Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Quest for Minimal Program Abstractions Mayur Naik Georgia Tech Ravi Mangal and Xin Zhang (Georgia Tech), Percy Liang (Stanford), Mooly Sagiv (Tel-Aviv.

Published byNoel Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "The Quest for Minimal Program Abstractions Mayur Naik Georgia Tech Ravi Mangal and Xin Zhang (Georgia Tech), Percy Liang (Stanford), Mooly Sagiv (Tel-Aviv."— Presentation transcript:

1 The Quest for Minimal Program Abstractions Mayur Naik Georgia Tech Ravi Mangal and Xin Zhang (Georgia Tech), Percy Liang (Stanford), Mooly Sagiv (Tel-Aviv Univ), Hongseok Yang (Oxford)

2 p ² q1?p ² q1? p ² q2?p ² q2? The Static Analysis Problem April 20122 static analysis X program p query q 1 query q 2 X MIT

3 Static Analysis: 70’s to 90’s April 2012 3 client-oblivious “Because clients have different precision and scalability needs, future work should identify the client they are addressing …” M. Hind, Pointer Analysis: Haven’t We Solved This Problem Yet?, 2001 abstraction a program p query q 1 query q 2 p ² q1?p ² q1? p ² q2?p ² q2? MIT

4 p ² q1?p ² q1? p ² q2?p ² q2? Static Analysis: 00’s to Present April 20124 client-driven – demand-driven points-to analysis Heintze & Tardieu ’01, Guyer & Lin ’03, Sridharan & Bodik ’06, … – CEGAR model checkers: SLAM, BLAST, … abstraction a program p query q 1 query q 2 MIT

5 Static Analysis: 00’s to Present April 20125 abstraction a 2 abstraction a 1 q1q1 p q2q2 p ² q 1 ? p ² q 2 ? client-driven – demand-driven points-to analysis Heintze & Tardieu ’01, Guyer & Lin ’03, Sridharan & Bodik ’06, … – CEGAR model checkers: SLAM, BLAST, … MIT

6 Our Static Analysis Setting April 20126 client-driven + parametric – new search algorithms: testing, machine learning, … – new analysis questions: minimal, impossible, … abstraction a 2 abstraction a 1 q1q1 p q2q2 p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 MIT

7 Example 1: Predicate Abstraction (CEGAR) April 20127 abstraction a 2 abstraction a 1 q1q1 p q2q2 Predicates to use in predicate abstraction p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 MIT

8 Example 2: Shape Analysis (TVLA) April 20128 Predicates to use as abstraction predicates abstraction a 2 abstraction a 1 q1q1 p q2q2 p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 MIT

9 Example 3: Cloning-based Pointer Analysis April 20129 abstraction a 2 abstraction a 1 q1q1 p q2q2 K value to use for each call and each allocation site p ² q 1 ? p ² q 2 ? 0 1 0 0 0 1 0 0 0 1 MIT

10 Problem Statement, 1 st Attempt An efficient algorithm with: INPUTS: – program p and query q – abstractions A = { a 1, …, a n } – boolean function S(p, q, a) OUTPUT: – Impossibility: @ a 2 A: S(p, q, a) = true – Proof: a 2 A: S(p, q, a) = true April 201210 q p S p ` q p 0 q a MIT

11 Orderings on A Efficiency Partial Order – a 1 · cost a 2, sum of a 1 ’s bits · sum of a 2 ’s bits – S(p, q, a 1 ) runs faster than S(p, q, a 2 ) Precision Partial Order – a 1 · prec a 2, a 1 is pointwise · a 2 – S(p, q, a 1 ) = true ) S(p, q, a 2 ) = true April 201211MIT

12 Final Problem Statement An efficient algorithm with: INPUTS: – program p and property q – abstractions A = { a 1, …, a n } – boolean function S(p, q, a) OUTPUT: – Impossibility: @ a 2 A: S(p, q, a) = true – Proof: a 2 A: S(p, q, a) = true 8 a’ 2 A: (a’ · a Æ S(p, q, a’) = true) ) a’ = a April 201212 Minimal Sufficient Abstraction q p S p ` q p 0 q a AND MIT

13 An efficient algorithm with: INPUTS: – program p and property q – abstractions A = { a 1, …, a n } – boolean function S(p, q, a) OUTPUT: – Impossibility: @ a 2 A: S(p, q, a) = true – Proof: a 2 A: S(p, q, a) = true 8 a’ 2 A: (a’ · a Æ S(p, q, a’) = true) ) a’ = a Final Problem Statement April 201213 : S(p, q, a) S(p, q, a) 1111 finest 0100 minimal 0000 coarsest Minimal Sufficient Abstraction AND MIT

14 Why Minimality? Empirical lower bounds for static analysis Efficient to compute Better for user consumption – analysis imprecision facts – assumptions about missing program parts Better for machine learning April 201214MIT

15 Why is this Hard in Practice? |A| exponential in size of p, or even infinite S(p, q, a) = false for most p, q, a Different a is minimal for different p, q April 201215MIT

16 Talk Outline Minimal Abstraction Problem Two Algorithms: – Abstraction Coarsening [POPL’11] – Abstractions from Tests [POPL’12] Summary April 201216MIT

17 Talk Outline Minimal Abstraction Problem Two Algorithms: – Abstraction Coarsening [POPL’11] – Abstractions from Tests [POPL’12] Summary April 201217MIT

18 Abstraction Coarsening [POPL’11] For given p, q: start with finest a, incrementally replace 1’s with 0’s Two algorithms: – deterministic: ScanCoarsen – randomized: ActiveCoarsen In practice, use combination of the algorithms April 201218 : S(p, q, a) S(p, q, a) 1111 finest 0100 minimal 0000 coarsest MIT

19 Algorithm ScanCoarsen a à (1, …, 1) Loop: Remove a component from a Run S(p, q, a) If : S(p, q, a) then Add component back permanently Exploits monotonicity of · prec : Component whose removal causes : S(p, q, a) must exist in minimal abstraction ) Never visits a component more than once April 201219MIT

20 Problem with ScanCoarsen Takes O(# components) time # components can be > 10,000 ) > 30 days! Idea: try to remove a constant fraction of components in each step April 201220MIT

21 Algorithm ActiveCoarsen April 201221 a à (1, …, 1) Loop: Remove each component from a with probability (1 - ® ) Run S(p, q, a) If : S(p, q, a) then add components back Else remove components permanently MIT

22 Performance of ActiveCoarsen Let: n = total # components s = # components in largest minimal abstraction If set probability ® = e (-1/s) then: ActiveCoarsen outputs minimal abstraction in O(s log n) expected time Significance: s is small, only log dependence on total # components April 201222MIT

23 Application 1: Pointer Analysis Abstractions Client: static datarace detector [PLDI’06] – Pointer analysis using k-CFA with heap cloning – Uses call graph, may-alias, thread-escape, and may-happen-in-parallel analyses April 201223 # components (x 1000) # unproven queries (dataraces) (x 1000) alloc sites call sites 0-CFA1-CFAdiff1-obj2-objdiff hedc1.67.221.317.83.517.116.11.0 weblech2.612.427.98.219.78.15.52.5 lusearch2.913.937.631.95.731.420.910.5 MIT

24 Experimental Results: All Queries April 201224 K-CFA# components (x 1000) BasicRefine (x 1000) ActiveCoarsen hedc8.87.2 (83%)90 (1.0%) weblech15.012.7 (85%)157 (1.0%) lusearch16.814.9 (88%)250 (1.5%) K-obj# components (x 1000) BasicRefine (x 1000) ActiveCoarsen hedc1.60.9 (57%)37 (2.3%) weblech2.61.8 (68%)48 (1.9%) lusearch2.92.1 (73%)56 (1.9%) MIT

25 Empirical Results: Per Query April 201225MIT

26 Empirical Results: Per Query, contd. April 201226MIT

27 Application 2: Library Assumptions The Problem: – Libraries ever-complex to analyze (e.g. native code) – Libraries ever-growing in size and layers Our Solution: – Completely ignore library code – Each component of abstraction = assumption on different library method Example: 1 = best-case, 0 = worst-case – Use coarsening to find a minimal assumption – Users confirm or refute reported assumption April 201227MIT

28 Summary: Abstraction Coarsening Sparse abstractions suffice to prove most queries Sparsity yields efficient machine learning algorithm Minimal assumptions more practical application of coarsening than minimal abstractions Limitations: runs static analysis as black-box April 201228MIT

29 Talk Outline Minimal Abstraction Problem Two Algorithms: – Abstraction Coarsening [POPL’11] – Abstractions from Tests [POPL’12] Summary April 201229MIT

30 Talk Outline Minimal Abstraction Problem Two Algorithms: – Abstraction Coarsening [POPL’11] – Abstractions from Tests [POPL’12] Summary April 201230MIT

31 Abstractions From Tests [POPL’12] April 201231 p, q dynamic analysis p ² q?p ² q? and minimal! 0 1 0 0 0 static analysis MIT

32 Combining Dynamic and Static Analysis Previous work: – Counterexamples: query is false on some input suffices if most queries are expected to be false – Likely invariants: a query true on some inputs is likely true on all inputs [Ernst 2001] Our approach: – Proofs: a query true on some inputs is likely true on all inputs and for likely the same reason! April 201232MIT

33 Example: Thread-Escape Analysis April 201233 L L L L h1 h2 h3 h4 local(pc, w)? // u, v, w are local variables // g is a global variable // start() spawns new thread for (i = 0; i < N; i++) { u = new h1; v = new h2; g = new h3; v.f = g; w = new h4; u.f2 = w; pc: w.id = i; u.start(); } MIT

34 Example: Thread-Escape Analysis // u, v, w are local variables // g is a global variable // start() spawns new thread for (i = 0; i < N; i++) { u = new h1; v = new h2; g = new h3; v.f = g; w = new h4; u.f2 = w; pc: w.id = i; u.start(); } April 201234 L L E L h1 h2 h3 h4 but not minimal local(pc, w)? MIT

35 Example: Thread-Escape Analysis April 201235 L E E L h1 h2 h3 h4 and minimal! local(pc, w)? // u, v, w are local variables // g is a global variable // start() spawns new thread for (i = 0; i < N; i++) { u = new h1; v = new h2; g = new h3; v.f = g; w = new h4; u.f2 = w; pc: w.id = i; u.start(); } MIT

36 Benchmarks April 201236 classesbytecodes (x 1000) alloc. sites (x 1000) apptotalapptotal hedc44355161611.6 weblech57579202372.6 lusearch2296481002732.9 sunflow1641,0181174805.2 avrora1,1591,5252233164.9 hsqldb1998372214914.6 MIT

37 Precision April 201237MIT

38 Running Time 38 pre-process time dynamic analysis static analysis time (serial) time#events hedc18s6s0.6M38s weblech33s8s1.5M74s lusearch27s31s11M8m sunflow46s8m375M74m avrora36s32s11M41m hsqldb44s35s25M86m April 2012MIT

39 Running Time (sec.) CDFs 39April 2012MIT

40 Running Time (sec.) CDFs 40April 2012MIT

41 CDF of Number of Alloc. Sites in L 41April 2012MIT

42 CDF of Number of Alloc. Sites in L 42April 2012MIT

43 CDF of Number of Queries per Group 43April 2012MIT

44 CDF of Number of Queries per Group 44April 2012MIT

45 Summary: Abstractions from Tests If a query is simple, we can find why it holds by observing a few execution traces A methodology to use dynamic analysis to obtain necessary condition for proving queries If static analysis succeeds, then also sufficient condition => minimality! Testing is a growing trend in verification Limitation: needs small tests with good coverage 45April 2012MIT

46 Talk Outline Minimal Abstraction Problem Two Algorithms: – Abstraction Coarsening [POPL’11] – Abstractions from Tests [POPL’12] Summary April 201246MIT

47 Talk Outline Minimal Abstraction Problem Two Algorithms: – Abstraction Coarsening [POPL’11] – Abstractions from Tests [POPL’12] Summary April 201247MIT

48 Overview of Our Approaches April 201248 ApproachMinimality?Completeness?Generic? Coarsening [POPL’11] Yes Testing [POPL’12] YesNo Naïve Refine [POPL’11] NoYes Refine+Prune [PLDI’11] NoYes Backward Refine (ongoing work) Yes No Provenance Refine (ongoing work) Yes MIT

49 Key Takeaways New questions: minimality, impossibility, … New applications: lower bounds, lib assumptions, … New techniques: search algorithms, abstractions, … New tools: meta-analysis, parallelism, … April 201249MIT

50 Thank You! April 201250 Come visit us in beautiful Atlanta! http://pag.gatech.edu/ MIT

Download ppt "The Quest for Minimal Program Abstractions Mayur Naik Georgia Tech Ravi Mangal and Xin Zhang (Georgia Tech), Percy Liang (Stanford), Mooly Sagiv (Tel-Aviv."

Similar presentations

Finding Optimal Program Abstractions Mayur Naik Georgia Tech Xin Zhang (Georgia Tech) Hongseok Yang (Oxford) Percy Liang (Stanford) Mooly Sagiv (Tel-Aviv.

Finding Optimal Program Abstractions Mayur Naik Georgia Tech Xin Zhang (Georgia Tech) Hongseok Yang (Oxford) Percy Liang (Stanford) Mooly Sagiv (Tel-Aviv.
Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Pallavi Joshi  Chang-Seo Park  Koushik Sen  Mayur Naik ‡  Par Lab, EECS, UC Berkeley‡

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Pallavi Joshi  Chang-Seo Park  Koushik Sen  Mayur Naik ‡  Par Lab, EECS, UC Berkeley‡
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Conditional Must Not Aliasing for Static Race Detection Mayur Naik Alex Aiken Stanford University.

Conditional Must Not Aliasing for Static Race Detection Mayur Naik Alex Aiken Stanford University.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Program Slicing Mark Weiser and Precise Dynamic Slicing Algorithms Xiangyu Zhang, Rajiv Gupta & Youtao Zhang Presented by Harini Ramaprasad.

Program Slicing Mark Weiser and Precise Dynamic Slicing Algorithms Xiangyu Zhang, Rajiv Gupta & Youtao Zhang Presented by Harini Ramaprasad.
CILK: An Efficient Multithreaded Runtime System. People n Project at MIT & now at UT Austin –Bobby Blumofe (now UT Austin, Akamai) –Chris Joerg –Brad.

CILK: An Efficient Multithreaded Runtime System. People n Project at MIT & now at UT Austin –Bobby Blumofe (now UT Austin, Akamai) –Chris Joerg –Brad.
ABCD: Eliminating Array-Bounds Checks on Demand Rastislav Bodík Rajiv Gupta Vivek Sarkar U of Wisconsin U of Arizona IBM TJ Watson recent experiments.

ABCD: Eliminating Array-Bounds Checks on Demand Rastislav Bodík Rajiv Gupta Vivek Sarkar U of Wisconsin U of Arizona IBM TJ Watson recent experiments.
Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.

Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.
1 E. Yahav School of Computer Science Tel-Aviv University Verifying Safety Properties using Separation and Heterogeneous Abstractions G. Ramalingam IBM.

1 E. Yahav School of Computer Science Tel-Aviv University Verifying Safety Properties using Separation and Heterogeneous Abstractions G. Ramalingam IBM.
What is an Algorithm? (And how do we analyze one?)

What is an Algorithm? (And how do we analyze one?)
Program Verification as Probabilistic Inference Sumit Gulwani Nebojsa Jojic Microsoft Research, Redmond.

Program Verification as Probabilistic Inference Sumit Gulwani Nebojsa Jojic Microsoft Research, Redmond.
Introduction to Analysis of Algorithms

Introduction to Analysis of Algorithms
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
1 CSE 417: Algorithms and Computational Complexity Winter 2001 Lecture 21 Instructor: Paul Beame.

1 CSE 417: Algorithms and Computational Complexity Winter 2001 Lecture 21 Instructor: Paul Beame.

Similar presentations

Ads by Google