Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs John Whaley Monica Lam Stanford University June 10, 2004.

Slides:



Advertisements
Similar presentations
Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs Mayur Naik Intel Research CS294 Lecture March 19, 2009 (Slides courtesy of John Whaley)
Advertisements

Interprocedural Analysis. Currently, we only perform data-flow analysis on procedures one at a time. Such analyses are called intraprocedural analyses.
Scalable Points-to Analysis. Rupesh Nasre. Advisor: Prof. R. Govindarajan. Comprehensive Examination. Jun 22, 2009.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Control-Flow Graphs & Dataflow Analysis CS153: Compilers Greg Morrisett.
Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability Jakob Rehof and Manuel Fähndrich Microsoft Research.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
Parallel Inclusion-based Points-to Analysis Mario Méndez-Lojo Augustine Mathew Keshav Pingali The University of Texas at Austin (USA) 1.
Faculty of Computer Science LCPC 2007 Using ZBDDs in Points-to Analysis Stephen Curial Jose Nelson Amaral Department of Computing Science University of.
Parameterized Object Sensitivity for Points-to Analysis for Java Presented By: - Anand Bahety Dan Bucatanschi.
The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.
Semi-Sparse Flow-Sensitive Pointer Analysis Ben Hardekopf Calvin Lin The University of Texas at Austin POPL ’09 Simplified by Eric Villasenor.
Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.
Pointer and Shape Analysis Seminar Context-sensitive points-to analysis: is it worth it? Article by Ondřej Lhoták & Laurie Hendren from McGill University.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Advanced Compilers CMPSCI 710.
Context-Sensitive Flow Analysis Using Instantiation Constraints CS 343, Spring 01/02 John Whaley Based on a presentation by Chris Unkel.
Previous finals up on the web page use them as practice problems look at them early.
Using Datalog with Binary Decision Diagrams for Program Analysis John Whaley, Dzintars Avots, Michael Carbin, Monica S. Lam Stanford University November.
Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:
1 Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodík UC Berkeley PLDI 2006.
Intraprocedural Points-to Analysis Flow functions:
Chapter 3 Program translation1 Chapt. 3 Language Translation Syntax and Semantics Translation phases Formal translation models.
Chapter 13 Reduced Instruction Set Computers (RISC) Pipelining.
Swerve: Semester in Review. Topics  Symbolic pointer analysis  Model checking –C programs –Abstract counterexamples  Symbolic simulation and execution.
ESP [Das et al PLDI 2002] Interface usage rules in documentation –Order of operations, data access –Resource management –Incomplete, wordy, not checked.
Comparison Caller precisionCallee precisionCode bloat Inlining context-insensitive interproc Context sensitive interproc Specialization.
Reps Horwitz and Sagiv 95 (RHS) Another approach to context-sensitive interprocedural analysis Express the problem as a graph reachability query Works.
An Efficient Inclusion-Based Points-To Analysis for Strictly-Typed Languages John Whaley Monica S. Lam Computer Systems Laboratory Stanford University.
Composing Dataflow Analyses and Transformations Sorin Lerner (University of Washington) David Grove (IBM T.J. Watson) Craig Chambers (University of Washington)
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
Symbolic Path Simulation in Path-Sensitive Dataflow Analysis Hari Hampapuram Jason Yue Yang Manuvir Das Center for Software Excellence (CSE) Microsoft.
Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.
Topic #10: Optimization EE 456 – Compiling Techniques Prof. Carl Sable Fall 2003.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University STATIC ANALYSES FOR JAVA IN THE PRESENCE OF DISTRIBUTED COMPONENTS AND.
Identifying Reversible Functions From an ROBDD Adam MacDonald.
A Metadata Based Approach For Supporting Subsetting Queries Over Parallel HDF5 Datasets Vignesh Santhanagopalan Graduate Student Department Of CSE.
A GPU Implementation of Inclusion-based Points-to Analysis Mario Méndez-Lojo (AMD) Martin Burtscher (Texas State University, USA) Keshav Pingali (U.T.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
On the Relation between SAT and BDDs for Equivalence Checking Sherief Reda Rolf Drechsler Alex Orailoglu Computer Science & Engineering Dept. University.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Pointer Analysis Survey. Rupesh Nasre. Aug 24, 2007.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India & K. V. Raghavan.
Pointer Analysis for Multithreaded Programs Radu Rugina and Martin Rinard M I T Laboratory for Computer Science.
Pointer Analysis – Part II CS Unification vs. Inclusion Earlier scalable pointer analysis was context- insensitive unification-based [Steensgaard.
Points-To Analysis in Almost Linear Time Josh Bauman Jason Bartkowiak CSCI 3294 OCTOBER 9, 2001.
CS 343 presentation Concrete Type Inference Department of Computer Science Stanford University.
Pointer Analysis. Rupesh Nasre. Advisor: Prof R Govindarajan. Apr 05, 2008.
Pointer Analysis – Part I CS Pointer Analysis Answers which pointers can point to which memory locations at run-time Central to many program optimization.
D A C U C P Speculative Alias Analysis for Executable Code Manel Fernández and Roger Espasa Computer Architecture Department Universitat Politècnica de.
ReIm & ReImInfer: Checking and Inference of Reference Immutability and Method Purity Wei Huang 1, Ana Milanova 1, Werner Dietl 2, Michael D. Ernst 2 1.
Onlinedeeneislam.blogspot.com1 Design and Analysis of Algorithms Slide # 1 Download From
1PLDI 2000 Off-line Variable Substitution for Scaling Points-to Analysis Atanas (Nasko) Rountev PROLANGS Group Rutgers University Satish Chandra Bell Labs.
Polymorphic Type-Based Flow Analysis Jakob Rehof Microsoft Research Redmond, WA, USA.
CS 6340 Constraint-Based Analysis. Motivation “What” No null pointer is dereferenced along any path in the program. Program Analysis = Specification +
Introduction to Optimization
Harry Xu University of California, Irvine & Microsoft Research
Pointer Analysis Lecture 2
Introduction to Optimization
SAT-Based Area Recovery in Technology Mapping
Pointer Analysis Lecture 2
Securing Web Applications with Information Flow Tracking
Pointer analysis.
자바 언어를 위한 정적 분석 (Static Analyses for Java) ‘99 한국정보과학회 가을학술발표회 튜토리얼
Introduction to Optimization
Big Data Analytics: Exploring Graphs with Optimized SQL Queries
Presentation transcript:

Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs John Whaley Monica Lam Stanford University June 10, 2004

Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 1 Unification vs. Inclusion Earlier scalable pointer analysis was context- insensitive unification-based [Steensgaard ’96] –Pointers are either unaliased or point to the same set of objects. –Near-linear, but VERY imprecise. Inclusion-based pointer analysis –Can point to overlapping sets of objects. –Closure calculation is O(n 3 ) –Various optimizations [Fahndrich,Su,Heintze,…] –BDD formulation, simple, scalable [Berndl,Zhu]

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 2 Context Sensitivity Context sensitivity is important for precision. –Unrealizable paths. Object id(Object x) { return x; } a = id(b);c = id(d);

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 3 Object id(Object x) { return x; } Context Sensitivity Context sensitivity is important for precision. –Unrealizable paths. –Conceptually give each caller its own copy. a = id(b);c = id(d);

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 4 Summary-Based Analysis Popular method for context sensitivity. Two phases: –Bottom-up: Summarize effects of methods. –Top-down: Propagate information down. Problems: –Difficult to summarize pointer analysis. –Summary-based analysis using BDD: not shown to scale [Zhu’02] –Queries (e.g. which context points to x) require expanding an exponential number of contexts.

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 5 Cloning-Based Analysis Simple brute force technique. –Clone every path through the call graph. –Run context-insensitive algorithm on expanded call graph. The catch: exponential blowup

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 6 Cloning is exponential!

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 7 Recursion Actually, cloning is unbounded in the presence of recursive cycles. Technique: We treat all methods within a strongly-connected component as a single node.

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 8 Recursion A G BCD EF A G BCD EF EFEF GG

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 9 Top 20 Sourceforge Java Apps

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 10 Cloning is infeasible (?) Typical large program has ~10 14 paths –If you need 1 byte to represent a clone: Would require 256 terabytes of storage –Registered ECC 1GB DIMMs: $98.6 million »Power: 96.4 kilowatts = Power for 128 homes –300 GB hard disks: 939 x $250 = $234,750 »Time to read (sequential): 70.8 days Seems unreasonable!

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 11 BDD comes to the rescue There are many similarities across contexts. –Many copies of nearly-identical results. BDDs can represent large sets of redundant data efficiently. –Need a BDD encoding that exploits the similarities.

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 12 Contribution (1) Can represent context-sensitive call graph efficiently with BDDs and a clever context numbering scheme –Inclusion-based pointer analysis contexts, 19 minutes –Generates all answers

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 13 Contribution (2) BDD hacking is complicated  bddbddb (BDD-based deductive database) Pointer algorithm in 6 lines of Datalog Automatic translate into efficient BDD implementation 10x performance over hand-tuned solver (2164 lines of Java)

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 14 Contribution (3) bddbddb: General Datalog solver –Supports simple declarative queries –Easy use of context-sensitive pointer results Simple context-sensitive analyses: –Escape analysis –Type refinement –Side effect analysis –Many more presented in the paper

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 15 Context-sensitive call graphs in BDD

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 16 Call graph relation Call graph expressed as a relation. –Five edges: Calls(A,B) Calls(A,C) Calls(A,D) Calls(B,D) Calls(C,D) B D C A

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 17 Call graph relation Relation expressed as a binary function. –A=00, B=01, C=10, D=11 x1x1 x2x2 x3x3 x4x4 f B D C A

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 18 Binary Decision Diagrams Graphical encoding of a truth table. x2x2 x4x4 x3x3 x3x3 x4x4 x4x4 x4x x2x2 x4x4 x3x3 x3x3 x4x4 x4x4 x4x x1x1 0 edge 1 edge

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 19 Binary Decision Diagrams Collapse redundant nodes. x2x2 x4x4 x3x3 x3x3 x4x4 x4x4 x4x x2x2 x4x4 x3x3 x3x3 x4x4 x4x4 x4x x1x

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 20 Binary Decision Diagrams Collapse redundant nodes. x2x2 x4x4 x3x3 x3x3 x4x4 x4x4 x4x4 x2x2 x4x4 x3x3 x3x3 x4x4 x4x4 x4x4 0 x1x1 1

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 21 Binary Decision Diagrams Collapse redundant nodes. x2x2 x4x4 x3x3 x3x3 x2x2 x3x3 x3x3 x4x4 x4x4 0 x1x1 1

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 22 Binary Decision Diagrams Collapse redundant nodes. x2x2 x4x4 x3x3 x3x3 x2x2 x3x3 x4x4 x4x4 0 x1x1 1

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 23 Binary Decision Diagrams Eliminate unnecessary nodes. x2x2 x4x4 x3x3 x3x3 x2x2 x3x3 x4x4 x4x4 0 x1x1 1

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 24 Binary Decision Diagrams Eliminate unnecessary nodes. x2x2 x3x3 x2x2 x3x3 x4x4 0 x1x1 1

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 25 Binary Decision Diagrams Size is correlated to amount of redundancy, NOT size of relation. –As the set gets larger, the number of don’t-care bits increases, leading to fewer necessary nodes.

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 26 Expanded Call Graph A DBC E FG H 012 A DBC E FG H EE FFGG HHHHH

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 27 Numbering Clones A DBC E FG H A DBC E FG H EE FFGG HHHHH

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 28 Pointer Analysis

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 29 Pointer Analysis Example h 1 : v 1 = new Object(); h 2 : v 2 = new Object(); v 1.f = v 2 ; v 3 = v 1.f; Input Relations vPointsTo(v 1,h 1 ) vPointsTo(v 2,h 2 ) Store(v 1,f,v 2 ) Load(v 1,f,v 3 ) Output Relations hPointsTo(h 1,f,h 2 ) vPointsTo(v 3,h 2 ) v1v1 h1h1 v2v2 h2h2 f v3v3

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 30 hPointsTo(h 1, f, h 2 ):- Store(v 1, f, v 2 ), vPointsTo(v 1, h 1 ), vPointsTo(v 2, h 2 ). v1v1 h1h1 v2v2 h2h2 f Inference Rule in Datalog v 1.f = v 2 ; Stores:

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 31 Context-sensitive pointer analysis Compute call graph with context-insensitive pointer analysis. –Datalog rules for: assignments, loads, stores discover call targets, bind parameters type filtering –Apply rules until fix-point reached. Compute expanded call graph relation. Apply context-insensitive algorithm to expanded call graph.

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 32 bddbddb: BDD-Based Deductive DataBase

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 33 Datalog Declarative logic programming language designed for databases –Horn clauses –Operates on relations Datalog is expressive –Relational algebra: Explicitly specify relational join, project, rename. –Relational calculus: Specify relations between variables; operations are implicit. –Datalog: Allows recursively-defined relations.

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 34 Datalog  BDD Join, project, rename are directly mapped to built-in BDD operations Automatically optimizes: –Rule application order –Incrementalization –Variable ordering –BDD parameter tuning –Many more…

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 35 Experimental Results

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 36 Experimental Results Top 20 Java projects on SourceForge –Real programs with 100K+ users each Using automatic bddbddb solver –Each analysis only a few lines of code –Easy to try new algorithms, new queries Test system: –Pentium 4 2.2GHz, 1GB RAM –RedHat Fedora Core 1, JDK 1.4.2_04, javabdd library, Joeq compiler

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 37

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 38

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 39 Multi-type variables A variable is multi-type if it can point to objects of different types. –Measure of analysis precision –One line in Datalog Two ways of handling context sensitivity: –Projected: Merge all contexts together –Full: Keep each context separate

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 40

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 41 Related Work Context-insensitive pointer analysis –Steensgaard: Unification-based (POPL’96) –Andersen: Inclusion-based (’94) Optimizations: too many to list Berndl: formulate in BDD (PLDI’03) –Das: one-level-flow (PLDI’00) Hybrid unification/inclusion

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 42 Related Work Scalable context-sensitive pointer analysis –Fähndrich etal, instantiation constraints (PLDI’00) CFL-reachability Unification-based: Imprecise. Handles recursion well. Computes on-demand. –GOLF: Das etal. (SAS’01) One level of context sensitivity. –Foster, Fahndrich, Aiken (SAS’00) Throws away information. –Wilson & Lam: PTF (PLDI’95) Doesn't really scale (especially complexity)

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 43 Related Work Whaley & Rinard: Escape analysis (OOPSLA’99) –Compositional summaries: only weak updates. –Achieves scalability by collapsing escaped nodes. Emami & Hendren: Invocation graphs (PLDI’94) –Only shown to scale to 8K lines. Zhu & Calman: (PLDI’04) –To be presented next in this session. More complete coverage in the paper.

June 10, 2004Cloning-Based Context-Sensitive Pointer Alias Analysis using BDDs 44 Conclusion The first scalable context-sensitive inclusion- based pointer analysis. –Achieves context sensitivity by cloning. bddbddb: Datalog  efficient BDD Easy to query results, develop new analyses. Very efficient! –<19 minutes, <600mb on largest benchmark. Complete system is publically available at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.