COP 5021 meeting -*- Outline -*- * Introduction ------------------------------------------ COP 5021 PROGRAM ANALYSIS ------------------------------------------ ** Who introduce self and meet everyone have them write names on board ** what is program analysis? Q: What's the different between static and dynamic properties? ------------------------------------------ WHAT IS PROGRAM ANALYSIS? Def: *program analysis* is predicting statically safe approximations to the set of configurations or behaviors that may occur dynamically. ------------------------------------------ Q: How does this differ from (human) code inspection? Q: How is it different than testing? Runtime assertion checking? ** why study program analysis (course spec) ------------------------------------------ WHY PROGRAM ANALYSIS? Automatic understanding of programs is - important + optimizing compilers + program development tools + formal verification: - safety critical systems - business critical systems + research in programming languages - impossible, in general + safe approximations e.g., read(x); (if x > 0 then y:= 1 else {y:= 2; f()}); z:=y -- can we say that z is 1 at the end? Basic ideas: - compute abstractions - use in transformations Goals: - little or no input from programmers ==> practical, usable - correctness ==> usable "under the covers" - efficient (at compile time): - time - space ------------------------------------------ Program analysis encompasses the core areas in the theory of programming language research, including type systems and program optimization and reasoning. Generally speaking, the bias is towards having no programmer input, which tends to lead to fairly global (whole-program) analyses. *** useful ideas ------------------------------------------ MAIN IDEAS OR THEMES - conservatism: "Err on the safe side!" - efficiency from approximation: "Trade precision for efficiency!" ------------------------------------------ Q: What does safety mean? nothing bad happens Q: What does it mean to be conservative when taking money for a trip? take more than you think you'll need Q: What's an example of the first idea from type checking? what's type safety? Q: Suppose we're interested in numerical precision (error estimation), what's an example of the second idea in this case? *** practicality These ideas are the heart of many compilers and language systems e.g., abstract interpretation used in verifying Airbus software (the Astree tool) type systems and other static analysis in JML compiler *** widely used Many papers assume one understands these ideas Lots of different applications including: - security (information flow analysis) - side effects or purity - field accesses - potential for variables to be null - array indexes out of bounds - uninitialized variable accesses - deadlock prevention - race conditions *** other interest - relation to operational semantics - connections between the different kinds of analysis are interesting, and provide a unifying set of ideas Q: what about the material interests you? ** Plan of course (syllabus) - overview, survey - basic use of JastAdd - dataflow analysis, - implementation of dataflow using JastAdd - structural operational semantics and correctness - applications (e.g., to OO languages) if time: - abstract interpretation - type and effect systems summary and review at the end Q: Would you make any changes to the plan? ** Objectives *** meta - get you to think critically Q: What kind of questions should you be asking? limitations? utility? - teach you some semantics and formal methods *** normal In one sentence, the main objective is that you will have a deep, working knowledge of program analysis. Focus on procedural, sequential programs (WHILE language), but will extend to other areas. ------------------------------------------ OBJECTIVES - [Ideas] Correctly understand and use terms for reading/writing papers when designing software tools - [ImproveTools] Effectively apply the concepts to design better software tools, programming languages, or specification languages and tools. ------------------------------------------ See the course's about page for details, including outcomes ** How I'll run the course *** overview informal and friendly, I'm going to try not to lecture too much lecture meetings: discuss homework, if any (show program examples, or on board) discuss next topic (working examples) You need to read ahead or at least keep up in the reading. homework: explore the material, perhaps generalize or apply it (esp. to OOP, AOP, components, security, etc.) Can work alone or with others. grading: based on evidence, participation, project, final oral exam I'll give comments and grades on homework pace: we'll try to uncover and explore carefully want deep understanding of that material (semantics) for homework, we'll be flexible, *** red tape prerequisites: COP 4020 and COT 4210 book: Principles of Program Analysis, by Flemming Nielson, Hanne Riis Nielson, and Chris Hankin (Springer-Verlag, 1999, corrected printing 2005). ISBN 3-540-65410-0. ** summary Q: any other questions about the course?