Presentation is loading. Please wait.

Presentation is loading. Please wait.

ESEC/FSE-99 1 Data-Flow Analysis of Program Fragments Atanas Rountev 1 Barbara G. Ryder 1 William Landi 2 1 Department of Computer Science, Rutgers University.

Published byJacob Bond Modified over 9 years ago

Similar presentations

Presentation on theme: "ESEC/FSE-99 1 Data-Flow Analysis of Program Fragments Atanas Rountev 1 Barbara G. Ryder 1 William Landi 2 1 Department of Computer Science, Rutgers University."— Presentation transcript:

1 ESEC/FSE-99 1 Data-Flow Analysis of Program Fragments Atanas Rountev 1 Barbara G. Ryder 1 William Landi 2 1 Department of Computer Science, Rutgers University 2 Siemens Corporate Research http://www.prolangs.rutgers.edu Funded by NSF grants CCR-9501761, CCR-9804065 and Siemens Corporate Research

2 ESEC/FSE-99 2 Overview Motivation Theoretical model Application for pointer alias analysis Experimental results

3 ESEC/FSE-99 3 Data-Flow Analysis Information about program behavior Defines: –Graph for the control-flow structure –Lattice L of data-flow values –Transfer functions f i : L  L Flow sensitivity: propagate data-flow values by respecting execution order of statements

4 ESEC/FSE-99 4 Limitations of Whole-Program Analysis Traditionally designed as whole-program analysis Precise analyses do not scale for large programs Incomplete programs cannot be analyzed: e.g., programs with libraries Information may be needed only for a small part of a large program

5 ESEC/FSE-99 5 Fragment Data-Flow Analysis Idea: analyze a program fragment instead of a whole program Use summary information about the rest of the program Advantages: –Analyze fragments of large programs –Analyze incomplete programs –Analyze only the “interesting part” of the program

6 ESEC/FSE-99 6 Questions What is the analysis structure? What is the relationship to whole-program analysis? How to define and ensure safety? What factors affect analysis cost and precision?

7 ESEC/FSE-99 7 Model of Whole-Program Analysis Consider only flow-sensitive analysis Interprocedural control-flow graph: Lattice L of data-flow values Node transfer functions f i : L  L Solutions and safety Call Return Exit Entry Return Call Procedure

8 ESEC/FSE-99 8 Fragment Analysis Structure Input: fragment + whole-program information Graph, lattice, node transfer functions Boundary nodes: entry, call, return Boundary entry: summary value from Boundary call: summary function CallExit Entry Return CallEntryCall Fragment

9 ESEC/FSE-99 9 Fragment Analysis Safety All possible containing programs: p  Progs Abstraction relation If, then safely abstracts x A safe solution safely abstracts the most precise whole-program solution for every p Sufficient requirements for analysis safety: transfer functions, boundary summaries

10 ESEC/FSE-99 10 An Application Initial whole-program flow-insensitive analysis Fragment analysis input –Flow-insensitive solution –Call graph Use flow-insensitive solution at the boundary Two fragment pointer alias analyses

11 ESEC/FSE-99 11 Pointer Alias Analysis Aliases refer to the same memory location Example: p = &x; (*p,x) Whole-program flow- and context-sensitive analysis [Landi-Ryder] Fixed and non-fixed locations: x, s.f, *p, p  g Resolution of through-deref assignments Example: *p = 0;

12 ESEC/FSE-99 12 Fragment Alias Analyses Input: whole-program flow-insensitive solution –Flow-insensitive analysis: almost linear time [Steensgaard, Zhang-Ryder-Landi] Basic analysis: assumptions at boundary Extended analysis: include called procedures; no boundary calls

13 ESEC/FSE-99 13 Experiments Sun Sparc-20, 75 MHz, 352 MB 6 data programs: 8K - 25K LOC 12 fragments: –Cohesive subsets of procedures implementing certain functionality –Size: 2%-22% of program size, median 7% Resolved through-deref assignments –Metric: average number of modified fixed locations

14 ESEC/FSE-99 14 Analysis Precision

15 ESEC/FSE-99 15 Analysis Time Flow-insensitive analysis –Range: 2-9 s –Median: 7 s Basic analysis –Range: 18-99 s –Median: 52 s Extended analysis –Range: 18-187 s –Median: 85 s

16 ESEC/FSE-99 16 Summary Fragment analysis as an alternative to whole- program analysis Theoretical issues of safety and feasibility Application using inexpensive whole-program analysis Initial experiments –Extended analysis: significant precision increase at a practical cost Ongoing work: scalability, incomplete programs

17 ESEC/FSE-99 17 The New Lattice What is the set of names? Number of names should not depend on the size of the whole program Each whole-program name is: –preserved –ignored –represented by a placeholder One placeholder name per equivalence class

18 ESEC/FSE-99 18 Fragment Sizes

Download ppt "ESEC/FSE-99 1 Data-Flow Analysis of Program Fragments Atanas Rountev 1 Barbara G. Ryder 1 William Landi 2 1 Department of Computer Science, Rutgers University."

Similar presentations

ASSUMPTION HIERARCHY FOR A CHA CALL GRAPH CONSTRUCTION ALGORITHM JASON SAWIN & ATANAS ROUNTEV.

ASSUMPTION HIERARCHY FOR A CHA CALL GRAPH CONSTRUCTION ALGORITHM JASON SAWIN & ATANAS ROUNTEV.
Data Flow Analysis. Goal: make assertions about the data usage in a program Use these assertions to determine if and when optimizations are legal Local:

Data Flow Analysis. Goal: make assertions about the data usage in a program Use these assertions to determine if and when optimizations are legal Local:
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) Pointer Analysis.

School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) Pointer Analysis.
Whole-Program Linear-Constant Analysis with Applications to Link-Time Optimization Ludo Van Put – Dominique Chanet – Koen De Bosschere Ghent University.

Whole-Program Linear-Constant Analysis with Applications to Link-Time Optimization Ludo Van Put – Dominique Chanet – Koen De Bosschere Ghent University.
(c) 2007 Mauro Pezzè & Michal Young Ch 6, slide 1 Dependence and Data Flow Models.

(c) 2007 Mauro Pezzè & Michal Young Ch 6, slide 1 Dependence and Data Flow Models.
Code Compaction of an Operating System Kernel Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, Gregory Andrews Computer Science Department.

Code Compaction of an Operating System Kernel Haifeng He, John Trimble, Somu Perianayagam, Saumya Debray, Gregory Andrews Computer Science Department.
1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.

1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.
Interprocedural analysis © Marcelo d’Amorim 2010.

Interprocedural analysis © Marcelo d’Amorim 2010.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.

Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
Pointer and Shape Analysis Seminar Context-sensitive points-to analysis: is it worth it? Article by Ondřej Lhoták & Laurie Hendren from McGill University.

Pointer and Shape Analysis Seminar Context-sensitive points-to analysis: is it worth it? Article by Ondřej Lhoták & Laurie Hendren from McGill University.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Advanced Compilers CMPSCI 710.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Advanced Compilers CMPSCI 710.
Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.

Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.
Interprocedural pointer analysis for C We’ll look at Wilson & Lam PLDI 95, and focus on two problems solved by this paper: –how to represent pointer information.

Interprocedural pointer analysis for C We’ll look at Wilson & Lam PLDI 95, and focus on two problems solved by this paper: –how to represent pointer information.
Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aiken’s Michael D. Ernst’s Sorin Lerner’s.

Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aiken’s Michael D. Ernst’s Sorin Lerner’s.
Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State.

Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State.
Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:

Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:

Similar presentations

Ads by Google