Optimizing the SPARKTM Program Slicer

1
Optimizing the SPARKTM Program Slicer

• Ricky E. Sward and Leemon C. Baird III
• Dept of Computer Science
• USAF Academy
• ricky.sward_at_usafa.af.mil
• leemon.baird_at_usafa.af.mil

2
Overview

• Background on program slicing
• SPARK program slicer
• Glue code
• Useful SPARK features
• Proving functional equivalence
• Optimizations

3
Previous Work

• Weiser 1 first defined program slicing
• Slicers exist for C and Java
• AdaSlicer has been built using ASIS 2
• Program slicing is used in
• Reengineering 3
• Program understanding
• Testing and debugging

4
Program Slicing
Foo
D
A
B
E
Foo_D
C
D
A
B
Foo_E
A
E
C
5
Functional Equivalence

• Must preserve functionality during slicing
• Avoid huge test suites
• Prove mathematically that functionality of
  original procedure is equivalent to functionality
  of collection of slices
• We need some way to glue slices back together
  to prove functional equivalence

6
SPARK Program Slicer
Gather_Summary_Info
Lowest_Min
Num_Students
Min_Choice
Highest_Max
Max_Choice
Increment
Increment
Gather_Summary_Info_Lowest_Min
Gather_Summary_Info_Highest_Max
Gather_Summary_Info_Increment
Increment_Local Integer
Increment_In begin Increment_Local
Increment_Local 1 Increment_Out
Increment_Local end Gather_Summary_Info_Increment

Increment_Out
Increment_In
7
Glue Code
Gather_Summary_Info_Glue
Increment_Local Integer
Increment begin Gather_Summary_Info_Highest_
Max( Num_Students, Max_Choice,
Highest_Max) Gather_Summary_Info_Lowest_Min(
Num_Students, Min_Choice,
Lowest_Min) Gather_Summary_Info_Increment(
Increment_Local, Increment) end
Gather_Summary_Info_Glue
Lowest_Min
Num_Students
Min_Choice
Highest_Max
Max_Choice
Increment
Increment
8
Useful SPARK Features

• Dynamic storage allocations not allowed
• No pointers or dynamic allocation of memory
• Can determine which variables are given values in
  the procedure for slicing
• No aliasing of variables or parameters
• Inputs and outputs of procedures are clearly
  defined

9
Useful SPARK Features

• No recursive procedures
• Slicing algorithms for recursive procedures is
  not defined
• Build our proof for non-recursive procedures
• Limiting statements such as goto...
• No tasking...
• No exceptions...
• No generics...

10
Proving Functional Equivalence
P is P with any in/out parameter, X, replaced
with X_in and X_out.
P0 is glue procedure
Slices called in arbitrary order.
X_local X when declared in P. X_local
replaces X in P. X_out X_local at end of P.
X_local X when declared in P0. X_local passed
to X_in params. X passed to X_out params.
11
Proving Functional Equivalence

• Theorem P0 is functionally equivalent to P
• Proof
• P and P will return same outputs given same
  inputs since SPARK does not allow aliasing.
• Assume slicing produces correct projection of
  behavior to produce the output parameter
• For P and P0 consider the three types of
  parameters...

12
Proving Functional Equivalence

• The in parameters are the same in P and P0
• Each out parameter is changed by only one of
  the slices, thus the same in P and P0
• For in out parameters, glue code
• First copies parameter X to a local variable,
  X_local
• X_local is passed as in parameter when needed
• Original in out parameter, X, passed as out
• Only one of the slices will change X
• Thus, P and P0 are functionally equivalent
• QED

13
Proving Functional Equivalence

• In English please...
• P and P0 designed to prevent slices from
  interfering when called in arbitrary order
• Not a problem for in or out parameters
• P0 provides original in value as needed for any
  in out parameters
• This means it doesnt matter when a slice changes
  the value of an in out parameter

14
Optimizations

• Examine REF and DEF sets for slices
• Use copy-in and copy-out only when needed
• Much more efficient for arrays and records
• Build hash table of changes
• Roll back changes between slices

15
Glue Code
Gather_Summary_Info_Glue
Increment_Local Integer
Increment begin Gather_Summary_Info_Highest_
Max( Num_Students, Max_Choice,
Highest_Max) Gather_Summary_Info_Lowest_Min(
Num_Students, Min_Choice,
Lowest_Min) Gather_Summary_Info_Increment(
Increment_Local, Increment) end
Gather_Summary_Info_Glue
Lowest_Min
Num_Students
Min_Choice
Highest_Max
Max_Choice
Increment
Increment
Increment is needed only in one slice, so no need
to copy in copy out
16
Proving Functional Equivalence
P0 is glue procedure
Slices called in arbitrary order.
No need to copy in/out parameters. May need to
track changes.
17
Proving Functional Equivalence

• In English please...
• P and P0 designed to prevent slices from
  interfering when called in arbitrary order
• Not a problem for in or out parameters
• With REF/DEF analysis, determine overlap of slice
  parameters
• Track changes in hash table if needed
• This means it doesnt matter when a slice changes
  the value of an in out parameter

18
Future Work

• Possibly slice the SPARK annotations
• Rewrite SPARKSlicer in SPARK

19
Conclusions

• SPARK features quite useful
• Proved functional equivalence
• Proof technique may be useful to other
  transformations
• ASIS very useful

20

• Questions?

21
References

• 1 Weiser, M. Program slicing. IEEE
  Transactions on Software Engineering,
  SE-10(4)352-357, July 1984.
• 2 Sward, R.E. and Chamillard, A. T.
  AdaSlicer A Program Slicer for Ada.
  Proceedings of the ACM International SIGAda 03
  Conference, Dec 2003, San Diego, CA.
• 3 The Wisconsin Program-Slicing Tool, Version
  1.1. Retrieved June 4, 2003, from
  www.cs.wisc.edu/wpis/slicing_tool/, 2000.