Approach #1 to context-sensitivity Keep information for different call sites separate In this case: context is the call site from which the procedure is.

Slides:



Advertisements
Similar presentations
A Framework for Unrestricted Whole-Program Optimization Spyridon Triantafyllis, Matthew J. Bridges, Easwaran Raman, Guilherme Ottoni, David I. August The.
Advertisements

Advanced Compiler Techniques LIU Xianhua School of EECS, Peking University Pointer Analysis.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Interprocedural Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
1 CS 201 Compiler Construction Lecture Interprocedural Data Flow Analysis.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.
1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.
Parameterized Object Sensitivity for Points-to Analysis for Java Presented By: - Anand Bahety Dan Bucatanschi.
Semi-Sparse Flow-Sensitive Pointer Analysis Ben Hardekopf Calvin Lin The University of Texas at Austin POPL ’09 Simplified by Eric Villasenor.
Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.
Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.
Pointer and Shape Analysis Seminar Context-sensitive points-to analysis: is it worth it? Article by Ondřej Lhoták & Laurie Hendren from McGill University.
Feedback: Keep, Quit, Start
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Interprocedural analyses and optimizations. Costs of procedure calls Up until now, we treated calls conservatively: –make the flow function for call nodes.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Advanced Compilers CMPSCI 710.
CS 536 Spring Run-time organization Lecture 19.
Inlining pros and cons (discussion). Inlining pros and cons Pros –eliminate overhead of call/return sequence –eliminate overhead of passing args & returning.
Interprocedural pointer analysis for C We’ll look at Wilson & Lam PLDI 95, and focus on two problems solved by this paper: –how to represent pointer information.
Honors Compilers Addressing of Local Variables Mar 19 th, 2002.
KQS More exercises/practice What about research frontier? Reading material Meetings for project Post notes more promptly.
Previous finals up on the web page use them as practice problems look at them early.
Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State.
Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???
Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:
Run time vs. Compile time
A Context-Sensitive Pointer Analysis Phase in Open64 Compiler Tianwei Sheng, Wenguang Chen, Weimin Zheng Tsinghua University.
Intraprocedural Points-to Analysis Flow functions:
Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.
Recap from last time g() { lock; } h() { unlock; } f() { h(); if (...) { main(); } } main() { g(); f(); lock; unlock; } mainfgh ;;;;;;; u u ” ”””” ” ”
ESP [Das et al PLDI 2002] Interface usage rules in documentation –Order of operations, data access –Resource management –Incomplete, wordy, not checked.
A simple approach Given call graph and CFGs of procedures, create a single CFG (control flow super-graph) by: –connecting call sites to entry nodes of.
Approach #1 to context-sensitivity Keep information for different call sites separate In this case: context is the call site from which the procedure is.
From last time: Inlining pros and cons Pros –eliminate overhead of call/return sequence –eliminate overhead of passing args & returning results –can optimize.
Another lock protocol example g() { if(isLocked()) { unlock; } else { lock; } } mainfg ;;;;; u ” ”””” ” ””” ” ” ”” ” ” ” ”””” u l l ” ””” ” ” ” ” ” {u,l}
Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization.
Course project presentations Midterm project presentation Originally scheduled for Tuesday Nov 4 th Can move to Th Nov 6 th or Th Nov 13 th.
Reps Horwitz and Sagiv 95 (RHS) Another approach to context-sensitive interprocedural analysis Express the problem as a graph reachability query Works.
Schedule Midterm out tomorrow, due by next Monday Final during finals week Project updates next week.
Code Generation CS 480. Can be complex To do a good job of teaching about code generation I could easily spend ten weeks But, don’t have ten weeks, so.
Prof. Aiken CS 294 Lecture 11 Program Analysis. Prof. Aiken CS 294 Lecture 12 The Purpose of this Course How are the following related? –Program analysis.
Transfer functions Our pairs of summaries look like functions from input information to output information We call these transfer functions Complete transfer.
Examples of summaries. Issues with summaries Level of “context” sensitivity: –For example, one summary that summarizes the entire procedure for all call.
Improving the Precision of Abstract Simulation using Demand-driven Analysis Olatunji Ruwase Suzanne Rivoire CS June 12, 2002.
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
From last class. The above is Click’s solution (PLDI 95)
Symbolic Path Simulation in Path-Sensitive Dataflow Analysis Hari Hampapuram Jason Yue Yang Manuvir Das Center for Software Excellence (CSE) Microsoft.
Prof. Bodik CS 164 Lecture 16, Fall Global Optimization Lecture 16.
Proxy Design Pattern Source: Design Patterns – Elements of Reusable Object- Oriented Software; Gamma, et. al.
Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.
PRESTO Research Group, Ohio State University Interprocedural Dataflow Analysis in the Presence of Large Libraries Atanas (Nasko) Rountev Scott Kagan Ohio.
Precise Interprocedural Dataflow Analysis via Graph Reachibility
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Pointer Analysis Survey. Rupesh Nasre. Aug 24, 2007.
CS 343 presentation Concrete Type Inference Department of Computer Science Stanford University.
Escape Analysis for Java Will von Rosenberg Noah Wallace.
Pointer Analysis – Part I CS Pointer Analysis Answers which pointers can point to which memory locations at run-time Central to many program optimization.
Interprocedural analyses and optimizations. Costs of procedure calls Up until now, we treated calls conservatively: –make the flow function for call nodes.
D A C U C P Speculative Alias Analysis for Executable Code Manel Fernández and Roger Espasa Computer Architecture Department Universitat Politècnica de.
Interprocedural analyses and optimizations. Costs of procedure calls Up until now, we treated calls conservatively: –make the flow function for call nodes.
LECTURE 19 Subroutines and Parameter Passing. ABSTRACTION Recall: Abstraction is the process by which we can hide larger or more complex code fragments.
Inter-procedural analysis
Ravi Mangal Mayur Naik Hongseok Yang
Another example: constant prop
Pointer analysis.
Interprocedural analyses and optimizations
Presentation transcript:

Approach #1 to context-sensitivity Keep information for different call sites separate In this case: context is the call site from which the procedure is called

In general Our first attempt was to make the context be the immediate call site Previous example shows that we may need 2 levels of the stack –the context for an analysis of function f is: call site L 1 where f was called from AND call site L 2 where f’s caller was called from Can generalize to k levels –k-length call strings approach of Sharir and Pnueli –Shiver’s k-CFA

Approach #2 to context-sensitivity Use dataflow information at call site as the context, not the call site itself

Using dataflow info as context g() { if(isLocked()) { unlock; } else { lock; } } mainfg f() { g(); if (...) { main(); } } main() { g(); f(); lock; unlock; }

Transfer functions Our pairs of summaries look like functions from input information to output information We call these transfer functions Complete transfer functions –contain entries for all possible incoming dataflow information Partial transfer functions –contain only some entries, and continually refine during analysis

Top-down vs. bottom-up We’ve always run our interproc analysis top down: from main, down into procs For data-based context sensitivity, can also run the analysis bottom-up –analyze a proc in all possibly contexts –if domain is distributive, only need to analyze singleton sets

Bottom-up example g() { if(isLocked()) { unlock; } else { lock; } } f() { g(); if (...) { main(); } } main() { g(); f(); lock; unlock; } mainfg ??? u ! l l ! u u ! l l ! u u ! u l ! e ”” ” ” ” ” u ! {l,e} l ! u ”” u ! u l ! e

Top-down vs. bottom-up What are the tradeoffs?

Top-down vs. bottom-up What are the tradeoffs? –In top-down, only analyze procs in the context that occur during analysis, whereas in bottom-up, may do useless work analyzing proc in a data context never used during analysis –However, top-down requires analyzing a given function at several points in time that are far away from each other. If the entire program can’t fit in RAM, this will lead to unnecessary swapping. On the other hand, can do bottom-up as one pass over the call- graph, one SCC at a time. Once a proc is analyzed, it never needs to be reloaded in memory. –top-down better suited for infinite domains

Reps Horwitz and Sagiv 95 (RHS) Another approach to context-sensitive interprocedural analysis Express the problem as a graph reachability query Works for distributive problems

Reps Horwitz and Sagiv 95 (RHS) g() { if(isLocked()) { unlock; } else { lock; } f() { g(); if (...) { main(); } main() { g(); f(); lock; unlock; }

Reps Horwitz and Sagiv 95 (RHS) g() { if(isLocked()) { unlock; } else { lock; } f() { g(); if (...) { main(); } main() { g(); f(); lock; unlock; }

Reps Horwitz and Sagiv 95 (RHS) g() { if(isLocked()) { unlock; } else { lock; } f() { g(); if (...) { main(); } main() { g(); f(); lock; unlock; }

Procedure specialization Interprocedural analysis is great for callers But for the callee, information is still merged main() { x := new A(...); y := x.g(); y.f(); x := new A(...); y := x.g(); y.f(); x := new B(...); y:= x.g(); y.f(); } // g too large to inline g(x) { x.f(); // lots of code return x; } // but want to inline f {... } {... }

Procedure specialization Specialize g for each dataflow information “In between” inlining and context-sensitve interproc main() { x := new A(...); y := x.g 1 (); y.f(); x := new A(...); y := x.g 1 (); y.f(); x := new B(...); y:= x.g 2 (); y.f(); } g 1 (x) { x.f(); // can now inline // lots of code return x; } g 2 (x) { x.f(); // can now inline // lots of code return x; } // but want to inline f {... } {... }

A() { call D } B() { call D } C() { call D } D() {... } Recap using pictures

A() { } D’D’ B() { } D ’’ C() { } D ’’’ Inlining A() { call D } B() { call D } C() { call D } D() {... }

A() { call D } B() { call D } C() { call D } D() {... } caller summary callee summary Context-insensitive summary A() { call D } B() { call D } C() { call D } D() {... }

A() { call D } B() { call D } C() { call D } D() {... } context sensitive summary Context sensitive summary A() { call D } B() { call D } C() { call D } D() {... }

A() { call D } B() { call D } C() { call D } D() {... } D’() {... } Procedure Specialization A() { call D } B() { call D } C() { call D } D() {... }

Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization

Comparison Caller precisionCallee precisioncode bloat Inlining, because contexts are kept separate  may be large if we want to get the best precision context-insensitive interproc , because contexts are merged none Context sensitive interproc, because of context sensitive summaries , because contexts are still merged when optimizing callees none Specialization, contexts are kept separate  Some, less than inlining

Summary on how to optimize function calls Inlining Tail call optimizations Interprocedural analysis using summaries –context sensitive –context insensitive Specialization

Cutting edge research Making interprocedural analysis run fast –Many of the approaches as we have seen them do not scale to large programs (eg millions of lines of code) –Trade off precision for analysis speed Optimizing first order function calls Making inlining effective in the presence of dynamic dispatching and class loading

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.