Modular Heap Effect Analysis and Challenges

purity analysis abstract interpretation n.w
1 / 37
Embed
Share

Explore the concepts of heap effect analysis, modularity challenges, and solutions in the context of program state determination and procedure summarization. Dive into the complexities of aliasing in the input heap and the need for modular analyses like WSR in handling them effectively.

  • Heap Analysis
  • Procedure Summarization
  • Modularity Challenges
  • Alias Handling
  • Modular Analyses
rayaanacharya
mduy Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India

  2. Purity Analysis [Salcianu& RinardVMCAI 05, Whaley & RinardOOPSLA 99] A (side) effect analysis for the heap A foundational analysis with several applications Pointer analysis Escape analysis Checking correctness of speculative parallelism [Prabhu et al., PLDI 10] Lightweight bug finding tools Heavyweight software model checking and verification tools (like SLAM)

  3. Our Contributions An Abstract Interpretation formalization A simpler explanation of the analysis A simpler and more standard correctness proof Helps extend and modify algorithm for Scalability Precision Functionality and verify correctness of extensions/modifications A step towards formalizing similar modular heap analyses like Lattner et al. [PLDI 07], Buss et al. [SAC 08] 3 new optimizations with empirical evaluations

  4. Modular Heap Effect Analysis

  5. Problem and Challenges Heap Effect Analysis: Determine effect of a procedure call on heap (global program state) Modularity: Compute a context-independent summary for each procedure Challenge: Procedure behavior and effect depend on aliasing in input heap Very few modular analyses can handle aliasing in input heap. WSR analysis is one of them.

  6. Challenging Example 1. P(x,y) { 2. t = new () 3. x.next = t 4. t.next = y 5. retval = y.next 6. } x t y retval x y next next next next o1 n2 o2 o3 o1 o2 o3 x y x y next u2 u1 n2 next u1 u2 next retval t

  7. Two possible Approaches 1. Compute different summaries for different aliasing configurations. Pros: Better precision Cons: Possible explosion in the number of summaries 2. Compute a single summary approach taken by WSR.

  8. Two approaches - Example x t y retval x y next next next next o1 n2 o2 o3 o1 o2 o3 x y x y next next u2 u1 n2 u1 u2 next retval t WSR summary retval x t y next next next p1 n2 p2 n5

  9. Computing WSR Summaries

  10. Overview (Transformer Graph) 1. P(x,y) { 2. t = new () 3. x.next = t 4. t.next = y 5. retval = y.next 6. } retval x t y next next next p1 n2 p2 n5 Read edge (External edge) Place holders (External node) Write edge (Internal edge) Local allocs (Internal node)

  11. Formalizing WSR analysis Like shape analyses, WSR analysis computes a graph at every program point. But the graphs are abstractions of state transformers rather than states.

  12. Abstract Interpretation Formulation

  13. Concrete Domain Concrete domain ??= ?? 2??. Functions that map a concrete state to a set of concrete states A concrete state ?? ?? is a concrete points-to / shape graph.

  14. Concrete Semantics At every program point ? computes a function ?? ?? ? P() { u: } ?? ?1,?2, Parametric collecting semantics In the style of Sharir and Pnueli s functional approach.

  15. Abstract Domains Abstract Graph Domain: Set of standard abstract shape graphs. Concretization ??(?) is the set of all concrete graphs that can be embedded in ?. Abstract Functional Domain: Set of transformer graphs.

  16. Concretization Concrete image of a transformer graph is a function in concrete domain ?? Concrete state Concrete state(s) Transformed portion Modified portion Transformation Phase Mapping Phase (Identifies modified portion) Transformer graph

  17. Mapping Phase Illustration x y next Concrete state u1 u2 x y next next next Transformer graph p1 n2 p2 n5 t retval

  18. Transformation Phase Illustration x y next u1 u2 x y next next next p1 n2 p2 n5 t retval

  19. Transformation Phase Illustration next x y next n2 u2 u1 next retval x y next next next p1 n2 p2 n5 t retval

  20. Transformation Phase Illustration next x y next n2 u2 u1 next retval Abstract shape graph representing a set of concrete states

  21. Abstract Vs Concrete Summary next x y x y ?(?) next n2 u2 u1 next u1 u2 next retval x y x y Concrete summary next next u2 u1 n2 u1 u2 next retval t

  22. Correctness and Termination

  23. Partial order and join Containment ordering ?? : Point-wise containment of components. Join operator ?? : Union of corresponding components (??, ??, ??) is a join semi-lattice. ?? is monotonic w.r.t ??

  24. Abstract Semantics Computes a transformer graph at every program point. Uses a set of equations having the same structure as the concrete semantics. Uses the abstract transformers for statements and procedure calls. Handles procedure calls using the summary of the called function.

  25. Correctness and Termination Less common form of AI as there exists no abstraction function ?. Instance of the classical abstract interpretation framework. Suffices to prove the correctness of abstract transformers Termination follows from the monotonicity of abstract transfer functions.

  26. Optimizations

  27. Need for optimizations Benchmark Lines of Code WSR analysis Time(s) Memory (MB) Dynamic data display 25K 4696 1937 SharpMap 26K Time out - PDFsharp 96K 5088 1502 Dotspatial (12 DLLS) 200K Time out -

  28. Node Merging Optimization x g n3 1. P(x) { 2. If(*) 3. t = new ; 4. t = new ; 5. x.f = t; 6. t.g = new ; 7. } f n6 p1 g f n4 t Same concrete image x Nodes ?3,?4 are merged g f n3 p1 n6 t

  29. Correctness of node merging Does merging arbitrary nodes in the transformer graph preserve correctness ? Node merging produces an embedding . If ?1 ?2 then concrete image of ?1 is over- approximated by the concrete image of ?2.

  30. Termination with node merging Node merging doesn t preserve containment ordering. Termination is guaranteed only if merged nodes do not reappear in subsequent steps.

  31. Termination with node merging [Cont.] Solution : Track (transformer graph, equivalence relation) pairs. The equivalence relation records nodes merged in the previous steps. Whenever a new node is created replace it with the representative of its equivalence class.

  32. Identifying nodes to merge Arbitrarily merging nodes will reduce precision. Our Heuristics: n2 f f n1 n2 n1 f n3 n2 f f n1 n2 n1 f n3 Results in no loss of precision in our benchmarks when used in a purity analysis

  33. Evaluation of Node merging Benchmark Lines of Code With Node merging Time (s) Memory (MB) Dynamic data display 25K 58 427 SharpMap 26K 615 356 PDFsharp 96K 125 535 Dotspatial (12 DLLS) 200K 963 568

  34. Optimization 2 : Summary merging Applies to virtual method calls. With optimization ??? ??? ??? ??? ?????? ?1 ?2 ?? ?????? ??? ?2 ??? ?? ??? ?1 ??? ??????= ?????(?1 ?? ?? ??) ????

  35. Optimization 3: Safe node elimination Removes unnecessary external nodes. Eg: Set::Contains is pure but its WSR summary has many external edges/nodes. Does not affect precision.

  36. Empirical evaluation Benchmark Lines of Code WSR analysis With all opts Time(s) Memory (MB) Time (s) Memory (MB) Dynamic data display 25K 4696 1937 23 410 SharpMap 26K - 179 356 PDFsharp 96K 5088 1502 76 550 Dotspatial (12 DLLS) 200K - 232 568

  37. Conclusion WSR analysis is a widely used modular heap analysis. Formalized WSR analysis as an Abstract Interpretation. Mentioned as an open problem by Salcianu. Proposed 3 Optimizations to WSR analysis. Proved them correct using the AI formulation. They make the analysis to scale to large programs.

Related


New HPE 870798-001 900GB 12G SAS 15k RPM 2.5” SC 512E Hard Drive

New HPE 870798-001 900GB 12G SAS 15k RPM 2.5” SC 512E Hard Drive

Dennis1
New HPE P30563-001 1.2TB 10kRPM 2.5in SAS-12G BC MC G10 HDD

New HPE P30563-001 1.2TB 10kRPM 2.5in SAS-12G BC MC G10 HDD

Dennis1
HPE P00441-001 MSA 2.4TB 10kRPM 2.5in SAS-12G Enterprise HDD

HPE P00441-001 MSA 2.4TB 10kRPM 2.5in SAS-12G Enterprise HDD

Dennis1
New HPE 872738-001 1.8TB 10k RPM 2.5in DS SAS 12G SC G9 G10 HDD

New HPE 872738-001 1.8TB 10k RPM 2.5in DS SAS 12G SC G9 G10 HDD

Dennis1
Buy HPE P13252-001 MSA 14TB SAS 12G MDL 7.2KRPM LFF (3.5in) M2 HDD

Buy HPE P13252-001 MSA 14TB SAS 12G MDL 7.2KRPM LFF (3.5in) M2 HDD

Dennis1
Buy HPE P42803-001 MSA 18TB 7.2k RPM SAS 12G MDL LFF M2 HARD DRIVE

Buy HPE P42803-001 MSA 18TB 7.2k RPM SAS 12G MDL LFF M2 HARD DRIVE

Dennis1
Buy HPE P13251-001 MSA 12TB SAS 12G Midline 7.2K RPM LFF M2 HARD DRIVE

Buy HPE P13251-001 MSA 12TB SAS 12G Midline 7.2K RPM LFF M2 HARD DRIVE

Dennis1
Buy HPE 857965-001 10TB 7.2K RPM 3.5in DS SAS 12G Helium Midline HDD

Buy HPE 857965-001 10TB 7.2K RPM 3.5in DS SAS 12G Helium Midline HDD

Dennis1
HPE 862140-001 6TB 7.2k RPM 3.5in DS SAS 12G SC Midline G9 G10 HDD

HPE 862140-001 6TB 7.2k RPM 3.5in DS SAS 12G SC Midline G9 G10 HDD

Dennis1
HPE P10610-001 3.84TB DS SAS-12G SC Mixed Use SFF Value SAS G9 G10 SSD

HPE P10610-001 3.84TB DS SAS-12G SC Mixed Use SFF Value SAS G9 G10 SSD

Dennis1
872386-B21 HPE 3.2TB SAS 12G MU SFF SC DS SOLID STATE DRIVE

872386-B21 HPE 3.2TB SAS 12G MU SFF SC DS SOLID STATE DRIVE

Dennis1
816572-B21 HPE 1.92TB 12G SAS RI-3 SFF SC SOLID STATE DRIVE

816572-B21 HPE 1.92TB 12G SAS RI-3 SFF SC SOLID STATE DRIVE

Dennis1
P04537-B21 HPE 3.2TB SAS 12G MU SFF SC DS SOLID STATE DRIVE

P04537-B21 HPE 3.2TB SAS 12G MU SFF SC DS SOLID STATE DRIVE

Dennis1
P38441-001 HPE 18TB SAS 7.2K LFF LP ISE MV HDD

P38441-001 HPE 18TB SAS 7.2K LFF LP ISE MV HDD

Dennis1
830824-B21 HPE P408I-P SR SAS-12G PCIE CONTROLLER GEN10

830824-B21 HPE P408I-P SR SAS-12G PCIE CONTROLLER GEN10

Dennis1
P09923-001 HPE G8-G10 800GB 2.5 SAS 12G MU SOLID STATE DRIVE

P09923-001 HPE G8-G10 800GB 2.5 SAS 12G MU SOLID STATE DRIVE

Dennis1
P23863-B21 HPE 16TB SAS 7.2K LFF LP 512E ISE HARD DRIVE

P23863-B21 HPE 16TB SAS 7.2K LFF LP 512E ISE HARD DRIVE

Dennis1
P23608-B21 HPE 16TB SAS 7.2K LFF LP 512E ISE HARD DRIVE

P23608-B21 HPE 16TB SAS 7.2K LFF LP 512E ISE HARD DRIVE

Dennis1
Introduction to SASPy for Using SAS in Python

Introduction to SASPy for Using SAS in Python

rafaela
Introduction to SASPy: Using SAS in Python

Introduction to SASPy: Using SAS in Python

jaxxon
Buy P49048-B21 HPE 1.6TB SAS 12G 2.5 MU SFF SOLID STATE DRIVE

Buy P49048-B21 HPE 1.6TB SAS 12G 2.5 MU SFF SOLID STATE DRIVE

Dennis1
Buy 822559-B21 HPE 800GB 12G SAS MU-3 SC 2.5

Buy 822559-B21 HPE 800GB 12G SAS MU-3 SC 2.5" SOLID STATE DRIVE

Dennis1

More Related Content