points to analysis using bdds
play

Points-to Analysis using BDDs Marc Berndl, Ond rej Lhot ak , Feng - PowerPoint PPT Presentation

Feb 01, 2023 •487 likes •1.07k views

Points-to Analysis using BDDs Marc Berndl, Ond rej Lhot ak , Feng Qian, Laurie Hendren, Navindra Umanee Sable Research Group McGill University June 9th, 2003 p. 1/53 Motivation Points-to analysis requires representing many large,

  1. Points-to Analysis using BDDs Marc Berndl, Ondˇ rej Lhot´ ak , Feng Qian, Laurie Hendren, Navindra Umanee Sable Research Group McGill University June 9th, 2003 – p. 1/53

  2. Motivation Points-to analysis requires representing many large, often similar sets Binary decision diagrams (BDDs) provide compact representation of large sets with similarities PTA ? BDD – p. 2/53

  3. Background Points-to analysis [Landi 92] [Andersen 94] [Emami 94] [Wilson 95] [Steensgaard 96] [Shapiro 97] [Aiken 98] [Fähndrich 98] [Ghiya 98] [Choi 99] [Das 00] [Hind 00] [Ruf 00] [Sundaresan 00] [Tip 00] [Heintze 01] [Liang 01] [Rountev 01] [Vivien 01] [Milanova 02] [Su 02] [Whaley 02] [Lhoták 03] and more. . . BDDs [Bryant 92] [Burch 94] and many, many more. . . Program analysis using BDDs [Sias 00] [Manevich 02] [Ball 03] – p. 3/53

  4. Talk Outline Introduction Points-to analysis BDDs BDD-PTA algorithm Performance tuning Bit ordering Incrementalization Overall performance Conclusions and future work – p. 4/53

  5. Overview Designed a subset-based Java points-to algorithm using BDDs Implemented it using BuDDy BDD library Compared performance of BDD-based solver with hand-tuned Spark solver on identical input constraints Spark solver is very efficient compared to other Java points-to solvers [CC 03] BuDDy: provided by Jørn Lind-Nielsen at http://www.itu.dk/research/buddy – p. 5/53

  6. Simple points-to analysis example X: a = new O(); Y: b = new O(); Z: c = new O(); a = b; b = a; c = b; Points-to set: { } – p. 6/53

  7. Simple points-to analysis example X: a = new O(); Y: b = new O(); Z: c = new O(); a = b; b = a; c = b; Points-to set: { (a,X) (b,Y) (c,Z) } – p. 6/53

  8. Simple points-to analysis example X: a = new O(); Y: b = new O(); Z: c = new O(); a = b; b = a; c = b; Points-to set: { (a,X) (b,Y) (c,Z) (a,Y) } – p. 6/53

  9. Simple points-to analysis example X: a = new O(); Y: b = new O(); Z: c = new O(); a = b; b = a; c = b; Points-to set: { (a,X) (b,Y) (c,Z) (a,Y) (b,X) } – p. 6/53

  10. Simple points-to analysis example X: a = new O(); Y: b = new O(); Z: c = new O(); a = b; b = a; c = b; Points-to set: { (a,X) (b,Y) (c,Z) (a,Y) (b,X) (c,X) (c,Y) } – p. 6/53

  11. ✁ ☎ ☎ ✄ BDD representation A BDD is a compact representation of a set of bit strings We encode our analysis using bit strings: a 00 X 00 b 01 Y 01 c 10 Z 10 Domains: V H �✂✁ �✂✄ (a,Y) 00 01 – p. 7/53

  12. ☎ ✄ � ✄ ☎ ✄ ✁ ✄ ☎ ✄ ☎ ✄ ☎ ✄ ☎ ☎ � ✄ ☎ ✄ ☎ ✁ ☎ ✁ ☎ ✁ ☎ ✁ ☎ ☎ ✄ ✁ BDD representation a/X 00 b/Y 01 �✂✁ c/Z 10 �✂✄ �✂✄ V H (a,X) 00 00 (a,Y) 00 01 (b,X) 01 00 (b,Y) 01 01 (c,X) 10 00 (c,Y) 10 01 1 0 (c,Z) 10 10 – p. 8/53

  13. ☎ ✄ � ✄ ☎ ✄ ✁ ✄ ☎ ✄ ☎ ✄ ☎ ✄ ☎ ☎ � ✄ ☎ ✄ ☎ ✁ ☎ ✁ ☎ ✁ ☎ ✁ ☎ ☎ ✄ ✁ BDD representation a/X 00 b/Y 01 �✂✁ c/Z 10 �✂✄ �✂✄ V H (a,X) 00 00 (a,Y) 00 01 (b,X) 01 00 (b,Y) 01 01 (c,X) 10 00 (c,Y) 10 01 1 0 (c,Z) 10 10 – p. 9/53

  14. ✁ ☎ � ✄ ☎ ✁ ✄ ☎ � ✁ ✁ ☎ ✁ ☎ ✁ ☎ ☎ ✄ BDD representation a/X 00 b/Y 01 �✂✁ c/Z 10 �✂✄ �✂✄ V H (a,X) 00 00 (a,Y) 00 01 (b,X) 01 00 (b,Y) 01 01 (c,X) 10 00 (c,Y) 10 01 1 0 (c,Z) 10 10 – p. 10/53

  15. ✁ ☎ � ✄ ☎ ✁ ✄ ☎ � ✁ ✁ ☎ ✁ ☎ ✁ ☎ ☎ ✄ BDD representation a/X 00 b/Y 01 �✂✁ c/Z 10 �✂✄ �✂✄ V H (a,X) 00 00 (a,Y) 00 01 (b,X) 01 00 (b,Y) 01 01 (c,X) 10 00 (c,Y) 10 01 1 0 (c,Z) 10 10 – p. 11/53

  16. � ✁ � ✄ ☎ ✁ ✁ ☎ ✄ ☎ ✁ ☎ ✁ ☎ ☎ ✄ BDD representation a/X 00 b/Y 01 �✂✁ c/Z 10 �✂✄ �✂✄ V H (a,X) 00 00 (a,Y) 00 01 (b,X) 01 00 (b,Y) 01 01 (c,X) 10 00 (c,Y) 10 01 1 0 (c,Z) 10 10 – p. 12/53

  17. � ✁ � ✄ ☎ ✁ ✁ ☎ ✄ ☎ ✁ ☎ ✁ ☎ ☎ ✄ BDD representation a/X 00 b/Y 01 �✂✁ c/Z 10 �✂✄ �✂✄ V H (a,X) 00 00 (a,Y) 00 01 (b,X) 01 00 (b,Y) 01 01 (c,X) 10 00 (c,Y) 10 01 1 0 (c,Z) 10 10 – p. 13/53

  18. ☎ � ✄ ☎ ✁ ☎ ✁ ☎ ✄ ✄ ☎ ✁ � ✁ Reduced BDD representation a/X 00 b/Y 01 �✂✁ c/Z 10 �✂✄ V H (a,X) 00 00 (a,Y) 00 01 (b,X) 01 00 (b,Y) 01 01 (c,X) 10 00 (c,Y) 10 01 1 0 (c,Z) 10 10 – p. 14/53

  19. ✡ ✁ ✍ ✌ ✌ ✁ ✟ ✞ ✆ ☞✌ ✡☛ ✠ ✟ ✞ ✝✞ ✁ ✠ ✡ ✆ ✆ ✁✆ ☎ ✍ ✡ ✎ BDD operations Set operations ( ) �✂✁ ✄✂✁ Relational product ( }) a b a c b c Replace – changing bit order in a specific BDD a c a c Cost of operations proportional to number of nodes in BDD, not size of set represented – p. 15/53

  20. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c H1 X Y Z – p. 16/53

  21. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) relprod (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c H1 X Y Z – p. 17/53

  22. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) relprod (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c b H1 X Y Z X – p. 18/53

  23. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) relprod (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c b H1 X Y Z X – p. 19/53

  24. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) relprod (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c b H1 X Y Z X – p. 20/53

  25. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) relprod (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c b a c H1 X Y Z X Y Y – p. 21/53

  26. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c b a c H1 X Y Z X Y Y – p. 22/53

  27. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) replace (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b V2 a b c b a c H1 X Y Z X Y Y – p. 23/53

  28. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) replace (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b b a c V2 a b c H1 X Y Z X Y Y – p. 24/53

  29. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) (c,Z) (b c) Domains Points-to Edges New points-to V1 a b c b a b b a c V2 a b c H1 X Y Z X Y Y – p. 25/53

  30. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) (c,Z) (b c) union Domains Points-to Edges New points-to V1 a b c b a b b a c V2 a b c H1 X Y Z X Y Y – p. 26/53

  31. Propagating points-to sets X: a = new O(); a = b; Y: b = new O(); b = a; Z: c = new O(); c = b; (a,X) (b a) (b,Y) (a b) (c,Z) (b c) union Domains Points-to Edges New V1 a b c b a c b a b V2 a b c H1 X Y Z X Y Y – p. 27/53

  32. Talk Outline Introduction Points-to analysis BDDs BDD-PTA algorithm Performance tuning Bit ordering Incrementalization Overall performance Conclusions and future work – p. 28/53

  33. ✆ ✞ ✟ ✁ ☎ ✞ ✝ ✞ ✡ ✞ ✟ ✞ ✡ ✞ ✝ � ✠ ✆ ✏ ✌ ✁ ✆ ☎ ✌ ✝ ✞ ✝ ✠ � ✑ ✌ ✟ ✌ ☎ ✁ �☎ � ✆ ✝ ✞ ✟ ✟ ✁ ✝ ✁ ✟ ✁ ✝ ✌ ✎ � ☎ ✝ ✞ ✞ ✟ ✞ ✡ ✡ ✌ ✆ ✆ ☞ ✠ BDDs used ✁✄✂ ✑✓✒ simple assignments points-to relation for ( := ) variables ✠☛✡ ✠☛☞ ( points to ) ✆✍✌ field stores ( := ) points-to relation for ✠☛✡ ✠☛☞ object fields ( points to ) field loads ( := ) ✠☛✡ ✠☛☞ 5 domains needed: – p. 29/53

  34. Overall algorithm initialize repeat repeat (1) process simple assignments until no change (2) process field stores (3) process field loads until no change – p. 30/53

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute

Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute

Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 24 Module 1: Introduction to BDDs 2 / 24 Model-checking Transition Systems + Properties + NuSMV State-space Bchi

835 views • 81 slides
Using BDDs to capture data in Runtime verification (RV) [HP18] Per Ove Ringdal November 29, 2019

Using BDDs to capture data in Runtime verification (RV) [HP18] Per Ove Ringdal November 29, 2019

Using BDDs to capture data in Runtime verification (RV) [HP18] Per Ove Ringdal November 29, 2019 Contents Motivation Syntax and semantics of QTL QTL Example An Efficient Algorithm Using BDDs Summary References Verifying file operations

622 views • 35 slides
Problems Implementing a points-to analysis to handle the details of Java is a lot of work. is

Problems Implementing a points-to analysis to handle the details of Java is a lot of work. is

Scaling Java Points-To Analysis Using S PARK (Soot Pointer Analysis Research Kit) Ond rej Lhot ak and Laurie Hendren Sable Research Group McGill University April 8th, 2003 p. 1/53 Problems Implementing a points-to analysis to

610 views • 59 slides
Binary decision diagrams (BDDs) Compact representation of a logic function ROBDDs

Binary decision diagrams (BDDs) Compact representation of a logic function ROBDDs

Binary decision diagrams (BDDs) Compact representation of a logic function ROBDDs (reduced ordered BDDs) are a canonical representation: equivalence of ROBDDs implies that the functions are identical Example: f = abc +

161 views • 4 slides
What is points-to analysis? Informally: analysis determining what locations (objects) pointers

What is points-to analysis? Informally: analysis determining what locations (objects) pointers

4/5/2010 What is points-to analysis? Informally: analysis determining what locations (objects) pointers can point to Points-To Analysis Program main() { x = &a; Meeting 21, CSCI 5535, Spring 2010 y = &b; z = x; Guest Lecture:

484 views • 6 slides
Cluster Analysis Objective: Group data points into classes of similar points based on a series of

Cluster Analysis Objective: Group data points into classes of similar points based on a series of

Multivariate Fundamentals: Distance Cluster Analysis Objective: Group data points into classes of similar points based on a series of variables Useful to find the true groups that are assumed to really exist, BUT if the analysis generates

179 views • 7 slides
Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian

Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian

Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian Tan, Yue Li and Jingling Xue PLDI 2017 June, 2017 1 A New Points-to Analysis T echnique for Object-Oriented Programs 2 Points-to Analysis

800 views • 68 slides
Representing integer multiplication using BDDs Hvard Raddum and Srimathi Varadharajan

Representing integer multiplication using BDDs Hvard Raddum and Srimathi Varadharajan

Representing integer multiplication using BDDs Hvard Raddum and Srimathi Varadharajan Simula@UiB What is a BDD? Can be defined and understood in different ways Only one description given here BDD explained A BDD is a directed acyclic

613 views • 32 slides
Compiling Bayesian Networks by Symbolic Probability Calculation Based on Zero-suppressed BDDs

Compiling Bayesian Networks by Symbolic Probability Calculation Based on Zero-suppressed BDDs

Compiling Bayesian Networks by Symbolic Probability Calculation Based on Zero-suppressed BDDs Shin-ichi Minato Ken Satoh Taisuke Sato Div. of Computer Science National Institute of Informatics Dept. of Computer Science Hokkaido University

461 views • 6 slides
Edge Detection (points and lines too) Image analysis Image Analysis Derive

Edge Detection (points and lines too) Image analysis Image Analysis Derive

Edge Detection (points and lines too) Image analysis Image Analysis Derive features from an image segment an image into its constituent parts or objects how and why depends on application Segmentation Hard

243 views • 22 slides
Formal Verifjcation Lecture 8: Operations on Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 8: Operations on Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 8: Operations on Binary Decision Diagrams (BDDs) Jacques Fleuriot jdf@inf..ac.uk Diagrams from Huth & Ryan, LiCS, 2nd Ed. Recap reduce , apply , restrict , exists Previously: (Reduced, Ordered) Binary

567 views • 33 slides
Formal Verifjcation Lecture 7: Introduction to Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 7: Introduction to Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 7: Introduction to Binary Decision Diagrams (BDDs) Jacques Fleuriot jdf@inf.ac.uk Diagrams from Huth & Ryan, 2nd Ed. Recap Previously: CTL and LTL Model Checking algorithms Tiis time: Binary

232 views • 21 slides
Alias and Points-to Analysis Alan Mycroft Computer Laboratory, Cambridge University

Alias and Points-to Analysis Alan Mycroft Computer Laboratory, Cambridge University

UNIVERSITY OF CAMBRIDGE Alias and Points-to Analysis Alan Mycroft Computer Laboratory, Cambridge University http://www.cl.cam.ac.uk/teaching/current/OptComp Lecture 13a[may be updated for 2011] Alias and Points-to Analysis 1 Lecture 13a

423 views • 14 slides
OC-3072 Packet Classification Using BDDs and Pipelined SRAMs Amit Prakash Adnan Aziz Department

OC-3072 Packet Classification Using BDDs and Pipelined SRAMs Amit Prakash Adnan Aziz Department

OC-3072 Packet Classification Using BDDs and Pipelined SRAMs Amit Prakash Adnan Aziz Department of Electrical and Computer Engineering The University of Texas at Austin adnan@ece.utexas.edu prakash Abstract We focus on one of the

80 views • 6 slides
2016 IMPACT ANALYSIS Sponsored by: Presented by: KEY POINTS KEY POINTS You Are Not the Target

2016 IMPACT ANALYSIS Sponsored by: Presented by: KEY POINTS KEY POINTS You Are Not the Target

2016 IMPACT ANALYSIS Sponsored by: Presented by: KEY POINTS KEY POINTS You Are Not the Target Audience KEY POINTS You Are Not the Target Audience Donors Do Not Read Everything KEY POINTS You Are Not the Target Audience Donors Do Not Read

1.43k views • 95 slides
Instance-wise Points-to Analysis for Loop- based Dependence Testing Peng Wu 1 , Paul Feautrier 2 ,

Instance-wise Points-to Analysis for Loop- based Dependence Testing Peng Wu 1 , Paul Feautrier 2 ,

Instance-wise Points-to Analysis for Loop- based Dependence Testing Peng Wu 1 , Paul Feautrier 2 , David Padua 3 , Zehra Sura 3 IBM TJ Watson Research Center 1 INRIA, France 2 University of Illinois, Urbana-Champaign 3 What is Pointer Analysis? !

776 views • 19 slides
BDD End-to-end Browser-Testing mit Node.js Entwicklertag Frankfurt 2016 10.3.2016 Markus

BDD End-to-end Browser-Testing mit Node.js Entwicklertag Frankfurt 2016 10.3.2016 Markus

BDD End-to-end Browser-Testing mit Node.js Entwicklertag Frankfurt 2016 10.3.2016 Markus Tacker Channeller of Technological Obscurities (CTO) @coderbyheart cto.hiv Turning organizations into entrepreneurial networks The way to

493 views • 15 slides
Beam Condition Monitor Introduction Martin Bieker on behalf of the Dortmund BCM group BCM / WPE

Beam Condition Monitor Introduction Martin Bieker on behalf of the Dortmund BCM group BCM / WPE

Beam Condition Monitor Introduction Martin Bieker on behalf of the Dortmund BCM group BCM / WPE introduction meeting 06.07 .2020 Motivation LHCb Experiment at the LHC Sensitive detectors close the high energy LHC beams Susceptible

650 views • 15 slides
Can Autonomous Vehicles Identify, Recover From, Rowan github.com/OATML/carsuite Yarin Sergey

Can Autonomous Vehicles Identify, Recover From, Rowan github.com/OATML/carsuite Yarin Sergey

Can Autonomous Vehicles Identify, Recover From, Rowan github.com/OATML/carsuite Yarin Sergey and Adapt to Distribution Shifts? Nick Angelos Panos ICML 2020 Tigkas Filos McAllister Rhinehart Levine Gal equal

584 views • 56 slides
Comprehensive tools and models for addressing exposure to mixtures during environmental

Comprehensive tools and models for addressing exposure to mixtures during environmental

https://superfund.tamu.edu/ Comprehensive tools and models for addressing exposure to mixtures during environmental emergency-related contamination events Texas A&M University Superfund Research Center (2017-2022): Comprehensive tools and

807 views • 15 slides
1 Prof. S. Ben-Yaakov , DC-DC Converters [2- 4] Buck t on In this case S t off R V in C D

1 Prof. S. Ben-Yaakov , DC-DC Converters [2- 4] Buck t on In this case S t off R V in C D

Prof. S. Ben-Yaakov , DC-DC Converters [2- 1] BUCK, BOOST, BUCK-BOOST, DCM 2.1 Buck converter 2.1.1 Operation modes 2.1.2 Voltage transfer function 2.1.3 Current modes (CCM, DCM) 2.1.4 Capacitor current 2.2 Boost converter 2.2.1 Operation

843 views • 18 slides
ESS#linac#beam#instrumenta0on#and# its#challenges# Benjamin#Cheymol# #

ESS#linac#beam#instrumenta0on#and# its#challenges# Benjamin#Cheymol# #

ESS#linac#beam#instrumenta0on#and# its#challenges# Benjamin#Cheymol# # European#Spalla0on#Source# Uppsala#U.# 16#June#2015# Outline# Introduc0on# Linac#Beam#diagnos0c# Beam#loss#detec0on## General#diagnos0c#suit#for#ESS#

503 views • 38 slides
2 Binary Decision Diagrams 2. Binary Decision Diagrams Verification Technology Content 2.1 BDD

2 Binary Decision Diagrams 2. Binary Decision Diagrams Verification Technology Content 2.1 BDD

Fachgebiet Rechnersysteme 2. Binary Decision Diagrams 1 2 Binary Decision Diagrams 2. Binary Decision Diagrams Verification Technology Content 2.1 BDD concepts 2 2 Variable orderings 2.2 Variable orderings 2.3 OBDD algorithms 2 4 FDDs

1.76k views • 165 slides
Transport Alex Haffner, Dave Wagstaff & Angeliki Gkogka System Operator What we will cover

Transport Alex Haffner, Dave Wagstaff & Angeliki Gkogka System Operator What we will cover

Welcome Transport Alex Haffner, Dave Wagstaff & Angeliki Gkogka System Operator What we will cover today Recent changes in transport sector Internal combustion engine reductions Annual energy demand from road transport

370 views • 22 slides

More recommend