DOCSLIB.ORG

The Semantics of Scheme Control-Flow Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

The Semantics of Scheme Control-Flow Analysis Olin Shivers School of Computer Science Carnegie Mellon Pittsburgh, Pennsylvania 15213 OlinShiverscscmuedu A bstract Nonstandard abstract semantic interpretations Non-standard abstract semantic interpretation is an elegant method This is a follow-on to my1988PLDIpaper, ªControl-Flow Analysis for formally describing program analyses. Suppose we have a inSchemeº[9]. Iusethe methodofabstractsemanticinterpretations S programming language L with a denotational semantics , and we to explicate the control-¯ow analysis technique presented in that wish to determine some property X at compile time. Our ®rst step is paper. S L to developan alternate semantics X for that precisely expresses I begin with a denotational semantics for CPS Scheme. I then S property X . That is, whereas semantics might say the meaning present an alternate semantics that precisely expresses the control- of a program is a function ªcomputingº the program's result value ¯ow analysis problem. I abstract this semantics in a natural way, S given its inputs, semantics X would say the meaning ofa program arriving at two different semantic interpretations giving approxi- is a function ªcomputingº the property X on its corresponding mate solutions to the ¯ow analysis problem, each computable at inputs. compile time. The development of the ®nal abstract semantics pro- S X is a precise de®nition of the property we wish to determine, vides a clear, formal description of the analysis technique presented but its precision typically implies that it cannot be computed at in ªControl-Flow Analysis in Scheme.º compile time. It might be uncomputable; it might depend on the S runtime inputs. The second step, then, is to abstract X to a ^ S X Intro duction new semantics, which trades off accuracy for compile-time computability. This sort of approximation is a typical program- Controlow analysis analysis tradeoff Ð the real answers we seek are uncomputable,so we settle for computable, conservative approximations to them. Schemecontrol-¯owanalysis(CFA)isausefultechniquefor compile- For example, allow property X to be the setof all ªuselessvari- time analysis of the control-¯ow structure of Scheme programs (or, ablesºin a program, where a uselessvariableis one referenced only more generally, programs written in languages allowing ®rst-class to computevaluesbound to other uselessvariables. Suchvariables, functions). In a previouspaper[9], I introducedthe technique,gave and the computationsreferencingthem, can then beeliminated from S an algorithm for it, and demonstrated two example optimisations the program without altering its result. Our alternate semantics X P (induction-variable elimination and useless-variable elimination) would map a program P to a function that ªcomputesº 's useless- that could be achieved with the results of the analysis. Other use- variable set. This semantics would probably be uncomputable, ful applications of control-¯ow analysis are type recovery [11], and depending on perfect knowledge of the control-¯ow behavior of P . copy, constantandlambda propagation[13]. The fundamentalideas ^ S A useful, conservative abstraction X would be one that occasion- of control-¯ow analysis have also been utilised in other work on ally misses a truely useless variable, but never includes a useful functional programming languages [8, 2]. variable in its result set. The basic technique for performing Scheme control-¯ow anal- The method of non-standard abstract semantic interpretation ysis consists of translating the Scheme program into a simple inter- has several bene®ts. Since the analysis is expressed in termsofa mediate representation: continuation-passing style (CPS) Scheme formal semantics, it is possible to prove important properties about with a primitive functional conditional operator and all side-effects the analysis. In particular, we can prove that the abstract semantics to variables converted into side-effects to data-structures. After ^ S S X is computable, and safe with respect to X . Further, due to its the CPS conversion, all transfers of control in the program Ð se- formal nature, and because of its relation to the standard semantics quencing, iteration, conditional transfers, procedure call/return Ð of a programming language, the simple expression of an analysis are represented as tail-recursive procedure calls. Thus the problem in terms of abstract semantic interpretations helps clarify it. The of determining the control-¯ow structure of the program reduces to abstract semantic interpretation method of program analysis has the problem of determining for each call site the set of all lambda been applied to an array of program analyses [3, 5, 12, 4, 11]. expressionsin the program that could be branched to from that call In this paper, I will explicate Scheme control-¯ow analysis site. using this framework. I will show a series of semantics for CPS Scheme, beginning with the standard semantics, evolving through To appear at the First ACM SIGPLAN and IFIP Symposium exactcontrol analysis,andendingupwith two different computable on Partial Evaluation and Semantics-Based Program Manipu- abstractions (with different cost/precision tradeoffs). lation, June 1991, Yale University, New Haven, Conn. Also available as Technical Report CMU-CS-91-119, CMU School of Computer Science. 2 CFA Scheme Semantics PR ::= LAM v v c [v c ] i LAM ::= 1 . n VAR CALL f a a [f a ] i CALL ::= 1 . n FUN ARG l c [f l c ] letrec f i 1 1 . i VAR LAM CALL + ARG ::= LAM + VAR CONST + FUN ::= LAM + VAR PRIM x z foo g VAR ::= f . f g CONST ::= f . if g PRIM ::= f . Figure 1: CPS Scheme Syntax Notation would like to limit the arguments we are willing to circularly close to be lambda expressions. By elevating this restriction to the syn- D D is used to indicate all vectors of ®nite length over the set . tactic level, we will simplify the semantics equations, and sidestep a b c d Functions are updated with brackets: e is the func- the Y operator. There is no syntax for assigning variables in this b c d tion mapping a to , to , and everywhereelse identicalto function language. If we wish to allow side effects, we can introduce ap- e. This notation is extended by taking an update standing by itself propriate primops to create and side-effect mutable data structures; to imply an update to the appropriate bottom function ; hence[] assignments to variables in the source language can be converted is equivalent to . Unused function variables are, by convention, into equivalent data structure side effects during the CPS conver- x e D P (D ) subscripted with , e.g., x . The power set of is . Vectors sion [6]. Finally, we'll assume that all variables are uniquein a a p z i are written h . Lambda functions are sometimes written with program Ð that is, no identi®er is bound by more than one lambda ha bi a vector-destructuring syntax: the function exp takesa two expression. element vector as its single argument, binding a to the ®rst element, It bearsemphasizingthatthis ratherminimal languageis a useful i v v i and b to the second. The th element of vector is written . intermediate representation for compiling higher-order languages Functions with power-set ranges can be joined with the t operator: such as Scheme. Variants of CPS Scheme have been used in sev- t g = x (f x) (g x) + f . The ªpredomainº operator is usedto eral Scheme and ML compilers. A full discussion of the many + B construct the disjoint union of two sets: A . This operator does advantages of CPS-based intermediate representations, however, is not introduce a new bottom element, and so the result object is just beyondthe scope of this paper [1, 6, 15]. a set, not a domain; following Reynolds [7], I attempt to introduce CPS Scheme has a very simple semantics. The semantic do- domains only where necessaryin semantic constructions, avoiding mains and functions are given in ®gure 2. There is a set of basic ªspurious values.º values,Bas, whichconsistsofthe integersandaspecialfalse value(I will follow traditional Lisp practice in assuming no special boolean CPS Scheme type; anything not false is a true value). The value set D consists of the basicvaluesandCPS Schemefunctions. CPSSchemefunctions The practice of converting programs into continuation-passingstyle are representedasfunctionsfrom vectors ofvaluesto the answerset. (CPS) as an intermediate representation for compilation has been The domain of answers Ans is the value set D plus a special error discussed in several papers [15, 6, 1]. CPS can be summarised element denoting a run-time error, and a bottom element denoting by stating that function calls are one-way transfers Ð they do not non-termination1. An environment is a function from variables to return. Soafunctioncallcanbeviewedasa GOTO thatpassesvalues. values. In this section, we will de®ne a very simple language, called CPS Note that an environment only maps to values in D Ð it will Scheme, for expressing programs in written in this style. never map a variable to or error. This is one of the happy The syntax of CPS Scheme is shown in ®gure 1. A program consequencesof CPS conversion. Also note the absence of a store is a single lambda expression. Lambda expressions bind variables in this semantics. Side effects have been dropped completely from v v 1 . n ; the body of a lambda expression must be a single call this semantics to simplify the presentation; they are not dif®cult expression. There are two kinds of call expressions. A simple to reinstate [10] once the basic methods outlined in this paper are call expression is a function applied to a series of arguments. The understood. function expressionmay only be a variable, a lambda or a primitive PR maps a program to its result. It simply calls the A function operation (primop). An argument expression may only be a vari- to close its lambda intheemptyenvironment[ ], andcallstheresult able, a lambda,ora constant.
Recommended publications
  • 7. Control Flow First?

    7. Control Flow First?

    Copyright (C) R.A. van Engelen, FSU Department of Computer Science, 2000-2004 Ordering Program Execution: What is Done 7. Control Flow First? Overview Categories for specifying ordering in programming languages: Expressions 1. Sequencing: the execution of statements and evaluation of Evaluation order expressions is usually in the order in which they appear in a Assignments program text Structured and unstructured flow constructs 2. Selection (or alternation): a run-time condition determines the Goto's choice among two or more statements or expressions Sequencing 3. Iteration: a statement is repeated a number of times or until a Selection run-time condition is met Iteration and iterators 4. Procedural abstraction: subroutines encapsulate collections of Recursion statements and subroutine calls can be treated as single Nondeterminacy statements 5. Recursion: subroutines which call themselves directly or indirectly to solve a problem, where the problem is typically defined in terms of simpler versions of itself 6. Concurrency: two or more program fragments executed in parallel, either on separate processors or interleaved on a single processor Note: Study Chapter 6 of the textbook except Section 7. Nondeterminacy: the execution order among alternative 6.6.2. constructs is deliberately left unspecified, indicating that any alternative will lead to a correct result Expression Syntax Expression Evaluation Ordering: Precedence An expression consists of and Associativity An atomic object, e.g. number or variable The use of infix, prefix, and postfix notation leads to ambiguity An operator applied to a collection of operands (or as to what is an operand of what arguments) which are expressions Fortran example: a+b*c**d**e/f Common syntactic forms for operators: The choice among alternative evaluation orders depends on Function call notation, e.g.
  • A Survey of Hardware-Based Control Flow Integrity (CFI)

    A Survey of Hardware-Based Control Flow Integrity (CFI)

    A survey of Hardware-based Control Flow Integrity (CFI) RUAN DE CLERCQ∗ and INGRID VERBAUWHEDE, KU Leuven Control Flow Integrity (CFI) is a computer security technique that detects runtime attacks by monitoring a program’s branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal is to evaluate the security, limitations, hardware cost, performance, and practicality of using these policies. We show that many architectures are not suitable for widespread adoption, since they have practical issues, such as relying on accurate control flow model (which is difficult to obtain) or they implement policies which provide only limited security. CCS Concepts: • Security and privacy → Hardware-based security protocols; Information flow control; • General and reference → Surveys and overviews; Additional Key Words and Phrases: control-flow integrity, control-flow hijacking, return oriented programming, shadow stack ACM Reference format: Ruan de Clercq and Ingrid Verbauwhede. YYYY. A survey of Hardware-based Control Flow Integrity (CFI). ACM Comput. Surv. V, N, Article A (January YYYY), 27 pages. https://doi.org/10.1145/nnnnnnn.nnnnnnn 1 INTRODUCTION Today, a lot of software is written in memory unsafe languages, such as C and C++, which introduces memory corruption bugs. This makes software vulnerable to attack, since attackers exploit these bugs to make the software misbehave. Modern Operating Systems (OSs) and microprocessors are equipped with security mechanisms to protect against some classes of attacks. However, these mechanisms cannot defend against all attack classes. In particular, Code Reuse Attacks (CRAs), which re-uses pre-existing software for malicious purposes, is an important threat that is difficult to protect against.
  • Control-Flow Analysis of Functional Programs

    Control-Flow Analysis of Functional Programs

    Control-flow analysis of functional programs JAN MIDTGAARD Department of Computer Science, Aarhus University We present a survey of control-flow analysis of functional programs, which has been the subject of extensive investigation throughout the past 30 years. Analyses of the control flow of functional programs have been formulated in multiple settings and have led to many different approximations, starting with the seminal works of Jones, Shivers, and Sestoft. In this paper, we survey control-flow analysis of functional programs by structuring the multitude of formulations and approximations and comparing them. Categories and Subject Descriptors: D.3.2 [Programming Languages]: Language Classifica- tions—Applicative languages; F.3.1 [Logics and Meanings of Programs]: Specifying and Ver- ifying and Reasoning about Programs General Terms: Languages, Theory, Verification Additional Key Words and Phrases: Control-flow analysis, higher-order functions 1. INTRODUCTION Since the introduction of high-level languages and compilers, much work has been devoted to approximating, at compile time, which values the variables of a given program may denote at run time. The problem has been named data-flow analysis or just flow analysis. In a language without higher-order functions, the operator of a function call is apparent from the text of the program: it is a lexically visible identifier and therefore the called function is available at compile time. One can thus base an analysis for such a language on the textual structure of the program, since it determines the exact control flow of the program, e.g., as a flow chart. On the other hand, in a language with higher-order functions, the operator of a function call may not be apparent from the text of the program: it can be the result of a computation and therefore the called function may not be available until run time.
  • Obfuscating C++ Programs Via Control Flow Flattening

    Obfuscating C++ Programs Via Control Flow Flattening

    Annales Univ. Sci. Budapest., Sect. Comp. 30 (2009) 3-19 OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING T. L¶aszl¶oand A.¶ Kiss (Szeged, Hungary) Abstract. Protecting a software from unauthorized access is an ever de- manding task. Thus, in this paper, we focus on the protection of source code by means of obfuscation and discuss the adaptation of a control flow transformation technique called control flow flattening to the C++ lan- guage. In addition to the problems of adaptation and the solutions pro- posed for them, a formal algorithm of the technique is given as well. A prototype implementation of the algorithm presents that the complexity of a program can show an increase as high as 5-fold due to the obfuscation. 1. Introduction Protecting a software from unauthorized access is an ever demanding task. Unfortunately, it is impossible to guarantee complete safety, since with enough time given, there is no unbreakable code. Thus, the goal is usually to make the job of the attacker as di±cult as possible. Systems can be protected at several levels, e.g., hardware, operating system or source code. In this paper, we focus on the protection of source code by means of obfuscation. Several code obfuscation techniques exist. Their common feature is that they change programs to make their comprehension di±cult, while keep- ing their original behaviour. The simplest technique is layout transformation [1], which scrambles identi¯ers in the code, removes comments and debug informa- tion. Another technique is data obfuscation [2], which changes data structures, 4 T. L¶aszl¶oand A.¶ Kiss e.g., by changing variable visibilities or by reordering and restructuring arrays.
  • Control Flow Statements

    Control Flow Statements

    Control Flow Statements Christopher M. Harden Contents 1 Some more types 2 1.1 Undefined and null . .2 1.2 Booleans . .2 1.2.1 Creating boolean values . .3 1.2.2 Combining boolean values . .4 2 Conditional statements 5 2.1 if statement . .5 2.1.1 Using blocks . .5 2.2 else statement . .6 2.3 Tertiary operator . .7 2.4 switch statement . .8 3 Looping constructs 10 3.1 while loop . 10 3.2 do while loop . 11 3.3 for loop . 11 3.4 Further loop control . 12 4 Try it yourself 13 1 1 Some more types 1.1 Undefined and null The undefined type has only one value, undefined. Similarly, the null type has only one value, null. Since both types have only one value, there are no operators on these types. These types exist to represent the absence of data, and their difference is only in intent. • undefined represents data that is accidentally missing. • null represents data that is intentionally missing. In general, null is to be used over undefined in your scripts. undefined is given to you by the JavaScript interpreter in certain situations, and it is useful to be able to notice these situations when they appear. Listing 1 shows the difference between the two. Listing 1: Undefined and Null 1 var name; 2 // Will say"Hello undefined" 3 a l e r t( "Hello" + name); 4 5 name= prompt( "Do not answer this question" ); 6 // Will say"Hello null" 7 a l e r t( "Hello" + name); 1.2 Booleans The Boolean type has two values, true and false.
  • Control Flow Statements in Java Tutorials Point

    Control Flow Statements in Java Tutorials Point

    Control Flow Statements In Java Tutorials Point Cnidarian and Waldenses Bubba pillar inclemently and excorticated his mong troublesomely and hereabout. andRounding convective and conversational when energises Jodi some cudgelled Anderson some very prokaryote intertwiningly so wearily! and pardi? Is Gordon always scaphocephalous Go a certain section, commercial use will likely somewhere in java, but is like expression representation of flow control for loop conditionals are independent prognostic factors In this disease let's delve deep into Java Servlets and understand when this. Java Control Flow Statements CoreJavaGuru. Loops in Java Tutorialspointdev. Advantages of Java programming Language. Matlab object On what Kitchen Floor. The flow of controls cursor positioning of files correctly for the python and we represent the location of our java entry points and times as when exploits are handled by minimizing the. The basic control flow standpoint the typecase construct one be seen to realize similar to. Example- Circumference of Circle 227 x Diameter Here This technique. GPGPU GPU Java JCuda For example charity is not discount to control utiliza- com A. There are 3 types of two flow statements supported by the Java programming language Decision-making statements if-then they-then-else switch Looping. Java IfElse Tutorial W3Schools. Spring batch passing data between steps. The tutorial in? Remove that will need to point handling the tutorial will be used or run unit of discipline when using this statement, easing the blinking effect. Either expressed or database systems support for tcl as a controlling source listing applies to a sending field identifier names being part and production.
  • Control Flow Analysis

    Control Flow Analysis

    SIGPLAN Notices 1970 July Control Flow Analysis Frances E. Allen IBM CORPORATION INTRODUCTION Any static, global analysis of the expression and data relation- ships in a program requires a knowledge of the control flow of the program. Since one of the primary reasons for doing such a global analysis in a compiler is to produce optimized programs, control flow analysis has been embedded in many compilers and has been described in several papers. An early paper by Prosser [5] described the use of Boolean matrices (or, more particularly, connectivity matrices) in flow analysis. The use of "dominance" relationships in flow analysis was first introduced by Prosser and much expanded by Lowry and Medlock [6]. References [6,8,9] describe compilers which use various forms of control flow analysis for optimization. Some recent develop- ments in the area are reported in [4] and in [7]. The underlying motivation in all the different types of control flow analysis is the need to codify the flow relationships in the program. The codification may be in connectivity matrices, in predecessor-successor tables, in dominance lists, etc. Whatever the form, the purpose is to facilitate determining what the flow relation- ships are; in other words to facilitate answering such questions as: is this an inner loop?, if an expression is removed from the loop where can it be correctly and profitably placed?, which variable definitions can affect this use? In this paper the basic control flow relationships are expressed in a directed graph. Various graph constructs are then found and shown to codify interesting global relationships.
  • Code Based Analysis of Object-Oriented Systems Using Extended Control Flow Graph

    Code Based Analysis of Object-Oriented Systems Using Extended Control Flow Graph

    CORE Metadata, citation and similar papers at core.ac.uk Provided by ethesis@nitr Code Based Analysis of Object-Oriented Systems Using Extended Control Flow Graph A thesis submitted in partial fulfillment for the degree of Bachelor of Technology by Shariq Islam 109CS0324 Under the supervision of Prof. S. K. Rath DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NATIONAL INSTITUTE OF TECHNOLOGY, ROURKELA, ORISSA, INDIA-769008 May 2013 Certificate This is to certify that the thesis entitled \Code Based Analysis of Object-Oriented Systems using Extended Control Flow Graph" submitted by Shariq Islam, in the partial fulfillment of the requirements for the award of Bachelor of Technology Degree in Computer Science & Engineering at National Institute of Technology Rourkela is an authentic work carried out by him under my supervision and guidance. To best of my knowledge, The matter embodied in the thesis has not been submitted to any other university / institution for the award of any Degree or Diploma. Date: Dr. S. K. Rath ||||||||||||||||||||{ Acknowledgements I am grateful to numerous peers who have contributed toward shaping this project. At the outset, I would like to express my sincere thanks to Prof. S. K. Rath for his advice during my project work. As my supervisor, he has constantly encouraged me to remain focused on achieving my goal. His observation and comments helped me to move forward with investigation depth. He has helped me greatly and always been a source of knowledge. I am thankful to all my friends. I sincerely thank everyone who has provided me with inspirational words, a welcome ear, new ideas, constructive criticism, and their invaluable time.
  • Computer Science 2. Conditionals and Loops

    Computer Science 2. Conditionals and Loops

    COMPUTER SCIENCE COMPUTER SCIENCE SEDGEWICK/WAYNE SEDGEWICK/WAYNE PART I: PROGRAMMING IN JAVA PART I: PROGRAMMING IN JAVA Computer Science 2. Conditionals & Loops •Conditionals: the if statement Computer 2. Conditionals and loops •Loops: the while statement Science •An alternative: the for loop An Interdisciplinary Approach •Nesting R O B E R T S E D G E W I C K 1.3 KEVIN WAYNE •Debugging http://introcs.cs.princeton.edu CS.2.A.Loops.If Context: basic building blocks for programming Conditionals and Loops Control flow • The sequence of statements that are actually executed in a program. any program you might want to write • Conditionals and loops enable us to choreograph control flow. objects true boolean 1 functions and modules statement 1 graphics, sound, and image I/O false statement 2 statement 1 arrays boolean 2 true statement 2 conditionalsconditionals and loops statement 3 Math text I/O false statement 4 statement 3 primitive data types assignment statements This lecture: to infinity and beyond! Previous lecture: straight-line control flow control flow with conditionals and a loop equivalent to a calculator [ previous lecture ] [this lecture] 3 4 The if statement Example of if statement use: simulate a coin flip Execute certain statements depending on the values of certain variables. • Evaluate a boolean expression. public class Flip • If true, execute a statement. { • The else option: If false, execute a different statement. public static void main(String[] args) { if (Math.random() < 0.5) System.out.println("Heads"); Example: if (x > y) max = x; Example: if (x < 0) x = -x; else else max = y; System.out.println("Tails"); % java Flip } Heads } true true x < 0 ? false x > y ? false % java Flip Heads x = -x; max = x; max = y; % java Flip Tails % java Flip Heads Replaces x with the absolute value of x Computes the maximum of x and y 5 6 Example of if statement use: 2-sort Pop quiz on if statements Q.
  • Statement-Level Control Structures

    Statement-Level Control Structures

    Chapter 7 Levels of Control Flow: 1. Within expressions 2. Among program units 3. Among program statements Evolution: - FORTRAN I control statements were based directly on IBM 704 hardware - Much research and argument in the1960s about the issue - One important result: It was proven that all flowcharts can be coded with only two-way selection and pretest logical loops Def: A control structure is a control statement and the statements whose execution it controls Overall Design Question: What control statements should a language have, beyond selection and pretest logical loops? Copyright © 1998 by Addison Wesley Longman, Inc. 1 Chapter 7 Compound statements - introduced by ALGOL 60 in the form of begin...end A block is a compound statement that can define a new scope (with local variables) Selection Statements Design Issues: 1. What is the form and type of the control expression? 2. What is the selectable segment form (single statement, statement sequence, compound statement)? 3. How should the meaning of nested selectors be specified? Single-Way Examples FORTRAN IF: IF (boolean_expr) statement Problem: can select only a single statement; to select more, a goto must be used, as in the following example Copyright © 1998 by Addison Wesley Longman, Inc. 2 Chapter 7 FORTRAN example: IF (.NOT. condition) GOTO 20 ... ... 20 CONTINUE ALGOL 60 if: if (boolean_expr) then begin ... end Two-way Selector Examples ALGOL 60 if: if (boolean_expr) then statement (the then clause) else statement (the else clause) - The statements could be single or compound Copyright © 1998 by Addison Wesley Longman, Inc. 3 Chapter 7 Nested Selectors e.g.
  • Stimulus Structures and Mental Representations in Expert Comprehension of Computer Programs By: Nancy Pennington Presented By: Michael John Decker Author & Journal

    Stimulus Structures and Mental Representations in Expert Comprehension of Computer Programs By: Nancy Pennington Presented By: Michael John Decker Author & Journal

    Stimulus Structures and Mental Representations in Expert Comprehension of Computer Programs By: Nancy Pennington Presented by: Michael John Decker Author & Journal • Nancy Pennington - No internet presence • Journal: Cognitive Psychology - Is. 19, Pg: 295-341 (1987) • 2013 JIF: 3.571 • Paper Citations: 525 Research Question • What mental model best describe how an expert programmer builds up knowledge of a program? • When studying the code? • When performing maintenance activities? Motivation • Study of program comprehension means studying role of particular kinds of knowledge in cognitive skill domains • Estimated 50% of professional programmers time is spent on program maintenance • comprehension is a significant part of maintenance • Increased understanding of how knowledge is obtained and applied then use for higher productivity and decreased maintenance costs Computer Program Text Abstractions • Goal hierarchy - functional achievements of program • Data flow - transformations applied to data objects • Control flow - sequences of program actions and the passage of control between them • Conditionalized Actions - representation specifying states of the program and the actions invoked Programming Knowledge • Text Structure Knowledge • Plan Knowledge Text Structure Knowledge • Decomposition of a program’s text into text structure units • Segmentation of statements into phrase-like grouping that are combined into higher-order groupings • Syntactic markings provide clues into the boundary of segments • Segmentation reflects the control structure
  • Control Flow

    Control Flow

    Control Flow Stephen A. Edwards Columbia University Fall 2012 Control Flow “Time is Nature’s way of preventing everything from happening at once.” Scott identifies seven manifestations of this: 1. Sequencing foo(); bar(); 2. Selection if (a) foo(); 3. Iteration while (i<10) foo(i); 4. Procedures foo(10,20); 5. Recursion foo(int i) { foo(i-1); } 6. Concurrency foo() bar() jj 7. Nondeterminism do a -> foo(); [] b -> bar(); Ordering Within Expressions What code does a compiler generate for a = b + c + d; Most likely something like tmp = b + c; a = tmp + d; (Assumes left-to-right evaluation of expressions.) Order of Evaluation Why would you care? Expression evaluation can have side-effects. Floating-point numbers don’t behave like numbers. GCC returned 25. Sun’s C compiler returned 20. C says expression evaluation order is implementation-dependent. Side-effects int x = 0; int foo() { x += 5; return x; } int bar() { int a = foo() + x + foo(); return a; } What does bar() return? Side-effects int x = 0; int foo() { x += 5; return x; } int bar() { int a = foo() + x + foo(); return a; } What does bar() return? GCC returned 25. Sun’s C compiler returned 20. C says expression evaluation order is implementation-dependent. Side-effects Java prescribes left-to-right evaluation. class Foo { static int x; static int foo() { x += 5; return x; } public static void main(String args[]) { int a = foo() + x + foo(); System.out.println(a); } } Always prints 20. Number Behavior Basic number axioms: a x a if and only if x 0 Additive identity Å Æ Æ (a b) c a (b c) Associative Å Å Æ Å Å a(b c) ab ac Distributive Å Æ Å Misbehaving Floating-Point Numbers 1e20 + 1e-20 = 1e20 1e-20 1e20 ¿ (1 + 9e-7) + 9e-7 1 + (9e-7 + 9e-7) 6Æ 9e-7 1, so it is discarded, however, 1.8e-6 is large enough ¿ 1.00001(1.000001 1) 1.00001 1.000001 1.00001 1 ¡ 6Æ ¢ ¡ ¢ 1.00001 1.000001 1.00001100001 requires too much intermediate ¢ Æ precision.