refinement based context sensitive points to analysis for
play

Refinement-Based Context-Sensitive Points-To Analysis for Java Manu - PowerPoint PPT Presentation

Mar 23, 2024 •400 likes •596 views

Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodk UC Berkeley PLDI 2006 1 What Does Refinement Buy You? Increased scalability: enable new clients Memory: orders of magnitude savings Time:

  1. Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodík UC Berkeley PLDI 2006 1

  2. What Does Refinement Buy You? Increased scalability: enable new clients • Memory: orders of magnitude savings • Time: answer for a variable comes back in 1 second • ) Suitable for IDE Cast Safety Client Precision : 2

  3. Approach: Focus on the Client Demand-driven: only do requested work Client-driven refinement: stop when client satisfied Example: • client asks: “can x point to o?” • we refine until we answer NO (the good answer) or we time out 3

  4. Context-Sensitive Analysis Costly Context-sensitive analysis (def): • Compute result as if all calls inlined • But, collapse recursive methods Exponential blowup (code growth) 4

  5. Why Not Existing Technique? Most analyses approximate same way in all code • E.g., k-CFA • Precision lost, esp. for data structures Our analysis focuses precision where it matters • Fully precise in the limit • Only small amount of code analyzed precisely • First refinement algorithm for Java 5

  6. Points-To Analysis Overview Compute objects each variable can point to For each var x, points-to set pt(x) Model objects with abstract locations 1: x = new Foo() yields pt(x) = { o 1 } Flow-insensitive: statements in any order 6

  7. Points-To Analysis as CFL-Reachability 1) Assignments x = new Obj(); // o 1 y = new Obj(); // o 2 z = x; o 1 x z a 2) Method calls ( 1 [ f ) 1 id(p) { return p; } ] f a = id(x); d c p id ret id b = id(y); [ g ) 2 ( 2 3) Heap accesses o 2 y b c.f = x; c.g = y; d = c.f; pt(x) = { o | o flowsTo x } flowsTo : path exists flowsTo : balanced call and field parens flowsTo : balanced call parens 7

  8. Summary of Formulation Graph represents program Compute reachability with two filters • Language of balanced call parens • Language of balanced field parens 8

  9. Single path problem … … t 9 t 7 ] j [ p t 8 ) 8 t 6 … t 5 ) 5 ( 7 ( 1 ) 1 o t 0 t 1 t 2 x [ h [ f t 12 ] k [ f ( 1 ) 1 [ h ] g o 2 t 10 Problem: show path is unbalanced t 11 Goal: reduce number of visited edges Insight: enough to find one unbalanced paren 9

  10. Approximation via Match Edges o t 0 t 1 t 2 t 3 t 4 x [ g ] h [ f [ h ] j ] f [ f [ g [ h ] h ] j ] f Match edges connect matched field parens • From source of open to sink of close • Initially, all pairs connected Use match edges to skip subpaths 10

  11. Refining the Approximation o t 0 t 1 t 3 t 4 x [ g [ f ] j ] f [ f [ g [ h ] h ] j ] f Refine by removing some match edges • Exposes more of original path for checking Soundness: Traverse match edge ) assume field parens balanced on skipped path Remove where unbalanced parens expected • Explore deeper levels of pointer indirection 11

  12. Refinement With Both Languages ( 2 ) 3 ( 1 ) 1 o t 0 t 1 t 2 t 3 t 4 t 5 t 6 x [ g ] g ] f [ f Fields: [ f [ g ] g ] f Calls: ( 1 ) 1 ( 2 ) 3 Match edges enable approximation of calls • Only can check calls on match-free subpaths Match edge removal ) more call checking • Key point: refine heap and calls together 12

  13. Evaluation 13

  14. Experimental Configuration Implemented in Soot framework Tested on large benchmarks x 2 clients • SPECjvm98, Dacapo suite • Downcast checking, factory method props Refine context-insensitive result Timeout for long-running queries 14

  15. Precision: Cast Checking 15

  16. Scalability: Time and Memory Average query time less than 1 second • Interactive performance (for IDE) • At most 13 minutes for casts, 4 minutes for factory client Very low memory usage: at most 35MB • Of this, 30MB for context-insensitive result • Compare with >2GB for 1-ObjSens analysis 16

  17. Demand-Driven vs. Exhaustive Demand advantage: no caching required • Hence, low memory overhead • No engineering of efficient sets • Good for changing code; just re-compute Demand advantage: faster for many clients • Often only care about some variables Demand disadvantage: slower querying all vars • At most 90 minutes for all app. vars • But, still good precision, memory 17

  18. Conclusions Novel refinement-based analysis • More precise for tested clients • Interactive performance for queries • Low memory: could scale even more • Relatively easy to implement Insight: refine heap and calls together • Useful for other balanced-paren analyses? 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive

Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive

Context-sensitive Analysis Attribute Grammar And Type Checking cs5363 1 Context-Sensitive Analysis To understand the input computation, a compiler/interpreter need to discover The types of values stored in each variable The types

576 views • 39 slides
Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris

Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris

Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris Lattner Andrew Lenharth Vikram Adve Apple UIUC UIUC What is Heap Cloning? Distinguish objects by acyclic call path void foo() { list*

556 views • 28 slides
Context Sensitive Solutions Context Context Sensitive Solutions (CSS) is a collaborative approach

Context Sensitive Solutions Context Context Sensitive Solutions (CSS) is a collaborative approach

June 17, 2014 Context Sensitive Solutions Context Context Sensitive Solutions (CSS) is a collaborative approach to transportation facility design and engineering that involves all stakeholders in the process of developing a solution that is

193 views • 3 slides
Compiler Construction Lecture 10: Context-sensitive analysis 2020-02-11 Michael Engel Overview

Compiler Construction Lecture 10: Context-sensitive analysis 2020-02-11 Michael Engel Overview

Compiler Construction Lecture 10: Context-sensitive analysis 2020-02-11 Michael Engel Overview Where are we standing now? Theres more to languages than context-free grammars can describe From syntax to semantics

485 views • 23 slides
Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By Teryl Taylor , Kevin Z. Snow, Nathan Otterness and Fabian Monrose University of North Carolina at Chapel Hill Motivation PU Internet Get

686 views • 34 slides
Oak Hill Parkway Oak Hill Parkway Context Sensitive Solutions CSS Workshop No. 1 October 9,

Oak Hill Parkway Oak Hill Parkway Context Sensitive Solutions CSS Workshop No. 1 October 9,

Oak Hill Parkway Oak Hill Parkway Context Sensitive Solutions CSS Workshop No. 1 October 9, 2014 Context Sensitive Solutions Context Sensitive Solutions Project Team TxDOT James Williams Jon Geiselbrecht Shirley Nichols CTRMA Melissa

485 views • 46 slides
Context Sensitivity Example of a CSG Informatics 2A: Lecture 26 2 Context in Programming

Context Sensitivity Example of a CSG Informatics 2A: Lecture 26 2 Context in Programming

Context Sensitive Grammars Context Sensitive Grammars Context in Programming Languages Context in Programming Languages Context in Natural Languages Context in Natural Languages 1 Context Sensitive Grammars Chomsky Hierarchy Context

160 views • 5 slides
Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2), Anshuman Singh(1), and Aleardo Manacero Jr.(2) (1)University of Louisiana at Lafayette, USA (2)Paulista State University (UNESP), Brazil PEPM 2010

309 views • 29 slides
Towards a context-sensitive and goal- based health workforce planning in Europe Varna

Towards a context-sensitive and goal- based health workforce planning in Europe Varna

How can countries learn from each other in Health Workforce Planning? Towards a context-sensitive and goal- based health workforce planning in Europe Varna Conference, February 2016 Ronald Batenburg NIVEL 2 This presentation is based on:

684 views • 22 slides
Cluster Analysis Objective: Group data points into classes of similar points based on a series of

Cluster Analysis Objective: Group data points into classes of similar points based on a series of

Multivariate Fundamentals: Distance Cluster Analysis Objective: Group data points into classes of similar points based on a series of variables Useful to find the true groups that are assumed to really exist, BUT if the analysis generates

179 views • 7 slides
Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics

Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics

Showing a language isnt context-free Context-sensitive languages Context-sensitivity in PLs Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics University of Edinburgh jrl@inf.ed.ac.uk 26 November

611 views • 24 slides
Planning? Towards a context-sensitive and goal-based health workforce planning in Europe Ronald

Planning? Towards a context-sensitive and goal-based health workforce planning in Europe Ronald

How can countries learn from each other in Health Workforce Planning? Towards a context-sensitive and goal-based health workforce planning in Europe Ronald Batenburg NIVEL 2 This presentation is based on: Starting question and perspective

585 views • 20 slides
Refinement-based Exact Response-Time Analysis Martin Stigge Uppsala University, Sweden Joint

Refinement-based Exact Response-Time Analysis Martin Stigge Uppsala University, Sweden Joint

Refinement-based Exact Response-Time Analysis Martin Stigge Uppsala University, Sweden Joint work with Nan Guan and Wang Yi Response-Time Analysis Response time Useful for Schedulability analysis Jitters in larger systems . . .

659 views • 52 slides
Project Background Designing Walkable Urban Thoroughfares: A Context Sensitive Approach

Project Background Designing Walkable Urban Thoroughfares: A Context Sensitive Approach

Project Background Designing Walkable Urban Thoroughfares: A Context Sensitive Approach (2010) Produced by FHWA/EPA/CNU/ ITE Recommended Practice, focus on new ideas and needs @CompleteStreets Implementing Context Sensitive Design

1.54k views • 124 slides
Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics

Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics

Showing a language isnt context-free Context-sensitive languages Context-sensitivity in PLs Context-sensitivity in natural language Context-sensitive languages Informatics 2A: Lecture 28 John Longley School of Informatics University of

472 views • 16 slides
Context-sensitive languages Informatics 2A: Lecture 28 Alex Simpson School of Informatics

Context-sensitive languages Informatics 2A: Lecture 28 Alex Simpson School of Informatics

Showing a language isnt context-free Context-sensitive languages Context-sensitivity in natural language Context-sensitivity in PLs Context-sensitive languages Informatics 2A: Lecture 28 Alex Simpson School of Informatics University of

360 views • 25 slides
events at ProtoDUNE with PandoraPFA Pantelis Melas, Niki Saoulidou 17/10/2019 2 2 Outline

events at ProtoDUNE with PandoraPFA Pantelis Melas, Niki Saoulidou 17/10/2019 2 2 Outline

1 1 Studies of Beam and Cosmic events at ProtoDUNE with PandoraPFA Pantelis Melas, Niki Saoulidou 17/10/2019 2 2 Outline Preliminary results on analyzing beam and cosmic events: - Selection and analysis of good beam events

369 views • 36 slides
Semi-Online Bipartite Matching Zoya Svitkina with Ravi Kumar, Manish Purohit, Aaron Schild, Erik

Semi-Online Bipartite Matching Zoya Svitkina with Ravi Kumar, Manish Purohit, Aaron Schild, Erik

Semi-Online Bipartite Matching Zoya Svitkina with Ravi Kumar, Manish Purohit, Aaron Schild, Erik Vee Google TTIC Summer Workshop on Learning-Based Algorithms August 13, 2019 Semi-online algorithms Future is partly known, partly adversarial

513 views • 24 slides
Bring it to Pitch: Combining Video and Movement Data to Enhance Team Sport Analysis Presenter:

Bring it to Pitch: Combining Video and Movement Data to Enhance Team Sport Analysis Presenter:

Bring it to Pitch: Combining Video and Movement Data to Enhance Team Sport Analysis Presenter: Zixiao Zhang Nov.28th 2017 A Single Frame from a Soccer Match Video Sample Visualization In this presentation How designers think from the

551 views • 23 slides
NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway Content Terminology Replay Attack Intro to NFC Relay Attack EMV Flow Process Extracting

1.09k views • 65 slides
ISPD 2006 Arjun Rajagopal Arjun Rajagopal Dallas DSP Design Dallas DSP Design Texas

ISPD 2006 Arjun Rajagopal Arjun Rajagopal Dallas DSP Design Dallas DSP Design Texas

Clock Tree Design for Robust Low power design ISPD 2006 Arjun Rajagopal Arjun Rajagopal Dallas DSP Design Dallas DSP Design Texas Instruments Texas Instruments Outline Clock Tree Design Goals Definition of Balanced clock tree

2.06k views • 23 slides
Compiler Construction Lecture 4: Lexical Analysis III (Practical Aspects) Thomas Noll Lehrstuhl

Compiler Construction Lecture 4: Lexical Analysis III (Practical Aspects) Thomas Noll Lehrstuhl

Compiler Construction Lecture 4: Lexical Analysis III (Practical Aspects) Thomas Noll Lehrstuhl f ur Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de http://moves.rwth-aachen.de/teaching/ss-14/cc14/ Summer Semester

731 views • 26 slides
Navigating Government Support Financial Resources for BC Not-For-Profits Presenting from the

Navigating Government Support Financial Resources for BC Not-For-Profits Presenting from the

Navigating Government Support Financial Resources for BC Not-For-Profits Presenting from the unceded territory of the Coast Salish Peoples, including that of the xmkwym (Musqueam), Skwxw7mesh (Squamish), and Sllwta

587 views • 48 slides
Coordinating Supply and Demand on an On-demand Service Platform with Impatient Customers

Coordinating Supply and Demand on an On-demand Service Platform with Impatient Customers

Coordinating Supply and Demand on an On-demand Service Platform with Impatient Customers Speaker: Jiaru Bai, UC Irvine, The Paul Merage School of Business Co-authors: Rick So, UC Irvine, Chris Tang, UCLA , Xiqun Chen, Zhejiang University, Hai

464 views • 35 slides

More recommend