Scribd
Upload
18 views

final_answer

The document is a final exam for the CSE6049 Program Analysis course, consisting of multiple problems related to program analysis concepts such as soundness, completeness, pointer analysis, and semantics. It includes O/X questions, theoretical problems, and practical programming tasks, requiring students to demonstrate their understanding of various program analysis techniques. The exam covers topics like Galois connections, collecting semantics, widening operators, and safe memory access.

Uploaded by

Supercalifragilistic expialidocious
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views

final_answer

The document is a final exam for the CSE6049 Program Analysis course, consisting of multiple problems related to program analysis concepts such as soundness, completeness, pointer analysis, and semantics. It includes O/X questions, theoretical problems, and practical programming tasks, requiring students to demonstrate their understanding of various program analysis techniques. The exam covers topics like Galois connections, collecting semantics, widening operators, and safe memory access.

Uploaded by

Supercalifragilistic expialidocious
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Final Exam

CSE6049 Program Analysis, Spring 2021


6/21(Mon), 16 : 00

Name: asdfasdfasdfasdfasdf
Student ID: asdfasdfasdfasdfasdfasdf

Problem 1. [O/X questions] (20 pts). Mark O for each correct statement
(X for wrong statement). You will get 2 points per correct answer, but
you will lose 2 points for each wrong answer. Leave a blank when you are
uncertain.

a) A binary relation is a partial order if it has reflexivity, antisymmetry,


and transitivity (O, X) (O)

b) The powerset of integers (℘(Z), ⊆) is a CPO. (O, X) (O)

c) If a function is monotone, then it is also continuous. (O, X) (X)

d) Best abstraction is always obtainable. (O, X) (X)


γ
e) Suppose D ← −−
−− −− D̂ for some CPOs D and D̂. Both α and γ are
α→
monotone. (O, X) (O)

f) We can build a sound and complete static analyzer for any kinds of
non-trivial properties. (O, X) (X)

g) Proving absence of invariant violations or crashing errors are examples


of proving safety properties. (O, X) (O)

h) Fully context-sensitive analysis is cheap in general, thus feasible in


practice. (O, X) (X)

i) We can express any kinds of static analysis in Datalog. (O, X) (X)

j) Sparse analysis improves performance of the original analysis by sac-


rificing precision. (O, X) (X).

Problem 2. [Spectrum of Program Analysis Techniques], (10 pts). Rice’s


theorem is as follows:

1
Let L be a Turing-complete language, and let P be a nontrivial seman-
tic property of program of L. There exists no automatic and eventually
terminating method such that,

For every program p in L, it returns true if and only if


p satisfies the semantic property P .

Choose either one of

1. Machine-assisted proving

2. Finite-state model checking,

3. Testing

4. Domain-specific verifier

for each of the following cases of giving up something among the above
keywords.

• “automatic”: 1

• “every”: 4

• “eventually terminating”: 2

• “if and only if”: 3

Problem 3. [Soundness & Completeness], (10 pts). What are the pros and
cons of a program analyzer which is unsound but complete? What does this
analyzer guarantee?

Pros: no false alarm.


Cons: cannot cover all errors.

Problem 4. [Pointer analysis], (10 pts). Write the result of flow- and
context-insensitive pointer analysis of the following program.

2
f(v) {
u = v;
return u;
}
x = &h1;
z = &h2;
y = f(x);
w = f(z);

{x → h1, z → h2, y → h1, y → h2, w → h1, w → h2, u → h1, u → h2, v → h1, v → h2 }

Problem 5. [Galois connection] (10 pts). The following is a Galois connec-


tion to abstract a set of integers into a set Ẑ of their remainders modulo 4.
For example, {14, 22} can be abstracted to {2}.

γ
℘(Z) ←−−
−− −− Ẑ = ℘({0, 1, 2, 3})
α→
Complete the definition of γ.

α(∅) = ∅
α(X) = {n mod 4 | n ∈ X}
γ(∅) = ∅
γ(X̂) = { n | (n mod 4) ∈ X̂}

Problem 6. [Collecting semantics] (20 pts). Consider the following simple


language:

E ::= n integer constants


| x variable
| E+E binary operation
B ::= x<E comparison expressions
| ¬B negation expressions
C ::= skip skip
| C; C sequence
| x := E assignment command
| input(x) external input
| if B { C } else { C } conditional command
| while B C loop command

3
The collecting semantics can be described as denotational semantics:

[[C]] ∈ ℘(M) → ℘(M)


[[E]] ∈ ℘(M) → ℘(Z)
[[B]] ∈ ℘(M) → ℘(M)
M = X→Z

where ℘(M) denotes the powerset of memories, X is the set of variables in


a given program and Z is the set of integers. Define the collecting semantic
functions by filling the holes in the followings.

[[n]](M ) = {n}
[[x]](M ) = {m(x) | m ∈ M }
[[E1 + E2 ]](M ) = { v1 + v2 | v1 ∈ [[E1 ]](M ), v2 ∈ [[E1 ]](M )}

[[x < E]](M ) = {m ∈ M | m(x) < v, v ∈ [[E]]({m})}


[[¬B]](M ) = M \ [[B]](M )
[[skip]](M ) = M
[[C1 ; C2 ]](M ) = [[ C2 ]]([[C1 ]](M ))
[[x := E]](M ) = {m[x 7→ v] | v ∈ [[E]](M ), m ∈ M }
[[input(x)]](M ) = { m[x 7→ v] | v ∈ Z, m ∈ M }
[[if B C1 else C2 ]](M ) = [[ C1 ]]([[B]](M )) ∪ [[C2 ]]([[¬B]](M ))
[[while B C]](M ) = [[¬B]](lfpM F )

where
F = λX. M ∪[[C]]([[B]](X))

Problem 7. [Widening] (10pts). Write the conditions of widening operators


(O) on an abstract domain A.

1. ∀a, b ∈ A. a v a O b ∧ b v a O b

2. For all sequence (an )n∈N of abstract elements, the sequence (a0n )n∈N
defined below is ultimately stationary:

a00 = a0
a0n+1 = a’n O an

4
Problem 8. [Fixpoint Transfer Theorem] (20pts). Complete a fraction of
the following proof of the fixpoint transfer theorem which says:
Let D ← −
−−
→− D# where D and D# are CPOs. If we have a continuous
function F : D → D and a monotone function F # : D# → D# such that
F ◦ γ v γ ◦ F # . Then,
G i
lfpF v γ( F # (⊥# )))
i∈N

Proof. First we prove


n
∀n ∈ N. F n (⊥) v γ(F # (⊥# )
by induction. The base case is trivial. The inductive case is to show that
n n+1
F n (⊥) v γ(F # (⊥# )) =⇒ F n+1 (⊥) v γ(F # (⊥# )).
which can be proven as follows:
F n+1 (⊥) = F ◦ F n (⊥)
n
v F ◦ γ(F # (⊥# )) (because by induction hypothesis and monotonicity of F )
n
v γ ◦ F # ◦ F # (⊥# ) (because by assumption F ◦γ v γ ◦ F # )
n+1
= γ(F # (⊥# ))
Therefore,
i (⊥)
F
lfpF = i≥0 F
# i (⊥# ))
F
v i≥0 γ(F
i
v γ( i≥0 (F # (⊥# ))) (by monotonicity of γ)
F

Problem 9. [Safe Memory Access] (10 pts). Suppose we analyze the follow-
ing program based on the interval domain. What will be the most precise
interval values we can compute for variables x, y, and z at the end of the
program?
x = 0;
y = 2;
if (*) { p = &x; }
else { p = &y; }
z = *p;
*p = 1;

5
• x: [ 0, 1 ]

• y: [ 1, 2 ]

• z: [ 0, 2 ]

You might also like