Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interprocedural Analysis Noam Rinetzky Mooly Sagiv.

Published byBrittney Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "Interprocedural Analysis Noam Rinetzky Mooly Sagiv."— Presentation transcript:

1 Interprocedural Analysis Noam Rinetzky Mooly Sagiv

2 Why do runtime errors occur? Logical errors Incorrect initializations Resource limitations Aliasing problems API mismatch 2

3 Procedural program int p(int a) { return a + 1; } void main() { int x; x = p(7); x = p(9); }

4 Effect of procedures The effect of calling a procedure is the effect of executing its body call bar() foo() bar()

5 Interprocedural Analysis goal: compute the abstract effect of calling a procedure call bar() foo() bar()

6 Reduction to intraprocedural analysis Procedure inlining Naive solution: call-as-goto

7 Reminder: Constant Propagation … …   --  01 Z No information Variable not a constant  

8 Reminder: Constant Propagation L = (Var  Z,  )  1   2 iff  x:  1 (x)  ’  2 (x) –  ’ ordering in the Z lattice Examples: – [x  , y  42, z   ]  [x  , y  42, z  73] – [x  , y  42, z  73]  [x  , y  42, z   ]    

9 Reminder: Constant Propagation Conservative Solution –Every detected constant is indeed constant But may fail to identify some constants –Every potential impact is identified Superfluous impacts

10 Procedure Inlining int p(int a) { return a + 1; } void main() { int x; x = p(7); x = p(9); }

11 Procedure Inlining int p(int a) { return a + 1; } void main() { int x; x = p(7); x = p(9); } void main() { int a, x, ret; a = 7; ret = a+1; x = ret; a = 9; ret = a+1; x = ret; } [a  ⊥, x  ⊥, ret  ⊥ ] [a  7, x  8, ret  8] [a  9, x  10, ret  10]

12 Procedure Inlining Pros – Simple Cons – Does not handle recursion – Exponential blow up – Reanalyzing the body of procedures p1 { call p2 … call p2 } p2 { call p3 … call p3 } p3{ }

13 A Naive Interprocedural solution Treat procedure calls as gotos

14 Simple Example int p(int a) { return a + 1; } void main() { int x ; x = p(7); x = p(9) ; }

15 Simple Example int p(int a) { [a  7] return a + 1; } void main() { int x ; x = p(7); x = p(9) ; }

16 Simple Example int p(int a) { [a  7] return a + 1; [a  7, $$  8] } void main() { int x ; x = p(7); x = p(9) ; }

17 Simple Example int p(int a) { [a  7] return a + 1; [a  7, $$  8] } void main() { int x ; x = p(7); [x  8] x = p(9) ; [x  8] }

18 Simple Example int p(int a) { [a  7] return a + 1; [a  7, $$  8] } void main() { int x ; x = p(7); [x  8] x = p(9) ; [x  8] }

19 Simple Example int p(int a) { [a  7] [a  9] return a + 1; [a  7, $$  8] } void main() { int x ; x = p(7); [x  8] x = p(9) ; [x  8] }

20 Simple Example int p(int a) { [a  ] return a + 1; [a  7, $$  8] } void main() { int x ; x = p(7); [x  8] x = p(9) ; [x  8] }

21 Simple Example int p(int a) { [a  ] return a + 1; [a , $$  ] } void main() { int x ; x = p(7); [x  8] x = p(9); [x  8] }

22 Simple Example int p(int a) { [a  ] return a + 1; [a , $$  ] } void main() { int x ; x = p(7) ; [x  ] x = p(9) ; [x  ] }

23 A Naive Interprocedural solution Treat procedure calls as gotos Pros: – Simple – Usually fast Cons: – Abstract call/return correlations – Obtain a conservative solution

24 Analysis by reduction Procedure inlining int p(int a) { [a  ] return a + 1; [a , $$  ] } void main() { int x ; x = p(7) ; [x  ] x = p(9) ; [x  ] } void main() { int a, x, ret; a = 7; ret = a+1; x = ret; a = 9; ret = a+1; x = ret; } [a  ⊥, x  ⊥, ret  ⊥ ] [a  7, x  8, ret  8] [a  9, x  10, ret  10] Call-as-goto why was the naive solution less precise?

25 Stack regime P() { … R(); … } R(){ … } Q() { … R(); … } call return call return P R

26 Guiding light Exploit stack regime  Precision  Efficiency

27 Simplifying Assumptions -Parameter passed by value -No procedure nesting -No concurrency Recursion is supported

28 Topics Covered ✓ Procedure Inlining ✓ The naive approach Valid paths The callstring approach The Functional Approach IFDS: Interprocedural Analysis via Graph Reachability IDE: Beyond graph reachability The trivial modular approach

29 Join-Over-All-Paths (JOP) Let paths(v) denote the potentially infinite set paths from start to v (written as sequences of edges) For a sequence of edges [e 1, e 2, …, e n ] define f [e 1, e 2, …, e n ]: L  L by composing the effects of basic blocks f [e 1, e 2, …, e n ](l) = f(e n ) (… (f(e 2 ) (f(e 1 ) (l)) …) JOP[v] =  {f [e 1, e 2, …,e n ](l) | [e 1, e 2, …, e n ]  paths(v)}

30 Join-Over-All-Paths (JOP) 9 e1e1 e2e2 e3e3 e4e4 e5e5 e6e6 e7e7 e8e8 Paths transformers: f[e 1,e 2,e 3,e 4 ] f[e 1,e 2,e 7,e 8 ] f[e 5,e 6,e 7,e 8 ] f[e 5,e 6,e 3,e 4 ] f[e 1,e 2,e 3,e 4,e 9, e 1,e 2,e 3,e 4 ] f[e 1,e 2,e 7,e 8,e 9, e 1,e 2,e 3,e 4,e 9,…] … JOP: f[e 1,e 2,e 3,e 4 ](initial)  f[e 1,e 2,e 7,e 8 ](initial)  f[e 5,e 6,e 7,e 8 ](initial)  f[e 5,e 6,e 3,e 4 ](initial)  … e9e9 Number of program paths is unbounded due to loops

31 LFP approximates JOP JOP[v] =  {f [e 1, e 2, …,e n ](l) | [e 1, e 2, …, e n ]  paths(v)} LFP[v] =  {f [e ](LFP[v’] ) | e =(v’,v)} JOP  LFP - for a monotone function –f(x  y)  f(x)  f(y) JOP = LFP - for a distributive function –f(x  y) = f(x)  f(y) JOP may not be precise enough for interprocedural analysis! LFP[v 0 ]  = 

32 Interprocedural analysis sRsR n1n1 n3n3 n2n2 f1f1 f3f3 f2f2 f1f1 eReR f3f3 sPsP n5n5 n4n4 f1f1 ePeP f5f5 P R Call Q f c2e f x2r Call node Return node Entry node Exit node sQsQ n7n7 n6n6 f1f1 eQeQ f6f6 Q Call Q Call node Return node f c2e f x2r f1f1

33 Interprocedural analysis sRsR n1n1 n3n3 n2n2 f1f1 f3f3 f2f2 f1f1 eReR f3f3 sPsP n5n5 n4n4 f1f1 ePeP f5f5 P R Call Q f c2e f x2r Call node Return node Entry node Exit node sQsQ n7n7 n6n6 f1f1 eQeQ f6f6 Q Call Q Call node Return node f c2e f x2r f1f1 Supergraph

34 paths(n) the set of paths from s to n –( (s,n 1 ), (n 1,n 3 ), (n 3,n 1 ) ) Paths s n1n1 n3n3 n2n2 f1f1 f1f1 f3f3 f2f2 f1f1 e f3f3

35 Interprocedural Valid Paths () f1f1 f2f2 f k -1 fkfk f3f3 f4f4 f5f5 f k -2 f k -3 call q enter q exit q ret IVP: all paths with matching calls and returns –And prefixes

36 Interprocedural Valid Paths IVP set of paths –Start at program entry Only considers matching calls and returns –aka, valid Can be defined via context free grammar –matched ::= matched ( i matched ) i | ε –valid ::= valid ( i matched | matched paths can be defined by a regular expression

37 Join Over All Paths (JOP) start n i JOP[v] =  {[[e 1, e 2, …,e n ]](  ) | (e 1, …, e n )  paths(v)} JOP  LFP –Sometimes JOP = LFP precise up to “symbolic execution” Distributive problem  L  L f k o... o f 1

38 The Join-Over-Valid-Paths (JVP) vpaths(n) all valid paths from program start to n JVP[n] =  {[[e 1, e 2, …, e ]](l) (e 1, e 2, …, e)  vpaths(n)} JVP  JFP –In some cases the JVP can be computed –(Distributive problem)

39 The Call-String Approach The data flow value is associated with sequences of calls (call string) Use Chaotic iterations over the supergraph

40 Supergraph sRsR n1n1 n3n3 n2n2 f1f1 f3f3 f2f2 f1f1 eReR f3f3 sPsP n5n5 n4n4 f1f1 ePeP f5f5 P R Call Q f c2e f x2r Call node Return node Entry node Exit node sQsQ n7n7 n6n6 f1f1 eQeQ f6f6 Q Call Q Call node Return node f c2e f x2r f1f1

41 Supergraph sRsR n1n1 n3n3 n2n2 f1f1 f3f3 f2f2 f1f1 eReR f3f3 sPsP n5n5 n4n4 f1f1 ePeP f5f5 P R Call Q f c2e f x2r Call node Return node Entry node Exit node sQsQ n7n7 n6n6 f1f1 eQeQ f6f6 Q Call Q Call node Return node f c2e f x2r f1f1

42 Simple Example void main() { int x ; c1: x = p(7); c2: x = p(9) ; } int p(int a) { return a + 1; }

43 Simple Example void main() { int x ; c1: x = p(7); c2: x = p(9) ; } int p(int a) { c1: [a  7] return a + 1; }

44 Simple Example int p(int a) { c1: [a  7] return a + 1; c1:[a  7, $$  8] } void main() { int x ; c1: x = p(7); c2: x = p(9) ; }

45 Simple Example int p(int a) { c1: [a  7] return a + 1; c1:[a  7, $$  8] } void main() { int x ; c1: x = p(7);  : x  8 c2: x = p(9) ; }

46 Simple Example int p(int a) { c1:[a  7] return a + 1; c1:[a  7, $$  8] } void main() { int x ; c1: x = p(7);  : [x  8] c2: x = p(9) ; }

47 Simple Example int p(int a) { c1:[a  7] c2:[a  9] return a + 1; c1:[a  7, $$  8] } void main() { int x ; c1: x = p(7);  : [x  8] c2: x = p(9) ; }

48 Simple Example int p(int a) { c1:[a  7] c2:[a  9] return a + 1; c1:[a  7, $$  8] c2:[a  9, $$  10] } void main() { int x ; c1: x = p(7);  : [x  8] c2: x = p(9) ; }

49 Simple Example int p(int a) { c1:[a  7] c2:[a  9] return a + 1; c1:[a  7, $$  8] c2:[a  9, $$  10] } void main() { int x ; c1: x = p(7);  : [x  8] c2: x = p(9) ;  : [x  10] }

50 The Call-String Approach The data flow value is associated with sequences of calls (call string) Use Chaotic iterations over the supergraph To guarantee termination limit the size of call string (typically 1 or 2) –Represents tails of calls Abstract inline

51 Another Example (|cs|=2) int p(int a) { c1:[a  7] c2:[a  9] return c3: p1(a + 1); c1:[a  7, $$  16] c2:[a  9, $$  20] } void main() { int x ; c1: x = p(7);  : [x  16] c2: x = p(9) ;  : [x  20] } int p1(int b) { c1.c3:[b  8] c2.c3:[b  10] return 2 * b; c1.c3:[b  8,$$  16] c2.c3:[b  10,$$  20] }

52 Another Example (|cs|=1) int p(int a) { c1:[a  7] c2:[a  9] return c3: p1(a + 1); c1:[a  7, $$  ] c2:[a  9, $$  ] } void main() { int x ; c1: x = p(7);  : [x   ] c2: x = p(9) ;  : [x   ] } int p1(int b) { (c1|c2)c3:[b  ] return 2 * b; (c1|c2)c3:[b , $$  ] }

53 int p(int a) { c1: [a  7] c1.c2+: [a   ] if (…) { c1: [a  7] c1.c2+: [a   ] a = a -1 ; c1: [a  6] c1.c2+: [a   ] c2: p (a); c1.c2*: [a   ] a = a + 1; c1.c2*: [a   ] } c1.c2*: [a   ] x = -2*a + 5; c1.c2*: [a  , x  ] } void main() { c1: p(7);  : [x  ] } Handling Recursion

54 Summary Call-String Easy to implement Efficient for very small call strings Limited precision –Often loses precision for recursive programs –For finite domains can be precise even with recursion (with a bounded callstring) Order of calls can be abstracted Related method: procedure cloning

55 The Functional Approach The meaning of a procedure is mapping from states into states The abstract meaning of a procedure is function from an abstract state to abstract states Relation between input and output In certain cases can compute JVP

56 The Functional Approach Two phase algorithm –Compute the dataflow solution at the exit of a procedure as a function of the initial values at the procedure entry (functional values) –Compute the dataflow values at every point using the functional values

57 Phase 1 int p(int a) { if (…) { a = a -1 ; p (a); a = a + 1; } x = -2*a + 5; } void main() { p(7); } [a  a 0, x  ] [a  a 0, x  x 0 ] [a  a 0 -1, x  x 0 ] [a  a 0 -1, x  - 2a 0 +7] [a  a 0, x  - 2a 0 +7] [a  a 0, x  x 0 ] [a  a 0, x  - 2*a 0 +5] p(a 0,x 0 ) = [a  a 0, x  -2a 0 + 5]

58 int p(int a) { if (…) { a = a -1 ; p (a); a = a + 1; } x = -2*a + 5; } Phase 2 void main() { p(7); } p(a 0,x 0 ) = [a  a 0, x  -2a 0 + 5] [a  7, x  0] [a  7, x  - 9] [x  - 9] [a  6, x  0] [a  6, x  -7] [a  7, x  -7] [a  6, x  0] [a , x  0] [a , x  ]

59 Data facts: d  L  L Initialization: – f start,start = ( ,  ) ; otherwise ( ,  ) – S[start,  ] =  Propagation of (x,y) over edge e = (n,n’) - Maintain summary: S[n’,x] = S[n’,x]   n, n’  (y)) - n intra-node:  n’: (x,  n, n’  (y)) - n call-node:  n’: (y,y) if S[n’,y] =  and n’= entry node  n’: (x,z) if S[exit(call(n),y] = z and n’= ret-site-of n - n return-node:  n’: (u,y) ; n c = call-site-of n’, S[n c,u]=x Tabulation for finite lattices L

60 Issues in Functional Approach How to guarantee that finite height for functional lattice? –It may happen that L has finite height and yet the lattice of monotonic function from L to L do not Efficiently represent functions –Functional join –Functional composition –Testing equality

61 Summary Functional approach Computes procedure abstraction Sharing between different contexts Rather precise Recursive procedures may be more precise/efficient than loops But requires more from the implementation –Representing (input/output) relations –Composing relations

62 CFL-Graph reachability [RHS’95] Static analysis of programs with proecedures Special cases of functional analysis Reduce the interprocedural analysis problem to finding context free reachability [RHS’95] Thomas W. Reps, Susan Horwitz, Shmuel Sagiv: Precise Interprocedural Dataflow Analysis via Graph Reachability. POPL 1995

63 The Context-Free Reachability Problem A finite directed graph G(s, V, E) A finite alphabet  A labeling function l: E   A context-free grammar C over  A property holds at n  N if there exists a path from s to n whose labels are in C 63

64 x = 3 p(x,y) return from p start main exit main start p(a,b) if... b = a p(a,b) return from p exit p xy a b printf(y) Might b be uninitialized here? printf(b) NO! ( ] Might y be uninitialized here? YES! ( )

65 Questions When can we reduce a static analysis problem to CFL reachability What is the complexity of solving CFL reachability problems Interesting generalizations of CFL reachability

66 IFDS Problems Finite subset distributive – Lattice L =  (D) –  is  –  is  – Transfer functions are distributive Efficient solution through formulation as CFL reachability Can be generalized to certain infinite lattices

67 Possibly Uninitialized Variables Startx = 3 if... y = x y = w w = 8 printf(y) {w,x,y} {w,y} {w} {w,y} {} {w,y} {}

68 Efficiently Representing Functions Let f:2 D  2 D be a distributive function Then: – f(X) = { f({z}) | z  X } – f(X) = f(  )  { f({z}) | z  X }

69 Encoding Transfer Functions Enumerate all input space and output space Represent functions as graphs with 2(D+1) nodes Special symbol “0” denotes empty sets (sometimes denoted  ) Example: D = { a, b, c } f(S) = (S – {a}) U {b} 0abc 0abc

70 Representing Dataflow Functions Identity Function Constant Function a bc a bc

71 “ Gen/Kill ” Function Non- “ Gen/Kill ” Function a bc a bc Representing Dataflow Functions

72 a bcbc a Composing Dataflow Functions bc a

73 x = 3 p(x,y) return from p printf(y) start main exit main start p(a,b) if... b = a p(a,b) return from p printf(b) exit p xy a b

74 x = 3 p(x,y) return from p start main exit main start p(a,b) if... b = a p(a,b) return from p exit p xy a b printf(y) Might b be uninitialized here? printf(b) NO! ( ] Might y be uninitialized here? YES! ( )

75 The Tabulation Algorithm Worklist algorithm, start from entry of “main” Keep track of –Path edges: matched paren paths from procedure entry –Summary edges: matched paren call-return paths At each instruction –Propagate facts using transfer functions; extend path edges At each call –Propagate to procedure entry, start with an empty path –If a summary for that entry exits, use it At each exit –Store paths from corresponding call points as summary paths –When a new summary is added, propagate to the return node

76 Asymptotic Running Time CFL-reachability –Exploded control-flow graph: ND nodes –Running time: O(N 3 D 3 ) Exploded control-flow graph Special structure Running time: O(ED 3 ) Typically: E l N, hence O(ED 3 ) l O(ND 3 ) “Gen/kill” problems: O(ED)

77 Some Applications Mayur Naik: Jchord a static analysis for Java IBM Watson: Wala static analysis tool Thomas Ball, Vladimir Levin, Sriram K. Rajaman A decade of software model checking with SLAM.CACM’11 Manu Sridharan, Rastislav Bodík: Refinement-based context- sensitive points-to analysis for Java. PLDI 2006 Osbert Bastani, Saswat Anand, Alex Aiken: Specification Inference Using Context-Free Language Reachability, POPL’15 K Chatterjee, A Pavlogiannis, Y Velner: Quantitative interprocedural analysis, POPL’15 S Yang, D Yan, H Wu, Y Wang: Static control-flow analysis of user- driven callbacks in Android applications Nomair A. Naeem, Ondrej Lhoták, Jonathan Rodriguez: Practical Extensions to the IFDS Algorithm. CC 2010: 124-144

78 Asymptotic Running Time CFL-reachability –Exploded control-flow graph: ND nodes –Running time: O(N 3 D 3 ) Exploded control-flow graph Special structure Running time: O ( ED 3 ) Typically: E N, hence O ( ED 3 ) O ( ND 3 ) “ Gen/kill ” problems: O ( ED )

79 IDE Goes beyond IFDS problems –Can handle unbounded domains Requires special form of the domain Can be much more efficient than IFDS

80 Example Linear Constant Propagation Consider the constant propagation lattice The value of every variable y at the program exit can be represented by: y =  {(a x x + b x )| x  Var * }  c a x,c  Z  { ,  } b x  Z Supports efficient composition and “functional” join –[z := a * y + b] –What about [z:=x+y]?

81 IDE Analysis Point-wise representation closed under composition CFL-Reachability on the exploded graph Two phase algorithm –Compose functions –Compute dataflow values

82 Linear constant propagation Point-wise representation of environment transformers

83

84

85 Costs O(ED 3 ) Class of value transformers F  L  L –id  F –Finite height Representation scheme with (efficient) Application Composition Join Equality Storage

86 Conclusion Handling functions is crucial for abstract interpretation Virtual functions and exceptions complicate things But scalability is an issue –Small call strings –Small functional domains –Demand analysis

87 Bibliography Textbook 2.5 Patrick Cousot & Radhia Cousot. Static determination of dynamic properties of recursive procedures In IFIP Conference on Formal Description of Programming Concepts, 1978 Two Approaches to interprocedural analysis by Micha Sharir and Amir Pnueli: 1 IDFS Interprocedural Distributive Finite Subset Precise interprocedural dataflow analysis via graph reachability. Reps, Horowitz, and Sagiv, POPL’95 IDE Interprocedural Distributive Environment Precise interprocedural dataflow analysis with applications to constant propagation. Sagiv, Reps, Horowitz, and TCS’96

Download ppt "Interprocedural Analysis Noam Rinetzky Mooly Sagiv."

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR

R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR
Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.

Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) SSA Guo, Yao.

School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) SSA Guo, Yao.
Interprocedural Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12.

Interprocedural Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani

Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
Interprocedural analysis © Marcelo d’Amorim 2010.

Interprocedural analysis © Marcelo d’Amorim 2010.
1 Lecture 06 – Inter-procedural Analysis Eran Yahav.

1 Lecture 06 – Inter-procedural Analysis Eran Yahav.
Foundations of Data-Flow Analysis. Basic Questions Under what circumstances is the iterative algorithm used in the data-flow analysis correct? How precise.

Foundations of Data-Flow Analysis. Basic Questions Under what circumstances is the iterative algorithm used in the data-flow analysis correct? How precise.
Common Sub-expression Elim Want to compute when an expression is available in a var Domain:

Common Sub-expression Elim Want to compute when an expression is available in a var Domain:
Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.

Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.
Interprocedural Analysis Noam Rinetzky Mooly Sagiv.

Interprocedural Analysis Noam Rinetzky Mooly Sagiv.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Control Flow Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber.

Control Flow Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
1 Iterative Program Analysis Part I Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program.

1 Iterative Program Analysis Part I Mooly Sagiv Tel Aviv University Textbook: Principles of Program.
1 Control Flow Analysis Mooly Sagiv Tel Aviv University 640-6706 Textbook Chapter 3

1 Control Flow Analysis Mooly Sagiv Tel Aviv University Textbook Chapter 3
1 Iterative Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program Analysis.

1 Iterative Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.

Similar presentations

Ads by Google