Prolog is a good language for building prototypes of interesting software tools. In this assignment (suggested by R.G. Hamlet's work), you will build prototypes for static and dynamic analysis tools.
Static error analysis techniques are designed to detect specific classes of faults or anomalous constructs in a program without executing the program. Most static analyzers are pessimistic programs, producing warning messages if errors might occur on some possible execution path. One of such programs is lint. You can try it on your own on CDF. lint detect bugs in C programs, as well as pinpoints features that are nonportable or wasteful.
One of the bugs detected by lint is the use of uninitialized variables. However, lint only checks that some assignment to the variable appears before its use, regardless of the conditions required to execute the assignment. Thus lint will not flag an error in the following code:
Example 1:
main() {
int a,b;
scanf("%d",&a); /* 1 */
if (a < 0) /* 2 */
b = a; /* 3 */
printf("%d",b); /* 4 */
}
despite the existence of a path from statement 1 to 4 (e.g., [1,2,4]) that does not contain a definition of b.
Dynamic analysis tools analyze the results of program execution on test data. Test coverage metrics judge the adequacy of test data. Usually, these metrics are based on particular components of a program such as statements, branches, or data flow definition-use (DU) paths.
A DU path is any loop-free, definition-clear path between the definition of a variable and its use. Definition-clear means that there are no other definitions of this variable on the path. Loop-free does not mean that the DU path cannot include statements in the loop. However, a node can be included in each path at most once. Path [1 2 4] is loop-free. Path [1 2 4 1] is not.
Users must provide enough test data to justify the complexity of the program structure (e.g., to demonstrate that a program with fewer statements, branches or DU paths could not produce the same results).
In this project, you will write a set of functions to facilitate static and dynamic analysis of programs.
Stage 1.
Assume there is a yacc program (yacc stands for Yet Another Compiler Compiler and is a popular tool in writing parsers) that instruments programs to write a set of Prolog facts summarizing the results of program execution. The facts will have one of the following forms:
The yacc program analyzes programs and constructs a file containing a list of static facts about the program. For the C program in Example 1, the list of static facts is
You are to write a Prolog rule def_clear defined as follows: def_clear(Var,From,To,Result): Result contains paths from From to To, s.t. there is no assignment to Var in any node of the path.
Your program should use these facts to produce answers to queries of the following type.
| ?- def_clear(b,3,4,P).
no
| ?- def_clear(b,1,4,P). P = [1,2,4]
Stage 2.
Once again, assume that there is a yacc program analyzes a source program and produces a set of facts about the possible steps that could be taken during execution. Suppose the following program is given:
Example 2:
#include <stdio.h>
void p(a) int a; { }
main(){
int a;
scanf("%d",&a); /* 1 */
while (a > 0) { /* 2 */
a = a - 1; /* 3 */
if (a % 2 != 0) /* 4 */
p(a); /* 5 */
} /* 6 */
} /* 7 */
The following is the list of facts produced for this program:
In addition, the yacc program produces an instrumented version of the original source program for testing.:
1: #include <stdio.h>
2:
3: void p(a) int a; { }
4:
5: main(){
6: int a;
7: int snum = 1, seqnum = 1;
8: FILE* facts;
9:
10: facts = fopen("facts","w");
11:
12: scanf("%d",&a);
13: fprintf(facts,"step(%d,%d,2).\n",seqnum++,snum);
14: snum = 2;
15: while (a > 0) {
16: fprintf(facts,"step(%d,%d,3).\n",seqnum++,snum);
17: snum = 3;
18: a = a - 1;
19: fprintf(facts,"step(%d,%d,4).\n",seqnum++,snum);
20: snum = 4;
21: if (a % 2 != 0)
22: {fprintf(facts,"step(%d,%d,5).\n",seqnum++,snum);
23: snum = 5;
24: p(a);
25: }
26: fprintf(facts,"step(%d,%d,6).\n",seqnum++,snum);
27: snum = 6;
28: fprintf(facts,"step(%d,%d,2).\n",seqnum++,snum);
29: snum = 2;
30: }
31: fprintf(facts,"step(%d,%d,7).\n",seqnum++,snum);
32: fclose(facts);
33: }
Executing this program with test data 1 (i.e, the program reads value 1 into a on line 12) produces the following facts file:
You are to write Prolog rules to compute branches_not_taken and du_paths_not_taken.
In branches_not_taken(S), S is a list of branches (each of which is represented by a 2-element list) which could have been executed (i.e., pstep facts exist), but were not (i.e., no corresponding step fact exists).
For du_paths_not_taken, you should compute two values:
du_paths_not_taken are the possible DU paths that were not returned by x_path. Sample output for these commands appears below.
| ?- branches_not_taken(S). S = [[4,5]] ? ; no | ?- du_paths_not_taken(T). T = [3,4,5,6,2] ? ; T = [3,4,5] ? ; T = [5,6] ? ; no
Submit (electronically) a tar file with
Note that we will rerun your program with, so please do not change the output of your program!!!!!
Bring a paper copy with your programs, test cases, output, etc. to the tutorial
Marking scheme for this project is as follows:
| Correctness | 60 | The program gives the correct output. All solutions given by the program are correct and not just the first one. |
| Documentation | 10 | The program should contain explanations for each module and the entire program.. Note the Prolog is rather coarse, so comment heavily. |
| Testing | 25 | Has the program been tested appropriately? |
| Style | 15 | The program should be written using functional style and work efficiently, avoiding extra computation where appropriate. |