Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State."— Presentation transcript:

1 Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State University IBM T. J. Watson Research Center

2 Points-to Analysis Many static analysis tools need highly precise whole-program points-to solution – (e.g., data race detector, slicer) Context-free-language(CFL) reachability formulation of points-to/alias analysis [Sridharan- Bodik PLDI’06] – High precision – Does not scale well for whole program analysis – A lot of redundant computation Our approach targets CFL-reachability-based points-to analysis – Pre-analyze the program to reduce the redundancy 2

3 Example of CFL-Reachability Formulation[PLDI’06] 3 a = new A(); // o 1 b = new A(); // o 2 c = a; o1o1 a b c o2o2 x y pret o3o3 (1(1 )1)1 (2(2 )2)2 [f[f [ f ]f]f o4o4 e id(p){ return p;} x = id(a); // call 1 y = id(b); // call 2 a.f = new C(); //o 3 b.f = new C(); //o 4 e = x.f; o  pts(v) if o flowsTo v

4 Targeted Inefficiency A pair of heap load and store a.f = o; v = b.f; What if a and b can never alias? – v can not point to o – May be redundant to perform the entire sequence of checks 4 a b ov alias? [f[f ]f]f o’ flowsTo? ]g]g c d [g[g alias? flowsTo? (c.g =a) (b=d.g ) o’’ X

5 Our Approach Must-not-alias analysis – Use an imprecise but cheap off-line analysis to find x and b are not aliases under any possible calling context – Quickly conclude that e cannot point to o 4 in the points- to analysis, if our analysis reports (x, b) must not alias 5

6 Program Representation Intraprocedural Symbolic Points-To Graph (SPG) – Introduce symbolic node s for formal parameter field dereference a.f in a heap load a call site that returns a reference-typed value – Compute intraprocedural flowsTo path – Points-to edge a o  SPG if o flowsTo a is found – Points-to edge o 1 o 2  SPG if o 1 flowsTo a, o 2 flowsTo b, and a.f = b are found 6 B m(A a){ C c = new C();// o 1 a.f = c; return c.g; } o1o1 sasa f sgsg ret c g f a

7 Interprocedural Symbolic Points-To Graph Connect intraprocedural symbolic points-to graphs with entry and exit edges 7 B m(A a){ C c = new C();// o 1 a.f = c; return c.g; } o1o1 sasa f sgsg ret c g A d = new A(); // o 2 B b = m(d); // call m d o2o2 b smsm entry m exit m a

8 Must-Not-Alias Analysis Context-insensitive memAlias formuation – Treat a pair of points to edges and as balanced parentheses – – Allocation or symbolic node m and n are aliases if m memAlias n 8 f f

9 Example 9 B m(A a){ C c = new C();// o 1 a.f = c; return c.g; } A a = new A(); // o 2 B b = m(a); C(){ this.g = new B();// o 3 } o1o1 sasa sgsg ret c g a o2o2 b smsm exit m entry m s this g o3o3 entry C this

10 Algorithm Add pairs of nodes (a, b) in memAlias, if they are reachable from the same node c, and the strings between (c, a) and (c, b) are the same – Example: a a 0 … c … b 0 b 10 f1f1 f2f2 fnfn fnfn f2f2 f1f1

11 Algorithm (Cond.) while a fixed point is not reached do Add pairs of nodes (a, b) in memAlias, if (a, f)  memAlias, (g, b)  memAlias, (f, g)  memAlias – a f g b Add pairs of nodes (d, e) in memAlias, if there is a pair (f, g)  memAlias, d and e are reachable from f and g, respectively, and the two strings between (f, d) and (e, g) are the same – f a 0 … d e … b 0 g end while 11 f1f1 f2f2 fnfn fnfn f2f2 f1f1

12 Context-Sensitive Must-Not-Alias Analysis Context-sensitivity is achieved by – Bottom-up traversing the call graph (i.e., summary- based) – Cloning objects for 1-level method calls when composing summaries Context sensitivity – Full context-sensitivity for pointer variables – 1-level context-sensitivity for pointer targets – Has almost the same precision as the 1-object-sensitive analysis, but much cheaper 12

13 Example 13 B m(A a){ C c = new C();// o 1 a.f = c; return c.g; } A a = new A(); // o 2 B b = m(a); C(){ this.g = new B();// o 3 } o3co3c o1mo1m o1o1 sgsg g smsm o2o2 s this g o3o3 entry C sasa entry m exit m s this c samsam f sgmsgm

14 Using Must-Not-Alias Information Object or symbolic nodes m and n must not alias if (m, n)  memAlias Using must-not-alias information in Sridharan- Bodik analysis – Check a pair of load and store a.f = o; c = b.f; – Don’t check whether a and b can alias if, for any object or symbolic nodes o a and o b such that a o a and b o b  ISPG, o a and o b must not alias 14

15 Experiments Benchmarks – SpecJVM : 7 programs – DaCapo: 4 programs – Others: 8 programs – Number of methods ranging from 2344 to 8789 Comparison between Sridharan-Bodik representation and ISPG without var nodes – 1.7  reduction in the number of nodes – 5.6  reduction in the number of edges 15

16 Running Time Reduction 16 Average: 3 

17 Precision (casts proved safe) 17 Precision = % #safe casts/#total castsCI:3.2%, MA:8.0%, 1-OBJ:10.5%, SB:23.5%

18 Conclusions Refinement-based points-to analysis is precise but expensive A context-sensitive must-not-alias analysis – Pre-computes aliasing information – memAlias-reachability formulation – Used to quickly eliminate non-aliasing pairs in the points-to analysis Experimental results – Alias analysis has short running time – Significant time reduction for the points-to analysis – Points-to information derived from memAlias is almost as precise as 1-object-sensitive analysis 18

19 Thank you 19

20 Running Time ISPG construction – 48 – 245s – On average 2.064 s/1000 Jimple statements Must-not-alias analysis – 9 – 80s – On average 0.579 s/1000 Jimple statements Modified points-to analysis – 185 – 2350s – On average 9.65 s/1000 Jimple statements Total – 282 – 2854s – On average 12.294 s/1000 Jimple statements 20

Download ppt "Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State."

Similar presentations

R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR

R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR
Uncovering Performance Problems in Java Applications with Reference Propagation Profiling PRESTO: Program Analyses and Software Tools Research Group, Ohio.

Uncovering Performance Problems in Java Applications with Reference Propagation Profiling PRESTO: Program Analyses and Software Tools Research Group, Ohio.
ASSUMPTION HIERARCHY FOR A CHA CALL GRAPH CONSTRUCTION ALGORITHM JASON SAWIN & ATANAS ROUNTEV.

ASSUMPTION HIERARCHY FOR A CHA CALL GRAPH CONSTRUCTION ALGORITHM JASON SAWIN & ATANAS ROUNTEV.
P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.

P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Go with the Flow: Profiling Copies to Find Run-time Bloat Guoqing Xu, Matthew Arnold, Nick Mitchell, Atanas Rountev, Gary Sevitsky Ohio State University.

Go with the Flow: Profiling Copies to Find Run-time Bloat Guoqing Xu, Matthew Arnold, Nick Mitchell, Atanas Rountev, Gary Sevitsky Ohio State University.
Demand-driven Alias Analysis Implementation Based on Open64 Xiaomi An

Demand-driven Alias Analysis Implementation Based on Open64 Xiaomi An
1 CS 201 Compiler Construction Lecture Interprocedural Data Flow Analysis.

1 CS 201 Compiler Construction Lecture Interprocedural Data Flow Analysis.
Refinement-Based Context-Sensitive Points-To Analysis for JAVA Soonho Kong 17 January 2009 1 Work of Manu Sridharan and Rastislav Bodik, UC Berkeley.

Refinement-Based Context-Sensitive Points-To Analysis for JAVA Soonho Kong 17 January Work of Manu Sridharan and Rastislav Bodik, UC Berkeley.
Program Slicing Mark Weiser and Precise Dynamic Slicing Algorithms Xiangyu Zhang, Rajiv Gupta & Youtao Zhang Presented by Harini Ramaprasad.

Program Slicing Mark Weiser and Precise Dynamic Slicing Algorithms Xiangyu Zhang, Rajiv Gupta & Youtao Zhang Presented by Harini Ramaprasad.
Thin Slicing Manu Sridharan, Stephen J. Fink, Rastislav Bodík.

Thin Slicing Manu Sridharan, Stephen J. Fink, Rastislav Bodík.
1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.

1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.
Parameterized Object Sensitivity for Points-to Analysis for Java Presented By: - Anand Bahety Dan Bucatanschi.

Parameterized Object Sensitivity for Points-to Analysis for Java Presented By: - Anand Bahety Dan Bucatanschi.
The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.

The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.
Interprocedural analysis © Marcelo d’Amorim 2010.

Interprocedural analysis © Marcelo d’Amorim 2010.
Pointer and Shape Analysis Seminar Context-sensitive points-to analysis: is it worth it? Article by Ondřej Lhoták & Laurie Hendren from McGill University.

Pointer and Shape Analysis Seminar Context-sensitive points-to analysis: is it worth it? Article by Ondřej Lhoták & Laurie Hendren from McGill University.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Advanced Compilers CMPSCI 710.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Advanced Compilers CMPSCI 710.
Finding Low-Utility Data Structures Guoqing Xu 1, Nick Mitchell 2, Matthew Arnold 2, Atanas Rountev 1, Edith Schonberg 2, Gary Sevitsky 2 1 Ohio State.

Finding Low-Utility Data Structures Guoqing Xu 1, Nick Mitchell 2, Matthew Arnold 2, Atanas Rountev 1, Edith Schonberg 2, Gary Sevitsky 2 1 Ohio State.

Similar presentations

Ads by Google