Refinement-Based Context-Sensitive Points-To Analysis for JAVA Soonho Kong 17 January 2009 1 Work of Manu Sridharan and Rastislav Bodik, UC Berkeley.

Slides:



Advertisements
Similar presentations
R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR
Advertisements

Object-Orientation Meets Big Data Language Techniques towards Highly- Efficient Data-Intensive Computing Harry Xu UC Irvine.
ECE Longest Path dual 1 ECE 665 Spring 2005 ECE 665 Spring 2005 Computer Algorithms with Applications to VLSI CAD Linear Programming Duality – Longest.
Chapter 6 Data Types
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.
Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability Jakob Rehof and Manuel Fähndrich Microsoft Research.
Demand-driven Alias Analysis Implementation Based on Open64 Xiaomi An
Lecture 10: Heap Management CS 540 GMU Spring 2009.
A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)
Graph Coverage (2).
Thin Slicing Manu Sridharan, Stephen J. Fink, Rastislav Bodík.
ITEC 320 Lecture 12 Higher level usage of pointers.
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
1 Networking through Linux Partha Sarathi Dasgupta MIS Group Indian Institute of Management Calcutta.
Pointer and Shape Analysis Seminar Context-sensitive points-to analysis: is it worth it? Article by Ondřej Lhoták & Laurie Hendren from McGill University.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.
Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.
Scaling CFL-Reachability-Based Points- To Analysis Using Context-Sensitive Must-Not-Alias Analysis Guoqing Xu, Atanas Rountev, Manu Sridharan Ohio State.
1 Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodík UC Berkeley PLDI 2006.
Google Bigtable A Distributed Storage System for Structured Data Hadi Salimi, Distributed Systems Laboratory, School of Computer Engineering, Iran University.
Applications of Depth-First Search
Java Alias Analysis for Online Environments Manu Sridharan 2004 OSQ Retreat Joint work with Rastislav Bodik, Denis Gopan, Jong-Deok Choi.
Two Discrete Optimization Problems Problem #2: The Minimum Cost Spanning Tree Problem.
CS 225 Lab #2 - Pointers, Copy Constructors, Destructors, and DDD.
Detecting Inefficiently-Used Containers to Avoid Bloat Guoqing Xu and Atanas Rountev Department of Computer Science and Engineering Ohio State University.
Symbolic Path Simulation in Path-Sensitive Dataflow Analysis Hari Hampapuram Jason Yue Yang Manuvir Das Center for Software Excellence (CSE) Microsoft.
Minimal Spanning Trees What is a minimal spanning tree (MST) and how to find one.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
PRESTO Research Group, Ohio State University Interprocedural Dataflow Analysis in the Presence of Large Libraries Atanas (Nasko) Rountev Scott Kagan Ohio.
ECE 103 Engineering Programming Chapter 61 Abstract Data Types Herbert G. Mayer, PSU CS Status 6/4/2014 Initial content copied verbatim from ECE 103 material.
1 Efficient Search Ranking in Social Network ACM CIKM2007 Monique V. Vieira, Bruno M. Fonseca, Rodrigo Damazio, Paulo B. Golgher, Davi de Castro Reis,
Optimal Client-Server Assignment for Internet Distributed Systems.
Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.
Race Checking by Context Inference Tom Henzinger Ranjit Jhala Rupak Majumdar UC Berkeley.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
1 Evaluating the Impact of Thread Escape Analysis on Memory Consistency Optimizations Chi-Leung Wong, Zehra Sura, Xing Fang, Kyungwoo Lee, Samuel P. Midkiff,
Complexity Non-determinism. NP complete problems. Does P=NP? Origami. Homework: continue on postings.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Pointer Analysis Survey. Rupesh Nasre. Aug 24, 2007.
Pointer Analysis – Part II CS Unification vs. Inclusion Earlier scalable pointer analysis was context- insensitive unification-based [Steensgaard.
Heap liveness and its usage in automatic memory management Ran Shaham Elliot Kolodner Mooly Sagiv ISMM’02 Unpublished TVLA.
Detecting Inefficiently-Used Containers to Avoid Bloat Guoqing Xu and Atanas Rountev Department of Computer Science and Engineering Ohio State University.
Reachability Analysis for Callbacks 北京大学 唐浩
Leveraging Knowledge Bases for Contextual Entity Exploration Categories Date:2015/09/17 Author:Joonseok Lee, Ariel Fuxman, Bo Zhao, Yuanhua Lv Source:KDD'15.
1 Lecture 17 Flow Analysis flow analysis in prolog; applications of flow analysis Ras Bodik Shaon Barman Thibaud Hottelier Hack Your Language! CS164: Introduction.
Pointer Analysis – Part I CS Pointer Analysis Answers which pointers can point to which memory locations at run-time Central to many program optimization.
Sept 12ICSM'041 Precise Identification of Side-Effect-Free Methods in Java Atanas (Nasko) Rountev Ohio State University.
Graphs Definition: a graph is an abstract representation of a set of objects where some pairs of the objects are connected by links. The interconnected.
1PLDI 2000 Off-line Variable Substitution for Scaling Points-to Analysis Atanas (Nasko) Rountev PROLANGS Group Rutgers University Satish Chandra Bell Labs.
Beyond Application Profiling to System Aware Analysis Elena Laskavaia, QNX Bill Graham, QNX.
ECO 205 Week 2 Assignment Supply and Demand Check this A+ tutorial guideline at 205/ECO-205-Week-2-Assignment-Supply-
Security and Programming Language Work on SmartPhones
Chapter 3. Decompositions of Graphs
Compositional Pointer and Escape Analysis for Java Programs
Harry Xu University of California, Irvine & Microsoft Research
Context-free grammars (CFGs)
Ravi Mangal Mayur Naik Hongseok Yang
Amir Kamil and Katherine Yelick
SAT-Based Area Recovery in Technology Mapping
Department of Computer Science University of York
Demand-Driven Context-Sensitive Alias Analysis for Java
Amir Kamil and Katherine Yelick
Model Checking and Its Applications
Context Sensitive Points-to Analysis
Finding the maximum matching of a bipartite graph
Presentation transcript:

Refinement-Based Context-Sensitive Points-To Analysis for JAVA Soonho Kong 17 January Work of Manu Sridharan and Rastislav Bodik, UC Berkeley

What Is It? Scalable and Precise Context-sensitive Points-to Analysis 2

3 Scalability: Time and Memory Average query time less than 1 second – Interactive performance (for IDE) – At most 13 minutes for casts Low memory usage: at most 35MB – Compare with >2GB for 1-ObjSens analysis 3

4 Precision: Cast Checking Proved 61% More 4

Approach Scalable – Demand-Driven : only do requested work – Client-Driven Refinement : stop when client satisfied Precision – Filtering out unrealizable path 5

Points-To Analysis as CFL Reachability Program = Graph – Node : Variable, Abstract location – Edge : Assignment – o -> … -> x : “x may point to o” Compute reachability with two filters – Language of balanced call parens – Language of balanced field parens 6

Points-To Analysis as CFL Reachability 7 1) Assignments x = new Obj(); // o 1 y = new Obj(); // o 2 z = x; o1o1 x y z o2o2 a b p id ret id dc (1(1 )1)1 (2(2 )2)2 [f[f [g[g ]f]f 2) Method calls id(p) { return p; } a = id(x); b = id(y); 3) Heap accesses c.f = x; c.g = y; d = c.f; pt(x) = { o | o flowsTo x } flowsTo: balanced call and field parens flowsTo: balanced call parens flowsTo: path exists 7

8 Problem, Goal, Insight Problem: Show path is unbalanced Goal: Reduce number of visited edges Insight: Enough to find one unbalanced paren o x t0t0 t1t1 t2t2 [f[f (1(1 )1)1 [h[h [ f ( 1 ) 1 [ h t5t5 )5)5 t6t6 (7(7 t8t8 t9t9 t7t7 … … … ]j]j [p[p )8)8 o2o2 t 10 t 11 t 12 ]g]g ]k]k 8

9 Approximation via Match Edges Match edges connect matched field parens – From source of open to sink of close – Initially, all pairs connected Use match edges to skip subpaths ot3t3 t0t0 t1t1 t2t2 [f[f [g[g [h[h ]h]h t4t4 x ]j]j ]f]f [ f [ g [ h ] h ] j ] f 9

10 Refining the Approximation Refine by removing some match edges – Exposes more of original path for checking Remove where unbalanced parens expected – Explore deeper levels of pointer indirection ot3t3 t0t0 t1t1 [f[f [g[g t4t4 x ]j]j ]f]f [ f [ g [ h ] h ] j ] f 10

11 Refinement With Both Languages ot5t5 t0t0 t1t1 t2t2 (1(1 )1)1 [g[g ]g]g t6t6 x ]f]f )3)3 t3t3 t4t4 [f[f (2(2 Match edges enable approximation of calls Only can check calls on match-free subpaths Match edge removal => more call checking Key point: refine heap and calls together Calls: ( 1 ) 1 ( 2 ) 3 Fields: [ f [ g ] g ] f 11

Thank You 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.