<aside> π Not including
<aside> π‘ Summary
Crux
<aside> π may analysis
outputs information that may be true (over-approximation)
</aside>
<aside> π must analysis
outputs information that must be true (under-approximation)
</aside>
Over- and under-approximations are both for safety of analysis
<aside> π‘ In each data-flow analysis application, we associate with every program point a data-flow value that represents an abstraction of the set of all possible program states that can be observed for that point.
</aside>
<aside> π‘ Data-flow analysis is to find a solution to a set of safe-approximation directed constraints on the IN[s]βs and OUT[s]βs, for all statements s.
Control flow within a BB
Control flow among BBs
$\sf IN[B]=IN[s_1]$
$\sf OUT[B]=OUT[s_n]$
$\sf OUT[B]=f_B(IN[B]),~f_B=f_{s_n}\circ β¦ \circ f_{s_2} \circ f_{s_1}$
$\sf IN[B]=\wedge_{P\textsf{ a predecessor of B}}~OUT[P]$
$\sf IN[B]=f_B(OUT[B]),~f_B=f_{s_1}\circ β¦ \circ f_{s_{n-1}} \circ f_{s_n}$
$\sf OUT[B]=\wedge_{P\textsf{ a successor of B}}~IN[P]$
The meet operator $\wedge$ is used to summarize the contributions from different paths at the confluence of those paths