Adapting Side-Effects Analysis for Modular Program Model Checking M.S. Defense Oksana Tkachuk Major Professor: Matthew Dwyer Support US National Science Foundation (NSF CISE/SEL) US Department of Defense Advanced Research Projects Agency (DARPA/IXO PCES) US Army Research Office (ARO CIP/SW)
37
Embed
Adapting Side-Effects Analysis for Modular Program Model Checking M.S. Defense Oksana Tkachuk Major Professor: Matthew Dwyer Support US National Science.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Adapting Side-Effects Analysis for Modular
Program Model CheckingM.S. Defense
Oksana Tkachuk
Major Professor: Matthew Dwyer
SupportUS National Science Foundation (NSF CISE/SEL)US Department of Defense Advanced Research Projects Agency (DARPA/IXO PCES) US Army Research Office (ARO CIP/SW)
side-effects analysis to calculate data effects future work: control effects, safe locks
Current State of Tool Support
In This Talk…
Identifying environment data effects using a customized side-effects analysis Identifying the unit Identifying environment Analyzing environment Modeling environment from analysis
results
Identifying the unit/environment
The unit is user defined based on properties to be checked
BEG scans the unit for external references that drive generation of environment classes
Unit
Stubs
Analyzing Environment
Staged Analysis Scope-based analysis to eliminate
methods that can’t side-effects the unit data
Points-to analysis to approximate objects pointed to by a reference variable in store statements (l.f = r, l[i]=r)
Side-Effects analysis to detect side-effects on the unit data through store statements
Detecting Independent Methods
BEG builds a call graph for environment methods immediately called from unit
Unit
Stubs
Excluding the methods that can’t effect unit data based on scope analysis
Call Graph
Side Effects Analysis
Traditional side-effects analyses are designed to calculate the set of memory locations that may be modified by method execution Do not approximate the values that are
assigned in a store statement (l.f = r, l[i]=r)
Do not distinguish between unit and environment locations
Are usually designed to be fast rather than precise
Tracks side-effects to unit locations, ignores side-effects to environment locations
Tracks the value on the right hand side of side effecting statements (l.f = r, l[i] = r)
Increases precision Flow and context-sensitivity (parameterized) Access-path based with user controlled k-limiting Tracking type and reachabilty of unit locations Calculating must side-effects Incorporating return sensitivity
BEG Side-Effects
Example
class Node { Node next; Data data; …}class … { … void m(Node n, Data d) { n.next.next.data = d; }}