<aside>
💡 Key Points
- The relation between compilers and static analyzers
- Understand 3AC and its common forms
- How to build basic blocks on top of IR
- How to construct control flow graphs on top of BBs?
</aside>
I. Compilers and Static Analyzers
Compiler frontend will do the trivial works before generating IR
Compiler and SA share the same frontend at present
1. AST vs. IR
AST (Abstract Syntax Tree)
- high-level and closed to grammar structure
- usually language dependent
- suitable for fast type checking
- lack of control flow information
IR (Intermediate Representation)
- low-level and closed to machine code
- usually language independent
- compact and uniform
- contains control flow information
- usually considered as the basis for static analysis
II. IR: Three-Address Code (3AC)
<aside>
💡 Intuition: There is at most one operator on the right side of an instruction.
</aside>
Each 3AC contains at most 3 addresses
Address can be one of the following:
- Name: a, b
- Constant: 3
- Compiler-generated temporary: t1, t2
1. IR in Java
- Method Signature
<classType, returnType[, methodName]>(privateType1, …)
- Method Descriptor
returnType + privateType