Eeective Static Debugging via Componential Set-based Analysis Abstract Eeective Static Debugging via Componential Set-based Analysis

E ective Static Debugging via Componential Set-Based Analysis by Cormac Flanagan Sophisticated software systems are inherently complex. Understanding, debugging and maintaining such systems requires inferring high-level characteristics of the system's behavior from a myriad of low-level details. For large systems, this quickly becomes an extremely di cult task. MrSpidey is a static debugger that augments the programmers ability to deal with such complex systems. It statically analyzes the program and uses the results of the analysis to identify and highlight any program operation may cause a run-time fault. The programmer can then investigate each potential fault site and, using the graphical explanation facilities of MrSpidey, determine if the fault will really happen or whether the corresponding correctness proof is beyond the analysis's capabilities. In practice, MrSpidey has proven to be an e ective tool for debugging program under development and understanding existing programs. The key technology underlying MrSpidey is componential set-based analysis. This is a constraint-based, whole-program analysis for object-oriented and functional programs. The analysis rst processes each program component (eg. module or package) independently, generating and simplifying a constraint system describing the data ow behavior of that component. The analysis then combines and solves these simpli ed constraint systems to yield invariants characterizing the run-time behavior of the entire program. This component-wise approach yields an analysis that handles signi cantly larger programs than previous analyses of comparable accuracy. The simpli cation of constraint systems raises a number of questions. In particular, we need to ensure that simpli cation preserves the observable behavior, or solution space, of a constraint system. This dissertation provides a complete prooftheoretic and algorithmic characterization of the observable behavior of constraint iii systems, and establishes a close connection between the observable equivalence of constraint systems and the equivalence of regular tree grammars. We exploit this connection to develop a complete algorithm for deciding the observable equivalence of constraint systems, and to adapt a variety of algorithms for simplifying regular tree grammars to the problem of simplifying constraint systems. The resulting constraint simpli cation algorithms yield an order of magnitude reduction in the size of constraint systems for typical program expressions. Acknowledgments Many people have contributed to making my graduate career rewarding and enjoyable. First, and foremost, I would like to thank my advisor, Matthias Felleisen. He got me started in research, taught me a great deal about programming language semantics and pragmatics (with the occasional detour into philosophy or economics), spent hours giving me feedback on research ideas and papers, and inspired much of MrSpidey's user interface. I would also like to thank my other committee members: Robert (Corky) Cartwright, for valuable feedback on this and other research, and for the class he taught on fully abstract denotational semantics, which led to some of the key ideas of this thesis; and John Dennis, for taking time o his already busy schedule to serve on my committee. My research environment at Rice was valuably enriched by my collogues in the programming languages theory group. I would like to thank all the members for their various contributions, including Matthew, Shriram, and Robby, who provided the DrScheme infrastructure without which the development of MrSpidey would have been impossible, and Amr, Andrew, Bruce, Mike and John, who helped me get started on research when I arrived at Rice. Outside the programming languages group there are many other people at Rice whose valuable support and friendship helped me see this thesis through to completion, and who made my time at Rice more enjoyable. Finally, this research would not have been possible with the support of Rice University, the Professional Activities Committee of the Association for Computing Machinery's Special Interest Group on Programming Languages, and the National Science Foundation. I gratefully acknowledge all this help.