pointer analysis in the presence of dynamic class loading
play

Pointer Analysis in the Presence of Dynamic Class Loading Martin - PowerPoint PPT Presentation

Oct 31, 2023 •123 likes •439 views

Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University of Colorado at Boulder Michael Hind IBM T.J. Watson Research Center 1 Pointer analysis motivation Code a = new C( ); // G What does it do? b =

  1. Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University of Colorado at Boulder Michael Hind IBM T.J. Watson Research Center 1

  2. Pointer analysis motivation Code a = new C( ); // G What does it do? b = new C( ); // H a = b ; a . f = b ; Points-to sets What is it good for? pointsTo ( a ) == { G,H } pointsTo ( b ) == { H } Code browsing pointsTo ( G . f ) == { H } Tools Code transformations pointsTo ( H.f ) == { H } Error detection Clients Devirtualization Optimizations Load elimination Parallelization Connectivity-based garbage collection 2

  3. Static flow- and context-insensitive pointer analysis by Andersen Analysis components Analysis data structures Call graph builder Code Constraint finder Method compilation Constraint propagator Points-to sets Constraint graph Clients 3

  4. Static analysis can not deal with all of Java • Class loading may be implicitly triggered by any … – Constructor call – Static field access – Static method call • Classes may come from the web or be generated on the fly � Pretending a “static world” fails for most real-world applications 4

  5. Java challenges Analysis components Analysis data structures 1. Online call Call graph builder graph building Constraint finder Method compilation 3. Unresolved 4. Reflection and types native code 2. Re-propagation Constraint propagator Constraint graph Clients 5

  6. 1. Online call graph building caller a = x.m ( b ); callee A:: m ( c ) { return d ; } 6

  7. 1. Online call graph building caller a = x.m ( b ); e = y.m ( f ); callee A:: m ( c ) { return d ; } 7

  8. 1. Online call graph building caller a = x.m ( b ); e = y.m ( f ); callee A:: m ( c ) { B:: m ( g ) { return d ; return h ; } } 8

  9. Architecture for online call graph building Analysis components Analysis data structures Call graph builder Caller/callee look-up Constraint finder Method compilation Constraint propagator Constraint graph Clients 9

  10. Java challenges Analysis components Analysis data structures Call graph builder Caller/callee look-up Constraint finder Method compilation 3. Unresolved 4. Reflection and types native code 2. Re-propagation Constraint propagator Constraint graph Clients 10

  11. 2. Focused re-propagation Code Points-to sets a = new C( ); // G pointsTo ( a ) == { G } b = new C( ); // H pointsTo ( b ) == { H } a.f = b ; pointsTo ( G . f ) == { H } pointsTo ( H . f ) == { } a = b ; 11

  12. 2. Focused re-propagation Code Points-to sets a = new C( ); // G pointsTo ( a ) == { G ,H } b = new C( ); // H pointsTo ( b ) == { H } a.f = b ; pointsTo ( G . f ) == { H } pointsTo ( H . f ) == { } a = b ; 12

  13. 2. Focused re-propagation Code Points-to sets a = new C( ); // G pointsTo ( a ) == { G ,H } b = new C( ); // H pointsTo ( b ) == { H } a.f = b ; pointsTo ( G . f ) == { H } pointsTo ( H . f ) == { H } a = b ; 13

  14. Architecture for focused re-propagation Analysis components Analysis data structures Call graph builder Caller/callee look-up Constraint finder Method compilation Propagator worklist Constraint propagator Constraint graph Clients 14

  15. Java challenges Analysis components Analysis data structures Call graph builder Caller/callee look-up Constraint finder Method compilation 3. Unresolved 4. Reflection and types native code Propagator worklist Constraint propagator Constraint graph Clients 15

  16. 3. Unresolved types X x = …; caller a = x.m ( b ); ? Can X have a subclass that inherits m from Y ? callee Y:: m ( c ) { ! Cannot tell before X is return d ; resolved! } 16

  17. Architecture for managing unresolved types Virtual machine events Analysis components Analysis data structures Call graph builder Caller/callee look-up Constraint finder Deferred constraints Method compilation Resolution manager Propagator worklist Constraint propagator Type resolution Constraint graph Clients 17

  18. Java challenges Virtual machine events Analysis components Analysis data structures Call graph builder Caller/callee look-up Constraint finder Deferred constraints Method compilation 4. Reflection and Resolution manager native code Propagator worklist Constraint propagator Type resolution Constraint graph Clients 18

  19. 4. Reflection and native code Reflection Field f = B. class . getField (“…”); B b = …; f . set ( b , v ); Native code Java-side code Native-side code 00100101 a = b . m ( c ); 01001110 10010011 Object VM_JNIFunctions. 01001001 CallObjectMethod ( method , args ) { 10001111 return method . invoke ( args ); 10001111 } 00100101 19

  20. Architecture for dealing with reflection and native code Virtual machine events Analysis components Analysis data structures Call graph builder Caller/callee look-up Constraint finder Deferred constraints Method compilation Reflection execution Resolution manager Propagator worklist Native code execution Constraint propagator Type resolution Constraint graph Clients 20

  21. Other events leading to constraints Virtual machine events Analysis components Analysis data structures Building and start-up Call graph builder Caller/callee look-up Bytecode attributes Constraint finder Deferred constraints Method compilation Reflection execution Resolution manager Propagator worklist Native code execution Constraint propagator Type resolution Constraint graph Clients 21

  22. Clients using our pointer analysis Virtual machine events Analysis components Analysis data structures Call graph builder Building and start-up Caller/callee look-up Bytecode attributes Constraint finder Deferred constraints Method compilation Reflection execution Resolution manager Propagator worklist Native code execution Constraint propagator Type resolution Constraint graph Clients 22

  23. Dealing with invalidated results Many techniques from prior work – Guard optimized code (extant analysis) – Pre-existence based inlining – On-stack replacement – and more Connectivity-based garbage collection – Trigger propagator only before collection – Merge partitions if necessary 23

  24. Evaluation methodology Java virtual machine – Jikes RVM from IBM, is itself written in Java Benchmarks – SPECjvm98 suite, xalan, hsql Results not comparable to static analysis – Analyze more code: Jikes RVM adds a lot of Java code – Analyze less code: Not all application classes get loaded 24

  25. Propagation cost Eager At GC At End Count Avg. Total Count Avg. Total Total hsql 391 10.1s 1h06m 6 1m17s 7m40s 7m07s jess 734 16.8s 3h26m 3 1m58s 5m53s 3m02s javac 1,103 12.5s 3h50m 5 1m54s 9m32s 6m27s xalan 1,726 11.2s 5h22m 1 2m01s 2m01s 7m45s � Eagerness trades off average cost against total cost � On average, focused re-propagation is much cheaper than full propagation � Total cost is a function of code size and propagator eagerness 25

  26. How long does a program have to run to amortize the analysis cost? Eager At GC At End Count Avg. Total Count Avg. Total Total hsql 391 10.1s 1h06m 6 1m17s 7m40s 7m07s jess 734 16.8s 3h26m 3 1m58s 5m53s 3m02s javac 1,103 12.5s 3h50m 5 1m54s 9m32s 6m27s xalan 1,726 11.2s 5h22m 1 2m01s 2m01s 7m45s � Long-running Overall analysis overhead Application applications runtime can amortize 10% 5% 2.5% not-too-eager 5m 50m 1h40m 3h20m analysis cost Analysis cost 15m 2h30m 5h 10h to amortize 1h 10h 20h 1d16h 26 5h 1d16h 4d04h 8d08h

  27. Validation Virtual machine events Analysis components Analysis data structures Call graph builder Building and start-up Caller/callee look-up Bytecode attributes Constraint finder Deferred constraints Method compilation Reflection execution Resolution manager Propagator worklist Native code execution Constraint propagator Type resolution Constraint graph Clients 27 Validation

  28. Validation • Piggy-back validation on garbage collection • For each pointer, check consistency with analysis results • Incorrect analysis would lead to tricky bugs in clients 28

  29. Related work Andersen’s analysis for “static Java” [RountevMilanovaRyder’01] [LiangPenningsHarrold’01] [WhaleyLam’02] [LhotakHendren’03] Weaker analyses with dynamic class loading DOIT – [PechtchanskiSarkar’01] XTA – [QianHendren’04] Ruf’s escape analysis – [BogdaSingh’01, King’03] Demand-driven / incremental analysis 29

  30. Conclusions • 1 st non-trivial pointer analysis for all of Java • Identified and solved the challenges: 1. Online call graph building 2. Focused re-propagation 3. Managing unresolved types 4. Reflection and native code • Evaluated efficiency • Validated correctness 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

Datalog CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference variable x, what are the classes of the objects that x refers to at runtime? We saw CHA and RTA Deal with polymorphic/virtual calls:

1.01k views • 54 slides
Pointers and memory Ch 9, 11.4, 13.1 & Appendix F Highlights - dynamic arrays Pointer to

Pointers and memory Ch 9, 11.4, 13.1 & Appendix F Highlights - dynamic arrays Pointer to

Pointers and memory Ch 9, 11.4, 13.1 & Appendix F Highlights - dynamic arrays Pointer to pointer You can have multiple stars next to types: Each star indicates how many arrows you need to follow before you find the variable int*** int**

605 views • 15 slides
Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller, Yannis Smaragdakis OOPSLA 2018 1 A New Pointer Analysis T echnique for Object-Oriented Programs 2 Pointer Analysis Determines which

841 views • 64 slides
Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias,

Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias,

Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias, which is equivalent to Steensgaard Today Alias analysis II (pointer analysis) Anderson Emami Next time Midterm review CS553

207 views • 8 slides
Dynamic Programming - II Algorithm : Design & Analysis [17] In the last class

Dynamic Programming - II Algorithm : Design & Analysis [17] In the last class

Dynamic Programming - II Algorithm : Design & Analysis [17] In the last class Recursion and Subproblem Graph Basic Idea of Dynamic Programming Least Cost of Matrix Multiplication Extracting Optimal Multiplication Order

666 views • 28 slides
Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li and Jingling Xue SAS 2016 September, 2016 1 A New Pointer Analysis for Object-Oriented Programs 2 Pointer Analysis Determine which

965 views • 70 slides
CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu

CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu

CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu Rugina 8 Sep 2005 Pointer Analysis Informally: determine where pointers (or references) in the program may point to. Significant amount of

339 views • 21 slides
Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders

Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders

Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders Mller and Yannis Smaragdakis 1 Pointer Analysis Concept Which objects a variable may point to? Importance Fundamental for virtually

769 views • 54 slides
Load Transmission to Foundation of GBS Dynamic Loading D.M. Masterson Chevron Canada

Load Transmission to Foundation of GBS Dynamic Loading D.M. Masterson Chevron Canada

Load Transmission to Foundation of GBS Dynamic Loading D.M. Masterson Chevron Canada Limited Calgary Canada 1 December 19 2012 When calculating the effects of dynamic or time varying ice loads applied to an offshore structure such

225 views • 18 slides
Graph Traversals Algorithm : Design & Analysis [11] In the last class Dynamic

Graph Traversals Algorithm : Design & Analysis [11] In the last class Dynamic

Graph Traversals Algorithm : Design & Analysis [11] In the last class Dynamic Equivalence Relation Implementing Dynamic Set by Union-Find Straight Union-Find Making Shorter Tree by Weighted Union Compressing Path by

572 views • 29 slides
MORE C Samira Khan Agenda Pointer vs array Using man page Structure and dynamic

MORE C Samira Khan Agenda Pointer vs array Using man page Structure and dynamic

MORE C Samira Khan Agenda Pointer vs array Using man page Structure and dynamic allocation Undefined behavior Into to instruction set architecture (ISA) Understanding Pointers & Arrays Variable Decl size int A1[3] 12

748 views • 46 slides
Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis)

Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis)

Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis) Next time More alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 2 Aliasing What is aliasing? When two expressions denote

265 views • 8 slides
CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong Focus of this

CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong Focus of this

CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong Focus of this lecture Terms and concepts Algorithms: Andersen-Style and Steensgaard-Style Advanced topics 2 What is Pointer/Alias/points-to Analysis?

347 views • 32 slides
1. We reviewed key points of pointer variables and dynamic variables 2. Lab2 review a) Its

1. We reviewed key points of pointer variables and dynamic variables 2. Lab2 review a) Its

CISC2200 Note 10/3/2019 1. We reviewed key points of pointer variables and dynamic variables 2. Lab2 review a) Its our own version of vector template (as provided in C++ STL). b) Discussion of generic data type In lab2, we do so by

278 views • 3 slides
PERFORMANCE OF P/M COMPONENTS DURING DYNAMIC LOADING Worcester Polytechnic Institute October

PERFORMANCE OF P/M COMPONENTS DURING DYNAMIC LOADING Worcester Polytechnic Institute October

PERFORMANCE OF P/M COMPONENTS DURING DYNAMIC LOADING Worcester Polytechnic Institute October 22-23, 2003 Diana Lados & Diran Apelian M orris B oorky P owder M etallurgy R esearch C enter OUTLINE Background (and examples of fatigue

643 views • 39 slides
Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1 Aliasing What is aliasing? When two expressions denote the same mutable memory location e.g.,

812 views • 19 slides
Network Core Mechanisms of Exponence 2 nd Network Meeting, January 2008 Bernd Wiese The

Network Core Mechanisms of Exponence 2 nd Network Meeting, January 2008 Bernd Wiese The

Network Core Mechanisms of Exponence 2 nd Network Meeting, January 2008 Bernd Wiese The form-function relation in German ablaut 1 Approaches to ablaut /teyk/ take ablaut forms listed in the word-and-paradigm lexicon /tuk/ take,

166 views • 4 slides
Te Teachings s of f th the Pro rophet t (s) s) Appreciating Appr ng Others on on Family

Te Teachings s of f th the Pro rophet t (s) s) Appreciating Appr ng Others on on Family

Todays Topic Te Teachings s of f th the Pro rophet t (s) s) Appreciating Appr ng Others on on Family y Re Relation onships Wh What are some me ways of appreciati ting people? Se Sessi ssion 3 (write your answers in the

463 views • 22 slides
Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael

Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael

Measuring Semantic Coherence of a Conversation Svitlana Vakulenko , Maarten de Rijke, Michael Cochez, Vadim Savenkov, Axel Polleres 6 JUNE 2018 Semantic coherence An essential property of a conversation, continuity of senses

950 views • 25 slides
Network Services on Service Extensible Routers Lukas Ruf Computer Engineering and Networks

Network Services on Service Extensible Routers Lukas Ruf Computer Engineering and Networks

Network Services on Service Extensible Routers Lukas Ruf Computer Engineering and Networks Laboratory (TIK) Swiss Federal Institute of Technology (ETH) Z urich IWAN 2005, Sophia-Antipolis. 22. November 2005 Generously supported by IBM

340 views • 21 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

777 views • 31 slides
Outline Probability Calculations Using the Normal Distribution (5.1) Linear Combinations

Outline Probability Calculations Using the Normal Distribution (5.1) Linear Combinations

12/21/2006 219323 Probability y and Statistics for Software and Knowledge Engineers Lecture 6: The Normal Distribution Monchai Sopitkamon, Ph.D. Outline Probability Calculations Using the Normal Distribution (5.1) Linear

590 views • 20 slides
STA 103: Probability and Statistical Inference Paul Marriott paul@stat.duke.edu 223C, Old

STA 103: Probability and Statistical Inference Paul Marriott paul@stat.duke.edu 223C, Old

STA 103: Probability and Statistical Inference Paul Marriott paul@stat.duke.edu 223C, Old Chemistry January 7, 2004 Syllabus Basic laws of probability - random events, independence and dependence, expectations, Bayes theorem. Discrete

716 views • 12 slides
Encoding Separation Logic in Coq and Its Application Reynald Affeldt Nicolas Marti AIST-RCIS

Encoding Separation Logic in Coq and Its Application Reynald Affeldt Nicolas Marti AIST-RCIS

Encoding Separation Logic in Coq and Its Application Reynald Affeldt Nicolas Marti AIST-RCIS University of Tokyo Research Project Verification of low-level software: Specialized operating systems Device drivers

284 views • 25 slides

More recommend