1PLDI 2000 Off-line Variable Substitution for Scaling Points-to Analysis Atanas (Nasko) Rountev PROLANGS Group Rutgers University Satish Chandra Bell Labs.

Slides:



Advertisements
Similar presentations
R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR
Advertisements

Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability Jakob Rehof and Manuel Fähndrich Microsoft Research.
Demand-driven Alias Analysis Implementation Based on Open64 Xiaomi An
Flow insensitive pointer analysis: fixed S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l.
School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) Pointer Analysis.
Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.
1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.
Parameterized Object Sensitivity for Points-to Analysis for Java Presented By: - Anand Bahety Dan Bucatanschi.
The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.
Semi-Sparse Flow-Sensitive Pointer Analysis Ben Hardekopf Calvin Lin The University of Texas at Austin POPL ’09 Simplified by Eric Villasenor.
Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State.
Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???
Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:
1 Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodík UC Berkeley PLDI 2006.
Pointer Analysis for CASH Compiler Framework Deepak Garg Himanshu Jain Spring 2005.
Intraprocedural Points-to Analysis Flow functions:
1 Program Analysis Systematic Domain Design Mooly Sagiv Tel Aviv University Textbook: Principles.
Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization.
Improving Code Generation Honors Compilers April 16 th 2002.
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
Course Outline Traditional Static Program Analysis –Theory Compiler Optimizations; Control Flow Graphs Data-flow Analysis: Data-flow frameworks –Classic.
From last class. The above is Click’s solution (PLDI 95)
1 Tentative Schedule u Today: Theory of abstract interpretation u May 5 Procedures u May 15, Orna Grumberg u May 12 Yom Hatzamaut u May.
DATA STRUCTURE Subject Code -14B11CI211.
Universität Dortmund  P. Marwedel, Univ. Dortmund, Informatik 12, 2003 Hardware/software partitioning  Functionality to be implemented in software.
Data Structures and Programming.  John Edgar2.
Procedure Optimizations and Interprocedural Analysis Chapter 15, 19 Mooly Sagiv.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University STATIC ANALYSES FOR JAVA IN THE PRESENCE OF DISTRIBUTED COMPONENTS AND.
PRESTO Research Group, Ohio State University Interprocedural Dataflow Analysis in the Presence of Large Libraries Atanas (Nasko) Rountev Scott Kagan Ohio.
A GPU Implementation of Inclusion-based Points-to Analysis Mario Méndez-Lojo (AMD) Martin Burtscher (Texas State University, USA) Keshav Pingali (U.T.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Coverage Criteria for Testing of Object Interactions in Sequence Diagrams Atanas (Nasko) Rountev Scott Kagan Jason Sawin Ohio State University.
Fast Points-to Analysis for Languages with Structured Types Michael Jung and Sorin A. Huss Integrated Circuits and Systems Lab. Department of Computer.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
Major objective of this course is: Design and analysis of modern algorithms Different variants Accuracy Efficiency Comparing efficiencies Motivation thinking.
Synchronization Transformations for Parallel Computing Pedro Diniz and Martin Rinard Department of Computer Science University of California, Santa Barbara.
An Introduction to Support Vector Machines (M. Law)
Pointer Analysis as a System of Linear Equations. Rupesh Nasre (CSA). Advisor: Prof. R. Govindarajan. Jan 22, 2010.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
CBSE'051 Component-Level Dataflow Analysis Atanas (Nasko) Rountev Ohio State University.
ESEC/FSE-99 1 Data-Flow Analysis of Program Fragments Atanas Rountev 1 Barbara G. Ryder 1 William Landi 2 1 Department of Computer Science, Rutgers University.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Pointer Analysis Survey. Rupesh Nasre. Aug 24, 2007.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India & K. V. Raghavan.
Points-To Analysis in Almost Linear Time Josh Bauman Jason Bartkowiak CSCI 3294 OCTOBER 9, 2001.
CS412/413 Introduction to Compilers Radu Rugina Lecture 18: Control Flow Graphs 29 Feb 02.
1 Control Flow Graphs. 2 Optimizations Code transformations to improve program –Mainly: improve execution time –Also: reduce program size Can be done.
1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University
1 Software Testing & Quality Assurance Lecture 13 Created by: Paulo Alencar Modified by: Frank Xu.
5/7/03ICSE Fragment Class Analysis for Testing of Polymorphism in Java Software Atanas (Nasko) Rountev Ohio State University Ana Milanova Barbara.
Sept 12ICSM'041 Precise Identification of Side-Effect-Free Methods in Java Atanas (Nasko) Rountev Ohio State University.
Points-to Analysis as a System of Linear Equations Rupesh Nasre. Computer Science and Automation Indian Institute of Science Advisor: Prof. R. Govindarajan.
Object Naming Analysis for Reverse- Engineered Sequence Diagrams Atanas (Nasko) Rountev Beth Harkness Connell Ohio State University.
INFORMATION-FLOW ANALYSIS OF ANDROID APPLICATIONS IN DROIDSAFE JARED YOUNG.
Static Analysis of Object References in RMI-based Java Software
Harry Xu University of California, Irvine & Microsoft Research
Pointer Analysis Lecture 2
Atanas (Nasko) Rountev Barbara G. Ryder Rutgers University
Points-to Analysis for Java Using Annotated Constraints
Interprocedural Analysis Chapter 19
Objective of This Course
Demand-Driven Context-Sensitive Alias Analysis for Java
Pointer Analysis Lecture 2
Pointer analysis.
Ideas for testing Transformations of cds 4/27/2019 AOO/Demeter.
Presentation transcript:

1PLDI 2000 Off-line Variable Substitution for Scaling Points-to Analysis Atanas (Nasko) Rountev PROLANGS Group Rutgers University Satish Chandra Bell Labs Lucent Technologies

2PLDI 2000 What is Pointer Analysis? Given a pointer p, which variables does *p refer to? p = &x px q = &y qy if (z) p = q *p may refer to either x or y

3PLDI 2000 Why Should We Care? Indirect access to memory *p = *q; Indirect flow of control Clients: –Optimizing compilers –Software productivity tools –Static verification tools –Test coverage tools

4PLDI 2000 Efficiency versus Precision Hard problem Approximation algorithms –O(n) to O(n 7 ) –Flow and context sensitivity Difficult tradeoffs between efficiency and precision

5PLDI 2000 Our Contributions Off-line variable substitutionOff-line variable substitution –Trading precision for efficiency –Flexibility in choosing the right approximations Precision-preserving substitutionPrecision-preserving substitution –Andersen’s points-to analysis –More than 50% cost reduction

6PLDI 2000 Outline Introduction Off-line Variable Substitution Scaling Andersen’s Analysis Empirical Results Summary

7PLDI 2000 Variable Substitution Technique for cost reduction Replaces a set of variables with a single variable –Smaller points-to graphs –Possible loss of precision Used by several analyses –Done on-the-fly, during the analysis

8PLDI 2000 Off-line Variable Substitution : modify the input problem Alternative: modify the input problem Use variable substitution to simplify the program –Reduces the size of the lattice Analyze the simplified program Recover a solution for the original program –Precise versus approximate solution

9PLDI 2000 xya b Substitution Example p = &a p = &b q = p s = &p t = s x = &a x = &b y = &x psa bqt psa bqt

10PLDI 2000 The Big Picture Construct approximate problems –Choose the right approximations –Control tradeoffs between cost and precision Separation from the analysis algorithm –Easy modifications

11PLDI 2000 Outline Introduction Off-line Variable Substitution Scaling Andersen’s Analysis Empirical Results Summary

12PLDI 2000 Andersen’s Points-to Analysis Flow and context insensitive Worst case: O(n 3 ) Practicality: must reduce analysis cost –Hundreds of thousands LOC in a few minutes

13PLDI 2000 Specific off-line variable substitution which preserves precision

14PLDI 2000 Precision-preserving Substitution Equivalent variables –Have the same points-to sets Substitution –Set of equivalent variables –No targets of points-to edges Linear-time computation of equivalence sets –Non-maximal sets

15PLDI 2000 Subset Graph Nodes: sets of variables Edges: subset relationships &v v*v {v} Pt(*v)Pt(v) &xpx*p p = &x {x}  Pt(p) Pt(x)  Pt(*p) pq*p*q q = p Pt(p)  Pt(q) Pt(*p)  Pt(*q)

16PLDI 2000 Sources of Equivalent Variables Strongly-connected components Pt(v 1 )  Pt(v 2 )  …  Pt(v k )  Pt(v 1 ) Direct nodes: –No indirect assignments to v (& not taken) v v S1S1 S2S2 S3S3 Pt(v) = S 1  S 2  S 3

17PLDI 2000 Algorithm Highlights Traversal of SCC DAG in topological sort order –Integer label for each SCC Direct SCC: contains only direct nodes –Predecessors with the same label Direct SCC with no predecessors: non-pointers –Eliminate irrelevant statements

18PLDI 2000 Computation of Equivalence Sets r&p p q &x &y *rs t *p x*s y*q j i k

19PLDI 2000 Outline Introduction Off-line Variable Substitution Scaling Andersen’s Analysis Empirical Results Summary

20PLDI 2000 Experiments Overview Large C programs: KLOC Constraint-based implementation of Andersen’s analysis –BANE constraint solver from Berkeley Results: –Many variables have the same points-to sets –53% reduction in running time –59% reduction in memory usage

21PLDI 2000 Program Size

22PLDI 2000 Running Time

23PLDI 2000 Memory Usage

24PLDI 2000 Outline Introduction Off-line Variable Substitution Scaling Andersen’s Analysis Empirical Results Summary

25PLDI 2000 Summary Off-line variable substitution –Control tradeoffs between cost and precision Precision-preserving substitution –Simple and effective linear-time algorithm Empirical results –More than 50% reduction in both time and space Applications for other pointer analyses?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.