making context sensitive points to analysis with heap
play

Making Context-sensitive Points-to Analysis with Heap Cloning - PowerPoint PPT Presentation

Oct 31, 2023 •266 likes •556 views

Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris Lattner Andrew Lenharth Vikram Adve Apple UIUC UIUC What is Heap Cloning? Distinguish objects by acyclic call path void foo() { list*

  1. Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris Lattner Andrew Lenharth Vikram Adve Apple UIUC UIUC

  2. What is Heap Cloning? Distinguish objects by acyclic call path void foo() { list* mkList(int num) { c1: list* L1 = mkList(10); list* L = NULL; c2: list* L2 = mkList(10); while (--num) } list_1: L = new list(L); } Without heap cloning: With heap cloning: Lists are allocated in a common Disjoint data structure place so they are the same list instances are discovered list_1 c1/list_1 c2/list_1 L1 L2 L1 L2

  3. Why Heap Cloning? ● Discover disjoint data structure instances – able to process and/or optimize each instance ● More precise alias analysis ● Important in discovering coarse grain parallelism* ● More precise shape analysis? But widely considered non-scalable and rarely used * Ryoo et. al., HiPEAC '06

  4. Some Uses of Our Analysis Data Structure Analysis (DSA) is well tested, used for major program transformations ● Automatic Pool Allocation – PLDI 2005 – Best Paper ● Pointer Compression – MSP 2005 ● SAFECode – PLDI 2006 ● Less conservative GC ● Per-instance profiling ● Alias Analysis – optimizations that use alias results Available at llvm.org

  5. Key Contributions Heap cloning (with unification) can be scalable and fast ● Many algorithmic choices, optimizations necessary – We measure several of them ● Sound and useful analysis on incomplete programs ● New techniques – Fine-grained completeness tracking solves 3 practical issues – Call graph discovery during analysis, no iteration – New engineering optimizations

  6. Outline ● Algorithm overview ● Results summary ● Optimizations and their effectiveness

  7. Design Decisions Fast analysis and scalable for production compilers! Improves Speed, Improves Precision Hurts Precision Scalable Algorithms Scalable Algorithms Common Design of Common Design of ● Unification based ● Flow insensitive ● Field sensitive ● Drop context-sensitivity ● Context sensitive ● Heap cloning in SCCs of call graph ● Fine-grained completeness ● Use-based type inferencing for C

  8. DS Graph Properties {G,H,S,U} : Storage Each pointer field has a int Z; class single outgoing edge void twoLists() { list *X = makeList(10); list *Y = makeList(100); addGToList(X); int: GMRC Y X addGToList(Y); Z freeList(X); freeList(Y); } list: HMRC list: HMRC Object type list* int list* int Field-sensitive for “type-safe” nodes These data have been proven (a) disjoint ; (b) confined within twoLists()

  9. Algorithm Fly-by 3 Phase Algorithm ● Local – Field-sensitive intra-procedural summary graph ● Bottom-up on SCCs of the call graph – Clone and inline callees into callers – summary of full effects of calling the function ● Top-down on SCCs of the call graph – Clone and inline callers into callees

  10. Completeness A graph node is complete if we can prove we have seen all operations on its objects 1. Support incomplete programs 2. Safely speculate on type safety 3. Construct call graph incrementally

  11. Incompleteness - Sources Incompleteness is a transitive closure starting from escaping memory: Externally visible globals list* ExternGV; static int LocalGV; Return values and arguments int* escaping_fun(list*) {...} of escaping functions static int* local_fun(list*) { ... Return value and arguments x = extern_fun(L1); of external or unresolved ... } indirect calls

  12. Call Graph Discovery ● Discover call targets in a context-sensitive way ● Incompleteness ensures correctness of points-to graphs with unresolved call sites ● SCCs may be formed by resolving an indirect call – Key insight: safe to process SCC even if some of its functions are already processed – See paper for details

  13. Methodology ● Benchmarks: Benchmark kLOC siod 12.8 – SPEC 95 and 2000 134.perl 26.9 – Linux 2.4.22 252.eon 35.8 – povray 3.1 – Ptrdist 255.vortex 67.2 ● Presenting 9 benchmarks with 254.gap 71.3 253.perlbmk 85.1 slowest analysis time povray31 108.3 – Except 147.vortex and 126.gcc 176.gcc 222.2 – Lots more in paper vmlinux 355.4 ● Machine: 1.7 Ghz AMD Athlon, 1 GB Ram

  14. Results - Speed < 5% of GCC -O3 time

  15. Results – Memory Usage

  16. Avoiding Bad Behavior ● Equivalence classes – Avoid N^2 space and time for globals not used in most functions ● Globals Graph* – Avoid N^2 replication of globals in nodes ● SCC collapsing* – Avoid recursive inlining – hurts precision ● Optimized Cloning and Merging* – Avoid lots of allocation traffic * used by others also

  17. Slowdowns – No Optimizations 21.8x 1x == fully optimized ` 7.5x

  18. No SCC Collapsing Naive Merging Optimizations Effects No Globals Graph No Equivalence Classes

  19. Results – By Size Speedup due to optimizations grows as program size does Average LOC Average Speedup Largest 4 programs 280k 10.8x Second largest 4 72k 4.4x Third largest 4 52k 2.7x Optimizations are essential for scalability, not just speed

  20. Summary ● Context sensitive analyses with heap cloning can be efficient enough for production compilers ● Sound and useful analysis is possible on incomplete programs ● Many optimizations necessary for speed and scalability

  21. Questions? Rob: Why heap cloning? Andrew: It's better than sheep cloning. Rob: Yes, heap cloning raises none of the ethical concerns of sheep cloning, and sometimes the sheep have strange developmental issues that you don't get with heap cloning.

  22. Related – Ruf Similarities Differences ● Unification ● Requires whole ● Heap cloning program ● Field sensitive ● For type safe language ● Globals graph ● Requires call graph ● Intelligent inlining – used context insensitive ● Drop context sensitivity in SCC

  23. Related – Liang (FICS) Similarities Differences ● Iterates during Bottom Up ● Unification ● No heap cloning ● Context sensitive ● Field sensitive ● Requires call graph

  24. Related – Liang (MOPPA) Similarities Differences ● Unification ● Iterates during Bottom Up ● Context sensitive ● Requires call graph or ● Field sensitive iterates to construct it ● Globals graph ● Memory intensive ● Heap Cloning

  25. Related - Whaley-Lam Similarities Differences ● Context sensitive ● Constraint solving algorithm ● Call graph is input to context-sensitive alg – discovered by context- insensitive alg ● For type safe language ● No heap cloning ● Much slower on similar hardware

  26. Related - Bodik Similarities Differences ● Context sensitive ● Subset based ● Heap cloning ● Requires call graph ● SCC collapsing ● Demand driven ● Requires whole program ● For type safe language ● Much slower on similar hardware

  27. Related - Nystron ● Top-down, bottom-up ● Subset based ● Some codes cause structure ● Context sensitive runtime explosion ● Heap cloning ● SCC collapsing ● Behavior of Globals stored in side structure

  28. Why Heap Cloning? Part 2! ● Rob: Why heap cloning? ● Andrew: It's better than sheep cloning. ● Rob: Yes, heap cloning raises none of the ethical concerns of sheep cloning, and sometimes the sheep have strange developmental issues that you don't get with heap cloning.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodk

Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodk

Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodk UC Berkeley PLDI 2006 1 What Does Refinement Buy You? Increased scalability: enable new clients Memory: orders of magnitude savings Time:

596 views • 18 slides
Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive

Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive

Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive Analysis To understand the input computation, a compiler/interpreter need to discover The types of values stored in each variable The types

576 views • 39 slides
Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian

Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian

Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian Tan, Yue Li and Jingling Xue PLDI 2017 June, 2017 1 A New Points-to Analysis T echnique for Object-Oriented Programs 2 Points-to Analysis

800 views • 68 slides
Datalog. by Franois Gauthier It all began with a qualifying exam Among the heap of papers I

Datalog. by Franois Gauthier It all began with a qualifying exam Among the heap of papers I

Simplified data-flow analysis with Datalog. by Franois Gauthier It all began with a qualifying exam Among the heap of papers I had to read, there was this one: Cloning-based context-sensitive pointer alias analysis using binary decision

578 views • 28 slides
Context Sensitive Solutions Context Context Sensitive Solutions (CSS) is a collaborative approach

Context Sensitive Solutions Context Context Sensitive Solutions (CSS) is a collaborative approach

June 17, 2014 Context Sensitive Solutions Context Context Sensitive Solutions (CSS) is a collaborative approach to transportation facility design and engineering that involves all stakeholders in the process of developing a solution that is

193 views • 3 slides
EDA045F: Program Analysis LECTURE 6: DATALOG Christoph Reichenbach In the last lecture. . .

EDA045F: Program Analysis LECTURE 6: DATALOG Christoph Reichenbach In the last lecture. . .

EDA045F: Program Analysis LECTURE 6: DATALOG Christoph Reichenbach In the last lecture. . . Pointer Analysis Points-To Analysis Alias Analysis Concrete Heap Graphs Abstract Heap Graphs Access Paths Heap Summarisation

822 views • 53 slides
Compiler Construction Lecture 10: Context-sensitive analysis 2020-02-11 Michael Engel Overview

Compiler Construction Lecture 10: Context-sensitive analysis 2020-02-11 Michael Engel Overview

Compiler Construction Lecture 10: Context-sensitive analysis 2020-02-11 Michael Engel Overview Where are we standing now? Theres more to languages than context-free grammars can describe From syntax to semantics

485 views • 23 slides
Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By Teryl Taylor , Kevin Z. Snow, Nathan Otterness and Fabian Monrose University of North Carolina at Chapel Hill Motivation PU Internet Get

686 views • 34 slides
Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li and Jingling Xue SAS 2016 September, 2016 1 A New Pointer Analysis for Object-Oriented Programs 2 Pointer Analysis Determine which

965 views • 70 slides
Oak Hill Parkway Oak Hill Parkway Context Sensitive Solutions CSS Workshop No. 1 October 9,

Oak Hill Parkway Oak Hill Parkway Context Sensitive Solutions CSS Workshop No. 1 October 9,

Oak Hill Parkway Oak Hill Parkway Context Sensitive Solutions CSS Workshop No. 1 October 9, 2014 Context Sensitive Solutions Context Sensitive Solutions Project Team TxDOT James Williams Jon Geiselbrecht Shirley Nichols CTRMA Melissa

485 views • 46 slides
Context Sensitivity Example of a CSG Informatics 2A: Lecture 26 2 Context in Programming

Context Sensitivity Example of a CSG Informatics 2A: Lecture 26 2 Context in Programming

Context Sensitive Grammars Context Sensitive Grammars Context in Programming Languages Context in Programming Languages Context in Natural Languages Context in Natural Languages 1 Context Sensitive Grammars Chomsky Hierarchy Context

160 views • 5 slides
Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2), Anshuman Singh(1), and Aleardo Manacero Jr.(2) (1)University of Louisiana at Lafayette, USA (2)Paulista State University (UNESP), Brazil PEPM 2010

309 views • 29 slides
Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics

Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics

Showing a language isnt context-free Context-sensitive languages Context-sensitivity in PLs Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics University of Edinburgh jrl@inf.ed.ac.uk 26 November

611 views • 24 slides
heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O (

heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O (

heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O ( n ) analysis via picture (learn) or using summations (know result) data structures and algorithms building a heap one-by-one in O ( n log n ) 2020

672 views • 7 slides
PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low

PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low

ERIE COUNTY DEPARTMENT OF SOCIAL SERVICES Program Overview PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low income households to reduce energy expense s. HEAP PROGRAMS Regular HEAP Available

531 views • 14 slides
PA PACE Programming Languages, Architecture and Compilers Education Laboratory Heap analysis

PA PACE Programming Languages, Architecture and Compilers Education Laboratory Heap analysis

Compare Less, Defer More Scaling Value-Contexts Based Whole-Program Heap Analyses Manas Thakur and V Krishna Nandivada CC 2019 PA PACE Programming Languages, Architecture and Compilers Education Laboratory Heap analysis Any analysis that

1.12k views • 78 slides
Welcome #sqlclone sqlclonefeedback@red-gate.com What problems do we face when provisioning

Welcome #sqlclone sqlclonefeedback@red-gate.com What problems do we face when provisioning

Welcome #sqlclone sqlclonefeedback@red-gate.com What problems do we face when provisioning databases? Grant Fritchey Problem: Realistic Data Matching production volumes Mirroring data distribution of real data Repeatable testing

967 views • 49 slides
Cloning Tools Photoshop Tutorials Introduction In a skilled and experienced hand, the cloning

Cloning Tools Photoshop Tutorials Introduction In a skilled and experienced hand, the cloning

Cloning Tools Photoshop Tutorials Introduction In a skilled and experienced hand, the cloning tools lead to phenomenal results. In the hands of a careless artist, Photoshop cloning can be disastrous to the credibility of the result. This

266 views • 25 slides
GROWING HE MP IN NE W ME XICO Ne w Me xic o He mp Se r vic e s F ull Se r vic e Co mpany

GROWING HE MP IN NE W ME XICO Ne w Me xic o He mp Se r vic e s F ull Se r vic e Co mpany

GROWING HE MP IN NE W ME XICO Ne w Me xic o He mp Se r vic e s F ull Se r vic e Co mpany fo r Ne w Me xic o He mp F ar me r s Pue r to de L una, Ne w Me xic o Impo r tant F ac to r s Asso c iate d with Ne w He mp Industr y

307 views • 27 slides
An Empirical Study of Long-Lived Code Clones Dongxiang Cai Hong Kong University of Science and

An Empirical Study of Long-Lived Code Clones Dongxiang Cai Hong Kong University of Science and

An Empirical Study of Long-Lived Code Clones Dongxiang Cai Hong Kong University of Science and Technology Miryung Kim* The University of Texas at Austin Fundamental Approaches in Software Engineering 2011 Synopsis We hypothesize that the

875 views • 54 slides
How to Insert iTunes Music into PPT Presentation Have you ever come across such problem that the

How to Insert iTunes Music into PPT Presentation Have you ever come across such problem that the

How to Insert iTunes Music into PPT Presentation How to Insert iTunes Music into PPT Presentation Have you ever come across such problem that the iTunes music cannot be imported into PPT presentation? The following article will show you a really

282 views • 3 slides
Responses of Microbial Communities to Increases in Nitrogen Loads in Salt Marshes Jennifer L.

Responses of Microbial Communities to Increases in Nitrogen Loads in Salt Marshes Jennifer L.

Responses of Microbial Communities to Increases in Nitrogen Loads in Salt Marshes Jennifer L. Bowen University of Massachusetts Boston ! Symposium on C/N Cycling and Ecosystem Valuation of Tidal Wetlands in the Northeast Waquoit Bay National

406 views • 8 slides
Technology Coordinator Webinar Illinois State Board of Education January 31, 2018 Whole Child

Technology Coordinator Webinar Illinois State Board of Education January 31, 2018 Whole Child

Technology Coordinator Webinar Illinois State Board of Education January 31, 2018 Whole Child Whole School Whole Community PARCC 2018 Administration Window March 5, 2018 to April 20, 2018 Check with your District Test Coordinator

881 views • 32 slides
4/2/2019 EOY LPACs Presentation for Teachers 1 4/2/2019 Composition of the LPAC The LPAC is

4/2/2019 EOY LPACs Presentation for Teachers 1 4/2/2019 Composition of the LPAC The LPAC is

4/2/2019 EOY LPACs Presentation for Teachers 1 4/2/2019 Composition of the LPAC The LPAC is composed of a: Elementary -Campus Administrator -Certified Bilingual Educator -LPAC Parent -Special Education Rep Secondary -Campus

582 views • 6 slides

More recommend