Statically Analyzing Software Product Lines in Minutes instead of Years

"Analyzing SPLs in Minutes instead of Years" May 24, 2013Aarhus Uni (DAIMI)

Statically AnalyzingSoftware Product Linesin Minutes instead of YearsSPLLIFTEric Bodden

Technische Universität Darmstadt[ [email protected] ]

Társis TolêdoUniversidade Federal de Pernambuco

[ [email protected] ]

Márcio RibeiroUniversidade Federal de Alagoas[ [email protected] ]

Mira MeziniTechnische Universität Darmstadt[ [email protected]]

Claus BrabrandIT University of Copenhagen[ [email protected] ]

Paulo BorbaUniversidade Federal de Pernambuco


- PLDI 2013 -

http://images.google.com/imgres?imgurl=http://supportdenmark.com/FlagBig.png&imgrefurl=http://supportdenmark.com/&h=413&w=579&sz=193&hl=en&start=2&um=1&tbnid=6F8YHc3c56TZOM:&tbnh=96&tbnw=134&prev=/images?q=danish+flag&svnum=10&um=1&hl=en&rls=com.microsoft:en-US


IntraproceduralDataflow Analysis forSoftware Product LinesDFA-4-SPLClaus Brabrand

IT University of CopenhagenUniversidade Federal de Pernambuco


Márcio RibeiroUniversidade Federal de Alagoas

Universidade Federal de Pernambuco[ [email protected] ]



Társis ToledoUniversidade Federal de Pernambuco


- AOSD 2012 -



IntraproceduralDataflow Analysis forSoftware Product Lines

- TAOSD 2013 -

Társis TolêdoUniversidade Federal de Pernambuco


Márcio RibeiroUniversidade Federal de Alagoas[ [email protected] ]



Claus BrabrandIT University of Copenhagen[ [email protected] ]

Johnni WinterAarhus University




[ 5 ]"Analyzing SPLs in Minutes instead of Years" May 24, 2013Aarhus Uni (DAIMI)

< Outline >Introduction:

Dataflow Analysis and Software Product LinesDFA-4-SPL:

A0 (brute force): (feature in-sensitive)A1 (consecutive): (feature sensitive)A2 (simultaneous): (feature sensitive)A3 (shared simultaneous): (feature sensitive)

Evaluation and ResultsSPLLIFT (graph encoding):

Related WorkConclusion


Introduction

1x CAR

=

1x CELL PHONE

=

1x APPLICATION

=

CARS CELL PHONES APPLICATIONS

Traditional Software Development:One program = One product

Product Line:A ”family” of products (of N ”similar” products):

customizeSPL:

(Family ofPrograms)


Software Product LineSPLs based on Conditional Compilation:

#ifdef ( )

...

#endif

Logo logo;...

...logo.use();

#ifdef (VIDEO) logo = new Logo();#endif

Exam

ple

(SPL

frag

men

t)

: fF | |


Software Product LineSPL:

Feature Model: (e.g.: ψFM ≡ VIDEO COLOR)

Family ofPrograms:

COLOR

VIDEO

COLORVIDEO

VID

EO

Ø

{ Video }

{ Color, Video }

Configurations:Ø, {Color}, {Video}, {Color,Video}VALID

{ Color }

customize

2F

Set of Features:F = { COLOR, VIDEO }

2F


Software Product LineSPLs based on Conditional Compilation:

#ifdef ( )

...

#endif

Logo logo;...

...logo.use();


Exam

ple

(SPL

frag

men

t) *** null-pointer exception!in configurations: {Ø, {COLOR}}

: fF | |


resultresult

0100101111011010100111110111

0100101111011010100111110111

Analysis of SPLsThe Compilation Process:

...and for Software Product Lines:

0100101111011010100111110111

resultcompile run

ERROR!

generate 0100101111011010100111110111

resultrun

ERROR!

ANALYZE!

ANALYZE!

Feature-sensitive data-flow analysis !

runruncompilecompilecompile

ANALYZE!ANALYZE! ERROR!ERROR!

2F


Dataflow AnalysisDataflow Analysis:

1) Control-flow graph2) Lattice (finite height)3) Transfer functions (monotone)

L

Example:"sign-of-x analysis"


Analyzing a Program1) Program 2) Build CFG 3) Make Equations

4) Solve equations: fixed-point computation (iteration)

5) SOLUTION (least fixed point):

Annotated with program points








A0A0 (brute force):

void m() { int x=0; ifdef(A) x++; ifdef(B) x--;}

c = {A}: c = {B}: c = {A,B}:

int x = 0;

x++;

x--;

int x = 0;

x++;

x--;

int x = 0;

x++;

x--;

0

_|

+

0

_|

-

0

_|

0/+

+

ψFM = A B∨

Lfeature in-sensitive!

N = O(2F) compilations!


int x = 0;

x++;

x--;

A:

B:

int x = 0;

x++;

x--;

A:

B:

int x = 0;

x++;

x--;

A:

B:

A1A1 (consecutive):


c = {A}:

0

_|

+

✗

✓

✓

ψFM = A B∨

L

c = {B}: c = {A,B}:

0

_|

-

0

_|

0/+

+✗

✓ ✓

✓

✓ ✓

+

0

feature sensitive!


x++;

+({A} = , {B} = , {A,B} = )

({A} = , {B} = , {A,B} = )

({A} = , {B} = , {A,B} = )

A2A2 (simultaneous):


∀c ∈ {{A},{B},{A,B}}:

int x = 0;

x--;

0

_|

0

_|

-

0

_|

0/+

+

A:

B:

✓({A} = , {B} = , {A,B} = )✓✓

✓✓

✓✓

✗

✗

ψFM = A B∨

L

0

+

feature sensitive!


x--;

+

x++;

0

( [[ψ ¬A ]] = , [[∧ ψ A ]] = , [[∧ ψ ¬A ]] = , [[∧ ψ A ]] = )∧

( [[ψ ]] = , [[ψ ]] = )

A3A3 (shared):


ψFM = A B:∨

int x = 0;

A:

B:

_|( [[ψ]] = )

0( [[ψ]] = )

(A B) ¬A ¬B ≡ ∨ ∧ ∧ false

can use BDDrepresentation !(compact+efficient)

- 0/+

i.e., invalid given wrt.the feature model, ψ !

ψFM = A B∨

L

0∧¬A ∧A +

∧¬B ∧¬B ∧B ∧B

feature sensitive!








EvaluationFive (qualitatively different) SPL benchmarks:


Results (intra)In practice:

4x

(Reaching Definitions)(Total time, incl. compile)

7x

3x

1x1x

(no re-compile!)

Feature sensitive(A1, A2, and A3)all faster than A0


Overview

A0 (brute force)

A1 (consecutive)

A2 (simultaneous)

A3 (shared)

A* (combo)

FAST

ER

(intra-procedural)

no re-compile!

caching!

sharing!

combo!

AOSD2012

TAOSD 2013


Beyond the Sum of all MethodsFor a method with K valid configurations, which of analyses A1 vs A2 vs A3 is fastest?

Statistically significant differences between A1, A2, and A3 for all N,except between A2 and A3 for N=4 (underlined above).

K #


Combo Analysis Strategy: A*Intraprocedurally combinedanalysis strategy, A*:

A* consistently fastest(combo!)


Overview (cont'd)

A0 (brute force)

A1 (consecutive)

A2 (simultaneous)

A3 (shared)

A* (combo)

SPLLIFT

FAST

ER

(intra-procedural)

PLDI 2013

IFDS (graph repr)

A3+BDD (esp. interprocedural)

no re-compile!

caching!

sharing!

combo!

graphencoding!

repr!AOSD2012

TAOSD 2013


true

[ (A B)∧ ¬A∧ ] ∨ [ true A∧ ]

= A

true A B∧

true ¬A∧ = ¬A

true

SPLLIFTIFDS:A0:

λS . (S – {x}) {y}∪

{x}

{y}

SPLLIFT:A2:( {A} = {x} , {B} = {x} , {A,B} = {x,y} )

0 x y

0 x y

0 x y

0 x y

λS . (S – {x}) {y}∪A:#ifdef (A)

( {A} = {y} , {B} = {x} , {A,B} = {y} )

A ¬A¬A

LIFT:

■ Reps■ Horwitz■ Sagiv

fixed-pointiteration

graphreachability➔

¬A A


Example SPL

config = {G}(¬F G ¬H)∧ ∧

customize(instantiate)(preprocess)

Software Product Line: Conventional Program:


Exploded Super Graph...for Program:


Lifted Exploded Super Graph...for SPL:


Results (inter)Results for SPLLIFT (interprocedural analysis):

In fact, analyzing all valid configurations is only slightly slower than analyzing one configuration !

Conclusion:Analyze SPLs in Minutes instead of Years!

Reaching Definitions Possible Types Uninitialized VarsSPL |F| # valid

configsA1 SPLLIFT A1 SPLLIFT A1 SPLLIFT

Lampiro 2 4 3m30s 42s 13s 4s 3m09s 1m25s

MM 08 9 26 24m29s 59s 2m06s 3s 27m39s 2m13s

GPL 19 1,872 days 8m48s 9h03m39s 42s days 7m09s

BerkeleyDB 39 unknown

years 12m04s years 24s years 10m18s








Related Work (DFA)Path-sensitive DFA:

Idea of “conditionally executed statements”Compute different analysis info along different paths (~ A1, A2, A3) to improve precision or to optimize “hot paths”

Predicated DFA:

Guard lattice values by propositional logic predicates (~ A3), yielding “optimistic dataflow values” that are kept distinct during analysis (~ A2 and A3)

“Constant Propagation with Conditional Branches”( Wegman and Zadeck ) TOPLAS 1991

“Predicated Array Data-Flow Analysis for Run-time Parallelization”( Moon, Hall, and Murphy ) ICS 1998

Our work: Automatically lift any DFA to SPLs (with ψFM) ⇒feature-sensitive analysis for analyzing entire program family


Related Work (Lifting for SPLs)Model Checking:

Type Checking:

Parsing:

Testing:

Model Checking Lots of Systems: Efficient Verification of Temporal Properties in Software Product Lines”( Classen, Heymans, Schobbens, Legay, and Raskin ) ICSE 2010

Model checks all SPLs at the same time (3.5x faster) than one by one! (similar goal, diff techniques)

Type checking ↔ DFA (similar goal, diff techniques)Our: auto lift any DFA (uninit vars, null pointers, ...)

“Type Safety for Feature-Oriented Product Lines”( Apel, Kastner, Grösslinger, and Lengauer ) ASE 2010

“Type-Checking Software Product Lines - A Formal Approach”( Kastner and Apel ) ASE 2008

“Variability-Aware Parsing in the Presence of Lexical Macros & C.C.”( Kastner, Giarrusso, Rendel, Erdweg, Ostermann, and Berger ) OOPSLA 2011

“Reducing Combinatorics in Testing Product Lines”( Hwan, Kim, Batory, and Khurshid ) AOSD 2011

Select relevant feature combinations for a given test caseUses (hardwired) DFA (w/o FM) to compute reachability

(similar techniques, diff goal):Split and merging parsing (~A3) and also uses instrumentation


Emerging Interfaces


Emerging Interfaces

"A Tool for Improving Maintainability of Preprocessor-based Product Lines"( Márcio Ribeiro, Társis Tolêdo, Paulo Borba, Claus Brabrand )

*** Best Tool Award ***CBSoft 2011:




A0 (brute force): (feature in-sensitive)A1 (consecutive): (feature sensitive)A2 (simultaneous): (feature sensitive)A3 (shared simultaneous): (feature sensitive)SPLLIFT (graph encoding):

Evaluation and ResultsRelated WorkConclusion


Conclusion

Statically Analyze SPLs in Minutes instead of Years

Scalable!


< Obrigado* >

*) Thanks


BONUS SLIDES


ErrorsLogo logo;

logo.use();


*** null-pointer exception!in configurations: {Ø, {COLOR}}

Logo logo;

print(logo);


*** uninitialized variable!in configurations: {Ø, {COLOR}}

Logo logo;

...


*** unused variable!in configurations: {Ø, {COLOR}}


Summary

A0 A1

A2

A3void m() { int x=0; ifdef(A) x++; ifdef(B) x--;}

Analyzing program:

ψFM = A B∨


Specification: A0, A1, A2, A3

A0

A1

A2

A3


Analysis Time (excl. compile)In practice: (caching!)(Reaching Definitions)

A2 faster than A1

A3 faster than A2(sharing!)


Analysis Time (excl. compile)In theory:

In practice: TIME(A3) : Depends ondegree of sharing in SPL !

(caching!)

(Reaching Definitions) A2 faster than A1

A3 faster than A2(sharing!)


Memory UsageIn theory:

In practice:(Reaching Definitions)SPACE(A3) : Depends ondegree of sharing in SPL !


Analysis Time (excl. compile)

In practice:(Reaching Definitions)

Nx1 ≠ 1xN ?!Caching!A2 faster than A1


Caching (A1 vs A2)Cache misses (A1 vs A2):

Cache enabled:This is the "normal condition" (for reference)

Cache disabled*:As hypothesized, this indeed affects A1 more than A2

i.e., A2 has better cache properties than A1

*) we flush the L2 cache, by traversing an 8MB “bogus array” to invalidate cache!


IFDEF normalizationRefactor "undisciplined" (lexical) ifdefs into "disciplined" (syntactic) ifdefs:

Normalize "ifdef"s (by transformation):


Lexical #ifdef Syntactic ifdefSimple transformation:

We do not handle non-syntactic '#ifdef's:

Fair assumption(also in CIDE)

Nested ifdef's also give rise to a conj.of formulas


BDD (Binary Decision Diagram)Compact and efficient representation forboolean functions (aka., set of set of names)

FAST: negation, conjunction, disjunction, equality !

= F(A,B,C) = A(BC)

A

C

minimized BDD

B

A

BB

C C C C

BDD


Formula ~ Set of ConfigurationsDefinitions (given F, set of feature names):

f F feature namec 2F configuration (set of feature names) c FX 22 set of config's (set of set of feature names) X 2F

Exampleifdefs:

F

[[ BA ]]

[[ A(BC) ]]

F = {A,B}

F = {A,B,C}

= { {A}, {B}, {A,B} }

= { {A,B}, {A,C}, {A,B,C} }


Feature Model (Example)Feature Model:

Feature set:

Formula:

Set of configurations:

FM Car Engine (1.01.4) Air1.4

{ {Car, Engine, 1.0}, {Car, Engine, 1.4}, {Car, Engine, 1.4, Air} }

F = {Car, Engine, 1.0, 1.4, Air}

Note:| [[FM]] | = 3 < 32 = |2F |

[[ ]] =

Engine

1.0

Air

Air

1.4


Conditional CompilationThe 'ifdef' construction:

Syntactic variant of lexical #ifdef

Propositional Logic: where fF (finite set of feature names)

Example:

STM : 'ifdef' '(' ')' STM

: fF | |

status.print("you die");ifdef (DeluxeVersion && ColorDisplay) { player.redraw(Color.red); Audio.play("crash.wav");}lives = lives - 1;

A

ifdef (A) { ...}


CASE 1: "COPY"A3: Lazy Splitting (using BDDs)

CASE 2: "APPLY" CASE 3: "SPLIT"

: S

[ =l , ... ]

[ =l , ... ]

l ' = fS(l )

: S

[ =l , ... ]

[ =l ', ... ]

l ' = fS(l )

: S

[ =l , ... ]

[ =l, =l' ,...]

l ' = fS(l )

= Ø = Ø


A0, A1, A2, and A3A0 A1

A2 A3


IFDS Graph EncodingIFDS Transfer Functions:

"Graph encoding":


SPLLIFT Transfer Functions

Documents

Statically Analyzing Software Product Lines in Minutes instead of Years