Download presentation

Presentation is loading. Please wait.

Published byGrant Shepherd Modified over 3 years ago

1
SCIENCES USC INFORMATION INSTITUTE Pedro C. Diniz University of Southern California / Information Sciences Institute 4676 Admiralty Way, Suite 1001 Marina del Rey, California 90292 pedro@isi.edu Increasing the Accuracy of Shape and Safety Analysis for Pointer-based Codes* * This work is partly funded by the National Science Foundation (NSF) under award number CCR-0209228.

2
SCIENCES USC INFORMATION INSTITUTE Introduction and Motivation Static Shape Analysis Understand Topological Properties of Data Structures Tree DAG Graph Topology Induced by a Subset of the Pointer Fields Focus: C Codes that Allocate Memory via malloc/free Functions Traverse and Change Data Structure through Pointers Applications: Redundant Load/Store Elimination Instruction Scheduling Parallelization “Bug” Finding

3
SCIENCES USC INFORMATION INSTITUTE Basic Approach Loss of Accuracy Need for Summarization Abstract After Each Statement Ignores Control Flow Predicates Ignores Node “Configurations” stat cond stat Abstract Interpretation Execute Each Statement Materialize & Abstract Fix-Point Invariants {next.prev, prev.next} Abstract Storage Graph (ASG)

4
SCIENCES USC INFORMATION INSTITUTE Example Observations: 1. Loop Does not Modify Data Structure 2. “Scan” structure a long “next” 3. If body executes (stats 5&6) then on exit (t != NULL) 4. AND (p == t->next) holds 5. On exit a few “contexts” hold 6. This loop is “safe”, i.e. no null pointer is ever dereferenced. 7. The loop terminates: ¨ Iff structure is acyclic along “next” if it terminates from stat 2 ¨ Only sufficient condition if it terminates from stat 4. 1: t = NULL; 2: while(p != NULL){ 3: if (p->data < item) 4: break; 5: t = p; 6: p = p->next; 7: } t == NULL p == NULL Context #1 t == NULL p != NULL p->data < item Context #2 t != NULL p != NULL p->data < item p = t->next p == p->next(k) Context #3 t != NULL p == NULL p->data < item p = t->next p == p->next(k) Context #4

5
SCIENCES USC INFORMATION INSTITUTE Example 1:if(p->next != NULL){ 2: p->next->prev = temp; 3: temp->next = p->next; 4: p->next = temp; 5: temp->prev = p; 6:} Observations: 1. Modification for a node s.t. p->next != NULL 2. Need to know relation between temp and p ASG pp temp

6
SCIENCES USC INFORMATION INSTITUTE What’s the Point? Programmers Fundamentally Encode ”State" via Conditionals and Loop Constructs A Typical Programming Style is to Use Loop constructs to scan the structures to position pointer variables at nodes that should be modified. Conditional statements to define which operations should be performed. Shape Analysis and Safety Algorithms should Exploit the Information Conveyed in these Statements.

7
SCIENCES USC INFORMATION INSTITUTE Basic Analysis Structural Fields & Node Configurations Scan Loops Assumed/Verified Properties Context Tracing

8
SCIENCES USC INFORMATION INSTITUTE Scan Loops Typical Scan loops are short! Read-Only Heap Pointer Values Use Stack/Global Variables Symbolic Pointer Analysis Symbolically Execute Loop Statements for For zero-trip Multi-trips Relationships between Pointers on Exits Symbolical Value Number (iteration-based) Across All Loop Internal Paths Reach Closed-form Expressions (see HN90) Convert Loop into a Multi-way Statement

9
SCIENCES USC INFORMATION INSTITUTE Scan Loop and Tracing Contexts 03: t = NULL; 04: while(p != NULL){ 05: if(p->data < item) 06: break; 07: t = p; 08: p = p->next; 09: } C 0 = {t -> t(0), p -> p(0)} C 1 = {t -> NULL, p -> p(0)} T (i,i+1) = { t(i+1)-> p(i), p(i+1) -> p(i)->next p(i+1) == t(i+1)->next p(i) != NULL; t(i+1) != NULL; } T(0,i+1) = { t -> t(i+1); p-> p(i+1); t(i+1) = p(0)(->next) i p(i+1) = p(0)(->next) i+1 p(i+1) = t(i+1)->next p(i) != NULL; t(i+1) != NULL; } t = NULL p != NULL p->data < item t = p; p = p->next; C 2, C 3 C 4, C 5 Symbolic Loop Transfer Function

10
SCIENCES USC INFORMATION INSTITUTE Contexts On Exit of Scan Loop C 2 = { t-> NULL, p -> p(0) t = NULL p = NULL } C 3 = { t->t(i+1), p->p(i+1) p(i+1) = NULL t(i+1) = p(0)(->next) i p(i+1) = p(0)(->next) i+1 p(i+1) = t(i+1)->next t(i+1) != NULL } C 5 = { t->t(i+1), p->p(i+1) p(i+1) != NULL t(i+1) = p(0)(->next) i p(i+1) = p(0)(->next) i p(i+1) = t(i+1)->next t(i+1) != NULL } C 4 = { t-> NULL; p ->p(0) t = NULL p != NULL } Zero-Trip Multi-Trip Exit #1 Exit #2

11
SCIENCES USC INFORMATION INSTITUTE Why Are Contexts Important? Establish Symbolic Pointer/Values Relationships Allow Analyses to Discriminate Between “Nodes” of an Abstract Shape Representation for Increased Accuracy Identify Potential Non-Trivial “Bugs” 09: if(t != NULL){ 10:stat; // with p = t->next 11: } 09: if(p != t->next){ 10:t->next = NULL; 11: } 03: t = NULL; 04: while(p != NULL){ 05: if(p->data < item) 06: break; 07: t = p; 08: p = p->next; 09: }

12
SCIENCES USC INFORMATION INSTITUTE Termination Derive Sufficient Termination Conditions Look at Loop Transfer Function(s) Exit Predicates T (i,i+1) = { t(i+1)-> p(i), p(i+1) -> p(i)->next } Predicates: p != NULL p->data < item Acyclic(next) = TRUE)

13
SCIENCES USC INFORMATION INSTITUTE Safety (non-Nil Dereferencing) Examine Contexts Check out if Predicates Ensure Dereference If Not Can Derive (Min) Predicates that Can t = NULL p != NULL p->data < item t = p; p = p->next; C 2, C 3 C 4, C 5 {p(i) != NULL } {t(i+1) != NULL; p(i+1) ? } p->next != NULL ?

14
SCIENCES USC INFORMATION INSTITUTE How Frequent are Scan Loops? ProgramLines#Loops#PtrLoops#ScanLoops bintree200511 em3d1481165 hash96733 blocks256045176 chomp29824104 sparse1170897656 graphics68628144 paraffins1661782 nbody80813112 pug2958773926

15
SCIENCES USC INFORMATION INSTITUTE Putting the Pieces Together Coarse-Grain Shape Analysis GH:POPL96 Scan Loop Termination & Safety Context Tracing Fine-Grain Shape Analysis Use Results from Coarse-Grain Analysis Abstract Storage Graph (ASG) Properties Hold YES NO Assumed Properties Use Results from Fine-Grain Shape Analysis

16
SCIENCES USC INFORMATION INSTITUTE Related Work Shape Analysis LH88:PLDI88, CWZ90:PLDI90 PKC93:LCPC93 Deutsh94:PLDI94 SRW98:TOPLAS98,POPL99 HHN94:IPPS94,HHN94:PLDI94, GH96:POPL96 CAZ:LCPC01 KR:POPL02 (Static) Safety Analysis Colby97:LoyolaUnivTechRep97 Evans96:PLDI96 DRS98:PASTE98 Program Checking NL98:PLDI98 Ball:PLDI01

17
SCIENCES USC INFORMATION INSTITUTE Summary Symbolic Analyses Structural Fields and Node Configurations Scan Loops Assumed and Verified Properties for Termination Context Tracing for Accurate Pointer Relationships Thesis: In order to increase the accuracy of shape and safety analysis algorithms, compilers must uncover and exploit the knowledge encoded in conditional statements

Similar presentations

OK

Mark Marron 1, Deepak Kapur 2, Manuel Hermenegildo 1 1 Imdea-Software (Spain) 2 University of New Mexico 1.

Mark Marron 1, Deepak Kapur 2, Manuel Hermenegildo 1 1 Imdea-Software (Spain) 2 University of New Mexico 1.

© 2018 SlidePlayer.com Inc.

All rights reserved.

To ensure the functioning of the site, we use **cookies**. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy & Terms.
Your consent to our cookies if you continue to use this website.

Ads by Google

Ppt on obesity management guidelines Best way to show ppt on ipad Ppt on mode of transport Ppt on related party transactions as per companies act 2013 Ppt on formal education vs informal education Ppt on sound navigation and ranging system Ppt on question tags examples Ppt on online job portal project Ppt on understanding secularism in india Ppt on all types of motion