Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hongtao Yu Wei Huo ZhaoQing Zhang XiaoBing Feng

Published byKristian Cameron Modified over 5 years ago

Similar presentations

Presentation on theme: "Hongtao Yu Wei Huo ZhaoQing Zhang XiaoBing Feng"— Presentation transcript:

1 Aggressive Program Analysis Framework for Static Error Checking in Open64
Hongtao Yu Wei Huo ZhaoQing Zhang XiaoBing Feng Key Laboratory of Computer System and Architecture, Institute of Computing Technology, Chinese Academy of Sciences { htyu, huowei, zqzhang, fxb Hello everyone, I’m really sorry that I can’t get my visa to come here to discuss with you. So I have recorded my presentation and play to you now.

2 Outline Introduction Framework Field-sensitive pointer analysis
Flow- and context-sensitive dataflow analysis Conclusion This is the outline here. The presentation is organized as follows: we first give the introduction about our work. And then we introcude the new framework and the work we have done in Open64 briefly. we describe the pointer analysis next and the flow- and context-sensitive interprocedural analysis method in detail and its application in error checking. We conclude at last

3 Introduction Open64 is a high performance compiler
However, existed scalar analysis of Open64 is not precise enough to serve for static error checking. The original interprocedural framework is Flow-insensitive Field-insensitive Context-insensitive for some problems Open64 is a high performance compiler for generating effective binary codes. It derives from the SGI compiler for the MIPS R10000 processor, called MIPSPro. It can conduct high-quality interprocedural analysis, data-flow analysis, data dependence analysis, and array region analysis. However, existed scalar analysis of Open64 is not precise enough to serve for static error checking since it is originally designed for optimizations. The original interprocedural framework is flow-insensitive and field-insensitive. Also it is Context-insensitive for some problems, e.g. pointer analysis.

4 Improvement Our aim is to improve the interprocedural phase, to gain more precision in analysis To gain flow-sensitivity, we integrate the intraprocedural analysis phase into interprocedural phase To gain context-sensitivity, transfer functions modeling procedure effects are computed for each procedure To gain field-sensitivity, fields are distinguished by <base, offset, size>. Our aim is to improve the interprocedural phase in order to obtain more precision in analysis, and to be more accurate in error checking furthermore. To gain flow-sensitivity, we integrate the intraprocedural analysis phase into interprocedural phase, allowing the interprocedural analysis to access and update local control-flow and data-flow information flexibly. To achieve context-sensitivity, transfer functions modeling procedure effects are computed for each procedure, and are used in each call site. Field-sensitivity is obtained by representing each field of any structure with its base structure, offset from its base and its data type size according to the target machine information.

5 Error checking Several error checking problems can be abstract as a common dataflow problem and be solved using the fix point theory on semi-lattices Uninitialized reference Null pointer deference File I/O behavior Under the new framework, statically checking common programming errors are developed. We abstract several kinds of error checking problems as a common dataflow problem that can be solved by using the fix point theory on a semi-lattice, e.g. Uninitialized reference, Null pointer deference, File I/O behavior. We have developed a program template that concentrates on flow- and context-sensitive interprocedural dataflow analysis by using C++ generic programming.

6 Contributions We have designed and implemented:
A flow- and context-sensitive interprocedural framework, under which kinds of error checkings are performed. Two efficient field-sensitive pointer analysis. One is a directly implementation of Steensgaard, B. Points-to Analysis by Type Inference of Programs with Structures and Unions. In Proceedings of the Proceedings of the 6th International Conference on Compiler Construction, 1996. The other is an improvement of it Our main contributions to Open64 are that we have designed and implemented the follows: A flow- and context-sensitive interprocedural framework under which kinds of error checking are performed. Two kinds of efficient field-sensitive pointer analysis. We have provided two kinds of pointer improved the original pointer analysis of Open64 to be field-sensitive. One is directly implemented from the paper listed here, and the other is designed by ourselves in which we consider the target machine ABI in the intermediate representations. The former one achieves more precision and higher efficiency than the original one. The latter one achieves more precision than the former one while maintains almost the same efficiency as it.

7 Interprocedural Analyzer
Framework IPL summay phase IPA_LINK Interprocedural Analyzer FICI pointer analysis FICS pointer analysis Interprocedural control flow optimization Build Call Graph Construct SSA Form for each procedure FICI = Flow- and Context-insensitive. FICS= Flow-insensitive but Context-sensitive. FSCS= Flow- and FICS and FSCS have not been implemented yet. FSCS pointer analysis The new framework is displayed here. It starts after the phase IPA_LINK linking all WHIRL (霍尔) representations together. The analysis starts with a field-sensitive unification-based pointer analysis which is flow- and context-insensitive to locate the target of function pointers. Once the targets of function pointers are determined, we begin to build a procedure call graph in which an indirect call site through a function pointer is modeled as a branch of direct calls to its target. Static error checker

8 Pointer analysis architecture
Employs several field-sensitive algorithms that differ in precision and efficiency. Pointer analysis are performed in the increasing order of precision. The first is a field-sensitive unification-based pointer analysis. Each analysis is performed on the base of the former analysis so that we can obtain higher efficiency than performing the analysis separately. Up to now, only the field-sensitive unification-based pointer analysis has been implemented. We intend to design and implement a pointer analysis architecture that employs several kinds of field-sensitive algorithms that differ in precision and efficiency. The series of pointer analysis are performed in the increasing order of precision. Each analysis is performed on the base of the former analysis so that we can obtain higher efficiency than performing the analysis separately. The first pointer analysis of the pointer architecture is the field-sensitive unification-based pointer analysis. Other field-sensitive flow- and context-insensitive pointer analysis may also be performed after this, e.g. inclusion-based pointer analysis to make the result points-to graph more precise and further refine the call graph. Up to now, only the field-sensitive unification-based pointer analysis has been implemented.

9 Interprocedural control flow optimization
Dead Function Elimination (DFE) Delete uninvoked functions Fake Control Flow Elimination (FCFE) Recognizes the program points where control flow must terminate Flow- and context-sensitive problem Based on Gated Single Assignment Form (GSA). The interprocedural control flow optimization includes Dead Function Elimination and Fake Control Flow Elimination. Fake Control Flow Elimination recognizes the program points where control flow must terminate, and furthermore eliminate fake data flow. It is a flow- and context-sensitive problem. We compute transfer function for each procedure that indiates under which input the procedure must terminate. We create individual control flow graph for each procedure and refine it after Fake Control Flow Elimination.

10 Fake Control Flow Elimination
Taken from HyperSAT-1.7 #define error(str) report(__FILE__, __LINE__, str, ERROR) void parseClusterFile(preproc_t *p, char *name) { ….. tmp_fsize = ftell(fp); if (tmp_fsize > INT_MAX) { L1: error("File too large!"); } else { fsize = (size_t)tmp_fsize; } rewind(fp); buf = xmalloc(fsize); void report(char *file, unsigned line, char *str, char sev) { if (sev == ERROR) { L2: exit(EXIT_UNKNOWN); } else if (sev == WARRNING) { printf(…); } else if (sev == NOTE) { tmp_fsize = ftell(fp); B1 tmp_fsize > INT_MAX B2 N B3 Y fsize = (size_t) tmp_fsize error ("File too large!") B4 Here is an example taken from the program HyperSAT-1.7 when we check uninitialized reference on it. The function “report” will terminate the whole process under the input EXIT_UKNOWN. So if the control flow reaches program point L1, the program will terminate. We recognized this case and eliminate the fake control flow from basic block B4 to B5. Otherwise, the variable fsize used in B5 may be undefined on the invalid path B1B2B4B5. rewind(fp); buf = xmalloc(fsize) B5

11 Fake Control Flow Elimination
Taken from HyperSAT-1.7 #define error(str) report(__FILE__, __LINE__, str, ERROR) void parseClusterFile(preproc_t *p, char *name) { ….. tmp_fsize = ftell(fp); if (tmp_fsize > INT_MAX) { L1: error("File too large!"); } else { fsize = (size_t)tmp_fsize; } rewind(fp); buf = xmalloc(fsize); void report(char *file, unsigned line, char *str, char sev) { if (sev == ERROR) { L2: exit(EXIT_UNKNOWN); } else if (sev == WARRNING) { printf(…); } else if (sev == NOTE) { tmp_fsize = ftell(fp); B1 tmp_fsize > INT_MAX B2 N B3 Y fsize = (size_t) tmp_fsize rewind(fp); buf = xmalloc(fsize) B5 exit

12 Unification-based pointer analysis
We have implemented two efficient field-sensitive pointer analysis. One is a directly implementation of Steensgaard, B. Points-to Analysis by Type Inference of Programs with Structures and Unions. In Proceedings of the Proceedings of the 6th International Conference on Compiler Construction, 1996. The other is an improvement of it We have implemented two efficient field-sensitive pointer analysis. One is a directly implementation of the paper listed here The other is an improvement of it .

13 Steensgaard Classification
Example KLOC Field Ops Field-insensitive Steensgaard Classification Field-sensitive Classes Max Min Average Time (secs) mcf 0.9 562 7 527 1 80.28 0.02 34 376 16.52 bzip2 2.4 87 2 69 18 43.5 0.03 gzip 3.6 244 4 222 61 0.05 37 72 6.59 parser 7.4 2375 2115 3 131.94 0.13 2003 38.93 0.11 vpr 8.7 1649 23 1408 71.69 0.17 159 955 10.37 0.14 crafty 9.7 830 6 268 30 138.33 0.5 74 11.21 0.22 twolf 15 6457 0.48 80 4495 80.71 0.23 vortex 25 8062 90 7631 89.57 1.17 274 7616 29.42 0.60 gap 28 11480 9 11459 1275.5 1.04 134 11023 85.67 Here the table displays the comparison between the current alias analysis of Open64 and the first algorithm . The example benchmarks are all taken from SPEC2000. To our surprise, the analyzing time of field-insensitive Steensgaard classification is more than the field-sensitive one. We trace the analyzing process and find out that the exceeding time is spent on the union-find operation since objects pointed to by all undistinguished fields must be joined. The latter is more precise and efficient than the former one.

14 Experiment explanation
Example : The benchmark name ; KLOC: The size of the benchmark (line numbers counted by kilo lines); Field OPs: The number of indirect memory access to fields of structural objects; Classes: The number of alias classes of the total Field OPs above; memory access operations in the same alias class are regarded as aliased Max: the maximal number of Field OPs in the same alias class; Min: the minimal number of Field OPs in the same alias class; Average: the average number of Field OPs in the same alias class Time: the time for analyzing the benchmark;

15 Example KLOC Field Ops Field-sensitive Steensgaard Classification Aggressively Field-sensitive Classification Classes Max Min Average Time (secs) mcf 0.9 562 34 376 1 16.52 0.02 69 39 8.14 bzip2 2.4 87 2 18 43.5 0.03 7 26 6 12.42 gzip 3.6 244 37 72 6.59 0.05 44 49 5.54 parser 7.4 2375 61 2003 38.93 0.11 88 1989 26.98 0.13 The main idea of improvement is to consider memory layout in high-level analysis in order to precisely distinguish fields of structure objects. This Table shows the comparison between the field-sensitive algorithm and our improved algorithm. They are both field-sensitive. The improved algorithm is precise than the first one while is a little less in efficiency. The main idea of improvement is to consider memory layout in high-level analysis in order to precisely distinguish fields of structure. In our improved method, a field in the program is represented by a pair of offset from its base structure and size of its own data type. The implementation of this field representation makes use of the target ABI information on the WHIRL. Furthermore, we have lowered all the structural memory operations to a series of scalar memory operations based on the target machine information, allowing consequential data flow analysis more aggressive. The method is also portable due to the architecture of Open64.

16 Field-sensitive Steensgaard Classification
τ1 τ7 τ2 τ3 τ4 τ5 τ6 τ8 τ9 τ10 τ11 int i1, *i2, **i3, **i4; float f1, **f2; struct { int a, *b, *c; } s1, *s2; struct { int d, *e; float f, *g } s3, *s4; s2 = &s1; s4 = &s3; f2 = &s4->g; *f2 = &f1; i3 = &s2->b; i4 = &s2->c; *i4 = &i1; i2 = (int*) s2; i2 = (int*) s4; i2: τ1 s1.a: τ8 s2: τ2 s3.d: τ8 s4: τ3 s1.b: τ9 i3: τ4 s3.e: τ9 i4: τ5 s1.c: τ10 f2: τ6 s3.f: τ10 s1: τ7 s3.g: τ10 s3: τ7 i1: τ11 f1: τ11 We take a small program as an example to indicate intuitively that considering memory layout in the high-level analysis is more aggressive. The points-to graph is the reuslt of the Field-sensitive Steensgaard Classification. Since we cannot distinguish the type size of the two fields, c and f,the three fields c, f, g must be considered as one in the result points-to graph

17 Aggressive Field-sensitive Classification
i2: τ1 s1.a: τ8 s2: τ2 s3.d: τ8 s4: τ3 s1.b: τ9 i3: τ4 s3.e: τ9 i4: τ5 s1.c: τ10 f2: τ6 s3.f: τ11 s1: τ7 s3.g: τ11 s3: τ7 i1: τ12 f1: τ13 τ1 τ7 τ2 τ3 τ4 τ5 τ6 τ8 τ9 τ10 τ11 τ12 τ13 However, our improved algorithm can distinguish fields by their size precisely by using target machine information. The Figure shows the result points-to graph.

18 (b) The improved type hierarchy
Another Improvement Improving the type hierarchy object simple struct blank object simple struct blank (a) Original Type hierarchy (b) The improved type hierarchy The increase of precision also benefits from improving the type hierarchy [5haiErB:ki] which defined the partial order among scalars and structured objects. The original type hierarchy is showed in Figure (a). The type hierarchy provides a necessary requirement for partial order between two variables a and b to hold is that, a and b are either of the same kind or the kind of b appears above the kind of a in the hierarchy. It results in the conditional join of simple type and struct type conservatively, since both of them must be promoted to object type. We make a change for the type hierarchy and corresponding change in type system that enables the result of joining simple type and struct type is another struct type with only fields possibly overlapped with the scalar joined. The new hierarchy is showed in Figure (b). We make a change for the type hierarchy and corresponding change in type system that enables the result of joining simple type and struct type is another struct type with only fields possibly overlapped with the scalar joined.

19 Flow- and context-sensitive dataflow analysis
A transfer function evaluator Computes transfer functions for each procedure Traverse the procedure call graph in a bottom-up order, from callees to callers. To handle recursions, we reduced the call graph to a SCC-DAG in each SCC. A dataflow value propagator A data flow value is an element of the semi-lattice Propagates dataflow value from the entry to the exit of each procedure’s local CFG in a top-down manner Traverse the procedure call graph in a top-down manner Let’s come into the dataflow analysis part. We have implemented a data-flow analysis engine in C++ template for the sake of code reusing. The engine consists of two components, one is a transfer function evaluator and the other is a dataflow value propagator. The transfer function evaluator computes transfer functions for each procedure which summarize the effect of this procedure under a specific data flow problem. We compute transfer functions for each procedure over the procedure call graph in a bottom-up order, from callees to callers. When computing a caller’s transfer function, all callees’ transfer functions have been already computed and are compounded into the caller’s transfer function if there is no circle in the call graph. To handle recursions, we reduced the call graph to a SCC-DAG (Strongly Connected Component Directed Acyclic Graph) and perform iterations in each SCC. The dataflow value propagator propagates dataflow value from the entry to the exit of each procedure’s local control flow graph, and propagates on the call graph in a top-down manner. A data flow value is an element of the semi-lattice corresponding to different data flow problems.

20 Transfer functions A single transfer function has the form
x1…xn is a list of formal-in parameters, either a declared formal parameter or a location whose value at the procedure entry may be accessed by the procedure or the procedures it invokes. y is a formal-out parameter, include not only the return value of this procedure but also all the locations whose value at the procedure exit may be accessed out of the procedure. The function body of f gives the mapping relations between inputs x1…xn and the output y. A single transfer function has the form here. y denotes a formal-out parameter and x1…xn denote a list of formal-in parameters. A formal-in parameter of a procedure is either a declared formal parameter or a location whose value at the procedure entry may be accessed by the procedure or the procedures it invokes. Such location may be a global variable, an allocated object or represented by dereference of pointers. Similarly, the formal-out parameters of a procedure include not only the return value of this procedure but also all the locations whose value at the procedure exit may be accessed out of the procedure. The function body of f gives the mapping relations between inputs x1…xn and the output y. Since a procedure may have more than one formal-out parameters, it may have a group of transfer functions each of which summarizes the procedure effect for one of the formal-out parameters.

21 Dataflow value propagator
At a procedure entry Perform the “meet” operation on the data flow values from difference call sites. At each callsite Propagate value of each actual-in parameter to the corresponding formal-in parameter of the callee Obtain the value of each formal-out parameter by applying the transfer function and propagate it to the corresponding actual-out parameter. Need to perform iterations for loops and recursions At the entry of each procedure, we perform the “meet” operation on the data flow values from different call sites for each formal-in parameter. At each callsite, we propagate value of each actual-in parameter to the corresponding formal-in parameter of the callee at first. Then we obtain the value of each formal-out parameter by applying the transfer function to the value of formal-in parameters and propagate it to the corresponding actual-out parameter. If there are recursions in the program, we also need to perform iterations in each SCC.

22 Checking uninitialized reference
Abstract the task as solving a dataflow problem Any memory object in any reference site has a dataflow value “define”, “may define” or “undefine”. To determine which values they have. A memory object is initialized on all paths from the program entry to the current reference site, the memory object in this site has the value “define”. If on some path the memory object is not initialized, the vaule will be “undefine”. The initialization through indirect memory operations (e.g. the deference of pointers) results in a value “may define”. Our first application of the engine is to find all the possible references of uninitialized memory. We abstract the task as solving a dataflow problem in which any memory object in any reference site has as a property the dataflow value “define”, “may define” or “undefine”. If a memory object is initialized on all paths from the program entry (usually as “main” function) to the current reference site, the memory object in this site has the property “define”. If on some path the memory object is not initialized, the property will be “undefine”. The initialization through indirect memory operations (e.g. the deference of pointers) results in a property “may define”.

23 Checking uninitialized reference (2)
First compute a transfer function for each procedure, the transfer function says that which global variables are modified and how to be modified by this procedure. If on every path in the procedure form entry to exit a global variable is modified by direct assignments, the variable is “must mod”. if in every path variable is modified by either direct or indirect assignments, the variable is “may mod”. Otherwise the variable must not be modified on some of the paths, so it is “may not mod” The transfer function evaluator performs an interprocedural modified side effect analysis to the whole program. To solve the problem we first invoke the transfer function evaluator to compute a transfer function for each procedure. The transfer function of one procedure says that which global variables are modified by this procedure. In fact the transfer function evaluator performs an interprocedural modified side effect analysis to the whole program. The side effect analysis can distinguish “must” and “may” mod information: If on every path in the procedure form entry to exit the global variable is modified by direct assignments, the variable is “must mod”. Otherwise if in every path variable is modified by either direct or indirect assignments, the variable is “may mod”. Otherwise the variable must not be modified on some of the paths, so it is “may not mod”

24 Checking uninitialized reference (3)
Then propagates the modification property at procedure entry to the exit. The “must mod” and “may mod” value of a transfer function are both regarded as “define” The “may not mod” value is regarded as “undefine” Only propagate for scalar variables that are either local or global currently. The dataflow value propagator propagates the modification property at procedure entry to the exit. The “must mod” and “may mod” value of a transfer function are both regarded as “define” in this phase. The “may not mod” value is regarded as “undefine” here. We only propagate for scalar variables that are either local or global currently.

25 Example Kloc Time (sec) Reports Bugs FP Rate mcf 0.9 0.01 3 0% bzip2 2.4 0.05 bftpd-2.3 2.8 0.08 2 1 50% gzip 3.6 0.11 HyperSAT-1.7 6 100% parser 7.4 0.7 TOTAL 23.1 1.06 7 5 28.6% Time: the time for checking the benchmark; Reports: the total number of warnings produced on the benchmark; Bugs: the number of true bugs found; FP Rate: the false positive rate; Compare with GCC with the warning option –Wuninitialized. No warnings are reported by GCC, because GCC can only check uninitialized reference for auto variables intraprocedurally. The experimental results are displayed in this Table. We have used compiler GCC with the warning option –Wuninitialized to check the uninitialized reference for these examples .However no warnings are reported. This is mainly because GCC can only check uninitialized reference for auto variables intraprocedurally.

26 Conclusion We have introduced our work of constructing an aggressive framework for program analysis in order to do error checking in Open64. We Integrates intraprocedural analysis into interprocedural phase in order to do flow- and context-sensitive whole program analysis. Improves the original alias analysis to be field-sensitive and compared the three unification-based methods. An error checking instance, checking uninitialized reference is displayed. Now we conclude. We have introduced our work of constructing an aggressive framework for program analysis in order to do error checking in Open64. The framework integrates intraprocedural analysis into interprocedural phase so that we can do flow- and context-sensitive whole program analysis. An error checking instance, chekcing initialized reference has been introduced. We have also improved the original alias analysis to be field-sensitive and compared the three unification-based methods.

27 Thank You ! www.themegallery.com
Thanks for listening to my presentation. I wish you have a good time in seattle

Download ppt "Hongtao Yu Wei Huo ZhaoQing Zhang XiaoBing Feng"

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
CPSC 388 – Compiler Design and Construction

CPSC 388 – Compiler Design and Construction
P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.

P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.
1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.

1 CS 201 Compiler Construction Lecture 3 Data Flow Analysis.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.

Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.

Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Improving code generation. Better code generation requires greater context Over expressions: optimal ordering of subtrees Over basic blocks: Common subexpression.

Improving code generation. Better code generation requires greater context Over expressions: optimal ordering of subtrees Over basic blocks: Common subexpression.
4/25/08Prof. Hilfinger CS164 Lecture 371 Global Optimization Lecture 37 (From notes by R. Bodik & G. Necula)

4/25/08Prof. Hilfinger CS164 Lecture 371 Global Optimization Lecture 37 (From notes by R. Bodik & G. Necula)
Previous finals up on the web page use them as practice problems look at them early.

Previous finals up on the web page use them as practice problems look at them early.
Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:

Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:
Run time vs. Compile time

Run time vs. Compile time
Data Flow Analysis 1 15-411 Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.

Data Flow Analysis Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.
Intraprocedural Points-to Analysis Flow functions:

Intraprocedural Points-to Analysis Flow functions:
Data Flow Analysis 4 15-411 Compiler Design Nov. 8, 2005.

Data Flow Analysis Compiler Design Nov. 8, 2005.
Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization.

Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization.
Improving Code Generation Honors Compilers April 16 th 2002.

Improving Code Generation Honors Compilers April 16 th 2002.

Similar presentations

Ads by Google