Comparing Approaches to Interprocedural Analysis in Software Development

a correspondence between two approaches n.w
1 / 36
Embed
Share

Explore the landscape of interprocedural analysis with a comparison of different approaches such as context-sensitive, context-insensitive, callstring-based analysis, and summary-based analysis. Delve into the cost, precision, and methodologies used in each approach for better understanding and optimization of software development processes.

  • Analysis
  • Software Development
  • Interprocedural
  • Comparison
  • Methodologies
rayaanacharya
rayl_2 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. A Correspondence between two approaches to Interprocedural Analysis in the presence of Join Ravi Mangal Mayur Naik Hongseok Yang

  2. Landscape of Procedural Analyses Inter-Procedural Context-Sensitive (Callstrings, Summaries, ) Cost Context- Insensitive Intra- Procedural Precision ESOP 2014 2

  3. Context-Insensitive Analysis 1: void main(){ main 2: foo(); 3: . foo(); foo 4: . foo(); 5: } 6: void foo(){ 7: bar(); 8: } bar 0-CFA ESOP 2014 3

  4. Inter-Procedural Analysis Landscape Cost 0CFA Precision ESOP 2014 4

  5. Callstring-based Analysis (1CFA) 1: void main(){ main 2: foo(); 3: . foo(); 4: . foo(); 2:foo 3:foo 4:foo 5: } 6: void foo(){ 7: bar(); 8: } 7:bar 1-CFA ESOP 2014 5

  6. Inter-Procedural Analysis Landscape Cost 1CFA 0CFA Precision ESOP 2014 6

  7. Callstring-based Analysis (2CFA) 1: void main(){ main 2: foo(); 3: . foo(); 4: . foo(); 4:foo 2:foo 3:foo 5: } 6: void foo(){ 7: bar(); 7,2:bar 7,4:bar 7,3:bar 8: } 2-CFA ESOP 2014 7

  8. Inter-Procedural Analysis Landscape Shivers [1988], bddbddb [2004] , Paddle [2004], Doop [2009], Cost -CFA 2CFA 1CFA 0CFA Precision ESOP 2014 8

  9. Summary-based Analysis (SBA) 1: void main(){ 1 main 2: foo(); . foo(); . foo(); 1 3: 4: 2 1:foo 2:foo 5: } 6: void foo(){ 3 7: 8: } bar(); 3:bar Summary-based ESOP 2014 9

  10. Inter-Procedural Analysis Landscape Sharir-Pnueli [1981], Reps et al. [1995], SBA Cost Precision ESOP 2014 10

  11. Summary-based Analysis (SBA) 1: void main(){ 1: void main(){ 1 1 2: if(*) 2: if(*) 3: s1; 3: s1; 2 2 4: else 4: else 5: s2; 5: s2; 3 3 4 = 2 3 2 3 6: } 6: } Non-disjunctive summary-based (ND-SBA) Disjunctive summary-based (D-SBA) ESOP 2014 11

  12. Inter-Procedural Analysis Landscape SLAM [2000] TVLA [2004], SpaceInvader [2008], D-SBA Partially D-SBA SAFE [2008] ND-SBA Sharir- Pnueli [1981] Yes ? ? ? = ? ? ? ? ? Distributive? Cost -CFA No 2CFA Grove-Chambers [2001] conjecture 1CFA Our Result 0CFA Precision ESOP 2014 12

  13. Our Contributions Proved -CFA = SBA for non-distributive analyses with finite domains. Generalized Sharir-Pnueli s 1981 result and resolved 2001 conjecture by Grove-Chambers. Empirically observed the precision of -CFA via SBA for pointer analysis and improved over existing k-CFA approaches. ESOP 2014 13

  14. New Inter-Procedural Analysis Landscape D-SBA Partially D-SBA ND-SBA Cost -CFA 2CFA 1CFA 0CFA Precision ESOP 2014 14

  15. Proof Challenges Challenge 1: Unused summaries in SBA fixpoint solution. Challenge 2: Non-monotonicity of SBA. ESOP 2014 15

  16. Proof Challenges (1) 1: int x; -0 0+ 2: void main(){ [x: ] 3: x = 0; [x:0] 0 - + 4: while(*){ [x:0] [x:0+] 5: inc(x); [x:+] 6: } Sign Abstract Domain Unused summary in the fixpoint solution 7: } 8: void inc(int x){ [x:0] [x:0+] 9: x++; [x:+] [x:+] 10: } ESOP 2014 16

  17. Proof Challenges (1) Challenge 1: Unused summaries in SBA fixpoint solution. Solution: Garbage collection on results computed by SBA. ESOP 2014 17

  18. Proof Challenges (2) 1: int x; ? ? ? ? ? ? -0 0+ 2: void main(){ 3: 0 - + 4: [x:0+] [x:0] 5: inc(x); [x: ] [x:+] [x: ] 6: Sign Abstract Domain 7: } 8: void inc(int x){ [x:0] [x:0] [x:0+] 9: x++; [x:+] [x:+] 10: } Non-monotonicity of SBA ESOP 2014 18

  19. Proof Challenges (2) Challenge 2: Non-monotonicity of SBA. Solution: Fixpoint of a non-monotone function is approximated by pre-fixpoint of the function. ESOP 2014 19

  20. Experimental Motivation Existing k-CFA approaches scale to low k values. Correspondence result allows us to simulate the effect of -CFA via SBA. Empirically study the scalability of SBA and the precision of -CFA. ESOP 2014 20

  21. Experimental Setup 3 client analyses: call graph reachability, downcast safety, monomorphic callsite inference. All clients based on an underlying interprocedural pointer analysis for Java bytecode. Implemented using Chord. 10 benchmarks from Dacapo suite. ESOP 2014 21

  22. Pointer Analysis Clients Downcast safety: Downcast is safe if the object to which it is applied is a subtype of the target type. 1: void main(){ 2: Shape s = new Square(); 1: void main(){ 2: Shape s = new Circle(); 3: Circle c = (Circle) s; 3: Circle c = (Circle) s; 4: } 4: } Shape Circle Square ESOP 2014 22

  23. Pointer Analysis Clients Call graph reachability: Pairwise reachability between program functions. 1: void main(){ 2: foo(); reach(foo,bar) 3: taz(); 4: } reach(foo,taz) 5: void foo(){ 6: bar(); 7: } ESOP 2014 23

  24. Pointer Analysis Clients Monomorphic callsite inference: Dynamically dispatched callsite with single target method. 1: void main(){ 1: void main(){ 2: Shape s; 2: Circle c = new Circle(); 3: if(*){ 3: c.area(); 4: s = new Circle(); 4: } 5: }else{ 6: s = new Square(); 7: } 8: s.area(); 9: } ESOP 2014 24

  25. Benchmarks name antlr avrora bloat chart hsqldb luindex lusearch pmd sunflow xalan # functions 7.2k 6.9k 9.1k 11.4k 10.2k 7.7k 7.6k 9.1k 13.3k 6.7k bytecode (KB) 467 423 586 778 670 487 477 578 934 417 KLOC 224 214 258 366 322 237 231 247 419 208 ESOP 2014 25

  26. Question 1 Given that k-CFA does not scale, does SBA even scale? ESOP 2014 26

  27. Running Time of Pointer Analysis 300 On average, 2CFA is 3x-5x slower than SBA. 250 200 time (minutes) 150 2CFA SBA 100 50 0 ESOP 2014 27

  28. Different Contexts Per Method 60 On average, 2CFA computes 4x-7x more contexts than SBA. 50 # of contexts per method 40 30 2CFA SBA 20 10 0 ESOP 2014 28

  29. Question 2 What is the precision gain from using -CFA compared to k-CFA? ESOP 2014 29

  30. Downcast Safety 100 On average, SBA proves 12% more queries than 2CFA. 80 % proven queries 60 2CFA 40 SBA 20 0 ESOP 2014 30

  31. Call Graph Reachability 100 On average, SBA call graph has: 3.3% fewer functions, 4.7% fewer edges, 15% fewer pairwise reachable functions than 2CFA call graph. On average, SBA proves 9% more queries than 2CFA. 80 % proven queries 60 2CFA 40 SBA 20 0 ESOP 2014 31

  32. Monomorphic Call Site Inference 100 On average, SBA proves 0.6% more queries than 2CFA. 80 % proven queries 60 2CFA 40 SBA 20 0 ESOP 2014 32

  33. Experimental Results Summary For our clients: SBA scales better than k-CFA; analyzes each method in fewer contexts. SBA is more precise than 2CFA; greater benefit for harder queries. General comments: Scalability of SBA depends on the richness of the abstract domain. Callstring length just one of the factors affecting analysis precision. ESOP 2014 33

  34. Open Question k-Object Sensitive Analyses: Proposed by Milanova et al. [2002], uses allocation site of receiver objects to distinguish calling contexts. Empirically shown to be more precise and scalable than k-CFA for similar k values. Theoretically incomparable to k-CFA. Theoretical and empirical comparison with SBA? ESOP 2014 34

  35. Inter-Procedural Analysis Landscape D-SBA Partially D-SBA ND-SBA Cost -CFA -OBJ 2CFA 3OBJ 1CFA 2OBJ 0CFA 1OBJ Precision ESOP 2014 35

  36. Conclusion Proved that -CFA = SBA for non-disjunctive, non- distributive analyses and generalized Sharir-Pnueli s result. Developed new proof techniques for garbage collection of summaries and approximating fixpoints of non-monotonic analyses. Empirically observed the precision of -CFA via SBA, and found SBA is more scalable in practice. ESOP 2014 36

Related


You Talk The Talk But Can you Walk The Walk?

You Talk The Talk But Can you Walk The Walk?

jaspercolin
How do I talk to a real person at Icelandair?

How do I talk to a real person at Icelandair?

Milton1
Microsoft Bookings Tech Talk: Enhance Customer Experience and Boost Business Efficiency

Microsoft Bookings Tech Talk: Enhance Customer Experience and Boost Business Efficiency

aaryan
Empower Students with Tech-Talk: Enhancing Skills for Success

Empower Students with Tech-Talk: Enhancing Skills for Success

karma
Mastering the Art of Writing a Compelling Talk/Speech

Mastering the Art of Writing a Compelling Talk/Speech

wrenlee
Assistive Technology in Occupational Therapy: Case Review & TED Talk Analysis

Assistive Technology in Occupational Therapy: Case Review & TED Talk Analysis

branwen
Health and Fitness Talk for Accountants Presented by Coach Chandy

Health and Fitness Talk for Accountants Presented by Coach Chandy

tom
Engaging Grammar Talk for Writing Pedagogy

Engaging Grammar Talk for Writing Pedagogy

hassan
Real-World Evaluation of Push-to-Talk Service for Public Safety Systems

Real-World Evaluation of Push-to-Talk Service for Public Safety Systems

cheyenne
The Art of Small Talk: Navigating Social Situations with Ease

The Art of Small Talk: Navigating Social Situations with Ease

perry
Demystifying Kernels: A Simplified Approach without Complicated Math

Demystifying Kernels: A Simplified Approach without Complicated Math

leonel
Enhancing Mental Skills in Youth Hockey: A Guide for Coaches

Enhancing Mental Skills in Youth Hockey: A Guide for Coaches

del_ran
Evolution of AI: Insights from Raj Reddy's Talk at Carnegie Mellon University

Evolution of AI: Insights from Raj Reddy's Talk at Carnegie Mellon University

mhed
Enhancing Communication Skills with T.E.A.M. Talk

Enhancing Communication Skills with T.E.A.M. Talk

kaon867
Enhancing Math Learning with Classroom Discussions

Enhancing Math Learning with Classroom Discussions

swasey_k
Movie Talk: A Powerful Technique for Language Acquisition

Movie Talk: A Powerful Technique for Language Acquisition

font_ams
Tips for Choosing the Right School for Your Child

Tips for Choosing the Right School for Your Child

zave_395
Fuzzing Cows: The No Bull Talk on Fuzzing Security

Fuzzing Cows: The No Bull Talk on Fuzzing Security

tice_gan
Talk-Line: A Helpline for Students in Grades 3-5

Talk-Line: A Helpline for Students in Grades 3-5

fian643
Expert Tips for Delivering a 15-Minute Talk Effectively

Expert Tips for Delivering a 15-Minute Talk Effectively

acull
Small Talk in the Workplace

Small Talk in the Workplace

josephson_m
Development Education Talk - Goals of Education for Peace and Equality

Development Education Talk - Goals of Education for Peace and Equality

lkrin

More Related Content