Phoenix Based Dynamic Slicing Debugging Tool Eric Cheng Lin Xu Matt Gruskin Ravi Ramaseshan Microsoft Phoenix Intern Team (Summer '06)

Slides:



Advertisements
Similar presentations
DATAFLOW TESTING DONE BY A.PRIYA, 08CSEE17, II- M.s.c [C.S].
Advertisements

Overview Structural Testing Introduction – General Concepts
Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
Synopsys University Courseware Copyright © 2012 Synopsys, Inc. All rights reserved. Compiler Optimization and Code Generation Lecture - 3 Developed By:
Course Outline Traditional Static Program Analysis –Theory Compiler Optimizations; Control Flow Graphs Data-flow Analysis – today’s class –Classic analyses.
Chapter 9 Code optimization Section 0 overview 1.Position of code optimizer 2.Purpose of code optimizer to get better efficiency –Run faster –Take less.
1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Course Outline Traditional Static Program Analysis –Theory Compiler Optimizations; Control Flow Graphs Data-flow Analysis – today’s class –Classic analyses.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.
 Program Slicing Long Li. Program Slicing ? It is an important way to help developers and maintainers to understand and analyze the structure.
Components of representation Control dependencies: sequencing of operations –evaluation of if & then –side-effects of statements occur in right order Data.
Program Representations. Representing programs Goals.
1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.
1 Data flow analysis Goal : collect information about how a procedure manipulates its data This information is used in various optimizations For example,
Semi-Sparse Flow-Sensitive Pointer Analysis Ben Hardekopf Calvin Lin The University of Texas at Austin POPL ’09 Simplified by Eric Villasenor.
Common Sub-expression Elim Want to compute when an expression is available in a var Domain:
Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
Recap from last time Saw several examples of optimizations –Constant folding –Constant Prop –Copy Prop –Common Sub-expression Elim –Partial Redundancy.
1 Intermediate representation Goals: –encode knowledge about the program –facilitate analysis –facilitate retargeting –facilitate optimization scanning.
Global optimization. Data flow analysis To generate better code, need to examine definitions and uses of variables beyond basic blocks. With use- definition.
Administrative info Subscribe to the class mailing list –instructions are on the class web page, which is accessible from my home page, which is accessible.
Chair of Software Engineering Fundamentals of Program Analysis Dr. Manuel Oriol.
Code Generation for Basic Blocks Introduction Mooly Sagiv html:// Chapter
Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???
1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.
Class canceled next Tuesday. Recap: Components of IR Control dependencies: sequencing of operations –evaluation of if & then –side-effects of statements.
Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x y...
Introduction to Optimization Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved.
Machine-Independent Optimizations Ⅰ CS308 Compiler Theory1.
Global optimization. Data flow analysis To generate better code, need to examine definitions and uses of variables beyond basic blocks. With use- definition.
Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 5 Data Flow Testing
Constant Propagation. The constant propagation framework is different from all the data-flow problems discussed so far, in that It has an unbounded set.
Precision Going back to constant prop, in what cases would we lose precision?
Copyright © 2012 Pearson Education, Inc. Chapter 1: Introduction to Computers and Programming.
1 CS 201 Compiler Construction Data Flow Analysis.
AutoHacking with Phoenix Enabled Data Flow Analysis Richard Johnson |
Presented By Dr. Shazzad Hosain Asst. Prof., EECS, NSU
Software (Program) Analysis. Automated Static Analysis Static analyzers are software tools for source text processing They parse the program text and.
Optimization software for apeNEXT Max Lukyanov,  apeNEXT : a VLIW architecture  Optimization basics  Software optimizer for apeNEXT  Current.
Control Flow Resolution in Dynamic Language Author: Štěpán Šindelář Supervisor: Filip Zavoral, Ph.D.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Technology and Science, Osaka University Dependence-Cache.
1 Program Slicing Amir Saeidi PhD Student UTRECHT UNIVERSITY.
Compiler Principles Fall Compiler Principles Lecture 0: Local Optimizations Roman Manevich Ben-Gurion University.
Chapter 11: Dynamic Analysis Omar Meqdadi SE 3860 Lecture 11 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
1 Data Flow Analysis Data flow analysis is used to collect information about the flow of data values across basic blocks. Dominator analysis collected.
Software Engineering Research Group, Graduate School of Engineering Science, Osaka University A Slicing Method for Object-Oriented Programs Using Lightweight.
CS412/413 Introduction to Compilers Radu Rugina Lecture 18: Control Flow Graphs 29 Feb 02.
1 Software Testing & Quality Assurance Lecture 13 Created by: Paulo Alencar Modified by: Frank Xu.
Optimization Simone Campanoni
Single Static Assignment Intermediate Representation (or SSA IR) Many examples and pictures taken from Wikipedia.
Code Optimization.
Data Flow Analysis Suman Jana
Control Flow Testing Handouts
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 4 Control Flow Testing
Dataflow analysis.
Outline of the Chapter Basic Idea Outline of Control Flow Testing
SwE 455 Program Slicing.
A Survey of Program Slicing Techniques: Section 4
Program Slicing Baishakhi Ray University of Virginia
University Of Virginia
SUDS: An Infrastructure for Creating Bug Detection Tools
1. Reaching Definitions Definition d of variable v: a statement d that assigns a value to v. Use of variable v: reference to value of v in an expression.
Live Variables – Basic Block
Software Testing and QA Theory and Practice (Chapter 5: Data Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
Presentation transcript:

Phoenix Based Dynamic Slicing Debugging Tool Eric Cheng Lin Xu Matt Gruskin Ravi Ramaseshan Microsoft Phoenix Intern Team (Summer '06)

What is Phoenix ? Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Software optimization and analysis framework. ● Read and write binaries and MSIL assemblies. ● Represent the input files in an IR. ● Analyze and manipulate the IR by using the Phoenix API.

v What is Slicing ? Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● What program statements potentially affect the computation of variable v at statement s. void foo () { int i = 0; int j = 0; i = i + 1; j = j + 1; j = i + j; } void foo() { int i = 0; int j = 0; i = i + 1; j = j + 1; j = i + j; } s

Static & Dynamic Slicing Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Static Slicing – A static program slice is an executable subset of a program whose behavior is identical, for all program input, to that of the original program with respect to set of variables of interest at some execution point. ● Dynamic Slicing – Use values from the execution context to present a smaller subset of the program.

Program Slicing and Debugging Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● One very unpredictable cost of software development is the time we spend debugging code. ● Problems when debugging – Contorted control flow – Function calls – Aliasing. ● Present a subset of the program being debugged to the user.

Program Dependence Graph Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments int test (int x, int y) { int total = 0; int sum = 0; if (x <= 1) { sum = y; } else { total = x + y; } return total + sum; } ● Nodes – statements and predicate expressions (or operators and operands). ● Edges – data values on which the node’s operations depend and the control conditions on which the execution of the operations depends.

Static Slicing Example Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Map source code and variable to IR instruction and operand. ● Graph problem of finding the connected component in a PDG seeded at a node on which the operand is dependent on. int test (int x, int y) { int total = 0; int sum = 0; if (x <= 1) { sum = y; } else { total = x + y; } return total + sum; }

Problems with Static Slicing Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments int test (int x, int y) { int total = 0; int sum = 0; if (x <= 1) { sum = y; } else { total = x + y; } return total + sum; } ● Slices are large. ● Does not use runtime information about values of program variables.

Dynamic Slicing Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments int test (int x, int y) { int total = 0; int sum = 0; if (x <= 1) { sum = y; } else { total = x + y; } return total + sum; } ● While debugging we have a snapshot of the entire state of the program. ● Use values of program variables to reduce the slice. x = 0

Dynamic Slicing Overview Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Use Phoenix's data-flow analysis and optimization framework. ● Extract values for program variables from the debugger. ● Annotate constants onto operands of instructions. ● Run a constant propagation pass to find unreachable code. ● Prune the static slice by removing unreachable code.

Phoenix's Global Optimizer Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Operates on IR in SSA form. ● Standard data-flow analysis using lattices. ● Lattices specify flow functions for data-flow. ● Lattice elements – cells – encode program facts. ● Propagates cells forward and backward through the SSA.

Phoenix's Global Optimizer – Constant Propagation Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments void foo () { int a, b, c; a = 5; b = 7; c = b + a; } ● Constant operands get annotated with const-cells. ● The simulator transfers values over assignment and arithmetic statements. ● Predicates are evaluated and unreachable code detected.

Annotating Operands Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments int foo (int x) { if (x != 1) { } x = bar (); return x; } ● Find definitions reaching the current point in the program. ● Annotate operands that use the found definitions. 1

Dynamic Slicing with Unreachable Code Elimination Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments int test (int x, int y) { int total = 0; int sum = 0; if (x <= 1) { sum = y; } else { total = x + y; } return total + sum; } ● Extract values for program variables from the debugger. ● Annotate the SSA IR. ● Run the global optimizer's constant propagation to find unreachable code. ● Prune static slice by removing unreachable code. x = 0 true

Dynamic Slicing with Dead Code Elimination Too Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments int test (int x, int y) { int total = 0; int sum = 0; if (x <= 1) { sum = y; } else { total = x + y; } return total + sum; } ● Phoenix provides a dead code elimination lattice too. ● Provides more opportunities to prune the slice. x = 0

Dynamic Slicing Tool Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Sample for the Phoenix RDK ● Add-in to Visual Studio ● Intra-procedural ● Debug time ● Dynamic Slicing ● Source code and assembly instruction slicing

Visual Studio Dynamic Slicing Tool Architectural Overview Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments Build PDG Static Slicing Dynami c Slicing User Interface Debugger Function Slice VariableLineValues

Source Screen-shot Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments

Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments Assembly Slicing

Limitations Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Aliasing support limited to that provided by Phoenix – very conservative. ● Flow functions in the constant propagation lattice only implemented for a few instructions. ● Only integer constants are propagated. ● Dead code elimination lattice not implemented for LIR.

Acknowledgments Introduction Static Slicing Dynamic Slicing Architecture Screen Shots Limitations Acknowledgments ● Our mentors: – Russell Hadley, John Lin, Jim Hogg and Curt Carpenter ● Andy Ayers ● And other members of the Phoenix team, specially: – Chris McKinsey, Marko Radmilac and Andrew Cox.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.