;
x := 0;
x := -x; output x;
x := 0; x := x + 1; x := -x; output x;
Ø: {INC}: {NEG}: {INC,NEG}:
x is 0
x is 1
x is -0
x is -1
{INC}: x is 1{INC,NEG}: x is -1Ø & {NEG}: x is 0
Analyze SPL directly!
(possibly with sharing)
[ 54 ]"Derivation of Variability-Aware Program Analyses" May, 2015FOSD 2015
Lifted Analyses
Var・ Abs・ IntSCP'15/
(Modularity'14)DFA-4-SPLTAOSD'13
(AOSD'12)
ModelChecking
Testing
TypeSystems
Control-Flow Analysis
SPL LIFTPLDI'13
ReachingDefinitions
ConstantPropagation
CalculationalAbstract Interpretation
MonotoneFramework
IFDS