taming pointers
play

Taming Pointers A Symbolic Approach Jianwen Zhu - PowerPoint PPT Presentation

Apr 15, 2023 •413 likes •1.43k views

Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer Engineering University of Toronto 04 p.1/33 J. Zhu c Outline An Old Problem A New Strategy Taming Context Sensitivity Result and

  1. Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer Engineering University of Toronto � ’04 – p.1/33 J. Zhu c

  2. Outline An Old Problem A New Strategy Taming Context Sensitivity Result and Conclusion � ’04 – p.2/33 J. Zhu c

  3. What is Pointer Analysis char *g, a, h1, h2; 1 void main() { 2 char *p, *q; 3 S0: alloc( &p, &h1 ); 4 S1: p = getg( &q ); 5 S2: g = &a; 6 } 7 8 char* getg( char** r ) { 9 char **t; 10 S0: t = &g; 11 if( g == NULL ) 12 S1: alloc( t, &h2 ); 13 S2: *r = *t; 14 S3: return *r; 15 } 16 17 void alloc( char** f, char* h ) { 18 S0: *f = h; 19 } 20 � ’04 – p.3/33 J. Zhu c

  4. What is Pointer Analysis Program variables char *g, a, h1, h2; 1 void main() { 2 char *p, *q; 3 Named: globals/locals S0: alloc( &p, &h1 ); 4 S1: p = getg( &q ); 5 Anonymous: return/malloc S2: g = &a; 6 } 7 8 char* getg( char** r ) { 9 char **t; 10 S0: t = &g; 11 if( g == NULL ) 12 S1: alloc( t, &h2 ); 13 S2: *r = *t; 14 t g a S3: return *r; 15 } 16 17 return void alloc( char** f, char* h ) { 18 S0: *f = h; 19 } 20 p h2 q � ’04 – p.3/33 J. Zhu c

  5. What is Pointer Analysis Program variables char *g, a, h1, h2; 1 void main() { 2 char *p, *q; 3 Named: globals/locals S0: alloc( &p, &h1 ); 4 S1: p = getg( &q ); 5 Anonymous: return/malloc S2: g = &a; 6 } 7 8 char* getg( char** r ) { 9 char **t; 10 S0: t = &g; 11 Program state: Point-to graph if( g == NULL ) 12 S1: alloc( t, &h2 ); 13 S2: *r = *t; 14 t g a S3: return *r; 15 } 16 17 return void alloc( char** f, char* h ) { 18 S0: *f = h; 19 } 20 p h2 q � ’04 – p.3/33 J. Zhu c

  6. Why Do We Care: Silicon Compiler � ’04 – p.4/33 J. Zhu c

  7. Why Do We Care: Silicon Compiler � ’04 – p.4/33 J. Zhu c

  8. Why Do We Care: Silicon Compiler Fine-grained parallelism Coarse-grained parallelism Feed values to functional Feed data structures to units processors/cores Dependency test Disjoint data structure partition � ’04 – p.4/33 J. Zhu c

  9. Why Do We Care Fine-grained parallelism Coarse-grained parallelism Feed values to functional Feed data structures to units processors Dependency test Disjoint data structure partition � ’04 – p.5/33 J. Zhu c

  10. Precision Landscape Flow and Context char *g, a, h1, h2; 1 void main() { 2 Insensitive Analysis char *p, *q; 3 S0: alloc( &p, &h1 ); 4 S1: p = getg( &q ); 5 FICS Analysis S2: g = &a; 6 } 7 FSCS Analysis 8 char* getg( char** r ) { 9 char **t; 10 S0: t = &g; 11 if( g == NULL ) 12 S1: alloc( t, &h2 ); 13 S2: *r = *t; 14 S3: return *r; 15 } 16 17 void alloc( char** f, char* h ) { 18 S0: *f = h; 19 } 20 � ’04 – p.6/33 J. Zhu c

  11. Precision Landscape Flow and Context char *g, a, h1, h2; 1 void main() { 2 Insensitive Analysis char *p, *q; 3 S0: alloc( &p, &h1 ); 4 S1: p = getg( &q ); 5 FICS Analysis S2: g = &a; 6 } 7 FSCS Analysis 8 char* getg( char** r ) { 9 p char **t; 10 S0: t = &g; 11 a if( g == NULL ) 12 q S1: alloc( t, &h2 ); 13 h1 S2: *r = *t; 14 return S3: return *r; 15 } 16 h2 17 t g void alloc( char** f, char* h ) { 18 S0: *f = h; 19 } 20 � ’04 – p.6/33 J. Zhu c

  12. Precision Landscape Flow and Context char *g, a, h1, h2; 1 void main() { 2 Insensitive Analysis char *p, *q; 3 S0: alloc( &p, &h1 ); 4 S1: p = getg( &q ); 5 FICS Analysis S2: g = &a; 6 } 7 FSCS Analysis 8 char* getg( char** r ) { 9 return char **t; 10 S0: t = &g; 11 if( g == NULL ) 12 t g h2 S1: alloc( t, &h2 ); 13 S2: *r = *t; 14 q a S3: return *r; 15 } 16 17 p h1 void alloc( char** f, char* h ) { 18 S0: *f = h; 19 } 20 � ’04 – p.6/33 J. Zhu c

  13. Precision Landscape Flow and Context char *g, a, h1, h2; 1 void main() { 2 Insensitive Analysis char *p, *q; 3 S0: alloc( &p, &h1 ); 4 S1: p = getg( &q ); 5 FICS Analysis S2: g = &a; 6 } 7 FSCS Analysis 8 char* getg( char** r ) { 9 t g a char **t; 10 S0: t = &g; 11 if( g == NULL ) 12 return S1: alloc( t, &h2 ); 13 S2: *r = *t; 14 p h2 S3: return *r; 15 } 16 17 q void alloc( char** f, char* h ) { 18 S0: *f = h; 19 } 20 � ’04 – p.6/33 J. Zhu c

  14. Why Pointer Analysis is Hard Flow-sensitive analysis Context-sensitive analysis Theory: Chakaravarthy Evil of path POPL ’03 Practice: program state at every program point! Single procedure analysis W.T. dynamic mem W.O. dynamic mem Undecidable W.O. types W.T. types PSPACE-Complete Levels ≥ 2 Levels < 2 PSPACE-Complete in P � ’04 – p.7/33 J. Zhu c

  15. Why Pointer Analysis is Hard Flow-sensitive analysis Context-sensitive analysis Theory: Chakaravarthy Evil of path POPL ’03 getg Practice: program state at main alloc every program point! Single procedure analysis W.T. dynamic mem W.O. dynamic mem Undecidable W.O. types W.T. types PSPACE-Complete Levels ≥ 2 Levels < 2 PSPACE-Complete in P � ’04 – p.7/33 J. Zhu c

  16. Why Pointer Analysis is Hard Flow-sensitive analysis Context-sensitive analysis Theory: Chakaravarthy Evil of path POPL ’03 S1 S1 getg_1 alloc_2 Practice: program state at S0 main_1 every program point! alloc_1 Single procedure analysis W.T. dynamic mem W.O. dynamic mem Undecidable W.O. types W.T. types PSPACE-Complete Levels ≥ 2 Levels < 2 PSPACE-Complete in P � ’04 – p.7/33 J. Zhu c

  17. Why Pointer Analysis is Hard Flow-sensitive analysis Context-sensitive analysis Theory: Chakaravarthy Evil of path POPL ’03 Practice: program state at every program point! 10 15 10 14 10 13 Single procedure analysis 10 12 10 11 10 10 W.T. dynamic mem W.O. dynamic mem Undecidable 10 9 10 8 W.O. types 10 7 W.T. types PSPACE-Complete 10 6 10 5 Levels ≥ 2 Levels < 2 PSPACE-Complete in P 10 4 � ’04 – p.7/33 J. Zhu c

  18. Outline An Old Problem A New Strategy Taming Context Sensitivity Result and Conclusion � ’04 – p.8/33 J. Zhu c

  19. Representing Set Discrete set isomorphic to integer set Given a finite discrete domain D Sufficient to consider D = [0 , n − 1] Consider a set S in domain D : S ⊆ D Characteristic function λ S : D �→ { 0 , 1 } � 0 , if i / ∈ S λ S ( i ) = 1 , if i ∈ S � ’04 – p.9/33 J. Zhu c

  20. Binary Decision Diagram (BDD) D = [0 , 7] x 2 x 1 x 0 λ S S = { 3 , 5 , 7 } 0 0 0 0 λ S = x 2 x 1 x 0 + x 2 x 1 x 0 + x 2 x 1 x 0 0 0 1 0 0 1 0 0 0 1 1 1 1 0 0 0 1 0 1 1 1 1 0 0 1 1 1 1 � ’04 – p.10/33 J. Zhu c

  21. Binary Decision Diagram (BDD) D = [0 , 7] x 2 x 1 x 0 λ S S = { 3 , 5 , 7 } 0 0 0 0 λ S = x 2 x 1 x 0 + x 2 x 1 x 0 + x 2 x 1 x 0 0 0 1 0 0 1 0 0 x 2 0 0 0 0 1 1 1 1 0 1 1 1 x 1 0 0 1 1 0 0 1 1 1 0 0 0 0 1 0 1 0 1 0 1 x 0 1 0 1 1 1 1 0 0 0 0 0 1 0 1 0 1 λ S 1 1 1 1 � ’04 – p.10/33 J. Zhu c

  22. Binary Decision Diagram (BDD) D = [0 , 7] x 2 x 1 x 0 λ S S = { 3 , 5 , 7 } 0 0 0 0 λ S = x 2 x 1 x 0 + x 2 x 1 x 0 + x 2 x 1 x 0 0 0 1 0 0 1 0 0 x 2 0 0 0 0 1 1 1 1 0 1 1 1 x 1 0 0 1 1 0 0 1 1 1 0 0 0 0 1 0 1 0 1 0 1 x 0 1 0 1 1 1 1 0 0 0 0 0 1 0 1 0 1 λ S 1 1 1 1 � ’04 – p.10/33 J. Zhu c

  23. Reduced Ordered BDD (ROBDD) Reduction rules 0 0 0 0 1 1 1 1 x 2 (Bryant’86) 0 0 1 1 0 0 1 1 x 1 var in fixed order 0 1 0 1 0 1 0 1 x 0 λ S 0 0 0 1 0 1 0 1 � ’04 – p.11/33 J. Zhu c

  24. Reduced Ordered BDD (ROBDD) Reduction rules 0 0 0 0 1 1 1 1 x 2 (Bryant’86) 0 0 1 1 0 0 1 1 x 1 var in fixed order 0 1 0 1 0 1 0 1 x 0 f.then = g.then, f.else = g.else λ S 0 0 0 1 0 1 0 1 � ’04 – p.11/33 J. Zhu c

  25. Reduced Ordered BDD (ROBDD) Reduction rules 0 0 0 0 1 1 1 1 x 2 (Bryant’86) 0 0 1 1 0 0 1 1 x 1 var in fixed order 0 1 0 1 0 1 0 1 x 0 f.then = g.then, f.else = g.else λ S 0 0 0 1 0 1 0 1 � ’04 – p.11/33 J. Zhu c

  26. Reduced Ordered BDD (ROBDD) Reduction rules 0 0 0 0 1 1 1 1 x 2 (Bryant’86) 0 0 1 1 0 0 1 1 x 1 var in fixed order 0 1 0 1 0 1 0 1 x 0 f.then = g.then, f.else = g.else λ S 0 0 0 1 0 1 0 1 f.then = f.else � ’04 – p.11/33 J. Zhu c

  27. Reduced Ordered BDD (ROBDD) Reduction rules 0 0 0 0 1 1 1 1 x 2 (Bryant’86) 0 0 1 1 0 0 1 1 x 1 var in fixed order 0 1 0 1 0 1 0 1 x 0 f.then = g.then, f.else = g.else λ S 0 0 0 1 0 1 0 1 f.then = f.else � ’04 – p.11/33 J. Zhu c

  28. Reduced Ordered BDD (ROBDD) Reduction rules 0 0 0 0 1 1 1 1 x 2 (Bryant’86) 0 0 1 1 0 0 1 1 x 1 var in fixed order 0 1 0 1 0 1 0 1 x 0 f.then = g.then, f.else = g.else λ S 0 0 0 1 0 1 0 1 f.then = f.else Counterintuitive implications � ’04 – p.11/33 J. Zhu c

  29. Reduced Ordered BDD (ROBDD) Reduction rules 0 0 0 0 1 1 1 1 x 2 (Bryant’86) 0 0 1 1 0 0 1 1 x 1 var in fixed order 0 1 0 1 0 1 0 1 x 0 f.then = g.then, f.else = g.else λ S 0 0 0 1 0 1 0 1 f.then = f.else Counterintuitive implications Paths are evil! � ’04 – p.11/33 J. Zhu c

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4.

Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4.

Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4. Dynamic memory allocation 5. Arrays and vectors of pointers 6. Problem solving: draw a picture 7. Classes of objects 8. Pointers and objects

613 views • 21 slides
Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

The Code Liberation Foundation Lecture 5 Pointers Class Five You havent run screaming yet... Lets do pointers! pointers are one of the most powerful things about c++ A pointer is a variable that holds the address of another

608 views • 22 slides
Pointers III: Struct &amp; Pointers 1 Structures What is

Pointers III: Struct &amp; Pointers 1 Structures What is

Pointers III: Struct &amp; Pointers 1 Structures What is a structure? One or more values, called members, with possibly dissimilar types that are

531 views • 25 slides
Pointers III: Struct &amp; Pointers 1 Structures What is

Pointers III: Struct &amp; Pointers 1 Structures What is

Pointers III: Struct &amp; Pointers 1 Structures What is a structure? One or more values, called members, with possibly dissimilar types that are

444 views • 26 slides
Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1

Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1

Software Tool Seminar WS1516 - Taming the Snake November 4, 2015 1 Taming the Snake 1.1 Understanding how Python works in N simple steps (with N still growing) 1.2 Step 0. What this talk is about (and what it isnt) Four basic things you

266 views • 12 slides
Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3

Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3 programs; now we'll see them in C. Pointer Address of a variable in memory Allows us to indirectly access variables in other words,

1.1k views • 29 slides
Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers

Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers

Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers Arrays of Pointers Multiple Indirection Initializing Pointers Pointers to Functions Dynamic Memory Allocation 2 Types of Pointers

199 views • 19 slides
Pointers II 1 Outline Pointers arithmetic and others Functions &amp; pointers 2 Pointer

Pointers II 1 Outline Pointers arithmetic and others Functions &amp; pointers 2 Pointer

Pointers II 1 Outline Pointers arithmetic and others Functions &amp; pointers 2 Pointer Arithmetic When you add to or subtract from a pointer, the amount by which you do that is multiplied by the size of the type the pointer points

689 views • 33 slides
Today: C Pointers &amp; Arrays Understand str / ldr Understand C pointers ARM

Today: C Pointers &amp; Arrays Understand str / ldr Understand C pointers ARM

This week Assignment 1 due Tuesday: youll have proved your bare-metal mettle! Lab 2 prep do pre-lab reading! bring your tools Today: C Pointers &amp; Arrays Understand str / ldr Understand C pointers ARM addressing

520 views • 38 slides
Pointers to Functions C doesn t require that pointers point only to data; it s also

Pointers to Functions C doesn t require that pointers point only to data; it s also

Pointers to Functions C doesn t require that pointers point only to data; it s also possible to have pointers to functions. Pointers to Functions Function pointers point to memory addresses where functions are stored. o int (*fp)

240 views • 5 slides
Pointers &amp; Dynamic Memory Review C Pointers Introduce C++ Pointers Data Abstractions

Pointers &amp; Dynamic Memory Review C Pointers Introduce C++ Pointers Data Abstractions

Pointers &amp; Dynamic Memory Review C Pointers Introduce C++ Pointers Data Abstractions CSCI-2320 Dr. Tom Hicks Computer Science Department 2 Printing! Use Computer Science Printers Only For Your Computer Science Homework!!!! Print

1.19k views • 37 slides
Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our C programs; now we'll see how they are implemented in LC-3. Pointer Address of a variable in memory Allows us to indirectly access

343 views • 16 slides
CS162 - POINTERS Lecture: Pointers and Dynamic Memory What are pointers Why dynamically

CS162 - POINTERS Lecture: Pointers and Dynamic Memory What are pointers Why dynamically

CS162 - POINTERS Lecture: Pointers and Dynamic Memory What are pointers Why dynamically allocate memory How to dynamically allocate memory What about deallocation? Walk thru pointer exercises CS162 Pointers 1 CS162 -

477 views • 27 slides
C Programming for Engineers Pointers ICEN 360 Spring 2017 Prof. Dola Saha 1 Pointers

C Programming for Engineers Pointers ICEN 360 Spring 2017 Prof. Dola Saha 1 Pointers

C Programming for Engineers Pointers ICEN 360 Spring 2017 Prof. Dola Saha 1 Pointers Pointers are variables whose values are memory addresses . A variable name directly references a value, and a pointer indirectly references a value.

730 views • 29 slides
Programming for Engineers Pointers ICEN 200 Spring 2018 Prof. Dola Saha 1 Pointers

Programming for Engineers Pointers ICEN 200 Spring 2018 Prof. Dola Saha 1 Pointers

Programming for Engineers Pointers ICEN 200 Spring 2018 Prof. Dola Saha 1 Pointers Pointers are variables whose values are memory addresses . A variable name directly references a value, and a pointer indirectly references a value.

738 views • 28 slides
Pointers and Dynamic Memory Allocation Pointers 2 Pointers Pointer-type variables allow

Pointers and Dynamic Memory Allocation Pointers 2 Pointers Pointer-type variables allow

Pointers and Dynamic Memory Allocation Pointers 2 Pointers Pointer-type variables allow accessing memory in an indirect way. Memory Memory a a p int a; int a; int *p; a=10; p=&amp;a; *p=10; 3 Operators * and &amp;

325 views • 17 slides
Natural Language Understanding using Knowledge Bases and Random Walks Eneko Agirre

Natural Language Understanding using Knowledge Bases and Random Walks Eneko Agirre

Natural Language Understanding using Knowledge Bases and Random Walks Eneko Agirre ixa2.si.ehu.eus/eneko IXA NLP Group University of the Basque Country Darmstadt, 2015 Agirre (UBC) NLU using KBs and Random Walks Feb. 2015 1 / 43

894 views • 66 slides
The EMIN Project and the EU Roadmap for Adequate Minimum Income Schemes Ramn Pea-Casas

The EMIN Project and the EU Roadmap for Adequate Minimum Income Schemes Ramn Pea-Casas

The EMIN Project and the EU Roadmap for Adequate Minimum Income Schemes Ramn Pea-Casas European Social Observatory EAPN Cyprus Conference Building Consensus 1 Nicosia 26 September 2014 Content A. The EMIN project A.1 What is EMIN?

497 views • 25 slides
A proposal for an integrated approach between sentiment analysis and social network analysis

A proposal for an integrated approach between sentiment analysis and social network analysis

A proposal for an integrated approach between sentiment analysis and social network analysis Domenico De Stefano 1 and Francesco Santelli 1 1 Department of Political and Social Sciences, University of Trieste ddestefano@units.it

443 views • 21 slides
Sessions and Pipelines for Structured Service Programming Michele Boreale 1 Roberto Bruni 2 Rocco

Sessions and Pipelines for Structured Service Programming Michele Boreale 1 Roberto Bruni 2 Rocco

Sessions and Pipelines for Structured Service Programming Michele Boreale 1 Roberto Bruni 2 Rocco De Nicola 1 Michele Loreti 1 1 Dipartimento di Sistemi ed Informatica Universit` a di Firenze 2 Dipartimento di Informatica Universit` a di Pisa

706 views • 47 slides
PARTICIPATION IN NATIONAL MIRROR COMMITTEES AND ISO STANDARDS DEVELOPMENT COMMITTEES Presented by

PARTICIPATION IN NATIONAL MIRROR COMMITTEES AND ISO STANDARDS DEVELOPMENT COMMITTEES Presented by

PARTICIPATION IN NATIONAL MIRROR COMMITTEES AND ISO STANDARDS DEVELOPMENT COMMITTEES Presented by STEVEN P. CORNISH ANSI SENIOR DIRECTOR INTERNATIONAL POLICY BEIJING, PEOPLES REPUBLIC OF CHINA SEPTEMBER 22, 2015 MODULES OF THIS SESSION

772 views • 36 slides
REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm

REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm

REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm ANSI Workshop: Generating U.S. Input on the ISO Strategic Plan 20112015 June 2526, 2009 1 Management Systems Standards Key

1.02k views • 4 slides
ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002 Introduction ANSI X9.44 specifies key establishment schemes based on the RSA algorithm currently in draft form Schemes selected to reflect and

571 views • 11 slides
CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall 2014 CMPSC 311 - Introduction to Systems Programming UNIX Signals A signal is a special message sent through the OS to tell a process (or

389 views • 14 slides

More recommend