Presentation is loading. Please wait.

Presentation is loading. Please wait.

Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India."— Presentation transcript:

1 Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India

2 Purity Analysis [Salcianu & Rinard VMCAI ‘05, Whaley & Rinard OOPSLA ‘99] A (side) effect analysis for the heap A foundational analysis with several applications Pointer analysis Escape analysis Checking correctness of speculative parallelism [Prabhu et al., PLDI’10] Lightweight bug finding tools Heavyweight software model checking and verification tools (like SLAM)

3 Our Contributions An Abstract Interpretation formalization A simpler explanation of the analysis A simpler and more standard correctness proof Helps extend and modify algorithm … for Scalability Precision Functionality and verify correctness of extensions/modifications A step towards formalizing similar modular heap analyses like Lattner et al. [PLDI ‘07], Buss et al. [SAC ’08] 3 new optimizations with empirical evaluations

4 Modular Heap Effect Analysis

5 Problem and Challenges Heap Effect Analysis: Determine effect of a procedure call on heap (global program state) Modularity: Compute a context-independent summary for each procedure Challenge: Procedure behavior and effect depend on aliasing in input heap Very few modular analyses can handle aliasing in input heap. WSR analysis is one of them.

6 Challenging Example 1.P(x,y) { 2. t = new () 3. x.next = t 4. t.next = y 5. retval = y.next 6.} o1o1 o2o2 o3o3 xy next n2n2 o1o1 o2o2 o3o3 xytretval next u1u1 u2u2 xy n2n2 u1u1 u2u2 xy t retval next

7 Two possible Approaches 1.Compute different summaries for different aliasing configurations. Pros: Better precision Cons: Possible explosion in the number of summaries 2.Compute a single summary – approach taken by WSR.

8 Two approaches - Example o1o1 o2o2 o3o3 xy next n2n2 o1o1 o2o2 o3o3 xytretval next u1u1 u2u2 xy n2n2 p1p1 p2p2 n5n5 xy t retval next WSR summary n2n2 u1u1 u2u2 xy t retval next

9 Computing WSR Summaries

10 Overview 1.P(x,y) { 2. t = new () 3. x.next = t 4. t.next = y 5. retval = y.next 6.} n2n2 p1p1 p2p2 n5n5 xy t retval next (Transformer Graph) Place holders (External node) Read edge (External edge) Write edge (Internal edge) Local allocs (Internal node)

11 Formalizing WSR analysis Like shape analyses, WSR analysis computes a graph at every program point. But the graphs are abstractions of state transformers rather than states.

12 Abstract Interpretation Formulation

13 Concrete Domain

14 Concrete Semantics P() { … u: … } Parametric collecting semantics In the style of Sharir and Pnueli’s functional approach.

15 Abstract Domains

16 Concretization Modified portion Transformer graph Concrete stateConcrete state(s) Transformed portion Mapping Phase (Identifies modified portion) Transformation Phase

17 Mapping Phase Illustration n2n2 p1p1 p2p2 n5n5 xy tretval next u1u1 u2u2 xy Concrete state Transformer graph

18 Transformation Phase Illustration n2n2 p1p1 p2p2 n5n5 xy tretval next u1u1 u2u2 xy

19 Transformation Phase Illustration n2n2 p1p1 p2p2 n5n5 xy tretval next u1u1 u2u2 xy n2n2 retval

20 Transformation Phase Illustration Abstract shape graph representing a set of concrete states u1u1 u2u2 xy next n2n2 retval

21 Abstract Vs Concrete Summary u1u1 u2u2 xy next u1u1 u2u2 xy Concrete summary u1u1 u2u2 xy next n2n2 retval n2n2 u1u1 u2u2 xy t next

22 Correctness and Termination

23 Partial order and join

24 Abstract Semantics Computes a transformer graph at every program point. Uses a set of equations having the same structure as the concrete semantics. Uses the abstract transformers for statements and procedure calls. Handles procedure calls using the summary of the called function.

25 Correctness and Termination

26 Optimizations

27 Need for optimizations BenchmarkLines of Code WSR analysis Time(s)Memory (MB) Dynamic data display25K46961937 SharpMap26KTime out- PDFsharp96K50881502 Dotspatial (12 DLLS) 200KTime out-

28 Node Merging Optimization 1.P(x) { 2. If(*) 3. t = new …; 4. t = new …; 5. x.f = t; 6. t.g = new …; 7.} Same concrete image n3n3 p1p1 n6n6 x t f g n3n3 p1p1 n6n6 x t f n4n4 f g g

29 Correctness of node merging

30 Termination with node merging Node merging doesn’t preserve containment ordering. Termination is guaranteed only if merged nodes do not reappear in subsequent steps.

31 Termination with node merging [Cont.] Solution : Track (transformer graph, equivalence relation) pairs. The equivalence relation records nodes merged in the previous steps. Whenever a new node is created replace it with the representative of its equivalence class.

32 Identifying nodes to merge Arbitrarily merging nodes will reduce precision. Our Heuristics: n2n2 n1n1 n3n3 f f n2n2 n1n1 f n2n2 n1n1 n3n3 f f n2n2 n1n1 f Results in no loss of precision in our benchmarks when used in a purity analysis

33 Evaluation of Node merging BenchmarkLines of Code With Node merging Time (s)Memory (MB) Dynamic data display25K58427 SharpMap26K615356 PDFsharp96K125535 Dotspatial (12 DLLS) 200K963568

34 Optimization 2 : Summary merging Applies to virtual method calls. … With optimization

35 Optimization 3: Safe node elimination Removes unnecessary external nodes. Eg: Set::Contains is pure but its WSR summary has many external edges/nodes. Does not affect precision.

36 Empirical evaluation BenchmarkLines of Code WSR analysisWith all opts Time(s)Memory (MB) Time (s)Memory (MB) Dynamic data display 25K4696193723410 SharpMap26K-179356 PDFsharp96K5088150276550 Dotspatial (12 DLLS) 200K-232568

37 Conclusion WSR analysis is a widely used modular heap analysis. Formalized WSR analysis as an Abstract Interpretation. Mentioned as an open problem by Salcianu. Proposed 3 Optimizations to WSR analysis. Proved them correct using the AI formulation. They make the analysis to scale to large programs.

Download ppt "Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India."

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland.

Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.

Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.

Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
1 Regression-Verification Benny Godlin Ofer Strichman Technion.

1 Regression-Verification Benny Godlin Ofer Strichman Technion.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.

Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.
Correctness. Until now We’ve seen how to define dataflow analyses How do we know our analyses are correct? We could reason about each individual analysis.

Correctness. Until now We’ve seen how to define dataflow analyses How do we know our analyses are correct? We could reason about each individual analysis.
From last time: live variables Set D = 2 Vars Lattice: (D, v, ?, >, t, u ) = (2 Vars, µ, ;,Vars, [, Å ) x := y op z in out F x := y op z (out) = out –

From last time: live variables Set D = 2 Vars Lattice: (D, v, ?, >, t, u ) = (2 Vars, µ, ;,Vars, [, Å ) x := y op z in out F x := y op z (out) = out –
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc08.html.

Program analysis Mooly Sagiv html://
Previous finals up on the web page use them as practice problems look at them early.

Previous finals up on the web page use them as practice problems look at them early.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.

Validating High-Level Synthesis Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San.

Similar presentations

Ads by Google