Partial Evaluation of Machine Code Framework for Specialization and Optimization

Partial Evaluation of Machine Code Framework for Specialization and Optimization
Slide Note
Embed
Share

This content delves into the concept of partial evaluation of machine code, focusing on a framework for specializing and optimizing programs. It explores the process of residual program generation, binary specialization, and motivation for specializing binaries with common inputs. Existing partial evaluators in different programming languages are also discussed, along with an algorithm for imperative language off-line partial evaluation.

  • Machine Code
  • Optimization
  • Specialization
  • Programming Languages
  • Partial Evaluation
jdive
jdive Follow

Uploaded on Feb 28, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Partial Evaluation of Machine Code Venkatesh Srinivasan Thomas Reps {venk, reps}@cs.wisc.edu 1

  2. Partial Evaluation Framework for specializing and optimizing programs int power(int x, int y, int n) { int a = 1; while (n--) { a *= (x + y); } return a; } [y 1, n 2] Partial Evaluator power (x, y = 1, n = 2) = powery = 1, n = 2 (x) int powery = 1, n = 2(int x) { int a = 1; a *= (x + 1); a *= (x + 1); return a; } Residual Program 2

  3. Partial Evaluation of Machine code 010000110000100001000 001000101011111101010 111010110001111110000 Binary 001010101011101010101 010101010100010011111 000000111111111111111 [y 1, n 2] WiPEr 10000110000100001000 01000101011111101010 Specialized Binary 00101010101110101010 10101010101000100111 3

  4. Motivation Specializing Binaries No source code and/or documentation 0100010 Binary 1011101 Specialize and Optimize w.r.t. common inputs 01000101011 11110101010 10010001010 11111101010 Binary 00101010101 11010101010 10010001010 01000101011 11110101010 10010001010 11111101010 Binary 00101010101 11010101010 10010001010 11111101010 11111101010 Binary 0111101 Binary 0010111 Specialize and extract executable component 4

  5. Motivation Specializing Binaries Specialize and Optimize w.r.t. common inputs 11110101010 10010001010 11111101010 Power 00101010101 11010101010 10010001010 y 2 0100010 Square 1011101 WiPEr Specialize and extract executable component 11110101010 Compress 11111101010 gzip 00101010101 Decompress 10010001010 -d 0010111101 Decompress 1110010111 WiPEr 5

  6. Existing Partial Evaluators Jspec, Civet Java Mix Flow-chart language Similix Scheme Lancet Java bytecode C-Mix, Tempo C Fortran PE Fortran 6

  7. Source-Code Partial-Evaluation Algorithm Imperative language (e.g., C) Off-line partial evaluator 1. Binding-time analysis (BTA) 2. Specialization 7

  8. Binding-Time Analysis (BTA) Residual Binary Binary Evaluate 8

  9. Binding-Time Analysis (BTA) Inputs: Program Static vs. Dynamic inputs Output Static Vs. Dynamic expressions and statements Static Dynamic int power( int x, int y, int n ) { int a = 1; while (n--) { a *= (x + ); } return a; } y 9

  10. Congruence Static Dynamic Congruence int power( int x, int y, int n ) { int a = 1; while (n--) { a *= (x + ); } return a; } Ensured by y Dataflow analysis/ Forward slicing 10

  11. Lifting Static Dynamic Lifted int power( int x, int y, int n ) { int a = 1; while (n--) { a *= (x + ); } return a; } Lifted Expression y 11

  12. Specialization Inputs Program Binding-time annotations Partial static-store Output Residual program Static Dynamic Lifted [y 1, n 2] int power( int x, int y, int n ) { int a = 1; while (n--) { a *= (x + ); } return a; } int powery = 1, n = 2 ( int x ) { int a = 1; a *= (x + 1); a *= (x + 1); return a; } y 12

  13. Specialization Eval Static Reduce Dynamic + Lifted Emit Dynamic y 1 + + x y x 1 13

  14. Specialization Static Dynamic Lifted int power( int x, int y, int n ) { int a = 1; while (n--) { a *= (x + ); } return a; } int powery = 1, n = 2( int x ) { int a = 1; a *= (x + 1); a *= (x + 1); return a; } Static store y y y y n n 1 1 1 0 -1 y 1 n n 2 1 14

  15. WiPErs Partial-Evaluation Algorithm Off-line partial evaluation BTA Instruction decoupling Forward slicing Lifting Specialization Static: Eval Off-line partial evaluation BTA Forward slicing Lifting Specialization Static: Eval Lifted: Reduce Dynamic: Emit Lifted: Reduce substitution in an explicit representation of semantics machine-code synthesis Dynamic: Emit 15

  16. IA-32 Primer Registers 20 1000 996 1000 20 20 40 EBX ESP EAX Stack push eax mov ebx, eax mov [esp], 40 lea esp, [esp+4] 16

  17. Running Example push eax ; x push ebx ; y push ecx ; n push 0 ; p L2: cmp [esp+4], 0 je L1 mov eax, [esp+12] mov ebx, [esp+8] add eax, ebx add [esp], eax sub [esp+4], 1 jmp L2 mov eax, [esp] (x + y) * n int prod(int x, int y, int n) { int p = 0; while (n--) { p = p + (x + y); } return p; } Static inputs: [y 1, n 3] 17

  18. BTA Slicing criterion int main( ) { int sum = 0; int i = 1; while (i < 11) { sum = sum + i; i = i + 1; } printf( %d\n , sum); printf( %d\n , i); } Forward Slicing 18

  19. BTA Forward Slicing push eax ; x push ebx ; y push ecx ; n push 0 ; p L2: cmp [esp+4], 0 je L1 mov eax, [esp+12] mov ebx, [esp+8] add eax, ebx add [esp], eax sub [esp+4], 1 jmp L2 mov eax, [esp] Dynamic input Slicing criterion 19

  20. Granularity Issue in Slicing Instructions are multi-assignments eax init. esp init. Mem update esp update 1: push eax 13: mov eax, [esp+12] 2: push ebx 20

  21. Instruction Decoupling esp init. eax init. eax init. esp init. Mem update esp update 1: lea esp, [esp-4] 1 : mov [esp], eax 1: push eax 13: mov eax, [esp+32] 13: mov eax, [esp+32] 2: push ebx 2: push ebx 21

  22. BTA Forward Slicing lea esp, [esp-4] mov [esp], eax ; x lea esp, [esp-4] mov [esp], ebx ; y lea esp, [esp-4] mov [esp], ecx ; n lea esp, [esp-4] mov [esp], 0 ; p L2: cmp [esp+4], 0 je L1 mov eax, [esp+12] mov ebx, [esp+8] add eax, ebx add [esp], eax sub [esp+4], 1 jmp L2 mov eax, [esp] push eax ; x push ebx ; y push ecx ; n push 0 ; p L2: cmp [esp+4], 0 je L1 mov eax, [esp+12] mov ebx, [esp+8] add eax, ebx add [esp], eax sub [esp+4], 1 jmp L2 mov eax, [esp] Static Dynamic 22

  23. Lifting Dynamic Lifted Static a *= (x +) y mov eax, [ebp] ; load x mov ebx, [ebp + 4] ; load y add eax, ebx mov [ebp + 8], eax ; store a Data-dependence graph of the binary 23

  24. BTA Forward Slicing lea esp, [esp-4] mov [esp], eax ; x lea esp, [esp-4] mov [esp], ebx ; y lea esp, [esp-4] mov [esp], ecx ; n lea esp, [esp-4] mov [esp], 0 ; p L2: cmp [esp+4], 0 je L1 mov eax, [esp+12] mov ebx, [esp+8] add eax, ebx add [esp], eax sub [esp+4], 1 jmp L2 mov eax, [esp] Static Dynamic Lifted 24

  25. WiPErs Partial-Evaluation Algorithm Off-line partial evaluation BTA Instruction decoupling Forward slicing Lifting Specialization Static: Eval Lifted: Reduce substitution in an explicit representation of semantics machine-code synthesis Dynamic: Emit 25

  26. Specialization - Reduce Source-code PE Substitution in AST WiPEr Syntactic substitution cannot specialize w.r.t. hidden operands push eax ESP ESP 4 Mem[ESP] EAX y = 1 + + ESP is a hidden operand x y x 1 26

  27. Specialization Reduce Substitution Syntax Specialized Statement AST Statement AST Source-code Reduce Machine-code Reduce Instruction- Instruction AST Syntax sequence ASTs Machine-code synthesizer [1] Symbolic execution Substitution Specialized Semantic Representation Semantic Representation Specialized QFBV_A-formula QFBV_A formula Semantics 27 [1] V. Srinivasan and T. Reps, Synthesis of machine code from semantics, PLDI 2015

  28. Specialization Reduce ESP 1000 ESP = ESP 4 Mem = Mem[ESP 4 EAX] ESP = 996 Mem = Mem[ 996 EAX] mov esp, 996; mov [996], eax push eax 28

  29. Nave Specialization Algorithm Static Eval Concrete evaluation Lifted Reduce Instr to QFBV formula Specialize formula w.r.t. partial static-store Emit residual code via machine-code synthesis Dynamic - Emit 29

  30. Nave Specialization Algorithm lea esp, [esp-4] mov [esp], eax ; a lea esp, [esp-4] mov [esp], ebx ; v lea esp, [esp-4] mov [esp], ecx ; n lea esp, [esp-4] mov [esp], 4 sub esp, 20 ; Initialization loop L2: cmp [esp+20], 0 jl L1 mov ebx, [esp+28] mov edx, [esp+20] mov [esp+edx*4], ebx jmp L2 ; Computation of a + b[n] L1: mov eax, [esp+32] mov ecx, [esp+24] mov ebx, [esp+ecx*4] add eax, ebx add esp, 36 Dynamic Lifted Static Partial Static-store Residual Binary mov esp, 996 mov [esp], eax mov esp, 988 mov [esp], ecx mov esp, 964 mov [980], 1 mov eax, [esp+32] mov ecx, [esp+24] mov ebx, [esp+ecx*4] add eax, ebx ESP ESP ESP ESP 1000 996 992 992 ESP = ESP 4 ESP = 996 mov [976], 1 mov [972], 1 mov [968], 1 mov [964], 1 EBX EBX EBX EBX 1 1 1 1 992 1 30

  31. Issue Residual Specialization-Time Addresses mov esp, 996 mov [esp], eax mov esp, 988 mov [esp], ecx mov esp, 964 mov [964], 1 mov [980], 1 mov [976], 1 mov [972], 1 mov [968], 1 mov eax, [esp+32] mov ecx, [esp+24] mov ebx, [esp+ecx*4] add eax, ebx 1000 2000 Correct residual binary for our running example specialized w.r.t. [ESP 1000, EBX 1] Na ve specializer treats specialization-time addresses and non-address values uniformly Specialization-time addresses residuated as constants Specialization-time stack layout is hardwired into residual binary 31

  32. Residual Specialization-Time Addresses lea esp, [esp-4] mov [esp], eax ; x lea esp, [esp-4] mov [esp], ebx ; y lea esp, [esp-4] mov [esp], ecx ; n lea esp, [esp-4] mov [esp], 0 ; p L2: cmp [esp+4], 0 je L1 mov eax, [esp+12] mov ebx, [esp+8] add eax, ebx add [esp], eax sub [esp+4], 1 jmp L2 mov eax, [esp] Make ESP dynamic Static Dynamic Lifted 32

  33. Issue Residual Specialization-Time Addresses dynamic Make ESP lea esp, [esp-4] mov [esp], eax ; a lea esp, [esp-4] mov [esp], ebx ; v lea esp, [esp-4] mov [esp], ecx ; n lea esp, [esp-4] mov [esp], 4 sub esp, 20 ; Initialization loop L2: cmp [esp+20], 0 jl L1 mov ebx, [esp+28] mov edx, [esp+20] mov [esp+edx*4], ebx jmp L2 ; Computation of a + b[n] L1: mov eax, [esp+32] mov ecx, [esp+24] mov ebx, [esp+ecx*4] add eax, ebx add esp, 36 Dynamic Lifted Static 33

  34. WiPErs Specialization Algorithm Represents specialization-time addresses by symbolic terms starting address of each memory chunk allocated during specialization time Fresh symbolic constant Static Eval Symbolic evaluation Still reads/writes static values to symbolic store 34

  35. WiPErs Specialization Algorithm lea esp, [esp-4] mov [esp], eax ; a lea esp, [esp-4] mov [esp], ebx ; v lea esp, [esp-4] mov [esp], ecx ; n lea esp, [esp-4] mov [esp], 4 sub esp, 20 ; Initialization loop L2: cmp [esp+20], 0 jl L1 mov ebx, [esp+28] mov edx, [esp+20] mov [esp+edx*4], ebx jmp L2 ; Computation of a + b[n] L1: mov eax, [esp+32] mov ecx, [esp+24] mov ebx, [esp+ecx*4] add eax, ebx add esp, 36 Dynamic Lifted Static Partial Static-store Residual Binary mov eax, [esp+32] mov ecx, [esp+24] mov ebx, [esp+ecx*4] add eax, ebx mov esi, esp lea esp, [esi 4] mov [esp], eax lea esp, [esi 12] mov [esp], ecx lea esp, [esi 16] sub esp, 20 mov [esi 20], 1 ESP ESP ESP ESP n n 4 n 8 n - 8 EBX EBX EBX EBX 1 1 1 1 ESP = ESP 4 ESP = n 4 ESP = ESI 4 mov [esi 24], 1 mov [esi 28], 1 mov [esi 32], 1 mov [esi 36], 1 n 8 1 35

  36. WiPErs Partial-Evaluation Algorithm Off-line partial evaluation BTA Instruction decoupling Forward slicing Lifting Specialization Static: Eval symbolic evaluation Lifted: Reduce substitution in an explicit representation of semantics machine-code synthesis Dynamic: Emit More in the paper Handling heap-allocated memory Interprocedural partial-evaluation Safety criteria Termination theorem + proof Correctness theorem + proof Threats to validity Component-extraction (CE mode) 36

  37. Experiments Optimization via specialization Specialize w.r.t. common inputs Extract an executable component from a bloated binary Specialize w.r.t. flag input that selects a component to execute Different test-suites 37

  38. Optimization via Specialization Execution-time comparison 35 30 Time (milliseconds) 25 20 15 Original Specialized 10 5 0 19 167 LOC Average speedup = 1.3 Application 38

  39. Component Extraction Application KLOC Extracted Component Size of binary (KB) Size of component (KB) No. of procs. in binary No. of procs. in component b64 0.54 decoder 5.4 5.9 16 4 lzfx 0.91 compress 7.6 6 24 8 bzip2 7 compress 90.2 64.6 117 78 39

  40. Conclusion Machine-code partial-evaluation algorithm WiPEr partial evaluator for IA-32 Slicing- Instruction decoupling granularity issue Baked-in instruction- operands Semantic subst. + machine-code synthesis Residual specialization- time addresses Symbolic specialization 40

Related


Introduction to Partial Budgeting in Farm Management

Introduction to Partial Budgeting in Farm Management

beaumont
Universal Evaluation Framework: Simplifying Evaluation Processes

Universal Evaluation Framework: Simplifying Evaluation Processes

gulliver
Evaluation in Education

Evaluation in Education

imani
Discrete Optimization in Mathematical Modeling

Discrete Optimization in Mathematical Modeling

heloise
Generalization of Empirical Risk Minimization in Stochastic Convex Optimization by Vitaly Feldman

Generalization of Empirical Risk Minimization in Stochastic Convex Optimization by Vitaly Feldman

layton
How to Write a Simple JavaScript Slot Machine Code

How to Write a Simple JavaScript Slot Machine Code

Bryan1
Customize Your Game with Slot Machine Source Code

Customize Your Game with Slot Machine Source Code

Bryan1
International Trade: Benefits, Specialization, and Comparative Advantage

International Trade: Benefits, Specialization, and Comparative Advantage

corella_j
Build Your App with Slot Machine Android Source Code

Build Your App with Slot Machine Android Source Code

Bryan1
The .NET Architecture Components

The .NET Architecture Components

issabelle
Insights into Loop Optimization and Hardware Specialization with HLS

Insights into Loop Optimization and Hardware Specialization with HLS

jennyma
Evaluation of FME Zero Emission Neighbourhoods in Smart Cities

Evaluation of FME Zero Emission Neighbourhoods in Smart Cities

raahim
Why Slot Machine Source Code is Key to Fast-Track Game Development

Why Slot Machine Source Code is Key to Fast-Track Game Development

Bryan1
Lazy Code Motion and Partial Redundancy Elimination in Optimizing Compiler

Lazy Code Motion and Partial Redundancy Elimination in Optimizing Compiler

kwabenak
Dynamic Aperture Optimization for CEPC Main Ring

Dynamic Aperture Optimization for CEPC Main Ring

azai_338
Machine Learning Applications for EBIS Beam Intensity and RHIC Luminosity Maximization

Machine Learning Applications for EBIS Beam Intensity and RHIC Luminosity Maximization

drub
Metalearning and Hyper-Parameter Optimization in Machine Learning Research

Metalearning and Hyper-Parameter Optimization in Machine Learning Research

qjay
Unleash the Power of JavaScript Slot Machine Code for Your Online Casino (1)

Unleash the Power of JavaScript Slot Machine Code for Your Online Casino (1)

ridh
Create Profitable Casino Games with Expert Slot Machine Source Code

Create Profitable Casino Games with Expert Slot Machine Source Code

ridh
Boost Your Game’s Success with Our Reliable Slot Machine Source Code

Boost Your Game’s Success with Our Reliable Slot Machine Source Code

ridh
Become a Casino Game Developer_ Master JavaScript Slot Machine Code (1)

Become a Casino Game Developer_ Master JavaScript Slot Machine Code (1)

ridh
Unraveling the Mystery of Slot Machine Source Code_ A Developer’s Guide

Unraveling the Mystery of Slot Machine Source Code_ A Developer’s Guide

ridh

More Related Content