Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mark Marron IMDEA-Software (Madrid, Spain) 1.

Published byChrystal Green Modified over 8 years ago

Similar presentations

Presentation on theme: "Mark Marron IMDEA-Software (Madrid, Spain) 1."— Presentation transcript:

1 Mark Marron IMDEA-Software (Madrid, Spain) mark.marron@imdea.org 1

2  We want to provide basic information about the program heap for supporting a range of client applications IDE tools (query, refactoring, etc.) Optimization Error Detection  Focus on scalable, manageable models/tools even at cost of overall expressivity/analytic power 2

3  Fix sharing info extraction  Add disjoint/overlaps for set information  Point out, more than just variable relations is desirable, variables transient 3

4  Track basic set relations Membership, Overlapping, Non-Overlapping Subset, Set Equality  Ensure small computational cost  High precision is not required but must handle common cases accurately Iterative subset construction/mutation Set style library operations  Union (AddAll)  Intersection  IsSubset  Contains 4

5  Start with existing model that decomposes heap into related regions Reduces the complexity of the set formula that are needed Storage shape graph works well  Nodes represent sets of objects (or data structures), edges represent sets of pointers  Fine grained partitioning is possible  Disjointness properties are natural (and mostly free)  Annotate edges with additional properties to track reference set relations 5

6  Key issue for shape graph approach is how to group concrete objects into abstract nodes Too many nodes is confusing and computationally expensive Too few nodes leads to imprecision (as a single node must represent multiple logical structures) Often done via allocation site or types  Solution: nodes are similar sets of objects Recursive type information (recursive vs. non- recursive types) Objects stored in the same collection, array or structure 6

7 7

8 8

9  Given a set of heap references R the corresponding target set is: {Object o | ∃ r ∈ R that points to o}  The two sets of heap references can be related with ⊆ on the target sets  As the heap is partitioned into regions of objects we also define a notion of coverage A reference set covers a region if every object in the region is in the corresponding target set 9

10  Several possible choices for representing these relations Theory of sets over all objects/references Full binary relations on power sets of edges Reduced set of relations  For efficiency we use a reduced set of relations Equality of the reference sets abstracted by pairs of edges (E × E) Relation from sets of edges to nodes that are covered by the abstracted references (℘(E) × N) 10

11  Track target set equality of the pointers abstracted by pairs of edges 11

12  Track if all nodes in region are contained in the target sets of given edges 12

13  There are a number of useful inferences that can be made from these two properties If e, eʹ are edge equivalent and e has an empty concretization then eʹ must have an empty concretization as well If an edge e covers node n then any other in edge represents a target set that is ⊆ to the target set for edge e 13

14 14

15  Note that the proposed reference set relations subsume classic must-alias In the concrete model variables x == y (x, y non- null) iff Target(x) = Target(y) In the abstract model the variables x, y must-alias iff the corresponding edges e x and e y are edge equivalent 15

16 16... for(int i = 0; i < V.Length; ++i) V[i].f = 0;

17 17... for(int i = 0; i < V.Length; ++i) V[i].f = 0;

18 BenchmarkLOCAnalysis TimeAnalysis Mem em3d11030.11s<30MB bh23040.91s<30MB db19851.07s<30MB raytrace580915.9s45MB Exp3567161.8s50MB Interpreter15293119.3s147MB 18

19  Tracking reference set information is computationally inexpensive  Results are precise enough to model many interesting/important relations  In fact surprisingly so Why? Most conditions end up being simple Is this a general property? Are most programs made of simple relations/concepts which are composed into complex concepts (we hope so) Could we use rich set decision procedures, e.g. all conditions are simple ⇒ most proofs easy/fast with right decomposition 19

20  Build strong foundation for other tools to utilize  Transform core concepts from prototype to robust tools Finish implementation of static analysis for CLI bytecode + core libraries (also runtime support) Export results to Visual Studio for inspection, spec. generation, or other tools  Apply results in optimization, refactoring, and error detection applications 20

21 21

Download ppt "Mark Marron IMDEA-Software (Madrid, Spain) 1."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.

P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.
Programming Paradigms and languages

Programming Paradigms and languages
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.

Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.
V Storage Manager Shahram Ghandeharizadeh Computer Science Department University of Southern California.

V Storage Manager Shahram Ghandeharizadeh Computer Science Department University of Southern California.
Stanford University CS243 Winter 2006 Wei Li 1 Register Allocation.

Stanford University CS243 Winter 2006 Wei Li 1 Register Allocation.
Register Allocation CS 671 March 27, 2008. CS 671 – Spring 2008 1 Register Allocation - Motivation Consider adding two numbers together: Advantages: Fewer.

Register Allocation CS 671 March 27, CS 671 – Spring Register Allocation - Motivation Consider adding two numbers together: Advantages: Fewer.
The Volcano/Cascades Query Optimization Framework

The Volcano/Cascades Query Optimization Framework
Fast Algorithms For Hierarchical Range Histogram Constructions

Fast Algorithms For Hierarchical Range Histogram Constructions
Chair of Software Engineering The alias calculus Bertrand Meyer ITMO Software Engineering Seminar June 2011.

Chair of Software Engineering The alias calculus Bertrand Meyer ITMO Software Engineering Seminar June 2011.
Greedy Algorithms Greed is good. (Some of the time)

Greedy Algorithms Greed is good. (Some of the time)
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.

Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.
Guoquing Xu, Atanas Rountev Ohio State University Oct 9 th, 2008 Presented by Eun Jung Park.

Guoquing Xu, Atanas Rountev Ohio State University Oct 9 th, 2008 Presented by Eun Jung Park.
CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.

CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.
The Design Process Outline Goal Reading Design Domain Design Flow

The Design Process Outline Goal Reading Design Domain Design Flow

Similar presentations

Ads by Google