Download presentation
Presentation is loading. Please wait.
Published byGretchen Cortner Modified over 9 years ago
1
Finding Optimal Program Abstractions Mayur Naik Georgia Tech Xin Zhang (Georgia Tech) Hongseok Yang (Oxford) Percy Liang (Stanford) Mooly Sagiv (Tel-Aviv U) Joint work with:
2
Static Analysis: 70’s to 90’s April 2013 2 client-oblivious “Because clients have different precision and scalability needs, future work should identify the client they are addressing …” M. Hind, Pointer Analysis: Haven’t We Solved This Problem Yet?, 2001 abstraction a program p query q 1 query q 2 p ² q1?p ² q1? p ² q2?p ² q2? Dagstuhl
3
p ² q1?p ² q1? p ² q2?p ² q2? Static Analysis: 00’s to Present April 20133 client-driven – demand-driven points-to analysis Heintze & Tardieu ’01, Guyer & Lin ’03, Sridharan & Bodik ’06, … – CEGAR model checkers: SLAM, BLAST, … abstraction a program p query q 1 query q 2 Dagstuhl
4
Static Analysis: 00’s to Present April 20134 abstraction a 2 abstraction a 1 q1q1 p q2q2 p ² q 1 ? p ² q 2 ? client-driven – demand-driven points-to analysis Heintze & Tardieu ’01, Guyer & Lin ’03, Sridharan & Bodik ’06, … – CEGAR model checkers: SLAM, BLAST, … Dagstuhl
5
Our Static Analysis Setting April 20135 client-driven + parametric – new search algorithms: testing, machine learning, … – new analysis questions: optimality, impossibility, … abstraction a 2 abstraction a 1 q1q1 p q2q2 p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 Dagstuhl
6
Example 1: Predicate Abstraction (CEGAR) April 20136 abstraction a 2 abstraction a 1 q1q1 p q2q2 Predicates to use in predicate abstraction p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 Dagstuhl
7
Example 2: Shape Analysis (TVLA) April 20137 Predicates to use as abstraction predicates abstraction a 2 abstraction a 1 q1q1 p q2q2 p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 Dagstuhl
8
Example 3: Cloning-based Pointer Analysis April 20138 abstraction a 2 abstraction a 1 q1q1 p q2q2 K value to use for each call and each allocation site p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 Dagstuhl
9
Problem Statement An efficient algorithm with: INPUTS: – program p and query q – abstractions A = { a 1, …, a n } – boolean function S(p, q, a) OUTPUT: – Impossibility: @ a 2 A: S(p, q, a) = true – Proof: a 2 A: S(p, q, a) = true 8 a’ 2 A: (a’ · a Æ S(p, q, a’) = true) ) a’ = a April 20139 q p S p ` q p 0 q a Dagstuhl Optimal Abstraction AND
10
An efficient algorithm with: INPUTS: – program p and query q – abstractions A = { a 1, …, a n } – boolean function S(p, q, a) OUTPUT: – Impossibility: @ a 2 A: S(p, q, a) = true – Proof: a 2 A: S(p, q, a) = true 8 a’ 2 A: (a’ · a Æ S(p, q, a’) = true) ) a’ = a Problem Statement April 201310 : S(p, q, a) S(p, q, a) 1111 finest 0100 optimal 0000 coarsest AND Dagstuhl Optimal Abstraction
11
Orderings on A Efficiency Partial Ordering – a 1 · cost a 2, sum of a 1 ’s bits · sum of a 2 ’s bits – S(p, q, a 1 ) runs faster than S(p, q, a 2 ) Precision Partial Ordering – a 1 · prec a 2, a 1 is pointwise · a 2 – S(p, q, a 1 ) = true ) S(p, q, a 2 ) = true April 201311Dagstuhl
12
Why Optimality? Empirical lower bounds for static analysis Efficient to compute Better for user consumption – analysis imprecision facts – assumptions about missing program parts Better for machine learning April 201312Dagstuhl
13
Why is this Hard in Practice? |A| exponential in size of p, or even infinite S(p, q, a) = false for most p, q, a Different a is optimal for different p, q April 201313Dagstuhl
14
Talk Outline Abstraction Coarsening [POPL’11] Abstractions from Tests [POPL’12] Abstraction Refinement [PLDI’13] April 201314Dagstuhl
15
Talk Outline Abstraction Coarsening [POPL’11] Abstractions from Tests [POPL’12] Abstraction Refinement [PLDI’13] April 201315Dagstuhl
16
Abstraction Coarsening [POPL’11] For given p, q: start with finest a, incrementally replace 1’s with 0’s Two algorithms: – deterministic vs. randomized In practice, use combination of the algorithms April 201316 : S(p, q, a) S(p, q, a) 1111 finest 0100 optimal 0000 coarsest Dagstuhl
17
Randomized Coarsening Algorithm April 201317 a à (1, …, 1) Loop: Remove each component from a with probability (1 - ® ) Run S(p, q, a) If : S(p, q, a) then add components back Else remove components permanently Dagstuhl
18
Performance of Randomized Coarsening Let: n = total # components s = # components in largest optimal abstraction If set probability ® = e (-1/s) then outputs optimal abstraction in O(s log n) expected time Significance: s is small, only log dependence on total # components April 201318Dagstuhl
19
Application: Pointer Analysis Abstractions Client: static datarace detector [PLDI’06] – Pointer analysis using k-CFA with heap cloning – Uses call graph, may-alias, thread-escape, and may-happen-in-parallel analyses April 201319 # components (x 1000) # unproven queries (dataraces) (x 1000) alloc sites call sites 0-CFA1-CFAdiff1-obj2-objdiff hedc1.67.221.317.83.517.116.11.0 weblech2.612.427.98.219.78.15.52.5 lusearch2.913.937.631.95.731.420.910.5 Dagstuhl
20
Experimental Results: All Queries April 201320 K-CFA# components (x 1000) BasicRefine (x 1000) ActiveCoarsen hedc8.87.2 (83%)90 (1.0%) weblech15.012.7 (85%)157 (1.0%) lusearch16.814.9 (88%)250 (1.5%) K-obj# components (x 1000) BasicRefine (x 1000) ActiveCoarsen hedc1.60.9 (57%)37 (2.3%) weblech2.61.8 (68%)48 (1.9%) lusearch2.92.1 (73%)56 (1.9%) Dagstuhl
21
Empirical Results: Per Query April 201321Dagstuhl
22
Empirical Results: Per Query, contd. April 201322Dagstuhl
23
Talk Outline Abstraction Coarsening [POPL’11] Abstractions from Tests [POPL’12] Abstraction Refinement [PLDI’13] April 201323Dagstuhl
24
Talk Outline Abstraction Coarsening [POPL’11] Abstractions from Tests [POPL’12] Abstraction Refinement [PLDI’13] April 201324Dagstuhl
25
Abstractions From Tests [POPL’12] April 201325 p, q dynamic analysis p ² q?p ² q? and optimal! 0 1 0 0 0 static analysis Dagstuhl
26
Combining Dynamic and Static Analysis Previous work: – Counterexamples: query is false on some input suffices if most queries are expected to be false – Likely invariants: a query true on some inputs is likely true on all inputs [Ernst 2001] Our approach: – Proofs: a query true on some inputs is likely true on all inputs and for likely the same reason! April 201326Dagstuhl
27
Example: Thread-Escape Analysis April 201327 L L L L h1 h2 h3 h4 local(pc, w)? // u, v, w are local variables // g is a global variable // start() spawns new thread for (i = 0; i < N; i++) { u = new h1; v = new h2; g = new h3; v.f = g; w = new h4; u.f2 = w; pc: w.id = i; u.start(); } Dagstuhl
28
Example: Thread-Escape Analysis // u, v, w are local variables // g is a global variable // start() spawns new thread for (i = 0; i < N; i++) { u = new h1; v = new h2; g = new h3; v.f = g; w = new h4; u.f2 = w; pc: w.id = i; u.start(); } April 201328 L L E L h1 h2 h3 h4 but not optimal local(pc, w)? Dagstuhl
29
Example: Thread-Escape Analysis April 201329 L E E L h1 h2 h3 h4 and optimal! local(pc, w)? // u, v, w are local variables // g is a global variable // start() spawns new thread for (i = 0; i < N; i++) { u = new h1; v = new h2; g = new h3; v.f = g; w = new h4; u.f2 = w; pc: w.id = i; u.start(); } Dagstuhl
30
Benchmarks April 201330 classesbytecodes (x 1000) alloc. sites (x 1000) apptotalapptotal hedc44355161611.6 weblech57579202372.6 lusearch2296481002732.9 sunflow1641,0181174805.2 avrora1,1591,5252233164.9 hsqldb1998372214914.6 Dagstuhl
31
Precision: Thread-Escape Analysis April 201331Dagstuhl
32
Running Time (seconds) CDFs 32April 2013Dagstuhl
33
Running Time (seconds) CDFs 33April 2013Dagstuhl
34
Talk Outline Abstraction Coarsening [POPL’11] Abstractions from Tests [POPL’12] Abstraction Refinement [PLDI’13] April 201334Dagstuhl
35
Talk Outline Abstraction Coarsening [POPL’11] Abstractions from Tests [POPL’12] Abstraction Refinement [PLDI’13] April 201335Dagstuhl
36
`21.548` Example: Type-State Analysis x = new File; y = x; if (*) z = x; x.open(); y.close(); if (*) check1(x, closed); else check2(x, opened); 36April 2013Dagstuhl QueryAbstraction check1Any >= { x, y } check2None `21.548` QueryAbstraction check1{ } check2
37
Example: Type-State Analysis 37April 2013Dagstuhl x = new File; y = x; if (*) z = x; x.open(); y.close(); if (*) check1(x, closed); else check2(x, opened); QueryAbstraction check1Any >= { x, y } check2None QueryAbstraction check1{ } check2 { x } `21.548` { x, y }
38
Example: Type-State Analysis 38April 2013Dagstuhl x = new File; y = x; if (*) z = x; x.open(); y.close(); if (*) check1(x, closed); else check2(x, opened); QueryAbstraction check1Any >= { x, y } check2None QueryAbstraction check1{ } check2{ } `21.548` { x }{ x, y } { x }
39
Precision: Thread-Escape Analysis April 201339Dagstuhl
40
Comparison with Abstractions from Tests April 2013Dagstuhl40
41
Number of Iterations April 201341Dagstuhl proven queriesimpossible queries minmaxavgminmaxavg hsqldb22731132 antlr21891478 avrora282481304 lusearch23221232
42
Running Time April 201342Dagstuhl proven queriesimpossible queries minmaxavgminmaxavg hsqldb20s25m94s4s50m55s antlr18s77m98s6s21m64s avrora16s28m67s5s3h41s lusearch14s13m112s6s45m131s
43
Size of Optimal Abstraction April 201343Dagstuhl
44
Size of Optimal Abstraction April 201344Dagstuhl
45
Key Takeaways New questions: optimality, impossibility, … New applications: lower bounds, lib assumptions, … New techniques: search algorithms, abstractions, … New tools: meta-analysis, parallelism, … pag.gatech.edu/prism April 201345Dagstuhl
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.