CO444H. Ben Livshits. Datalog Pointer analysis
|
|
- Garry Moore
- 5 years ago
- Views:
Transcription
1 CO444H Ben Livshits Datalog Pointer analysis 1
2 Call Graphs Class analysis: Given a reference variable x, what are the classes of the objects that x refers to at runtime? We saw CHA and RTA Deal with polymorphic/virtual calls: x.m() Compilers: can we devirtualize a virtual call x.m()? Software engineering: Construct the call graph of the program Why is that important in everyday development?
3 Features of RTA RTA may evaluate a method several times If new callers are discovered the method has to be re-evaluated RTA runs until the worklist is empty, at which point it has reached a fixed point and cannot resolve any new call edges to add to the call graph 3
4 RTA Revisited RAPID TYPE ANALYSIS RTA = call graph of only methods (no edges) CHA = class hierarchy analysis call graph W = worklist containing the main method while W is not empty M = next method in W T = set of allocated types in M T = T U {allocated types in RTA callers of M} for each callsite (C) in M if C is a static dispatch or constructor: add an edge to statically resolved method otherwise: M' = methods called from M in CHA M' = M' intersection {methods declared in T or supertypes of T} add an edge from the method M to each method in M' add each method in M' to worklist W 4
5 Using RTA in Eclipse 5
6 RTA May Be Unsound public static void main(string[] args){ Object o = foo(); bar(o); } public static Object foo(){ return new A(); } public static void bar(object o){ o.tostring() } main calls foo, which returns an allocation of type A that is then passed as a parameter in the call to bar The call edge to A. tostring would be missing because neither bar or its parents (main) allocated a type of A 6
7 Call Graph Construction: Reachability Computation Queue worklist CallGraph graph; worklist.addattail(main()) Graph.addNode(main()) while (worklist.notempty()) { m = worklist.getfromhead(); process_method_body(m); }
8 Next Steps Ingredients Adding pointers Adding call graphs Combining those two How to we mix the ingredients? Can first build a call graph; then add pointers Can do it all at once: we can use Datalog to represent everything, with some Datalog relations encoding intraprocedural aspects and some interprocedural 8
9 9 Pointer Analysis: Basics and Algorithms
10 Variants of Pointer Analysis For C: Andersen analysis Steensgard analysis Pointer analysis for Java How to encode these in Datalog Other variants 10
11 What is the Goal of Pointer Analysis? What memory locations can a pointer expression refer to? Alias analysis: When do two pointer expressions refer to the same storage location? int x; p = &x; q = p; *p and *q alias as do x and *p and x and *q 11
12 Sources of Aliasing Aliasing can arise due to several reasons, depending on the language Pointers e.g., int *p, i; p = &i; Call-by-reference void m(object a, Object b) { } m(x,x); // a and b alias in m Array indexing int i, j, a[100]; i = j; // a[i] and a[j] alias 12
13 Why do we Want to Know? Pointer analysis tells us what memory locations code uses or modifies Useful in many analyses E.g., available expressions *p = a + b; y = a + b; If *p aliases a or b, then second computation of a+b is not redundant E.g., consider constant propagation x = 3; *p = 4; y = x; Is y constant? If *p and x do not alias each other, then yes. If *p and x always alias each other, then yes. If *p and x sometimes alias each 13
14 Pointer Analysis Dimensions Intraprocedural / interprocedural Flow-sensitive / flow-insensitive Context-sensitive / context-insensitive Definiteness: May versus must Heap modelling Data representation 14
15 Flow-sensitive vs. Flowinsensitive Points-To Flow-sensitive pointer analysis computes for each program point what memory locations pointer expressions may refer to Flow-insensitive pointer analysis computes what memory locations pointer expressions may refer to, at any time in program execution Flow-sensitive pointer analysis is (traditionally) too expensive to perform for whole program Flow-insensitive pointer analyses typically used for whole program analyses 15
16 Context Sensitivity Also difficult, but success in scaling up to hundreds of thousands LOC BDDs see Whaley and Lam PLDI 2004 Doop, Bravenboer and Smaragdakis OOPSLA
17 May vs. Must May analysis: aliasing that may occur during execution (cf. must-not alias, although often has different representation) Must analysis: aliasing that must occur during execution Sometimes both are useful E.g., consider liveness analysis for *p = *q + 4; If *p must alias x, then x in kill set for statement If *q may alias y, then y in gen set for statement 17
18 Representation Options Points-to pairs: first element points to the second e.g., (p b), (q b) p and b alias, as do *q and b, as do *p and *q Pairs that refer to the same memory e.g., (*p,b), (*q,b), (*p,*q), (**r, b) General, may be less concise than points-to pairs Equivalence sets: sets that are aliases e.g., {*p,*q,b} 18
19 Modeling Memory Locations We want to describe what memory locations a pointer expression may refer to How do we model memory locations? For global variables, no trouble, use a single node For local variables, use a single node per context i.e., just one node if context insensitive For dynamically allocated memory Problem: Potentially unbounded locations created at runtime Need to model locations with some finite abstraction 19
20 Modeling Dynamic Memory Locations For each allocation statement, use one node per context Note: could choose context-sensitivity for modelling heap locations to be less precise than contextsensitivity for modelling procedure invocation Other solutions: One node for entire heap One node for each type Nodes based on analysis of shape of heap 20
21 Problem Statement Let s consider flowinsensitive may pointer analysis Assume program consists of statements of form p = &a (address of, includes allocation statements) p = q *p = q p = *q Assume pointers p,q P and address-taken variables a,b A are disjoint Can transform program to make this true For any variable v for which this isn t true, add statement pv = &av, and replace v with *pv Want to compute relation pts : P A 2 A Essentially points to pairs 21
22 Andersen-style Pointer Analysis View pointer assignments as subset constraints Use constraints to propagate points-to information Called inclusion-based pointer analysis 22
23 Andersen-style Pointer Analysis Can solve these constraints directly on sets pts(p) p = &a; p {a} q = p; q p p = &b; p {b} r = p; r p 23
24 Example of Subset Constraints 24
25 How Precise Is This Analysis? 25
26 Andersen-style as Graph Closure Can be cast as a graph closure problem One node for each pts(p), pts(a) Each node has an associated points-to set Compute transitive closure of graph, and add edges according to complex constraints 26
27 Work List Algorithm Initialize graph and points to sets using base and simple constraints Let W = { v pts(v) } (all nodes with non-empty points to sets) While W not empty v select from W for each a pts(v) do add edge a p, and add a to W if edge is new for each constraint *v q add edge q a, and add q to W if edge is new for each edge v q do pts(q) = pts(q) pts(v), and add q to W if pts(q) changed 27
28 Same Example, as A Graph (Initial) W: p q r s a 28
29 Same Example, as A Graph (Final) W: {} 29
30 Cycle Elimination Andersen-style pointer analysis is O(n 3 ), for number of nodes in graph Actually, quadratic in practice [Sridharan and Fink, SAS 09]; Improve scalability by reducing the value of n Cycle elimination: important optimization for Andersenstyle analysis Detect strongly connected components in points-to graph, collapse to single node Why? All nodes in an SCC will have same points-to relation at end of analysis 30
31 Steensgaard-style Analysis Also a constraint-based analysis Uses equality constraints instead of subset constraints Originally phrased as a type-inference problem Less precise than Andersen-style, thus more scalable 31
32 Steensgaard-style Example p q a b c p,q a,b p,q a,b p,q,s,t a,b p,q,s,t,r a,b,c c r c r c All pointers end up in the same equivalence class pointing to all the locations 32
33 Implementing Steensgaard Can be efficiently implemented using UnionFind algorithm Nearly linear time: O(nα(n)) Each statement needs to be processed just once Unlike Andersen s, which is a lot more difficult to scale 33
34 34 Datalog-based Formulation of Pointer Analysis
35 Pointer or Points-to Analysis We shall consider Andersen s formulation of Java object references. Flow/context insensitive analysis. Cast of characters: 1. Local (or stack) variables, which point to 2. Heap objects, which may have fields that are references to other heap objects. 35
36 Matches a Language Like Java Stack 1 Stack 2 Heap Pointers (or references) go from the stack(s) to the heap elements Also from one heap element to another 36
37 Representing Heap Objects A heap object is named by the statement in which it is created. Note many run-time objects may have the same name. Example: h: T v = new T; says variable v can point to (one of) the heap object(s) created by statement h. v h 37
38 Field Store v.f = w makes the f field of the heap object h pointed to by v point to what variable w points to. v w i f h f g 38
39 Field Load v = w.f makes v point to what the f field of the heap object h pointed to by w points to. i v w g f h 39
40 Variable Assignment v = w makes v point to whatever w points to Interprocedural Analysis : Also models copying an actual parameter to the corresponding formal or return value to a variable v w h 40
41 EDB (Initial) Relations The facts about the statements in the program and what they do to pointers are accumulated and placed in several EDB relations. Example: there would be an EDB relation Copy(To,From) whose tuples are the pairs (v,w) such that there is a copy statement v=w. 41
42 Convention for Initial EDB Instead of using EDB relations for the various statement forms, we shall simply use the quoted statement itself to stand for an atom derived from the statement. Example: v=w stands for Copy(v,w). 42
43 What Do We Compute? Pts(V,H) will get the set of pairs (v, h) such that variable v can point to heap object h. Hpts(H1,F,H2) will get the set of triples (h, f, g) such that the field f of heap object h can point to heap object g. 43
44 Datalog Rules for Points-to 1. Pts(V,H) :- H: V = new T 2. Pts(V,H) :- V=W, Pts(W,H). 3. Pts(V,H) :- V=W.F, Pts(W,G), Hpts(G,F,H). 4. Hpts(H,F,G) :- V.F=W, Pts(V,H), Pts(W,G). 44
45 Program Example T p(t x) { h: T a = new T; a.f = x; return a; } void main() { g: T b = new T; b = p(b); b = b.f; } 45
46 Apply Rules Recursively --- Round 1 T p(t x) {h: T a = new T; a.f = x; return a;} void main() {g: T b = new T; b = p(b); b = b.f;} Pts(a,h) Pts(b,g) 46
47 Apply Rules Recursively --- Round 2 T p(t x) {h: T a = new T; a.f = x; return a;} void main() {g: T b = new T; b = p(b); b = b.f;} Pts(a,h) Pts(b,g) Pts(x,g) Pts(b,h) 47
48 Apply Rules Recursively --- Round 3 T p(t x) {h: T a = new T; a.f = x; return a;} void main() {g: T b = new T; b = p(b); b = b.f;} Pts(a,h) Pts(b,g) Pts(x,g) Pts(b,h) Pts(x,h) Hpts(h,f,g) 48
49 Apply Rules Recursively --- Round 4 T p(t x) {h: T a = new T; a.f = x; return a;} void main() {g: T b = new T; b = p(b); b = b.f;} Pts(a,h) Pts(b,g) Pts(x,g) Pts(b,h) Pts(x,h) Hpts(h,f,g) Hpts(h,f,h) 49
50 Extension to Support Flow Sensitivity IDB predicates need additional arguments B, I. B = block number. I = position within block, 0, 1,, n for n -statement block. Position 0 is before first statement, position 1 is between 1 st and 2 nd statement, etc. Is there another way to introduce flow sensitivity? 50
51 Adding Context Sensitivity Include a component C = context. C doesn t change within a function. Call and return can extend the context if the called function is not mutually recursive with the caller. 51
52 Context Sensitive Analysis: Maintaining the Context Pts(X,H,B0,0,D) :- Pts(V,H,B,I,C), B,I: call P(,V, ), X is the corresponding actual to V in P, B0 is the entry of P, context D is C extended by P. 52
53 Path Numbering To Make Calling Contexts Finite Cloning-Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams, Whaley and Lam,
54 Expressing the Entire Analysis in Datalog 54
R O O T S Interprocedural Analysis
R O O T S Interprocedural Analysis Aleksandra Biresev s6albire@cs.uni-bonn.de Interprocedural Analysis An interprocedural analysis operates across an entire program, flowing information from call sites
More informationStatic Program Analysis Part 9 pointer analysis. Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University
Static Program Analysis Part 9 pointer analysis Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Agenda Introduction to points-to analysis Andersen s analysis Steensgaards s
More informationA Simple SQL Injection Pattern
Lecture 12 Pointer Analysis 1. Motivation: security analysis 2. Datalog 3. Context-insensitive, flow-insensitive pointer analysis 4. Context sensitivity Readings: Chapter 12 A Simple SQL Injection Pattern
More informationOOPLs - call graph construction. Example executed calls
OOPLs - call graph construction Compile-time analysis of reference variables and fields Problem: how to resolve virtual function calls? Need to determine to which objects (or types of objects) a reference
More informationLecture 14 Pointer Analysis
Lecture 14 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis [ALSU 12.4, 12.6-12.7] Phillip B. Gibbons 15-745: Pointer Analysis
More informationAlias Analysis. Last time Interprocedural analysis. Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1
Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1 Aliasing What is aliasing? When two expressions denote the same mutable
More informationCloning-Based Context-Sensitive Pointer Alias Analysis using BDDs
More Pointer Analysis Last time Flow-Insensitive Pointer Analysis Inclusion-based analysis (Andersen) Today Class projects Context-Sensitive analysis March 3, 2014 Flow-Insensitive Pointer Analysis 1 John
More informationInterprocedural Analysis with Data-Dependent Calls. Circularity dilemma. A solution: optimistic iterative analysis. Example
Interprocedural Analysis with Data-Dependent Calls Circularity dilemma In languages with function pointers, first-class functions, or dynamically dispatched messages, callee(s) at call site depend on data
More informationOOPLs - call graph construction Compile-time analysis of reference variables and fields. Example
OOPLs - call graph construction Compile-time analysis of reference variables and fields Determines to which objects (or types of objects) a reference variable may refer during execution Primarily hierarchy-based
More informationLecture 16 Pointer Analysis
Pros and Cons of Pointers Lecture 16 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis Many procedural languages have pointers
More informationExtra notes on Field- sensitive points- to analysis with inclusion constraints Sept 9, 2015
Extra notes on Field- sensitive points- to analysis with inclusion constraints Sept 9, 2015 Week 3 CS6304 The Rountev et al. paper at OOPSLA 2000 extended Andersen s points- to analysis for C programs
More informationLecture Notes: Pointer Analysis
Lecture Notes: Pointer Analysis 15-819O: Program Analysis Jonathan Aldrich jonathan.aldrich@cs.cmu.edu Lecture 9 1 Motivation for Pointer Analysis In programs with pointers, program analysis can become
More informationLecture 20 Pointer Analysis
Lecture 20 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis (Slide content courtesy of Greg Steffan, U. of Toronto) 15-745:
More informationPointer Analysis in the Presence of Dynamic Class Loading. Hind Presented by Brian Russell
Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan and Michael Hind Presented by Brian Russell Claim: First nontrivial pointer analysis dealing with all Java language features
More informationContext-Sensitive Pointer Analysis. Recall Context Sensitivity. Partial Transfer Functions [Wilson et. al. 95] Emami 1994
Context-Sensitive Pointer Analysis Last time Flow-insensitive pointer analysis Today Context-sensitive pointer analysis Emami invocation graphs Partial Transfer Functions The big picture Recall Context
More informationLecture 27. Pros and Cons of Pointers. Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis
Pros and Cons of Pointers Lecture 27 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis Many procedural languages have pointers
More informationProgram Static Analysis. Overview
Program Static Analysis Overview Program static analysis Abstract interpretation Data flow analysis Intra-procedural Inter-procedural 2 1 What is static analysis? The analysis to understand computer software
More informationMaking Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World
Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris Lattner Apple Andrew Lenharth UIUC Vikram Adve UIUC What is Heap Cloning? Distinguish objects by acyclic
More informationReference Analyses. VTA - Variable Type Analysis
Reference Analyses Variable Type Analysis for Java Related points-to analyses for C Steengaard Andersen Field-sensitive points-to for Java Object-sensitive points-to for Java Other analysis approaches
More information4/24/18. Overview. Program Static Analysis. Has anyone done static analysis? What is static analysis? Why static analysis?
Overview Program Static Analysis Program static analysis Abstract interpretation Static analysis techniques 2 What is static analysis? The analysis to understand computer software without executing programs
More informationCalvin Lin The University of Texas at Austin
Interprocedural Analysis Last time Introduction to alias analysis Today Interprocedural analysis March 4, 2015 Interprocedural Analysis 1 Motivation Procedural abstraction Cornerstone of programming Introduces
More informationCS 4120 Lecture 31 Interprocedural analysis, fixed-point algorithms 9 November 2011 Lecturer: Andrew Myers
CS 4120 Lecture 31 Interprocedural analysis, fixed-point algorithms 9 November 2011 Lecturer: Andrew Myers These notes are not yet complete. 1 Interprocedural analysis Some analyses are not sufficiently
More informationDemand-Driven Points-To Analysis For Java
Demand-Driven Points-To Analysis For Java Manu Sridharan, Ras Bodik Lexin Shan Denis Gopan UC Berkeley Microsoft UW Madison OOPSLA 2005 1 Who needs better pointer analysis? IDEs: for refactoring, program
More informationCS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis
CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu Rugina 8 Sep 2005 Pointer Analysis Informally: determine where pointers (or references) in the program may
More informationWave Propagation and Deep Propagation for Pointer Analysis
Wave Propagation and Deep Propagation for Pointer Analysis Fernando Magno Quintão Pereira February 15, 2009 Outline Points-to Analysis Our new algorithms Wave Propagation Deep Propagation Experiments Outline
More informationCSE 501 Midterm Exam: Sketch of Some Plausible Solutions Winter 1997
1) [10 pts] On homework 1, I asked about dead assignment elimination and gave the following sample solution: 8. Give an algorithm for dead assignment elimination that exploits def/use chains to work faster
More informationInterprocedural Analysis. Motivation. Interprocedural Analysis. Function Calls and Pointers
Interprocedural Analysis Motivation Last time Introduction to alias analysis Today Interprocedural analysis Procedural abstraction Cornerstone of programming Introduces barriers to analysis Example x =
More informationLecture Notes: Pointer Analysis
Lecture Notes: Pointer Analysis 17-355/17-665/17-819: Program Analysis (Spring 2019) Jonathan Aldrich aldrich@cs.cmu.edu 1 Motivation for Pointer Analysis In the spirit of extending our understanding of
More informationProgram Analysis in Datalog
CS 510/08 Program Analysis in Datalog Majority of the slides compiled from John Whaley s Outline Challenges Essential Background Using the Tools Developing Advanced Analyses Challenges Most DF analyses
More informationAnalysis of Object-oriented Programming Languages
Analysis of Object-oriented Programming Languages Dr. Barbara G. Ryder Rutgers University http://www.cs.rutgers.edu/~ryder http://prolangs.rutgers.edu/ OOAnalysis, Dagstuhl 2/03, BG Ryder 1 Outline Why
More informationInterprocedural Analysis. Dealing with Procedures. Course so far: Terminology
Interprocedural Analysis Course so far: Control Flow Representation Dataflow Representation SSA form Classic DefUse and UseDef Chains Optimizations Scheduling Register Allocation Just-In-Time Compilation
More informationInterprocedural Analysis with Data-Dependent Calls. Circularity dilemma. A solution: optimistic iterative analysis. Example
Interprocedural Analysis with Data-Dependent Calls Circularity dilemma In languages with function pointers, first-class functions, or dynamically dispatched messages, callee(s) at call site depend on data
More informationScreaming Fast Declarative Pointer Analysis
Screaming Fast Declarative Pointer Analysis http://doop.program-analysis.org Martin Bravenboer and Yannis Smaragdakis University of Massachusetts Amherst University of Oregon NEPLS March 5, 2008 overview
More informationTracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs. {livshits,
Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs {livshits, lam}@cs.stanford.edu 2 Background Software systems are getting bigger Harder to develop Harder to modify Harder
More informationPointer Analysis. Lecture 40 (adapted from notes by R. Bodik) 5/2/2008 Prof. P. N. Hilfinger CS164 Lecture 40 1
Pointer Analysis Lecture 40 (adapted from notes by R. Bodik) 5/2/2008 Prof. P. N. Hilfinger CS164 Lecture 40 1 2 Today Points-to analysis an instance of static analysis for understanding pointers Andersen
More informationAdvanced Compiler Construction
CS 526 Advanced Compiler Construction http://misailo.cs.illinois.edu/courses/cs526 INTERPROCEDURAL ANALYSIS The slides adapted from Vikram Adve So Far Control Flow Analysis Data Flow Analysis Dependence
More informationA Context-Sensitive Memory Model for Verification of C/C++ Programs
A Context-Sensitive Memory Model for Verification of C/C++ Programs Arie Gurfinkel and Jorge A. Navas University of Waterloo and SRI International SAS 17, August 30th, 2017 Gurfinkel and Navas (UWaterloo/SRI)
More informationAP Computer Science Chapter 10 Implementing and Using Classes Study Guide
AP Computer Science Chapter 10 Implementing and Using Classes Study Guide 1. A class that uses a given class X is called a client of X. 2. Private features of a class can be directly accessed only within
More informationContext-sensitive points-to analysis: is it worth it?
Context-sensitive points-to analysis: is it worth it? Ondřej Lhoták 1,2 and Laurie Hendren 2 olhotak@uwaterloo.ca hendren@sable.mcgill.ca 1 School of Computer Science, University of Waterloo, Waterloo,
More informationCSE 504: Compiler Design. Runtime Environments
Runtime Environments Pradipta De pradipta.de@sunykorea.ac.kr Current Topic Procedure Abstractions Mechanisms to manage procedures and procedure calls from compiler s perspective Runtime Environment Choices
More informationStatic Program Analysis Part 8 control flow analysis
Static Program Analysis Part 8 control flow analysis http://cs.au.dk/~amoeller/spa/ Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Agenda Control flow analysis for the -calculus
More informationLecture 26: Pointer Analysis
[Based on slides from R. Bodik] Lecture 26: Pointer Analysis Administrivia HKN survey next Thursday. Worth 5 points (but you must show up!). Today Points-to analysis: an instance of static analysis for
More informationLecture 26: Pointer Analysis. General Goals of Static Analysis. Client 1: Example. Client 1: Optimizing virtual calls in Java
[Based on slides from R. Bodik] Administrivia Lecture 26: Pointer Analysis HKN survey next Thursday. Worth 5 points (but you must show up!). Today Points-to analysis: an instance of static analysis for
More informationPoints-to Analysis. Xiaokang Qiu Purdue University. November 16, ECE 468 Adapted from Kulkarni 2012
Points-to Analysis Xiaokang Qiu Purdue University ECE 468 Adapted from Kulkarni 2012 November 16, 2016 Simple example x := 5 ptr := @x *ptr := 9 y := x program S1 S2 S3 S4 dependences What are the dependences
More informationDemand-Driven Alias Analysis for C
Demand-Driven Alias Analysis for C Xin Zheng and Radu Rugina Computer Science Department Cornell University Ithaca, NY 14853 {xinz, rugina}@cs.cornell.edu July 2007 Abstract This paper presents a demand-driven,
More informationOutline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring
Java Outline Java Models for variables Types and type checking, type safety Interpretation vs. compilation Reasoning about code CSCI 2600 Spring 2017 2 Java Java is a successor to a number of languages,
More informationDimensions of Precision in Reference Analysis of Object-oriented Programming Languages. Outline
Dimensions of Precision in Reference Analysis of Object-oriented Programming Languages Dr. Barbara G. Ryder Rutgers University http://www.cs.rutgers.edu/~ryder http://prolangs.rutgers.edu/ Research supported,
More informationAlias Analysis. Advanced Topics. What is pointer analysis? Last Time
Advanced Topics Last Time Experimental Methodology Today What s a managed language? Alias Analysis - dealing with pointers Focus on statically typed managed languages Method invocation resolution Alias
More informationInstance keys: A technique for sharpening whole-program pointer analyses with intraprocedural information
McGill University School of Computer Science Sable Research Group Instance keys: A technique for sharpening whole-program pointer analyses with intraprocedural information Sable Technical Report No. 2007-8
More informationClass Hierarchy Complementation: Soundly Completing a Partial Type Graph
Class Hierarchy Complementation: Soundly Completing a Partial Type Graph George Balatsouras Yannis Smaragdakis University of Athens OOPSLA 2013 Motivation: Static Analysis Static Analysis using the Doop
More informationFlow Analysis. Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM
Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful Reading: Sections 1.1-1.5, 2.1 Data-flow analysis (DFA) A framework for statically proving facts about program
More informationCS3215. Outline: 1. Introduction 2. C++ language features 3. C++ program organization
CS3215 C++ briefing Outline: 1. Introduction 2. C++ language features 3. C++ program organization CS3215 C++ briefing 1 C++ versus Java Java is safer and simpler than C++ C++ is faster, more powerful than
More informationInheritance, Polymorphism and the Object Memory Model
Inheritance, Polymorphism and the Object Memory Model 1 how objects are stored in memory at runtime? compiler - operations such as access to a member of an object are compiled runtime - implementation
More informationFlow-sensitive rewritings and Inliner improvements for the Graal JIT compiler
1 / 25 Flow-sensitive rewritings and for the Graal JIT compiler Miguel Garcia http://lampwww.epfl.ch/~magarcia/ 2014-07-07 2 / 25 Outline Flow-sensitive rewritings during HighTier Example Rewritings in
More informationAlias Analysis in LLVM
Alias Analysis in LLVM by Sheng-Hsiu Lin Presented to the Graduate and Research Committee of Lehigh University in Candidacy for the Degree of Master of Science in Computer Science Lehigh University May
More informationTypes II. Hwansoo Han
Types II Hwansoo Han Arrays Most common and important composite data types Homogeneous elements, unlike records Fortran77 requires element type be scalar Elements can be any type (Fortran90, etc.) A mapping
More informationCompiler Construction
Compiler Construction Lecture 18: Code Generation V (Implementation of Dynamic Data Structures) Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de http://moves.rwth-aachen.de/teaching/ss-14/cc14/
More informationPointer Analysis for C/C++ with cclyzer. George Balatsouras University of Athens
Pointer Analysis for C/C++ with cclyzer George Balatsouras University of Athens Analyzes C/C++ programs translated to LLVM Bitcode Declarative framework Analyzes written in Datalog
More informationNames, Scopes, and Bindings. CSE 307 Principles of Programming Languages Stony Brook University
Names, Scopes, and Bindings CSE 307 Principles of Programming Languages Stony Brook University http://www.cs.stonybrook.edu/~cse307 1 Names, Scopes, and Bindings Names are identifiers (mnemonic character
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Recap: Static Data Structures Outline of Lecture 18 Recap:
More informationResearch Statement. 1 My Approach to Research. John Whaley January 2005
Research Statement John Whaley January 2005 1 My Approach to Research As a child, I was always interested in building things. When I was six years old, I taught myself programming by typing in programs
More informationEvery language has its own scoping rules. For example, what is the scope of variable j in this Java program?
Lexical Binding There are two ways a variable can be used in a program: As a declaration As a "reference" or use of the variable Scheme has two kinds of variable "declarations" -- the bindings of a let-expression
More informationContext-sensitive points-to analysis: is it worth it?
McGill University School of Computer Science Sable Research Group Context-sensitive points-to analysis: is it worth it? Sable Technical Report No. 2005-2 Ondřej Lhoták Laurie Hendren October 21, 2005 w
More informationNames, Scopes, and Bindings. CSE 307 Principles of Programming Languages Stony Brook University
Names, Scopes, and Bindings CSE 307 Principles of Programming Languages Stony Brook University http://www.cs.stonybrook.edu/~cse307 1 Names, Scopes, and Bindings Names are identifiers (mnemonic character
More informationScalable Flow-Sensitive Pointer Analysis for Java with Strong Updates
Scalable Flow-Sensitive Pointer Analysis for Java with Strong Updates Arnab De and Deepak D Souza Department of Computer Science and Automation, Indian Institute of Science, Bangalore, India {arnabde,deepakd}@csa.iisc.ernet.in
More informationPractical Virtual Method Call Resolution for Java
Practical Virtual Method Call Resolution for Java Sable TR 1999-2 10/4/99 1 Introduction Objective To determine at compile time a call graph with as few nodes and edges as possible Background.Soot Framework
More informationStrong Update for Object-Oriented Flow-Sensitive Points-To Analysis
Strong Update for Object-Oriented Flow-Sensitive Points-To Analysis The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citation
More informationSimple example. Analysis of programs with pointers. Program model. Points-to relation
Simple eample Analsis of programs with pointers := 5 ptr := & *ptr := 9 := program S1 S2 S3 S4 What are the defs and uses of in this program? Problem: just looking at variable names will not give ou the
More informationExpressing high level optimizations within LLVM. Artur Pilipenko
Expressing high level optimizations within LLVM Artur Pilipenko artur.pilipenko@azul.com This presentation describes advanced development work at Azul Systems and is for informational purposes only. Any
More informationField Flow Sensitive Pointer and Escape Analysis for Java using Heap Array SSA
Field Flow Sensitive Pointer and Escape Analysis for Java using Heap Array SSA Prakash Prabhu and Priti Shankar Department of Computer Science and Automation, Indian Institute of Science, Bangalore 560012,
More informationLecture Notes on Alias Analysis
Lecture Notes on Alias Analysis 15-411: Compiler Design André Platzer Lecture 26 1 Introduction So far we have seen how to implement and compile programs with pointers, but we have not seen how to optimize
More informationBottom-up Context-Sensitive Pointer Analysis for Java
Bottom-up Context-Sensitive Pointer Analysis for Java Yu Feng, Xinyu Wang, Isil Dillig and Thomas Dillig UT Austin 1 What is this talk about? Pointer analysis Given a program variable v, what are the heap
More informationInterprocedural Dataflow Analysis. Galeotti/Gorla/Rau Saarland University
Interprocedural Dataflow Analysis Galeotti/Gorla/Rau Saarland University int divbyx(int x) { [result := 10/x] 1 ; void caller1() { [x := 5] 1 ; [y := divbyx(x)] 2 ; [y := divbyx(5)] 3 ; [y := divbyx(1)]
More informationProgramming Languages and Techniques (CIS120)
Programming Languages and Techniques (CIS120) Lecture 26 March 23, 2016 Inheritance and Dynamic Dispatch Chapter 24 Inheritance Example public class { private int x; public () { x = 0; } public void incby(int
More informationWrite Barrier Removal by Static Analysis
Write Barrier Removal by Static Analysis Karen Zee and Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology Cambridge, MA 02139 {kkz, rinard@lcs.mit.edu ABSTRACT We present
More informationdo such opportunities arise? (i) calling library code (ii) Where programs. object-oriented Propagating information across procedure boundaries is usef
Interprocedural Dataow Analysis 1 do such opportunities arise? (i) calling library code (ii) Where programs. object-oriented Propagating information across procedure boundaries is useful. Optimize caller
More informationLecture 9 Dynamic Compilation
Lecture 9 Dynamic Compilation I. Motivation & Background II. Overview III. Compilation Policy IV. Partial Method Compilation V. Partial Dead Code Elimination VI. Escape Analysis VII. Results Partial Method
More informationAdministrivia. Java Review. Objects and Variables. Demo. Example. Example: Assignments
CMSC433, Spring 2004 Programming Language Technology and Paradigms Java Review Jeff Foster Feburary 3, 2004 Administrivia Reading: Liskov, ch 4, optional Eckel, ch 8, 9 Project 1 posted Part 2 was revised
More informationAdvanced C Programming
Advanced C Programming Compilers Sebastian Hack hack@cs.uni-sb.de Christoph Weidenbach weidenbach@mpi-inf.mpg.de 20.01.2009 saarland university computer science 1 Contents Overview Optimizations Program
More informationCIS 120 Midterm II November 8, 2013 SOLUTIONS
CIS 120 Midterm II November 8, 2013 SOLUTIONS 1 1. Facts about OCaml and Java (15 points) For each part, circle true or false. a. T F The.equals method in Java is roughly similar to OCaml s = operator.
More informationAlias Analysis & Points-to Analysis. Hwansoo Han
Alias Analysis & Points-to Analysis Hwansoo Han May vs. Must Information May information The information is true on some path through a CFG Must information The information is true on all paths through
More informationDemand-Driven Alias Analysis for C
Demand-Driven Alias Analysis for C Xin Zheng and Radu Rugina Computer Science Department Cornell University Ithaca, NY 14853 {xinz, rugina}@cs.cornell.edu Abstract This paper presents a demand-driven,
More informationExceptions and Continuations. Lecture #19: More Special Effects Exceptions and OOP. Approach II: Non-Standard Return. Approach I: Do Nothing
Lecture #19: More Special Effects Exceptions and OOP Test #2 in two weeks (14 April), in class. Autograder runs Sunday night sometime. Exceptions and Continuations Exception-handling in programming languages
More informationField Analysis. Last time Exploit encapsulation to improve memory system performance
Field Analysis Last time Exploit encapsulation to improve memory system performance This time Exploit encapsulation to simplify analysis Two uses of field analysis Escape analysis Object inlining April
More informationCloning-Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams
Cloning-Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams John Whaley Monica S. Lam Computer Science Department Stanford University Stanford, CA 94305 {jwhaley, lam}@stanford.edu
More informationEffective Static Race Detection for Java. Part I. Chord. Chord. Chord. Chord - Overview. Problems addressed
Eective Static Race Detection or Java Mayer Naik, Alex Aiken, John Whaley Part I Introduction to Chord and Preliminaries presented by Matt McGill Chord Chord Chord is a static (data) race detection tool
More informationSimone Campanoni Alias Analysis
Simone Campanoni simonec@eecs.northwestern.edu Alias Analysis Memory alias analysis: the problem Does j depend on i? i: (*p) = vara + 1 j: varb = (*q) * 2 i: obj1.f = vara + 1 j: varb= obj2.f * 2 Do p
More informationKampala August, Agner Fog
Advanced microprocessor optimization Kampala August, 2007 Agner Fog www.agner.org Agenda Intel and AMD microprocessors Out Of Order execution Branch prediction Platform, 32 or 64 bits Choice of compiler
More information1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.
1. true / false By a compiler we mean a program that translates to code that will run natively on some machine. 2. true / false ML can be compiled. 3. true / false FORTRAN can reasonably be considered
More informationPrinciples of Program Analysis. Lecture 1 Harry Xu Spring 2013
Principles of Program Analysis Lecture 1 Harry Xu Spring 2013 An Imperfect World Software has bugs The northeast blackout of 2003, affected 10 million people in Ontario and 45 million in eight U.S. states
More informationregister allocation saves energy register allocation reduces memory accesses.
Lesson 10 Register Allocation Full Compiler Structure Embedded systems need highly optimized code. This part of the course will focus on Back end code generation. Back end: generation of assembly instructions
More informationPSD3A Principles of Compiler Design Unit : I-V. PSD3A- Principles of Compiler Design
PSD3A Principles of Compiler Design Unit : I-V 1 UNIT I - SYLLABUS Compiler Assembler Language Processing System Phases of Compiler Lexical Analyser Finite Automata NFA DFA Compiler Tools 2 Compiler -
More informationIndex. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309
A Arithmetic operation floating-point arithmetic, 11 12 integer numbers, 9 11 Arrays, 97 copying, 59 60 creation, 48 elements, 48 empty arrays and vectors, 57 58 executable program, 49 expressions, 48
More informationRefinement Types for TypeScript
Refinement Types for TypeScript Panagiotis Vekris Benjamin Cosman Ranjit Jhala University of California, San Diego PLDI 16 Thursday, June 16 Extensible static analyses for modern scripting languages 2
More informationStatic Program Analysis Part 7 interprocedural analysis
Static Program Analysis Part 7 interprocedural analysis http://cs.au.dk/~amoeller/spa/ Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Interprocedural analysis Analyzing the
More informationData Flow Testing. CSCE Lecture 10-02/09/2017
Data Flow Testing CSCE 747 - Lecture 10-02/09/2017 Control Flow Capture dependencies in terms of how control passes between parts of a program. We care about the effect of a statement when it affects the
More informationWeeks 6&7: Procedures and Parameter Passing
CS320 Principles of Programming Languages Weeks 6&7: Procedures and Parameter Passing Jingke Li Portland State University Fall 2017 PSU CS320 Fall 17 Weeks 6&7: Procedures and Parameter Passing 1 / 45
More informationCS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 17: Types and Type-Checking 25 Feb 08
CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 17: Types and Type-Checking 25 Feb 08 CS 412/413 Spring 2008 Introduction to Compilers 1 What Are Types? Types describe the values possibly
More informationSection: Inheritance Heck
Section: Inheritance Heck Inheritance Heck (previously named slightly differently) refers to seemingly complex and contradictory behavior by the compiler and runtime system when resolving types and methods
More informationPointer Analysis. Yannis Smaragdakis University of Athens George Balatsouras University of Athens
Foundations and Trends R in Programming Languages Vol. 2, No. 1 (2015) 1 69 c 2015 Y. Smaragdakis and G. Balatsouras DOI: 10.1561/2500000014 Pointer Analysis Yannis Smaragdakis University of Athens smaragd@di.uoa.gr
More information