Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.

Slides:



Advertisements
Similar presentations
Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Advertisements

Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
1 Regression-Verification Benny Godlin Ofer Strichman Technion.
Program analysis Mooly Sagiv html://
Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.
Correctness. Until now We’ve seen how to define dataflow analyses How do we know our analyses are correct? We could reason about each individual analysis.
From last time: live variables Set D = 2 Vars Lattice: (D, v, ?, >, t, u ) = (2 Vars, µ, ;,Vars, [, Å ) x := y op z in out F x := y op z (out) = out –
Program analysis Mooly Sagiv html://
Previous finals up on the web page use them as practice problems look at them early.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.
From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.
ESP [Das et al PLDI 2002] Interface usage rules in documentation –Order of operations, data access –Resource management –Incomplete, wordy, not checked.
Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization.
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Composing Dataflow Analyses and Transformations Sorin Lerner (University of Washington) David Grove (IBM T.J. Watson) Craig Chambers (University of Washington)
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
Dagstuhl Seminar "Applied Deductive Verification" November Symbolically Computing Most-Precise Abstract Operations for Shape.
Change Impact Analysis for AspectJ Programs Sai Zhang, Zhongxian Gu, Yu Lin and Jianjun Zhao Shanghai Jiao Tong University.
Program Analysis with Dynamic Change of Precision Dirk Beyer Tom Henzinger Grégory Théoduloz Presented by: Pashootan Vaezipoor Directed Reading ASE 2008.
Shape Analysis Overview presented by Greta Yorsh.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.
Type Systems CS Definitions Program analysis Discovering facts about programs. Dynamic analysis Program analysis by using program executions.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
Mark Marron 1, Deepak Kapur 2, Manuel Hermenegildo 1 1 Imdea-Software (Spain) 2 University of New Mexico 1.
Pointer Analysis as a System of Linear Equations. Rupesh Nasre (CSA). Advisor: Prof. R. Govindarajan. Jan 22, 2010.
Symbolically Computing Most-Precise Abstract Operations for Shape Analysis Greta Yorsh Thomas Reps Mooly Sagiv Tel Aviv University University of Wisconsin.
Model construction and verification for dynamic programming languages Radu Iosif
Mark Marron IMDEA-Software (Madrid, Spain) 1.
University of Toronto Department of Computer Science Lifting Transformations to Product Lines Rick Salay, Michalis Famelis, Julia Rubin, Alessio Di Sandro,
Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.
Adapting Side-Effects Analysis for Modular Program Model Checking M.S. Defense Oksana Tkachuk Major Professor: Matthew Dwyer Support US National Science.
ESEC/FSE-99 1 Data-Flow Analysis of Program Fragments Atanas Rountev 1 Barbara G. Ryder 1 William Landi 2 1 Department of Computer Science, Rutgers University.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Pointer Analysis Survey. Rupesh Nasre. Aug 24, 2007.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India & K. V. Raghavan.
Pointer Analysis for Multithreaded Programs Radu Rugina and Martin Rinard M I T Laboratory for Computer Science.
Pointer and Escape Analysis for Multithreaded Programs Alexandru Salcianu Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology.
ReIm & ReImInfer: Checking and Inference of Reference Immutability and Method Purity Wei Huang 1, Ana Milanova 1, Werner Dietl 2, Michael D. Ernst 2 1.
Points-to Analysis as a System of Linear Equations Rupesh Nasre. Computer Science and Automation Indian Institute of Science Advisor: Prof. R. Govindarajan.
1PLDI 2000 Off-line Variable Substitution for Scaling Points-to Analysis Atanas (Nasko) Rountev PROLANGS Group Rutgers University Satish Chandra Bell Labs.
Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology.
Abstract Interpretation and Future Program Analysis Problems Martin Rinard Alexandru Salcianu Laboratory for Computer Science Massachusetts Institute of.
Null Dereference Verification Via Over-approximated Weakest Precondition analysis Ravichandhran Madhavan Microsoft Research, India Joint work with Raghavan.
Simone Campanoni Dependences Simone Campanoni
Partially Disjunctive Heap Abstraction
Spring 2016 Program Analysis and Verification
Compositional Pointer and Escape Analysis for Java Programs
Pointer Analysis Lecture 2
Ravi Mangal Mayur Naik Hongseok Yang
G. Ramalingam Microsoft Research, India & K. V. Raghavan
Symbolic Implementation of the Best Transformer
Machine-Independent Optimization
Ada – 1983 History’s largest design effort
Pointer Analysis Lecture 2
Pointer analysis.
Model Checking and Its Applications
Presentation transcript:

Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India

Purity Analysis [Salcianu & Rinard VMCAI ‘05, Whaley & Rinard OOPSLA ‘99] A (side) effect analysis for the heap A foundational analysis with several applications Pointer analysis Escape analysis Checking correctness of speculative parallelism [Prabhu et al., PLDI’10] Lightweight bug finding tools Heavyweight software model checking and verification tools (like SLAM)

Our Contributions An Abstract Interpretation formalization A simpler explanation of the analysis A simpler and more standard correctness proof Helps extend and modify algorithm … for Scalability Precision Functionality and verify correctness of extensions/modifications A step towards formalizing similar modular heap analyses like Lattner et al. [PLDI ‘07], Buss et al. [SAC ’08] 3 new optimizations with empirical evaluations

Modular Heap Effect Analysis

Problem and Challenges Heap Effect Analysis: Determine effect of a procedure call on heap (global program state) Modularity: Compute a context-independent summary for each procedure Challenge: Procedure behavior and effect depend on aliasing in input heap Very few modular analyses can handle aliasing in input heap. WSR analysis is one of them.

Challenging Example 1.P(x,y) { 2. t = new () 3. x.next = t 4. t.next = y 5. retval = y.next 6.} o1o1 o2o2 o3o3 xy next n2n2 o1o1 o2o2 o3o3 xytretval next u1u1 u2u2 xy n2n2 u1u1 u2u2 xy t retval next

Two possible Approaches 1.Compute different summaries for different aliasing configurations. Pros: Better precision Cons: Possible explosion in the number of summaries 2.Compute a single summary – approach taken by WSR.

Two approaches - Example o1o1 o2o2 o3o3 xy next n2n2 o1o1 o2o2 o3o3 xytretval next u1u1 u2u2 xy n2n2 p1p1 p2p2 n5n5 xy t retval next WSR summary n2n2 u1u1 u2u2 xy t retval next

Computing WSR Summaries

Overview 1.P(x,y) { 2. t = new () 3. x.next = t 4. t.next = y 5. retval = y.next 6.} n2n2 p1p1 p2p2 n5n5 xy t retval next (Transformer Graph) Place holders (External node) Read edge (External edge) Write edge (Internal edge) Local allocs (Internal node)

Formalizing WSR analysis Like shape analyses, WSR analysis computes a graph at every program point. But the graphs are abstractions of state transformers rather than states.

Abstract Interpretation Formulation

Concrete Domain

Concrete Semantics P() { … u: … } Parametric collecting semantics In the style of Sharir and Pnueli’s functional approach.

Abstract Domains

Concretization Modified portion Transformer graph Concrete stateConcrete state(s) Transformed portion Mapping Phase (Identifies modified portion) Transformation Phase

Mapping Phase Illustration n2n2 p1p1 p2p2 n5n5 xy tretval next u1u1 u2u2 xy Concrete state Transformer graph

Transformation Phase Illustration n2n2 p1p1 p2p2 n5n5 xy tretval next u1u1 u2u2 xy

Transformation Phase Illustration n2n2 p1p1 p2p2 n5n5 xy tretval next u1u1 u2u2 xy n2n2 retval

Transformation Phase Illustration Abstract shape graph representing a set of concrete states u1u1 u2u2 xy next n2n2 retval

Abstract Vs Concrete Summary u1u1 u2u2 xy next u1u1 u2u2 xy Concrete summary u1u1 u2u2 xy next n2n2 retval n2n2 u1u1 u2u2 xy t next

Correctness and Termination

Partial order and join

Abstract Semantics Computes a transformer graph at every program point. Uses a set of equations having the same structure as the concrete semantics. Uses the abstract transformers for statements and procedure calls. Handles procedure calls using the summary of the called function.

Correctness and Termination

Optimizations

Need for optimizations BenchmarkLines of Code WSR analysis Time(s)Memory (MB) Dynamic data display25K SharpMap26KTime out- PDFsharp96K Dotspatial (12 DLLS) 200KTime out-

Node Merging Optimization 1.P(x) { 2. If(*) 3. t = new …; 4. t = new …; 5. x.f = t; 6. t.g = new …; 7.} Same concrete image n3n3 p1p1 n6n6 x t f g n3n3 p1p1 n6n6 x t f n4n4 f g g

Correctness of node merging

Termination with node merging Node merging doesn’t preserve containment ordering. Termination is guaranteed only if merged nodes do not reappear in subsequent steps.

Termination with node merging [Cont.] Solution : Track (transformer graph, equivalence relation) pairs. The equivalence relation records nodes merged in the previous steps. Whenever a new node is created replace it with the representative of its equivalence class.

Identifying nodes to merge Arbitrarily merging nodes will reduce precision. Our Heuristics: n2n2 n1n1 n3n3 f f n2n2 n1n1 f n2n2 n1n1 n3n3 f f n2n2 n1n1 f Results in no loss of precision in our benchmarks when used in a purity analysis

Evaluation of Node merging BenchmarkLines of Code With Node merging Time (s)Memory (MB) Dynamic data display25K58427 SharpMap26K PDFsharp96K Dotspatial (12 DLLS) 200K963568

Optimization 2 : Summary merging Applies to virtual method calls. … With optimization

Optimization 3: Safe node elimination Removes unnecessary external nodes. Eg: Set::Contains is pure but its WSR summary has many external edges/nodes. Does not affect precision.

Empirical evaluation BenchmarkLines of Code WSR analysisWith all opts Time(s)Memory (MB) Time (s)Memory (MB) Dynamic data display 25K SharpMap26K PDFsharp96K Dotspatial (12 DLLS) 200K

Conclusion WSR analysis is a widely used modular heap analysis. Formalized WSR analysis as an Abstract Interpretation. Mentioned as an open problem by Salcianu. Proposed 3 Optimizations to WSR analysis. Proved them correct using the AI formulation. They make the analysis to scale to large programs.