Set-Based Analysis
description
Transcript of Set-Based Analysis
![Page 2: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/2.jpg)
2 /26
Overview
• Treating program variables as sets of values– is simple and intuitive.– requires no abstract domain (if no further approximation is
used).
• Ignore dependencies between– different variables.– different occurrences of the same variables.– domain and codomain of functions.
• Set-based analysis (especially in [He1994])
– makes no a priori requirement for sets be finitely presentable.
– represents an upper-bound on the accuracy of systems that ignore dependencies between variables.
![Page 3: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/3.jpg)
3 /26
Inter-Variable Dependencies
{u 1, v 2}
{u 3, v 4}
{x 1, ran(f) [1,1]}
{x 2, ran(f) [2,2]}{dom(g) 1, ran(g) 2}
{dom(g) 2, ran(g) 3}
![Page 4: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/4.jpg)
4 /26
Ignoring Inter-Variable Dependencies
{ u {1, 3}, v {2, 4} }
{ x {1, 2}, ran(f) {[1,1],[1,2],[2,1],[2,2]} }
{ dom(g) {1, 2}, ran(g) {2, 3} }
![Page 5: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/5.jpg)
5 /26
Target Language
• ML-like,• Simple call-by-value functional language
![Page 6: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/6.jpg)
6 /26
Operational Semantics
![Page 7: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/7.jpg)
7 /26
Set-Based Operational Semantics
• Approximates execution by collapsing all environments into one single set environment.
![Page 8: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/8.jpg)
8 /26
Set-Based Approximation
• Local safety conditions for safe approximation– The set-based semantics defined here is non-deterministic, and i
t may lead to an unsound approximation.
• Set-based approximation of term e0 is the set of values derived from the safe and minimal set environment Emin.
![Page 9: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/9.jpg)
9 /26
Algorithm for Computing sba(e0)
• Representation of values– To forget the environment part of closures
• The algorithm in [He1994] computesthe representation of sba(e0),
• Basically two steps:1. Construct set constraints from given term.2. Simplify the constructed set constraints.
![Page 10: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/10.jpg)
10 /26
Set Constraint
Set Variable Set Expression
![Page 11: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/11.jpg)
11 /26
Constructing Constraints
![Page 12: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/12.jpg)
12 /26
Meaning of Constraints
• Interpretation I– from set expressions to sets of set constraint values
![Page 13: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/13.jpg)
13 /26
Correspondence of C with sba(e0)
• Interpretation I is a model of the conjunction of constraints C– if, for each constraint X ⊇ se, I(se) is defined and I(X) ⊇ I(se).
• By giving order between I– I1 ⊇ I2 if I1(X) ⊇ I2(X) for all X– there is a least model lm(C) of C.
• It can be proved that– if e0 B (X, C) and Ilm = lm(C),
– then Ilm(X) = ||sba(e0)||.
![Page 14: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/14.jpg)
14 /26
Simplifying Constraints
![Page 15: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/15.jpg)
15 /26
Remarks on the Algorithm
• The simplification algorithm outputs explicit form of C.– Explicit form contains only constraints with atomic expressions,– where atomic expression is an abstraction or a constant with all
subparts atomic.– Explicit form represents a regular grammar for possible values.
• Time complexity is O(n3).– Construction of constraints is linear in the size of e0 .– At most O(n2) new constraints can be added by the simplification.– Determining what other new constraints need to be added, when
adding each new constraint, can be bounded by O(n).• Space complexity is O(n2).• Also computes the least set environment safe w.r.t. e0.
![Page 16: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/16.jpg)
16 /26
Application:Finding Links in Web Pages
• Goal– Find all possible links (URL’s) from a given web page
which is written in HTML and JavaScript.• Observation
– URL’s in HTML can be found trivially.– For JavaScript, strings assigned to variables named *.href or *.
src are the URL’s.• Solution
1. Transform given web page into an intermediate representation.2. Construct set constraints from the intermediate program.3. Simplify constraints.4. Gather all strings that may be assigned to variables named *.hr
ef or *.src.
![Page 17: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/17.jpg)
17 /26
Finding Links in Web Pages:Transforming HTML + JavaScript
![Page 18: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/18.jpg)
18 /26
Finding Links in Web Pages:Intermediate Language
![Page 19: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/19.jpg)
19 /26
Finding Links in Web Pages:Set Constraints
![Page 20: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/20.jpg)
20 /26
Finding Links in Web Pages:Constructing Constraints 1/2
![Page 21: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/21.jpg)
21 /26
Finding Links in Web Pages:Constructing Constraints 2/2
![Page 22: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/22.jpg)
22 /26
Finding Links in Web Pages:Simplifying Constraints
![Page 23: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/23.jpg)
23 /26
Finding Links in Web Pages:Concretizing Values 1/2
![Page 24: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/24.jpg)
24 /26
Finding Links in Web Pages:Concretizing Values 2/2
![Page 25: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/25.jpg)
25 /26
Finding Links in Web Pages:Future Works
• Demand-driven analysis– To analyze only the variables named *.href or *.src– Using the idea in [ChYi2002]
• Increase precision– Process undeclared global variables and nested functions.– Distinguish different occurrences of same variables.– Handle arithmetic more sophisticatedly.– Consider using regular expressions instead of strings with *’s fo
r final concrete output.
![Page 26: Set-Based Analysis](https://reader035.fdocuments.in/reader035/viewer/2022081506/568148f4550346895db612d9/html5/thumbnails/26.jpg)
26 /26
References
• [He1994] Nevin Heintze, “Set-Based Analysis for ML Programs”, In Proceedings of the SIGPLAN Conference on Lisp and Functional Programming, 1994.
• [ChYi2002] Woongshik Choi and Kwang Yi, “Demand-driven Set-Based Analysis”, Tech. Memo. ROPAS-2002-18, Research On Program Analysis System, Korea Advanced Institute of Science and Technology, October 2002. http://ropas.kaist.ac.kr/memo.