UCLA CS 232 Static Program Analysis Fall 2008
Homework 1: Constraintbased analysis
Write set constraints for constraintbased analysis of the Java expressions
new (), method call with one argument, and Java assignment.
For a method call, allow the set for the actual parameter to be a subset
of the set for the formal parameter.
Give a second version of the constraints in which we insist that
for a method call, the set for the actual parameter must be equal
to the set for the formal parameter.
The second version is more conservative, that is, less precise.
Show an example program that illustrates why the second version
is more conservative.
Present the constraints for both the first and the second version
of the analysis,
as well as the least solution for each one.
Homework 2: Pointer analysis
In the paper by Nevin Heintze and Olivier Tardieu entitled
Ultrafast Aliasing Analysis using CLA:
A Million Lines of C Code in a Second,
Figure 2 presents deduction rules for pointer analysis.
Rephrase the analysis in Figure 2 to use set constraints.
Show the set constraints and their least solution for the example
in Figure 3.
Homework 3: SSA form
Let S be a family of nonempty sets.
The intersection graph of S is obtained by
representing each set in S by
a vertex and connecting two vertices by an edge if and only
if their corresponding sets intersect.
The intersection graph of the live ranges of a program is called an
interference graph.
A graph is chordal if and only if it can be represented as an intersection graph
of subtrees of a tree.
Prove that
a program in strict SSA form has a chordal interference graph.
Homework 4: Contextsensitive analysis

The goal of the homework is to write a competitive, contextsensitive
static program analysis using the
bddbddb tool.

The source language is
MiniJava.
The MiniJava grammar is in JavaCC format; you can use JTB and JavaCC
if you like; you can also rewrite the grammar into a different format.
If you want to work with a different source language, you are welcome
to do that; come talk with me first.

Your main task is to write the necessary code to be able to use the bddbddb tool
as described by John Whaley, Monica S. Lam in
Cloningbased contextsensitive pointer alias analysis using
binary decision diagrams.

Experiment with both a contextinsensitive and a contextsensitive version
of the constraints; try algorithms 16 in the WhaleyLam paper.

Write a MiniJava benchmark suite which helps illustrate
how the contextsensitive analysis gives more precise information
that the contextinsensitive analysis.

Submit your benchmark suite along with a report which

details your implementation strategy,

shows the best of your MiniJava benchmark programs and explains in detail what
it helps illustrate and how, and

reports on the total time to analyze each of the MiniJava benchmark programs
with each of the algorithms,
both for the MiniJava programs
here
and the ones you wrote yourself.
 Prepare to show a demo of your program analysis.
Homework 5: Typesafe method inlining
Read the paper by Neal Glew and Jens Palsberg called
Typesafe method inlining.
On p.16, item (36) is a form of constraint generated from
occurrences of "this".
Suppose we don't generate this constraint.
Now do one of two things.
Either prove that the resulting analysis satisfies
Typability Preservation (Theorem 4 in the paper);
submit your proof.
Or else
write a program in the example language of the paper
such that (1) the program type checks and
(2) after analysis and transformation, the transformed program
does not type check.
Submit

your program,

a brief explanation of the intuition why the program will
not type check after analysis and transformation,

a note that you have type checked the program using javac,

the flow analysis constraints generated from the program,

the least solution of the constraints,

the transformed program,

an explanation of why the transformed program does not type check.
Homework 6: Fast controlflow analysis
Consider the lambdaterm:
G = [lambda^{1} f.(f(f(lambda^{2} x.x)))](lambda^{3} y.y)
Show the graph for G that is used by the Heintze/McAllester
quadratictime
flow analysis algorithm.
What is the label set for G produced by the algorithm?
Homework 7: Relationships between static analysis and type systems
Consider the language generated by the grammar:
e ::= x  lambda x.e  e e  0  e+1
We can define a type system with the simple types
t ::= int  t > t
see for example "A simple algorithm and proof for type inference"
by Mitchell Wand.
Specify a flow analysis which is equivalent to the type system with
simple types.
Here "equivalent" is in the sense of "A type system
equivalent to flow analysis" by Jens Palsberg and Patrick O'Keefe.
Justify informally in detail why your flow analysis is equivalent
to the type system.
Homework 8: Stack bounds for eventdriven software
In the interrupt calculus of
Stack Size Analysis of Interrupt Driven Software,
write the simplest program you can think of
which has 3 interrupt handlers and for which the maximum stack size is 6.
Argue informally why your program has a maximum stack size of 6.
Homework 9: Logical abstract interpretation
Homework 9 is described in
this file.