cs 293s pointer analysis
play

CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, - PowerPoint PPT Presentation

Dec 08, 2023 •27 likes •347 views

CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong Focus of this lecture Terms and concepts Algorithms: Andersen-Style and Steensgaard-Style Advanced topics 2 What is Pointer/Alias/points-to Analysis?

  1. CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong

  2. Focus of this lecture � Terms and concepts � Algorithms: Andersen-Style and Steensgaard-Style � Advanced topics 2

  3. What is Pointer/Alias/points-to Analysis? � Pointer analysis statically determines: � the possible runtime values of a pointer � what storage locations a pointer can point to � there are certain models can represent the storage locations: � Pointer analysis is hard, but essential for enabling many compiler optimizations. Note: pointer analysis, alias analysis, points-to analysis often are used interchangeably 3

  4. May and Must Aliasing � May aliasing: � aliasing that may occur during execution (e.g., if (c) p = &i) � Must aliasing: � aliasing that must occur during execution (e.g., p = &i) � Easiest alias analysis: nothing must alias, everything may alias 4

  5. Example Optimizations � GCSE needs info on what is read/written: � Can p point to a or b? *p = a + b; x = a + b; � Reaching definitions and constant propagation: � Can p point to x? x = 5; *p = 42; y = x; 5

  6. How Hard Is This Problem? � Undecidable [Landi1992] [Ramalingan1994] � Approximation algorithms, worst-case complexity, range from almost linear to doubly exponential [Hind2001] � Two primary algorithms for point-to analysis � Andersen-style Analysis � Steensgaard-style Analysis 6

  7. Andersen-Style Pointer Analysis [Andersen1994] � Flow-insensitive, context-insensitive analysis � First for C programs, later for Java � View pointer assignments as subset constraints: 7

  8. Andersen-Style Pointer Analysis � Basic idea: � map to subset constraints � construct the constraint graphs � compute transitive closure to propagate points-to relations along the edges of the constraint graphs � Constraint graph: � one node for each variable representing its points-to set, e.g., pts(p), pts(a) � one directed edge for certain constraint 8

  9. Andersen-Style Pointer Analysis: Constructing Constraint Graphs 9

  10. Andersen-Style Pointer Analysis 10

  11. Andersen-style analysis: Algorithm Analysis � Can be reduced to computing the transitive closure of a dynamic graph � dynamic graph: the graph changes over the analysis of the program � the transitive closure of a directed acyclic graph (DAG) is the reachability relation of the DAG. (graph: a set of nodes, and binary relations among the nodes) � A well-studied problem for which the best known complexity is O(n3) (n is the number of node) 11

  12. Andersen-Style Pointer Analysis: Cycle Elimination � Impart optimization for Anderson-style analysis � Detect strongly connected components in points-to graph, collapse to a singe node � Why? All nodes in an SCC will have the same points-to relation at the end of analysis � How to detect cycles efficiently? � Some reduction can be done statically, some on-the-fly as new edges added � See Fast and Accurate Pointer Analysis for Millions of Lines of Code, Hardekopf and Lin, PLDI 2007. 12

  13. Andersen-Style Pointer Analysis: Cycle Elimination 13

  14. Steensgaard-Style Pointer Analysis [Steensgaard1996POPL] � Points-to Analysis in almost linear time � Uses equality constraints instead of subset constraints � Unification based approach: assignment unifies the graph nodes, e.g., x = y (unified x and y in the same node), also called union-find algorithm, exclusion-based approaches, nearly linear complexity � O(n · α ( n)), where α ( n) is the inverse Ackermann’s function, α (2132) < 4 � Scalable � Less precise than Andersen-style, thus more 14

  15. Steensgaard-Style Pointer Analysis � Key idea: maintain a set of disjoint sets and supports two operations: � FIND(x): return the set containing x � UNION(x, y): union the two sets containing x and y 15

  16. Steensgaard-Style Pointer Analysis [Steensgaard1996POPL] 16

  17. Andersen vs. Steensgaard Style Pointer Analysis 17

  18. Andersen vs. Steensgaard Style Pointer Analysis 18

  19. Andersen vs. Steensgaard Style Pointer Analysis 19

  20. Andersen vs. Steensgaard Style Pointer Analysis 20

  21. Points-to Analyses Work in Real Data FlowProblems? 21

  22. Summary: Andersen vs. Steensgaard � Both are flow-insensitive and context-insensitive � Control flow information is not used, the order of statements is not considered � Differ in points-to set construction � Andersen-style: many out edges, one variable per node � Steensgaard-style: one out edge, many variables per node � Andersen-style: inclusion-based, subset-based � the slowest but most precise flow-insensitive algorithm � Steensgaard-style: equality-based, unification-based � the fastest but least precise 22

  23. Advanced point-to analysis The Horwitz-Shapiro Approach: 1997 POPL –Fast and Accurate Flow- 23 Insensitive Points-ToAnalysis

  24. Advanced point-to analysis 24

  25. Advanced point-to analysis 25

  26. Advanced point-to analysis 26

  27. Advanced point-to analysis 27

  28. Advanced point-to analysis 28

  29. Advanced point-to analysis 29

  30. Advanced point-to analysis 30

  31. Advanced point-to analysis 31

  32. Advanced point-to analysis 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller, Yannis Smaragdakis OOPSLA 2018 1 A New Pointer Analysis T echnique for Object-Oriented Programs 2 Pointer Analysis Determines which

841 views • 64 slides
Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias,

Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias,

Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias, which is equivalent to Steensgaard Today Alias analysis II (pointer analysis) Anderson Emami Next time Midterm review CS553

207 views • 8 slides
Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li and Jingling Xue SAS 2016 September, 2016 1 A New Pointer Analysis for Object-Oriented Programs 2 Pointer Analysis Determine which

965 views • 70 slides
CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu

CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu

CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu Rugina 8 Sep 2005 Pointer Analysis Informally: determine where pointers (or references) in the program may point to. Significant amount of

339 views • 21 slides
Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders

Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders

Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders Mller and Yannis Smaragdakis 1 Pointer Analysis Concept Which objects a variable may point to? Importance Fundamental for virtually

769 views • 54 slides
Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis)

Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis)

Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis) Next time More alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 2 Aliasing What is aliasing? When two expressions denote

265 views • 8 slides
Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University

Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University

Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University of Colorado at Boulder Michael Hind IBM T.J. Watson Research Center 1 Pointer analysis motivation Code a = new C( ); // G What does it do? b =

439 views • 30 slides
Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1 Aliasing What is aliasing? When two expressions denote the same mutable memory location e.g.,

812 views • 19 slides
Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and

Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and

Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and Katherine Yelick U.C. Berkeley A August 23, 2007 t 23 2007 1 Hierarchical Pointer Analysis Amir Kamil Background 2 Hierarchical Pointer Analysis

650 views • 41 slides
CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

Datalog CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference variable x, what are the classes of the objects that x refers to at runtime? We saw CHA and RTA Deal with polymorphic/virtual calls:

1.01k views • 54 slides
Laser Pointer Engineering Analysis Jeb Duncan, Eddie Hoopingarner, Cole Middlebrook, Michael

Laser Pointer Engineering Analysis Jeb Duncan, Eddie Hoopingarner, Cole Middlebrook, Michael

Laser Pointer Engineering Analysis Jeb Duncan, Eddie Hoopingarner, Cole Middlebrook, Michael Orrill 11/19/2013 Overview Background Concepts Chosen for analysis Structural Analysis Thermal Analysis Schedule Conclusion

544 views • 20 slides
Pointer Analysis CSE 501 Spring 15 Course Outline Sta8c

Pointer Analysis CSE 501 Spring 15 Course Outline Sta8c

Pointer Analysis CSE 501 Spring 15 Course Outline Sta8c analysis Dataflow and abstract interpreta8on We are here Applica8ons Beyond

515 views • 36 slides
A Probabilistic Pointer Analysis A Probabilistic Pointer Analysis for Speculative Optimization

A Probabilistic Pointer Analysis A Probabilistic Pointer Analysis for Speculative Optimization

A Probabilistic Pointer Analysis A Probabilistic Pointer Analysis for Speculative Optimization for Speculative Optimization Jeff DaSilva Jeff DaSilva Greg Steffan Greg Steffan Electrical and Computer Engineering Electrical and Computer

890 views • 38 slides
Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an

Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an

Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an integer as long as result is still within the bounds of the array Can subtract a pointer from another pointer iff both point to

140 views • 9 slides
CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs

CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs

Datalog CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs Static Analysis Tools Black-box Testing/Fuzzing 2 Coverity: a Static Analysis Company 3 Bug Report From Coverity Actual bug Path

701 views • 59 slides
Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer

Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer

Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer is a variable that stores a memory address. Pointers are used to store the addresses of other variables or memory items. Pointers are very

742 views • 23 slides
On the Computation and Communication Complexity of Parallel SGD with Dynamic Batch Sizes for

On the Computation and Communication Complexity of Parallel SGD with Dynamic Batch Sizes for

On the Computation and Communication Complexity of Parallel SGD with Dynamic Batch Sizes for Stochastic Non-Convex Optimization Poster @ Pacific Ballroom #103 Hao Yu , Rong Jin Machine Intelligence Technology Alibaba Group (US) Inc., Bellevue, WA

756 views • 23 slides
Nested QoS: Providing Flexible Performance in Shared IO Environment Hui Wang Peter Varman Rice

Nested QoS: Providing Flexible Performance in Shared IO Environment Hui Wang Peter Varman Rice

Nested QoS: Providing Flexible Performance in Shared IO Environment Hui Wang Peter Varman Rice University Houston, TX 1 Outline l Introduction l System model l Analysis l Evaluation l Conclusions and future work 2 Resource

402 views • 26 slides
Single photon sources using a coherently driven Rydberg atom gas David Petrosyan How to produce

Single photon sources using a coherently driven Rydberg atom gas David Petrosyan How to produce

Single photon sources using a coherently driven Rydberg atom gas David Petrosyan How to produce single photons? Using single emitter strongly coupled to a resonant cavity ( &lt; g ) e Excitation Cavity photon pulse s g How to produce

825 views • 16 slides
Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security Karim Eldefrawy Xavier Carpent Norrathep (Oak) Rattanavipanon Gene Tsudik University of California, Irvine SRI International Agenda

409 views • 38 slides
One year after: What are the implications of the new ESC/EAS LDL-c Guidelines for PCSK9i? Prof.

One year after: What are the implications of the new ESC/EAS LDL-c Guidelines for PCSK9i? Prof.

EBAC Accredited symposium during Digital ESC 2020 PCSK9i &amp; LDL-c: Guidelines, Practice &amp; Innovation: Review of facts and opportunities ESC virtual congress, August, 2020 One year after: What are the implications of the new ESC/EAS LDL-c

709 views • 23 slides
Opera.ng Systems History and Overview Por%ons of this material courtesy Profs. Wong and Stark

Opera.ng Systems History and Overview Por%ons of this material courtesy Profs. Wong and Stark

CSE 306: Opera.ng Systems Opera.ng Systems History and Overview Por%ons of this material courtesy Profs. Wong and Stark CSE 306: Opera.ng Systems So what is an OS? 2-2 CSE 306: Opera.ng Systems One view of an OS 2-3 CSE 306: Opera.ng

1.88k views • 55 slides
Biology: dompanine TD() Using a longer trajectory rather than single step: For a single step:

Biology: dompanine TD() Using a longer trajectory rather than single step: For a single step:

TD learning Biology: dompanine TD() Using a longer trajectory rather than single step: For a single step: The expected total Return from S on is: R(S) = r + V(S) For two steps: TD() n-step return at time t: Using a trajectory of

679 views • 32 slides
Use Cases Reference: Craig Larman, Applying UML and Patterns, Ch. 6 Use Case What it is:

Use Cases Reference: Craig Larman, Applying UML and Patterns, Ch. 6 Use Case What it is:

Use Cases Reference: Craig Larman, Applying UML and Patterns, Ch. 6 Use Case What it is: Text story Widely used to discover and record (mostly functional) requirements What is it about: Some actor(s) using a system to meet

431 views • 30 slides

More recommend