co444h
play

CO444H SSA SSA Construction SSA-based analysis Ben Livshits 1 - PowerPoint PPT Presentation

Sep 20, 2022 •113 likes •659 views

Dataflow Solutions CO444H SSA SSA Construction SSA-based analysis Ben Livshits 1 Refresher: Reaching Definitions Direction D = forward. Domain V = set of all sets of definitions in the flow graph. = union. Functions F =

  1. Dataflow Solutions CO444H SSA SSA Construction SSA-based analysis Ben Livshits 1

  2. Refresher: Reaching Definitions • Direction D = forward. • Domain V = set of all sets of definitions in the flow graph. • ∧ = union. • Functions F = all “gen - kill” functions of the form f(x) = (x - KILL) ∪ GEN, where KILL and GEN are sets of definitions (members of V). 2

  3. Last Time: May vs. Must Analysis May Must Forward Reaching Available definitions expressions Backward Live variables Very busy expressions 3

  4. 4 Different Dataflow Solutions

  5. What Does the Iterative Algorithm Do? • IDEAL = ideal solution = meet over all executable paths from entry to a point • MOP = meet over all paths from entry to a given point, of the transfer function along that path applied to v ENTRY • MFP ( maximal fixedpoint ) = result obtained by running the iterative algorithm from last lecture 5

  6. Transfer Function of a Path . . . f 1 f 2 f n-1 B f n-1 ( . . .f 2 (f 1 (v ENTRY )). . .) 6

  7. Maximum Fixedpoint • Fixedpoint = solution to the equations used in iteration: IN(B) = ∧ predecessors P of B OUT(P); OUT(B) = f B (IN(B)); 7

  8. Why Maximum? Maximum = any other solution is ≤ the result of the iterative algorithm (MFP) 8

  9. MOP and IDEAL • All solutions are really meets of the result of starting with v ENTRY and following some set of paths to the point in question • If we don’t include at least the IDEAL paths, we have an error – we are not conservative • But try not to include too many more – try to be precise 9

  10. MOP Versus IDEAL --- (1) • At each block B, MOP[B] ≤ IDEAL[B]. • i.e., the meet over many paths is ≤ the meet over a subset. • Example: • x ∧ y ∧ z ≤ x ∧ y • because x ∧ y ∧ z ∧ x ∧ y = x ∧ y ∧ z. • Intuition: Anything not ≤ IDEAL is not safe, because there is some executable path whose effect is not accounted for. 10

  11. MOP Versus IDEAL --- (2) • Conversely: any solution that is ≤ IDEAL accounts for all executable paths (and maybe more paths), and is therefore conservative (safe), even if not accurate. 11

  12. MFP Versus MOP --- (1) • Is MFP ≤ MOP? • If so, then since MOP ≤ IDEAL, we have MFP ≤ IDEAL, and therefore MFP is safe. • Yes, but … requires two important assumptions about the framework: 1. “Monotonicity” 2. Finite height (no infinite chains . . . < x 2 < x 1 < x within the lattice) 12

  13. MFP Versus MOP --- (2) • Intuition: If we computed the MOP directly, we would compose functions along all paths, then take a big meet • But the MFP (iterative algorithm) alternates compositions and meets somewhat arbitrarily • Also, meets occur early, which causes a loss of precision 13

  14. Monotonicity • A framework is monotone if the transfer function (call it f) respects ≤ . • That is: • If x ≤ y, then f(x) ≤ f(y). • Equivalently: f(x ∧ y) ≤ f(x) ∧ f(y). • Intuition: it is conservative to take a meet before completing the composition of functions. 14

  15. Motonotonicity is Quite Common • The frameworks we’ve studied so far are all monotone: • Easy to prove for functions in GEN/KILL form • Try proving this yourself for reaching definitions, for example • And they all are finite height • Only a finite number of definitions, variables, etc. in any given program • You can only iterate so many times 15

  16. Two Paths to B That Meet Early MOP considers paths f(x) independently and In MFP, Values x and y and combines at get combined too soon. the last possible OUT = x moment. f OUT = f(x) ∧ f(y) IN = x ∧ y B ENTRY OUT = f(x ∧ y) OUT = y f(y) Since f(x ∧ y) ≤ f(x) ∧ f(y), we might have lost some precision because of the early meet 16

  17. Distributive Frameworks • Strictly stronger than monotonicity is the distributivity condition: f(x ∧ y) = f(x) ∧ f(y) • Functions F = all “gen - kill” functions of the form f(x) = (x - KILL) ∪ GEN, where KILL and GEN are sets of definitions (members of V) (x – (K1 U K2)) U (G1UG2) = (x-K1) U G1 U (x-K2) U G2 17

  18. Advantages of Distributivity • All the GEN/KILL frameworks are distributive. • If a framework is distributive, then combining paths early doesn’t hurt. • MOP = MFP • That is, the iterative algorithm computes a solution that takes into account all and only the physical paths. • It also does so quite fast 18

  19. 19 What Are Some of the Disadvantages of Multiple Reaching Definitions

  20. 20 SSA SSA Representation SSA Construction Analysis based on SSA

  21. Static Single Assignment • Each variable has only one reaching definition • When two definitions of the same variable merge, a Ф function is introduced, with a new definition of the variable • First consider SSA for alias-free variables 21

  22. Example: CFG a = a = = a+5 = a+5 a = Multiple reaching definitions = a+5 22

  23. Example: SSA Form a 3 = a 1 = = a 1 +5 a 4 = Ф (a 1 ,a 3 ) a 2 = = a 4 +5 = a 2 +5 Single reaching definition 23

  24. Ф Functions • A Ф operand represents the reaching definition from the corresponding predecessor • The ordering of Ф operands are important for knowing from which path the definition is coming from • The predicate is generally not recorded as part of the Ф function 24

  25. SSA Conditions 1. If • two non-null paths X → + Z and Y → + Z converge at node Z, and • nodes X and Y contains (V =..), • then V = Ф (V, .., V) has been inserted at Z 2. Each mention of V has been replaced by a mention of V i 3. V and the corresponding V i have the same value. 25

  26. 26 SSA Placement SSA Representation SSA Construction Step 1: Place Ф statements Step 2: Rename all variables Converting out of SSA

  27. Ф Function Placement Place a = … minimal number of a = Ф (a ,a) Ф functions a = Ф (a ,a) 27

  28. Renaming Uses to Refer to Proper Definitions a 2 = a 1 = a 1 +5 a 3 = Ф (a 1 ,a 2 ) a 4 = a 4 +5 a 3 +5 28

  29. SSA Construction Algorithm (I) • Step 1: Place Ф statements by computing iterated dominance frontier 29

  30. Control Flow Graph (CFG) • A control flow graph G = (V, E) • Set V contains distinguished nodes START and END • Every node is reachable from START • END is reachable from every node in G. • START has no predecessors • END has no successors. • Predecessor, successor, path 30

  31. Dominator Relation • If X appears on every path from START to Y, then X dominates Y • Domination is both reflexive and transitive • IDOM(Y): immediate dominator of Y • Dominator Tree • START is the root • Any node Y other than START has IDOM(Y) as its parent • Parent, child, ancestor, descendant 31

  32. Dominator Tree Example START START a c b d CFG DT END 32

  33. Dominator Tree Example START START a a c b d CFG DT END 33

  34. Dominator Tree Example START START a a c b b c d CFG DT END 34

  35. Dominator Tree Example START START a a c b b d c d CFG DT END 35

  36. Dominator Tree Example START START a END a c b b d c d CFG DT END 36

  37. Dominance Frontier • Dominance frontier DF(X) for node X is a set of nodes Y such that 1. X dominates a predecessor of Y 2. X does not strictly dominate Y 37

  38. DF Example START START a END a c b b d c DT d DF(c) = ? DF(a) = ? CFG END 38

  39. DF Example START START a END a c b b d c DT d DF(c) = {d} DF(a) = ? CFG END 39

  40. DF Example START START a END a c b b d c DT d DF(c) = {d} DF(a) = {END} CFG END 40

  41. Computing DF(X) START • DF(X) is the union of the following sets • DF local (X), a set of successor a nodes that X doesn’t strictly dominate • E.g. DF local (c) = {d}, see previous slide c b • DF up (Z) for all Z є Children(X) • DF up (Z) = {Y є DF(Z) such that IDOM(Z) doesn’t d strictly dominate Y} • E.g. X = a, Z = d, Y = END, see previous slide END 41

  42. Iterated Dominance Frontier • We can also define this notion for sets of nodes: DF(SET) is the union of DF(X), where X є SET. • Iterated dominance frontier DF + (SET) is the limit of • DF 1 = DF(SET) and DF i+1 = DF(SET U DF i ) 42

  43. Computing Joins • J(SET) of join nodes • Set of all nodes Z • There are (at least) two non-null CFG paths that start at two distinct nodes in SET and converge at Z • Iterated join J + (SET) is the limit of • J 1 = J(SET) and J i+1 = J(SET U J i ) • J + (SET) = DF + (SET) 43

  44. Placement of Ф Functions in SSA • for each variable V • add all nodes with assignments to V to worklist W • for-each X in worklist W do • for-each Y in DF(X) do • if no Ф added in Y then • place (V = Ф (V,…,V)) at Y • if Y has not been added before, add Y to W. 44

  45. Computational Complexity S a • Constructing SSA takes O(A tot * avrgDF), where b • A tot : total number of assignments • avrgDF: weighted average DF size c • The computational complexity is O(n 2 ). d • e.g. nested repeat-until loops E 45

  46. Ф Placement Example a = … Place Ф at Iterative Dominance a = Ф (a ,a) Frontiers a = Ф (a ,a) 46

  47. SSA Construction (II) • Step 2: Rename all variables in original program and Ф functions, using dominator tree and renaming stack to keep track of the current names. 47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to

CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to

Loops and CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to use parallelism. Unfortunately, it is not easy to develop software that can take advantage of parallel machines. Dividing the

659 views • 54 slides
CO444H Dataflow Dataflow frameworks Ben Livshits Masters Projects Available 1. Crashes to

CO444H Dataflow Dataflow frameworks Ben Livshits Masters Projects Available 1. Crashes to

Static analysis CO444H Dataflow Dataflow frameworks Ben Livshits Masters Projects Available 1. Crashes to exploits 2. Pointer analysis for JavaScript 3. Private data management languages 4. Programming robots to assemble IKEA furniture

897 views • 57 slides
CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

Datalog CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference variable x, what are the classes of the objects that x refers to at runtime? We saw CHA and RTA Deal with polymorphic/virtual calls:

1.01k views • 54 slides
CO444H Administrivia Overview of the Material Ben Livshits Two Primary Goals We Pursue

CO444H Administrivia Overview of the Material Ben Livshits Two Primary Goals We Pursue

Course Staff CO444H Administrivia Overview of the Material Ben Livshits Two Primary Goals We Pursue Optimisations Reliability Make programs run faster Find bugs before they make it into production We will see some traditional

772 views • 37 slides
CO444H Ben Livshits 1 Basic Instrumentation Insert additional code into the program This

CO444H Ben Livshits 1 Basic Instrumentation Insert additional code into the program This

Runtime monitoring CO444H Ben Livshits 1 Basic Instrumentation Insert additional code into the program This code is designed to record important events as they occur at runtime Some examples A particular function is being hit or

688 views • 29 slides
CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs

CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs

Datalog CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs Static Analysis Tools Black-box Testing/Fuzzing 2 Coverity: a Static Analysis Company 3 Bug Report From Coverity Actual bug Path

701 views • 59 slides
Class 2 Review; questions Basic Analyses (2) Assign (see Schedule for links)

Class 2 Review; questions Basic Analyses (2) Assign (see Schedule for links)

Class 2 Review; questions Basic Analyses (2) Assign (see Schedule for links) Representation and Analysis of Software (Sections 1-5) Additional reading: depth-first presentation, data-flow analysis, etc. Problem Set 1:

607 views • 26 slides
Why decompilation? This course is ostensibly about Optimising Compilers. It is really about

Why decompilation? This course is ostensibly about Optimising Compilers. It is really about

Why decompilation? This course is ostensibly about Optimising Compilers. It is really about program analysis and transformation . Decompilation is achieved through analysis and transformation of target code; the transformations just work in the

650 views • 35 slides
Representing the control flow of a program P3 / 2004 Control forms a graph Loop

Representing the control flow of a program P3 / 2004 Control forms a graph Loop

Representing the control flow of a program P3 / 2004 Control forms a graph Loop Optimizations A very large graph Observation lot of straight-line connections simplify the graph by grouping some instructions Spring 2004

223 views • 7 slides
CS293S SVN &amp; DVN &amp; GCSE Yufei Ding Review of Last Class Removing redundant

CS293S SVN &amp; DVN &amp; GCSE Yufei Ding Review of Last Class Removing redundant

CS293S SVN &amp; DVN &amp; GCSE Yufei Ding Review of Last Class Removing redundant expressions DAG: version tracking Linear representation: (local) value numbering Scope of optimization Basic block, Extended basic block,

570 views • 38 slides
Dominators in a Flowgraph Flowgraph: G = ( V, E, r ); each v in V is reachable from r v dominates

Dominators in a Flowgraph Flowgraph: G = ( V, E, r ); each v in V is reachable from r v dominates

Dominators in a Flowgraph Flowgraph: G = ( V, E, r ); each v in V is reachable from r v dominates w if every path from r to w includes v Application areas : Program optimization, VLSI testing, theoretical biology, distributed systems,

1.44k views • 119 slides
263-2810: Advanced Compiler Design 3.0 SSA form for arbitrary control flow graphs Thomas R. Gross

263-2810: Advanced Compiler Design 3.0 SSA form for arbitrary control flow graphs Thomas R. Gross

263-2810: Advanced Compiler Design 3.0 SSA form for arbitrary control flow graphs Thomas R. Gross Computer Science Department ETH Zurich, Switzerland SSA format funcKons allows us to deal with a basic block that has mulKple predecessors

481 views • 30 slides
Appendix: Appendix: Other ATPG algorithms Other ATPG algorithms 1 TOPS Dominators TOPS

Appendix: Appendix: Other ATPG algorithms Other ATPG algorithms 1 TOPS Dominators TOPS

4/28/2009 Appendix: Appendix: Other ATPG algorithms Other ATPG algorithms 1 TOPS Dominators TOPS Dominators Kirkland and Mercer (1987) Kirkland and Mercer (1987) Dominator of g all paths from g to PO must pass through the

598 views • 13 slides
Principles of Programming Languages h&quot;p://www.di.unipi.it/~andrea/Dida2ca/PLP-15/ Prof.

Principles of Programming Languages h&quot;p://www.di.unipi.it/~andrea/Dida2ca/PLP-15/ Prof.

Principles of Programming Languages h&quot;p://www.di.unipi.it/~andrea/Dida2ca/PLP-15/ Prof. Andrea Corradini Department of Computer Science, Pisa Lesson 17 Loops in Control Flow Graphs Convergence speed of data-flow analysis Region

525 views • 35 slides
ACCEPT: We Built an Open-Source Approximation Compiler Framework So You Don't Have To Adrian

ACCEPT: We Built an Open-Source Approximation Compiler Framework So You Don't Have To Adrian

ACCEPT: We Built an Open-Source Approximation Compiler Framework So You Don't Have To Adrian Sampson Andr Baixo Benjamin Ransford Thierry Moreau Joshua Yip Luis Ceze Mark Oskin sa pa University of Washington http:// accept.rocks

570 views • 19 slides
Assignment 1 1. Intra Procedural Dominator Analysis Dominator analysis is an important problem,

Assignment 1 1. Intra Procedural Dominator Analysis Dominator analysis is an important problem,

Assignment 1 1. Intra Procedural Dominator Analysis Dominator analysis is an important problem, with applications ranging from optimizing compilers to network flow analysis. The analysis determines for each node in a directed graph by which

296 views • 3 slides
Compilerconstructie najaar 2019 http://www.liacs.leidenuniv.nl/~vlietrvan1/coco/ Rudy van Vliet

Compilerconstructie najaar 2019 http://www.liacs.leidenuniv.nl/~vlietrvan1/coco/ Rudy van Vliet

Compilerconstructie najaar 2019 http://www.liacs.leidenuniv.nl/~vlietrvan1/coco/ Rudy van Vliet kamer 140 Snellius, tel. 071-527 2876 rvvliet(at)liacs(dot)nl college 10, vrijdag 6 december 2019 + werkcollege Code Optimization (2) 1

667 views • 62 slides
Improving Attribution of Performance Measurements for Optimized Code John Mellor-Crummey and Mark

Improving Attribution of Performance Measurements for Optimized Code John Mellor-Crummey and Mark

Improving Attribution of Performance Measurements for Optimized Code John Mellor-Crummey and Mark Krentel Department of Computer Science Rice University http://hpctoolkit.org Petatools 2014 August 4, 2014 Motivation Modern software uses

435 views • 25 slides
A join point for loops in AspectJ Bruno Harbulot and John Gurd Bruno Harbulot AOSD 2006

A join point for loops in AspectJ Bruno Harbulot and John Gurd Bruno Harbulot AOSD 2006

A join point for loops in AspectJ Bruno Harbulot and John Gurd Bruno Harbulot AOSD 2006 Bonn, 22/03/2006 The University of Manchester AOSD 2006 Bonn, March 2006 1/19 What we would like to do Write aspects that represent the

325 views • 19 slides
Multiple Performance Monitoring Units in Perfevents Presented by: Ashwin Chaugule Presentation

Multiple Performance Monitoring Units in Perfevents Presented by: Ashwin Chaugule Presentation

Open Source. Open Possibilities. QuIC Confidential and Proprietary Multiple Performance Monitoring Units in Perfevents Presented by: Ashwin Chaugule Presentation Date: August 19, 2011 Open Source. Open Possibilities. PAGE 1 That gravity

315 views • 31 slides
Digital Circuits and Systems Minimizing Dont Cares Shankar Balachandran* Associate

Digital Circuits and Systems Minimizing Dont Cares Shankar Balachandran* Associate

Spring 2015 Week 2 Module 10 Digital Circuits and Systems Minimizing Dont Cares Shankar Balachandran* Associate Professor, CSE Department Indian Institute of Technology Madras *Currently a Visiting Professor at IIT Bombay Dont Care

389 views • 8 slides
When You Write Your Essays in Programming Languages

When You Write Your Essays in Programming Languages

When You Write Your Essays in Programming Languages http://www.somethingofthatilk.com/index.php?id=135 CS 252: Advanced Programming Language Principles Operational Semantics Prof. Tom Austin San Jos State University Lab Review (in-class)

512 views • 29 slides
Learning minimal separating DFA for Compositional Verification Karsten Fix February 23, 2017

Learning minimal separating DFA for Compositional Verification Karsten Fix February 23, 2017

Overview Definitions Algorithm References Learning minimal separating DFA for Compositional Verification Karsten Fix February 23, 2017 Karsten Fix Learning minimal separating DFA for Compositional Verification Overview Definitions

525 views • 35 slides
Is Power State Table(PST) Golden? By Ankush Bagotra, Neha Bajaj, Harsha Vardhan R&amp;D

Is Power State Table(PST) Golden? By Ankush Bagotra, Neha Bajaj, Harsha Vardhan R&amp;D

February 28 March 1, 2012 Is Power State Table(PST) Golden? By Ankush Bagotra, Neha Bajaj, Harsha Vardhan R&amp;D Engineer, CAE, CAE Synopsys Inc. Overview Low Power Design Today Unified Power Format (UPF) Low Power Design

456 views • 23 slides

More recommend