problems implementing a points to analysis to handle the
play

Problems Implementing a points-to analysis to handle the details of - PowerPoint PPT Presentation

Oct 07, 2022 •20 likes •610 views

Scaling Java Points-To Analysis Using S PARK (Soot Pointer Analysis Research Kit) Ond rej Lhot ak and Laurie Hendren Sable Research Group McGill University April 8th, 2003 p. 1/53 Problems Implementing a points-to analysis to

  1. Scaling Java Points-To Analysis Using S PARK (Soot Pointer Analysis Research Kit) Ondˇ rej Lhot´ ak and Laurie Hendren Sable Research Group McGill University April 8th, 2003 – p. 1/53

  2. Problems Implementing a points-to analysis to handle the details of Java is a lot of work. is difficult to do correctly. Research done on disparate implementations is often incomparable. – p. 2/53

  3. Objectives Develop a flexible, efficient framework for experimenting with variations in Java points-to analyses Demonstrate its usefulness with an empirical comparison of precision and efficiency of some of these variations – p. 3/53

  4. Outline Spark overview Empirical study Overall performance Uses of Spark Conclusion – p. 4/53

  5. Spark overview Part of Soot bytecode transformation and annotation framework [CC 00] [CC 01] Initial representation is Soot’s Jimple Typed [SAS 00] Three-address (only simple operations) Spark internal representation is Pointer Assignment Graph (PAG) Nodes for variables, allocation sites, field references Edges representing subset constraints – p. 5/53

  6. Spark overview Spark proceeds in three steps: Construct Simplify Propagate Jimple PAG PAG Points-to Sets Analysis variations expressed by building different PAGs for the same code This talk concentrates on flow-insensitive, subset-based variations – p. 6/53

  7. Empirical study Factors affecting precision Enforcing declared types Field reference representation Call graph construction Factors affecting only efficiency Pointer assignment graph simplification Set implementation Propagation algorithms – p. 7/53

  8. Declared types: ignore x : A Hierarchy A B C A x, z; y : B B y; x = new A(); y = new B(); y = (B) x; z : A z = y; – p. 8/53

  9. Declared types: ignore x : A Hierarchy A A B C A x, z; y : B B y; B x = new A(); y = new B(); y = (B) x; z : A z = y; – p. 8/53

  10. Declared types: ignore x : A Hierarchy A A B C A x, z; y : B B y; A B x = new A(); y = new B(); y = (B) x; z : A z = y; A B – p. 8/53

  11. Declared types: enforce after analysis [OOPSLA 00] [Rountev,Milanova,Ryder 01] x : A Hierarchy A A B C A x, z; y : B B y; A B x = new A(); y = new B(); y = (B) x; z : A z = y; A B – p. 9/53

  12. Declared types: enforce during analysis x : A Hierarchy A A B C A x, z; y : B B y; A B x = new A(); y = new B(); y = (B) x; z : A z = y; A B – p. 10/53

  13. Enforcing declared types ignoring types produces many large sets (> 1000 elements) of spurious points-to relationships in practice, enforcing types after analysis almost as precise as during analysis enforcing types during analysis prevents blowup during the analysis ignore slow less precise after analysis slow more precise during analysis fast more precise – p. 11/53

  14. Empirical study Factors affecting precision Enforcing declared types Field reference representation Call graph construction Factors affecting only efficiency Pointer assignment graph simplification Set implementation Propagation algorithms – p. 12/53

  15. Field representation Field references can be represented in different ways: field-sensitive distinguishes fields of different objects field-based ignores the base object, grouping all objects having the field together – p. 13/53

  16. Field-sensitive representation x y z A x, y, z; A1 A1 A2 B u, v, w; l1: x = new A(); y = x; u v A1.f l2: z = new A(); B B B u = new B(); x.f = u; v = y.f; w A2.f w = z.f; – p. 14/53

  17. Field-based representation x y z A x, y, z; A1 A1 A2 B u, v, w; l1: x = new A(); y = x; u v A.f l2: z = new A(); B B B u = new B(); x.f = u; v = y.f; w w = z.f; B – p. 15/53

  18. Field representation Field-sensitive requires iterating Field-based less precise, but possible in a single iteration Clever propagation algorithm can make speed difference very small field-based very fast less precise field-sensitive almost as fast more precise – p. 16/53

  19. Empirical study Factors affecting precision Enforcing declared types Field reference representation Call graph construction Factors affecting only efficiency Pointer assignment graph simplification Set implementation Propagation algorithms – p. 17/53

  20. Call graph construction An approximation of the call graph is required for points-to analysis It can be built ahead-of-time using an analysis such as Class Hierarchy Analysis on-the-fly during the analysis as actual types of receivers are computed – p. 18/53

  21. Call graph construction: CHA Hierarchy A B.foo() B C this x return B class B { foo() { . . . } } C.foo() class C this y { foo() { . . . } } return A x = new B(); A y = x.foo(); – p. 19/53

  22. Call graph construction: on-the-fly Hierarchy A B.foo() B C this x return B class B { foo() { . . . } } C.foo() class C this y { foo() { . . . } } return A x = new B(); A y = x.foo(); – p. 20/53

  23. Call graph construction: on-the-fly Hierarchy A B.foo() B C this x return B class B { foo() { . . . } } C.foo() class C this y { foo() { . . . } } return A x = new B(); A y = x.foo(); – p. 21/53

  24. Call graph construction Building call graph on-the-fly requires adding edges during propagation requires more iteration reduces simplification opportunities before propagation CHA call graph includes more spurious, unreachable methods than on-the-fly CHA fast less precise on-the-fly slow more precise – p. 22/53

  25. Empirical study Factors affecting precision Enforcing declared types Field reference representation Call graph construction Factors affecting only efficiency Pointer assignment graph simplification Set implementation Propagation algorithms – p. 23/53

  26. Pointer assignment graph simplification Groups of nodes can be merged [Rountev,Chandra 00] strongly-connected components single-entry subgraphs a b c d e f – p. 24/53

  27. Pointer assignment graph simplification Groups of nodes can be merged [Rountev,Chandra 00] strongly-connected components single-entry subgraphs a a b c d bcde e f f – p. 24/53

  28. Pointer assignment graph simplification Groups of nodes can be merged [Rountev,Chandra 00] strongly-connected components single-entry subgraphs a a b a b c d c d bcde e g e f f f h i – p. 24/53

  29. Pointer assignment graph simplification Groups of nodes can be merged [Rountev,Chandra 00] strongly-connected components single-entry subgraphs a a b a a b c d c d bcde bcdefg e g e f f f h i h i – p. 24/53

  30. Pointer assignment graph simplification Factors limiting simplification opportunities Enforcing declared types changes points-to sets On-the-fly call graph eliminates edges from initial pointer assignment graph – p. 25/53

  31. Pointer assignment graph simplification – p. 26/53

  32. Empirical study Factors affecting precision Enforcing declared types Field reference representation Call graph construction Factors affecting only efficiency Pointer assignment graph simplification Set implementation Propagation algorithms – p. 27/53

  33. Set implementation hash Using java.util.HashSet array Sorted array, binary search a b d bit Bit vector a b c d e f g h i j . . . x y z 1 1 0 1 0 0 0 0 0 0 . . . 0 0 0 hybrid Array for small sets Bit vector for large sets – p. 28/53

  34. Set implementation hash slow large array slow small bit fast large hybrid fast small In the above table, slow is up to 100 times slower than fast large is up to 3 times larger than small Set implementation is very important – p. 29/53

  35. Empirical study Factors affecting precision Enforcing declared types Field reference representation Call graph construction Factors affecting only efficiency Pointer assignment graph simplification Set implementation Propagation algorithms – p. 30/53

  36. Propagation algorithms: iterative repeat for each edge e propagate along e ; end for until no change Slightly more complicated to handle field references on-the-fly call graph – p. 31/53

  37. Propagation algorithms: worklist while worklist not empty do remove node n from worklist; for each edge e starting at n propagate along e ; add all affected nodes to worklist; end for end while – p. 32/53

  38. Propagation algorithms: worklist while worklist not empty do remove node n from worklist; for each edge e starting at n propagate along e ; add all affected nodes to worklist; end for end while With field references, difficult to determine affected nodes Very costly to determine all affected nodes due to of aliasing – p. 32/53

  39. Propagation algorithms: worklist repeat while worklist not empty do remove node n from worklist; for each edge e starting at n propagate along e ; add most affected nodes to worklist; end for end while propagate along all field reference edges; until no change Solution: find most affected nodes, and add outer loop to handle missed nodes – p. 33/53

  40. Propagation algorithms: incremental worklist x y A B C D – p. 34/53

  41. Propagation algorithms: incremental worklist x y A B C D A B C D 1st iteration: propagate { A , B , C , D } – p. 35/53

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 1/Chapter 1 a maximum of 4 points, and total maximum is 50 points. For problems

Lecture 1/Chapter 1 a maximum of 4 points, and total maximum is 50 points. For problems

Extra Credit Problems must be handed in by the following lecture. They must be your own individual work. Each is worth Lecture 1/Chapter 1 a maximum of 4 points, and total maximum is 50 points. For problems involving survey variables,

352 views • 7 slides
HACCP - Practical HACCP Hazard Analysis at Critical Control Points (HACCP) is a legal

HACCP - Practical HACCP Hazard Analysis at Critical Control Points (HACCP) is a legal

HACCP - Practical HACCP Hazard Analysis at Critical Control Points (HACCP) is a legal requirement It is a system that helps food business operators look at how they handle food and introduces procedures to make sure what they produce

554 views • 16 slides
Touchless Handle Touchless Handle | Product Vision Touchless Handle is a gesture-based way to

Touchless Handle Touchless Handle | Product Vision Touchless Handle is a gesture-based way to

Purple B Mockup Review Touchless Handle Touchless Handle | Product Vision Touchless Handle is a gesture-based way to quickly operate a bathroom stall door . Touchless Handle | Product Contract a gesture-based , hands-free way to what it is

446 views • 10 slides
What is points-to analysis? Informally: analysis determining what locations (objects) pointers

What is points-to analysis? Informally: analysis determining what locations (objects) pointers

4/5/2010 What is points-to analysis? Informally: analysis determining what locations (objects) pointers can point to Points-To Analysis Program main() { x = &a; Meeting 21, CSCI 5535, Spring 2010 y = &b; z = x; Guest Lecture:

484 views • 6 slides
An ensemble-based kernel le learning framework to handle data assimilation problems wit ith im

An ensemble-based kernel le learning framework to handle data assimilation problems wit ith im

An ensemble-based kernel le learning framework to handle data assimilation problems wit ith im imperfect forw rward simulators Xiaodong Luo, NORCE Outline Background and motivation An ensemble-based kernel algorithm for supervised

515 views • 35 slides
Implementing an SRM tool Implementing an SRM tool Business value & key success factors

Implementing an SRM tool Implementing an SRM tool Business value & key success factors

Implementing an SRM tool Implementing an SRM tool Business value & key success factors Perfect Club 25 April 2013 The functional Purchasing Information System loop Spend analysis Spend analysis Invoicing Invoicing Supplier Supplier

431 views • 14 slides
Cluster Analysis Objective: Group data points into classes of similar points based on a series of

Cluster Analysis Objective: Group data points into classes of similar points based on a series of

Multivariate Fundamentals: Distance Cluster Analysis Objective: Group data points into classes of similar points based on a series of variables Useful to find the true groups that are assumed to really exist, BUT if the analysis generates

179 views • 7 slides
Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian

Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian

Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian Tan, Yue Li and Jingling Xue PLDI 2017 June, 2017 1 A New Points-to Analysis T echnique for Object-Oriented Programs 2 Points-to Analysis

800 views • 68 slides
Rational points of definable sets and Diophantine problems Jonathan Pila University of Bristol

Rational points of definable sets and Diophantine problems Jonathan Pila University of Bristol

Rational points of definable sets and Diophantine problems Jonathan Pila University of Bristol MODNET Barcelona, 4 November 2008 Key points * Upper bounds for the number of rational points of height T on certain non-algebraic sets X

750 views • 48 slides
Geometric Problems with Imprecise Input Points Maarten L offler Marc van Kreveld Center for

Geometric Problems with Imprecise Input Points Maarten L offler Marc van Kreveld Center for

Geometric Problems with Imprecise Input Points Maarten L offler Marc van Kreveld Center for Geometry, Imaging and Virtual Environments Utrecht University 1-1 Overview Introduction Geometric problems Imprecise input points

753 views • 64 slides
Points-to Analysis using BDDs Marc Berndl, Ond rej Lhot ak , Feng Qian, Laurie Hendren,

Points-to Analysis using BDDs Marc Berndl, Ond rej Lhot ak , Feng Qian, Laurie Hendren,

Points-to Analysis using BDDs Marc Berndl, Ond rej Lhot ak , Feng Qian, Laurie Hendren, Navindra Umanee Sable Research Group McGill University June 9th, 2003 p. 1/53 Motivation Points-to analysis requires representing many large,

1.07k views • 57 slides
2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue

2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue

2. Adjustable Litter Handle Litter Handle for Search and Rescue 3,453 wilderness rescue operations in the US in 2017 Manual Carries More comfortable cooperation between rescuers of different heights Product Goals More ergonomic

456 views • 11 slides
The CEFR Levels: Key Points and Key Problems Brian North www.eurocentres.com The he Wo Worl

The CEFR Levels: Key Points and Key Problems Brian North www.eurocentres.com The he Wo Worl

The CEFR Levels: Key Points and Key Problems Brian North www.eurocentres.com The he Wo Worl rld of of Euroc rocent ntres res Over 20 schools worldwide E urope > Languages in cultural context > Educational foundation since 1960

850 views • 40 slides
Implementing a Basic Income Guarantee in Canada: Prospects and Problems Robin Boadway, Queens

Implementing a Basic Income Guarantee in Canada: Prospects and Problems Robin Boadway, Queens

Implementing a Basic Income Guarantee in Canada: Prospects and Problems Robin Boadway, Queens University Economics Seminar, Dalhousie University, Nov. 1, 2019 Based on a paper with Katherine Cuff and Kourtney Koebel written for CARE,

607 views • 36 slides
The method of viscosity solutions for analysis of singular diffusion problems appearing in

The method of viscosity solutions for analysis of singular diffusion problems appearing in

Mathematics for Nonlinear Phenomena: Analysis and Computation Sapporo, August 2015 The method of viscosity solutions for analysis of singular diffusion problems appearing in crystal growth problems Piotr Rybka Joint project with Y.Giga,

773 views • 36 slides
Implementing a Basic Income Guarantee in Canada: Prospects and Problems Robin Boadway Queens

Implementing a Basic Income Guarantee in Canada: Prospects and Problems Robin Boadway Queens

Implementing a Basic Income Guarantee in Canada: Prospects and Problems Robin Boadway Queens University Collaborative Applied Research in Economics Memorial University, November 14, 2018 In collaboration with Katherine Cuff and Kourtney

765 views • 35 slides
Exam 2 Review CS461/ECE422 Fall 2009 Exam guidelines Same as for first exam A single page

Exam 2 Review CS461/ECE422 Fall 2009 Exam guidelines Same as for first exam A single page

Exam 2 Review CS461/ECE422 Fall 2009 Exam guidelines Same as for first exam A single page of supplementary notes is allowed 8.5x11. Both sides. Write as small as you like. Closed book No calculator or other widgets.

481 views • 22 slides
Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Topics Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture 24 Phishing 13/11/2008 Firewall Censorship of the Internet 2 Examples Hacking or Cracking Virus Cracking = Subverting

462 views • 6 slides
1 Some Old Examples Some Recent Examples Western Digital House Keys Compromise went

1 Some Old Examples Some Recent Examples Western Digital House Keys Compromise went

Administrivia P561: Network Systems Fishnet Assignment #4 Week 9: Network Security Due next Monday, Dec 1 Final Exam Tom Anderson Handed out next Monday night (and by email) Ratul Mahajan Due Monday, 12/8, 11:59pm, no extensions

393 views • 11 slides
Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in

792 views • 25 slides
Tutorial Slides for Week 13 ENEL 353: Digital Circuits Fall 2014 Term Steve Norman, PhD, PEng

Tutorial Slides for Week 13 ENEL 353: Digital Circuits Fall 2014 Term Steve Norman, PhD, PEng

Tutorial Slides for Week 13 ENEL 353: Digital Circuits Fall 2014 Term Steve Norman, PhD, PEng Electrical & Computer Engineering Schulich School of Engineering University of Calgary 2 December, 2014 slide 2/9 ENEL 353 F14 T02 Tutorial

479 views • 9 slides
Detectors with high precision timing ( t ~ 10 ps = 3 mm light travel) Michael Albrow for T979

Detectors with high precision timing ( t ~ 10 ps = 3 mm light travel) Michael Albrow for T979

Detectors with high precision timing ( t ~ 10 ps = 3 mm light travel) Michael Albrow for T979 detector development & test beam project With Sergey Los, Erik Ramberg, Anatoly Ronzhin, Andriy Zatserklyaniy Classical particle timing

413 views • 5 slides
Gluino/squarks will be produced copiously at the LHC if the masses are less than 1 TeV.

Gluino/squarks will be produced copiously at the LHC if the masses are less than 1 TeV.

N ovel reconstruction technique for new physics with ISR Yasuhiro Shimizu( IIAIR, Tohoku) J.Alwall, K.Hiramatsu, M.M.Nojiri, Y.S, PRL:103(2009)151802 2010/5/10-13@Madison,WI 1 Introduction Gluino/squarks will be produced copiously at

581 views • 14 slides
Overview General Principles of Pipelining Goal Computer Architecture: Pipelining

Overview General Principles of Pipelining Goal Computer Architecture: Pipelining

Overview General Principles of Pipelining Goal Computer Architecture: Pipelining Difficulties Creating a Pipelined Y86-64 Processor CSci 2021: Machine Architecture and Organization Rearranging SEQ March 25th-27th, 2020 Inserting

558 views • 6 slides

More recommend