Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pointer Analysis as a System of Linear Equations. Rupesh Nasre (CSA). Advisor: Prof. R. Govindarajan. Jan 22, 2010.

Published byRebecca Grant Modified over 8 years ago

Similar presentations

Presentation on theme: "Pointer Analysis as a System of Linear Equations. Rupesh Nasre (CSA). Advisor: Prof. R. Govindarajan. Jan 22, 2010."— Presentation transcript:

1 Pointer Analysis as a System of Linear Equations. Rupesh Nasre (CSA). Advisor: Prof. R. Govindarajan. Jan 22, 2010.

2 What is Pointer Analysis? a = &x; b = a; if (b == *p) { … } else { … } Is this condition always satisfied? Pointer Analysis is a mechanism to statically find out run-time values of a pointer. a and b are aliases. a points to x.

3 Why Pointer Analysis? For Parallelization. – fun(p) || fun(q); For Optimization. – a = p + 2; – b = q + 2; For Bug-Finding. For Program Understanding.... Clients of Pointer Analysis.

4 Placement of Pointer Analysis. Pointer Analysis. Parallelizing compiler. String vulnerability finder. Program slicer. Data flow analyzer. Lock synchronizer. Affine expression analyzer. Memory leak detector. Type analyzer. Improved runtime. Secure code. Better debugging. Better compile time.

5 Normalized Input. p = &q address-of p = q copy p = *q load *p = q store p q pq p q p q qp qp qp qp

6 Our Contributions. Ordering points-to statements in an intelligent way to improve the analysis time. Dynamic partitioning of points-to statements for a prioritized points-to analysis. Probabilistic points-to analysis using bloom filters.  Points-to analysis as a set of linear equations.

7 Why as a Linear System? Scalability. – Code sizes going into billions. Scalability. – Several pointer analyses go out of memory. – Those that don't take hours. – The remaining are imprecise. Scalability. – Linear algebra is a mature topic.

8 Outline. Introduction.  First-cut approach. Modified approach. Evaluation.

9 First-cut Approach. a = &x; p = &a; b = *p; c = b; a = x - 1 p = a - 1 b = p + 1 c = b Transform. Solve. x = r a = r - 1 b = r - 1 c = r – 1 p = r - 2 a, b, c point to x. p points to a. p points to b. p points to c. Solve. a, b, c point to x. p points to a. Imprecise analysis..

10 Issues with First-cut Approach. Dereferencing. – a = &x versus *a = x. a = &x*a = x a = x-1 a+1 = x Semantically different. Mathematically same.

11 Issues with First-cut Approach. Dereferencing. – a = &x versus *a = x. Multiple assignments. – a = &x, a = &y; a = &x; a = &y; Transform. a = x-1; a = y-1; Solve. No solution.

12 Issues with First-cut Approach. Dereferencing. – a = &x versus *a = x. Multiple assignments. – a = &x, a = &y; Cyclic assignments. – a = &a; a = &a; Transform. a = a-1; Solve. No solution.

13 Issues with First-cut Approach. Dereferencing. – a = &x versus *a = x. Multiple assignments. – a = &x, a = &y; Cyclic assignments. – a = &a; Symmetry of assignment. – a = b implies b = a.

14 Outline. Introduction. First-cut approach.  Modified approach. Evaluation.

15 Important Ideas. Address of a variable as a prime number. Points-to set as a multiplication of primes. Variable renaming to avoid inconsistency. The ideas guarantee feasibility, uniqueness and integrality of the solution.

16 Example. a = &x; p = &a; b = *p; c = b; a = a0*17 p = p0*101 b = b0*(p+1) c = c0*b Transform. Solve. &x = 17 &a = 101 a0 = 1 b0 = 1 c0 = 1 p0 = 1 a = 17 p = 101 b = 102 c = 102 Interpret. a = 17 p = 101 b = 17 c = 17 102 => 1 + 101 => 1 dereference on 101 => 1 dereference on &a => a => 17.

17 Soundness and Precision. If &x = 7, &y = 11 and p points to x and y, then p is a multiple of 77. If &x = 7, &y = 11 and p is a multiple of 77, then p points to x and y. Multiplication of primes. Prime factorization is unique. Guarantees soundness. Guarantees precision.

18 Properties. If the value of a pointer p is a prime number, then it defines a must-point-to relation, else it is a may-point-to relation. If the value of p is 1, then p is unused. If pointers p1 and p2 have the same value, then p1 and p2 are pointer equivalent. Variables x and y are location equivalent when &x dividing the value of pointer p implies &x*&y also divide the value. Pointers p1 and p2 are aliases if gcd(p1, p2) != 1.

19 Outline. Introduction. First-cut approach. Modified approach.  Evaluation.

20 Evaluation. Benchmarks: SPEC 2000, httpd, sendmail. Configuration: Intel Xeon, 2 Ghz clock, 4MB L2 cache, 3GB RAM. AndersenBloom FilterLinear Solver Time (s) OOM92655 Memory (MB) OOM2721

21 Summary. We proposed a novel representation of points- to information using prime factorization. We solved pointer analysis as a system of linear equations. We empirically showed that it is competitive to the state-of-the-art algorithms.

22 Pointer Analysis as a System of Linear Equations. Rupesh Nasre (CSA). nasre@csa.iisc.ernet.innasre@csa.iisc.ernet.in. Advisor: Prof. R. Govindarajan. Jan 22, 2010.

Download ppt "Pointer Analysis as a System of Linear Equations. Rupesh Nasre (CSA). Advisor: Prof. R. Govindarajan. Jan 22, 2010."

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Scalable Points-to Analysis. Rupesh Nasre. Advisor: Prof. R. Govindarajan. Comprehensive Examination. Jun 22, 2009.

Scalable Points-to Analysis. Rupesh Nasre. Advisor: Prof. R. Govindarajan. Comprehensive Examination. Jun 22, 2009.
SSA and CPS CS153: Compilers Greg Morrisett. Monadic Form vs CFGs Consider CFG available exp. analysis: statement gen's kill's x:=v 1 p v 2 x:=v 1 p v.

SSA and CPS CS153: Compilers Greg Morrisett. Monadic Form vs CFGs Consider CFG available exp. analysis: statement gen's kill's x:=v 1 p v 2 x:=v 1 p v.
Practical techniques & Examples

Practical techniques & Examples
Automatic Memory Management Noam Rinetzky Schreiber 123A 2015/seminar/seminar1415a.html.

Automatic Memory Management Noam Rinetzky Schreiber 123A /seminar/seminar1415a.html.
Chapter 9 Pointers and Dynamic Arrays. Overview 9.1 Pointers 9.2 Dynamic Arrays.

Chapter 9 Pointers and Dynamic Arrays. Overview 9.1 Pointers 9.2 Dynamic Arrays.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.

CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.

Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.

Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.

Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.
Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???

Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???
Type Systems For Distributed Data Sharing Ben Liblit Alex AikenKathy Yelick.

Type Systems For Distributed Data Sharing Ben Liblit Alex AikenKathy Yelick.
Pointer and Shape Analysis Seminar Mooly Sagiv Schriber 317 Office Hours Thursday 15-16.

Pointer and Shape Analysis Seminar Mooly Sagiv Schriber 317 Office Hours Thursday
1 ES 314 Advanced Programming Lec 3 Sept 8 Goals: complete discussion of pointers discuss 1-d array examples Selection sorting Insertion sorting 2-d arrays.

1 ES 314 Advanced Programming Lec 3 Sept 8 Goals: complete discussion of pointers discuss 1-d array examples Selection sorting Insertion sorting 2-d arrays.
Overview of program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc05.html.

Overview of program analysis Mooly Sagiv html://
Introduction to Optimization Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved.

Introduction to Optimization Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved.

Similar presentations

Ads by Google