Bottom-up Context-Sensitive Pointer Analysis for Java
|
|
- Christal Conley
- 6 years ago
- Views:
Transcription
1 Bottom-up Context-Sensitive Pointer Analysis for Java Yu Feng, Xinyu Wang, Isil Dillig and Thomas Dillig UT Austin 1
2 What is this talk about? Pointer analysis Given a program variable v, what are the heap locations v can point to? Many applications: compiler optimizations, verification (e.g., memory safety), software engineering, Our goal: Context- sensitive, compositional pointer analysis for Java Context-sensitive: more precise because it differentiates information at each call site Compositional: Analyzes each method only once and generates a polymorphic summary 2
3 What is this talk about? Summary Generation Summary Instantiation Constraint-based handling for virtual calls 3
4 Existing approaches Almost all context-sensitive pointer analyses for Java are top-down Not compositional! Reanalyze every method multiple times in different calling contexts Very hard to scale m1 m2 m3 m4 m5 m6 Existing approaches compromise precision by limiting context information (e.g., 1-CFA, 2-obj) m7 4
5 Our approach: bottom-up Our approach: Analyze each procedure independently of callers and generate a polymorphic points-to summary naturally context-sensitive because summary plugged in at the call site Key advantage: scalability Each summary can be used in multiple calling contexts and across applications m1 m2 m3 m4 m5 m6 m7 5
6 Wait, hasn t this been done before? Lots of works on bottom-up pointer analysis for C or C++ Cheng et al. PLDI 00, Lattner et al. PLDI 07, Dillig PLDI 11 Not much work for object-oriented languages like Java Some works rely on global points-to information: Yorsh et al. POPL 08, Zhang et al. PLDI 14 Whaley et al. OOPSLA 99 does not handle virtual calls precisely One of key problems: How to handle virtual method calls 6
7 A strawman solution for virtual calls A alloc1 E:goo <:= <:= <:= B C D <:= <:= <:= <:= void bar(a o) { o.goo(); } arg1.f alloc2 arg1.g H:goo E F G H alloc3 D:goo Instantiate summary of goo() for all possible dynamic types of o 7
8 A strawman solution for virtual calls alloc1 E:goo void bar(a o) { o.goo(); } arg1.f alloc2 arg1.g H:goo void foo(x x, H z) { z.g = new Z();//alloc0 bar(z); } alloc3 D:goo This solution is completely imprecise!! Strawman solution is (almost) as bad as context-insensitive analysis! 8
9 Our Key Idea Key idea: Qualify points-to edges with constraints Traditional points-to graph Nodes denote abstract heap objects Directed edges represent may-point-to relations Our points-to graph x Constraints on edges stipulate dynamic type of receiver x type(v) <= T y y x points to y only if the dynamic type of v is subtype of T! class T { X x; X y; void bar() { x=y; } } main() { v.bar(); } 9
10 Revisiting example E F A <:= <:= <:= B C D <:= <:= <:= <:= G H void bar(a o) { o.baz(); } arg1.f type(arg1) <:= E type(arg1) <:= H type(arg1) <:= H type(arg1) <:= D alloc1 alloc2 arg1.g alloc3 Access paths represent heap objects allocated by caller Allocations represent heap objects allocated by current method or its callees 10
11 Revisiting example, cont. bar type(arg1) <:= E alloc1 type(arg2) <:= E foo alloc1@foo arg1.f type(arg1) <:= H alloc2 arg2.f type(arg2) <:= H alloc2@foo type(arg1) <:= H type(arg2) <:= H arg1.g alloc0 type(arg1) <:= D type(arg2) <:= D alloc3 alloc3@foo void foo(a a, H z) { z.g = new Z();//alloc0 bar(z); } 11
12 Using SMT solver Since we have types on points-to edges, use constraint solver to check if points-to edge is feasible Translate subtyping constraints into linear inequalities and feed to SMT solver Subtyping constraints Linear inequalities 12
13 Translating subtyping constraints to linear inequalities A <:= <:= <:= B C D Post-order labeling 8 A B C D E <:= <:= <:= <:= F G H 1 2 E F 4 G 5 H 11 type(v) <:= C 4 <= type(v) <= 6 13
14 Back to previous example Static type of arg2 is H, we have : type(arg2) <:= H : type(arg2) <:= E type(arg2) <:= E alloc1@foo : type(arg2) <:= D arg2.f type(arg2) <:= H type(arg2) <:= H alloc2@foo alloc0 Assumption : is UNSAT is UNSAT type(arg2) <:= D alloc3@foo is valid 14
15 Experiment Benchmarks Analyzed 10 large benchmarks from Dacapo and Ashes Compared Scuba with k-cfa and k-obj in terms of running time k refers to number of contexts tracked by analysis k-cfa uses call sites as contexts k-obj uses receiver object as context Compared precision with two clients: May-alias analysis: # of pairs that are proven NOT aliased (larger is better) Downcast analysis: # downcasts that are proven safe (larger is better) 15
16 Experiment Analysis time in seconds (Smaller is better) 16
17 Experiment May-alias results (Larger is better) 17
18 Experiment Downcast results (Larger is better) 18
19 Conclusion Bottom-up and context-sensitive pointer analysis for Java Constraint-based handling of virtual calls Generate polymorphic method summaries Our tool is both precise and scalable 19
20 Thank you! Program analysis Scuba SMT solver 20
Calvin Lin The University of Texas at Austin
Interprocedural Analysis Last time Introduction to alias analysis Today Interprocedural analysis March 4, 2015 Interprocedural Analysis 1 Motivation Procedural abstraction Cornerstone of programming Introduces
More informationRefinement-Based Context-Sensitive Points-To Analysis for Java
Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodík UC Berkeley PLDI 2006 1 What Does Refinement Buy You? Increased scalability: enable new clients Memory: orders
More informationMaking Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World
Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris Lattner Apple Andrew Lenharth UIUC Vikram Adve UIUC What is Heap Cloning? Distinguish objects by acyclic
More informationOOPLs - call graph construction. Example executed calls
OOPLs - call graph construction Compile-time analysis of reference variables and fields Problem: how to resolve virtual function calls? Need to determine to which objects (or types of objects) a reference
More informationInterprocedural Analysis. Motivation. Interprocedural Analysis. Function Calls and Pointers
Interprocedural Analysis Motivation Last time Introduction to alias analysis Today Interprocedural analysis Procedural abstraction Cornerstone of programming Introduces barriers to analysis Example x =
More informationLecture 27. Pros and Cons of Pointers. Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis
Pros and Cons of Pointers Lecture 27 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis Many procedural languages have pointers
More informationLecture 20 Pointer Analysis
Lecture 20 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis (Slide content courtesy of Greg Steffan, U. of Toronto) 15-745:
More informationInterprocedural Analysis. Dealing with Procedures. Course so far: Terminology
Interprocedural Analysis Course so far: Control Flow Representation Dataflow Representation SSA form Classic DefUse and UseDef Chains Optimizations Scheduling Register Allocation Just-In-Time Compilation
More informationStatic Program Analysis Part 9 pointer analysis. Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University
Static Program Analysis Part 9 pointer analysis Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Agenda Introduction to points-to analysis Andersen s analysis Steensgaards s
More informationPartitioned Memory Models for Program Analysis
Partitioned Memory Models for Program Analysis Wei Wang 1 Clark Barrett 2 Thomas Wies 3 1 Google 2 Stanford University 3 New York University January 13, 2017 Wei Wang Partitioned Memory Models January
More informationOOPLs - call graph construction Compile-time analysis of reference variables and fields. Example
OOPLs - call graph construction Compile-time analysis of reference variables and fields Determines to which objects (or types of objects) a reference variable may refer during execution Primarily hierarchy-based
More informationLecture 14 Pointer Analysis
Lecture 14 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis [ALSU 12.4, 12.6-12.7] Phillip B. Gibbons 15-745: Pointer Analysis
More informationVerifying the Safety of Security-Critical Applications
Verifying the Safety of Security-Critical Applications Thomas Dillig Stanford University Thomas Dillig 1 of 31 Why Program Verification? Reliability and security of software is a huge problem. Thomas Dillig
More informationLecture 16 Pointer Analysis
Pros and Cons of Pointers Lecture 16 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis Many procedural languages have pointers
More informationLecture Notes: Pointer Analysis
Lecture Notes: Pointer Analysis 15-819O: Program Analysis Jonathan Aldrich jonathan.aldrich@cs.cmu.edu Lecture 9 1 Motivation for Pointer Analysis In programs with pointers, program analysis can become
More informationScaling Abstraction Refinement via Pruning. PLDI - San Jose, CA June 8, 2011
Scaling Abstraction Refinement via Pruning PLDI - San Jose, CA June 8, 2011 Percy Liang UC Berkeley Mayur Naik Intel Labs Berkeley The Big Picture Program 2 The Big Picture Program Static Analysis 2 The
More informationDemand-Driven Points-To Analysis For Java
Demand-Driven Points-To Analysis For Java Manu Sridharan, Ras Bodik Lexin Shan Denis Gopan UC Berkeley Microsoft UW Madison OOPSLA 2005 1 Who needs better pointer analysis? IDEs: for refactoring, program
More informationFailure-Directed Program Trimming
Failure-Directed Program Trimming ABSTRACT Kostas Ferles The University of Texas at Austin, USA kferles@cs.utexas.edu Maria Christakis University of Kent, UK M.Christakis@kent.ac.uk This paper describes
More informationA Gentle Introduction to Program Analysis
A Gentle Introduction to Program Analysis Işıl Dillig University of Texas, Austin January 21, 2014 Programming Languages Mentoring Workshop 1 / 24 What is Program Analysis? Very broad topic, but generally
More informationWednesday, October 15, 14. Functions
Functions Terms void foo() { int a, b;... bar(a, b); void bar(int x, int y) {... foo is the caller bar is the callee a, b are the actual parameters to bar x, y are the formal parameters of bar Shorthand:
More informationOutline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring
Java Outline Java Models for variables Types and type checking, type safety Interpretation vs. compilation Reasoning about code CSCI 2600 Spring 2017 2 Java Java is a successor to a number of languages,
More informationAlias Analysis. Advanced Topics. What is pointer analysis? Last Time
Advanced Topics Last Time Experimental Methodology Today What s a managed language? Alias Analysis - dealing with pointers Focus on statically typed managed languages Method invocation resolution Alias
More informationR O O T S Interprocedural Analysis
R O O T S Interprocedural Analysis Aleksandra Biresev s6albire@cs.uni-bonn.de Interprocedural Analysis An interprocedural analysis operates across an entire program, flowing information from call sites
More informationPrograms that write themselves: Program synthesis for the masses. Yu Feng UT Austin
Programs that write themselves: Program synthesis for the masses Yu Feng UT Austin New platforms impose demand for programming 2 New platforms impose demand for programming 2 New platforms impose demand
More informationRefinement Types for TypeScript
Refinement Types for TypeScript Panagiotis Vekris Benjamin Cosman Ranjit Jhala University of California, San Diego PLDI 16 Thursday, June 16 Extensible static analyses for modern scripting languages 2
More informationAdvanced Compiler Construction
CS 526 Advanced Compiler Construction http://misailo.cs.illinois.edu/courses/cs526 INTERPROCEDURAL ANALYSIS The slides adapted from Vikram Adve So Far Control Flow Analysis Data Flow Analysis Dependence
More informationReference Analyses. VTA - Variable Type Analysis
Reference Analyses Variable Type Analysis for Java Related points-to analyses for C Steengaard Andersen Field-sensitive points-to for Java Object-sensitive points-to for Java Other analysis approaches
More informationCO444H. Ben Livshits. Datalog Pointer analysis
CO444H Ben Livshits Datalog Pointer analysis 1 Call Graphs Class analysis: Given a reference variable x, what are the classes of the objects that x refers to at runtime? We saw CHA and RTA Deal with polymorphic/virtual
More informationA Context-Sensitive Memory Model for Verification of C/C++ Programs
A Context-Sensitive Memory Model for Verification of C/C++ Programs Arie Gurfinkel and Jorge A. Navas University of Waterloo and SRI International SAS 17, August 30th, 2017 Gurfinkel and Navas (UWaterloo/SRI)
More informationRegion-Based Memory Management in Cyclone
Region-Based Memory Management in Cyclone Dan Grossman Cornell University June 2002 Joint work with: Greg Morrisett, Trevor Jim (AT&T), Michael Hicks, James Cheney, Yanling Wang Cyclone A safe C-level
More informationCSolve: Verifying C With Liquid Types
CSolve: Verifying C With Liquid Types Patrick Rondon, Alexander Bakst, Ming Kawaguchi, and Ranjit Jhala University of California, San Diego {prondon, abakst, mwookawa, jhala@cs.ucsd.edu Abstract. We present
More informationOverview. Verification with Functions and Pointers. IMP with assertions and assumptions. Proof rules for Assert and Assume. IMP+: IMP with functions
Overview Verification with Functions and Pointers Işıl Dillig The IMP language considered so far does not have many features of realistics PLs Our goal today: Enrich IMP with two features, namely functions
More informationEscape Analysis. Applications to ML and Java TM
Escape Analysis. Applications to ML and Java TM Bruno Blanchet INRIA Rocquencourt Bruno.Blanchet@inria.fr December 2000 Overview 1. Introduction: escape analysis and applications. 2. Escape analysis 2.a
More informationDesign Issues. Subroutines and Control Abstraction. Subroutines and Control Abstraction. CSC 4101: Programming Languages 1. Textbook, Chapter 8
Subroutines and Control Abstraction Textbook, Chapter 8 1 Subroutines and Control Abstraction Mechanisms for process abstraction Single entry (except FORTRAN, PL/I) Caller is suspended Control returns
More informationContext-sensitive points-to analysis: is it worth it?
McGill University School of Computer Science Sable Research Group Context-sensitive points-to analysis: is it worth it? Sable Technical Report No. 2005-2 Ondřej Lhoták Laurie Hendren October 21, 2005 w
More informationStatic Analysis of Embedded C Code
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider Relevant features of C code for MCUs Interrupt-driven concurrency Direct hardware access Whole program
More informationComputing Approximate Happens-Before Order with Static and Dynamic Analysis
Department of Distributed and Dependable Systems Technical report no. D3S-TR-2013-06 May 7, 2018 Computing Approximate Happens-Before Order with Static and Dynamic Analysis Pavel Parízek, Pavel Jančík
More informationClass Hierarchy Complementation: Soundly Completing a Partial Type Graph
Class Hierarchy Complementation: Soundly Completing a Partial Type Graph George Balatsouras Yannis Smaragdakis University of Athens OOPSLA 2013 Motivation: Static Analysis Static Analysis using the Doop
More informationHyperkernel: Push-Button Verification of an OS Kernel
Hyperkernel: Push-Button Verification of an OS Kernel Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang The OS Kernel is a critical component Essential
More informationSafety Checks and Semantic Understanding via Program Analysis Techniques
Safety Checks and Semantic Understanding via Program Analysis Techniques Nurit Dor Joint Work: EranYahav, Inbal Ronen, Sara Porat Goal Find properties of a program Anti-patterns that indicate potential
More informationAnalysis of Object-oriented Programming Languages
Analysis of Object-oriented Programming Languages Dr. Barbara G. Ryder Rutgers University http://www.cs.rutgers.edu/~ryder http://prolangs.rutgers.edu/ OOAnalysis, Dagstuhl 2/03, BG Ryder 1 Outline Why
More informationG Programming Languages - Fall 2012
G22.2110-003 Programming Languages - Fall 2012 Lecture 4 Thomas Wies New York University Review Last week Control Structures Selection Loops Adding Invariants Outline Subprograms Calling Sequences Parameter
More informationSystem Software Assignment 1 Runtime Support for Procedures
System Software Assignment 1 Runtime Support for Procedures Exercise 1: Nested procedures Some programming languages like Oberon and Pascal support nested procedures. 1. Find a run-time structure for such
More informationStatic and Dynamic Program Analysis: Synergies and Applications
Static and Dynamic Program Analysis: Synergies and Applications Mayur Naik Intel Labs, Berkeley CS 243, Stanford University March 9, 2011 Today s Computing Platforms Trends: parallel cloud mobile Traits:
More informationOverview. Why Pointers?
Overview CS345H: Programming Languages Lecture 16: Imperative Languages II Thomas Dillig Last time, we have seen how we can give meaning to a simple imperative Specifically, we wrote operational semantics
More informationContext-sensitive points-to analysis: is it worth it?
Context-sensitive points-to analysis: is it worth it? Ondřej Lhoták 1,2 and Laurie Hendren 2 olhotak@uwaterloo.ca hendren@sable.mcgill.ca 1 School of Computer Science, University of Waterloo, Waterloo,
More informationInterprocedural Analysis with Data-Dependent Calls. Circularity dilemma. A solution: optimistic iterative analysis. Example
Interprocedural Analysis with Data-Dependent Calls Circularity dilemma In languages with function pointers, first-class functions, or dynamically dispatched messages, callee(s) at call site depend on data
More informationContext-Sensitive Pointer Analysis. Recall Context Sensitivity. Partial Transfer Functions [Wilson et. al. 95] Emami 1994
Context-Sensitive Pointer Analysis Last time Flow-insensitive pointer analysis Today Context-sensitive pointer analysis Emami invocation graphs Partial Transfer Functions The big picture Recall Context
More informationLecture 13: Subtyping
Lecture 13: Subtyping Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Programming Languages Pratikakis (CSD) Subtyping CS546, 2018-2019 1 / 15 Subtyping Usually found
More informationCS Advanced Compiler Design Course Project
CS 744 - Advanced Compiler Design Course Project Timeline: Brief project choice e-mail due May 17 Project proposal due May 31 Progress report e-mail due June 23 Presentations approximately July 19, 21
More informationSubprogram Concept. COMP3220 Principle of Programming Languages. Zhitao Gong Spring
Subprogram Concept COMP3220 Principle of Programming Languages Zhitao Gong 2016 Spring 1 / 30 Outline Introduction Closure Parameter Passing Summary 2 / 30 Introduction Tow fundamental abstractions process
More informationPointer Analysis. Lecture 40 (adapted from notes by R. Bodik) 5/2/2008 Prof. P. N. Hilfinger CS164 Lecture 40 1
Pointer Analysis Lecture 40 (adapted from notes by R. Bodik) 5/2/2008 Prof. P. N. Hilfinger CS164 Lecture 40 1 2 Today Points-to analysis an instance of static analysis for understanding pointers Andersen
More informationLecture 26: Pointer Analysis
[Based on slides from R. Bodik] Lecture 26: Pointer Analysis Administrivia HKN survey next Thursday. Worth 5 points (but you must show up!). Today Points-to analysis: an instance of static analysis for
More informationLecture 26: Pointer Analysis. General Goals of Static Analysis. Client 1: Example. Client 1: Optimizing virtual calls in Java
[Based on slides from R. Bodik] Administrivia Lecture 26: Pointer Analysis HKN survey next Thursday. Worth 5 points (but you must show up!). Today Points-to analysis: an instance of static analysis for
More informationCompilers. Cool Semantics II. Alex Aiken
Compilers Informal semantics of new T Allocate locations to hold all attributes of an object of class T Essentially, allocate a new object Set attributes with their default values Evaluate the initializers
More informationPOLYMORPHISM 2 PART Abstract Classes Static and Dynamic Casting Common Programming Errors
POLYMORPHISM 2 PART Abstract Classes Static and Dynamic Casting Common Programming Errors CSC 330 OO Software Design 1 Abstract Base Classes class B { // base class virtual void m( ) =0; // pure virtual
More informationAFRL-RI-RS-TR
AFRL-RI-RS-TR-2017-032 STATIC ANALYSIS OF MOBILE PROGRAMS STANFORD UNIVERSITY FEBRUARY 2017 FINAL TECHNICAL REPORT APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED STINFO COPY AIR FORCE RESEARCH LABORATORY
More informationCloning-Based Context-Sensitive Pointer Alias Analysis using BDDs
More Pointer Analysis Last time Flow-Insensitive Pointer Analysis Inclusion-based analysis (Andersen) Today Class projects Context-Sensitive analysis March 3, 2014 Flow-Insensitive Pointer Analysis 1 John
More informationAlias Analysis. Last time Interprocedural analysis. Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1
Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1 Aliasing What is aliasing? When two expressions denote the same mutable
More informationAutomatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
More informationPOLYMORPHISM 2 PART. Shared Interface. Discussions. Abstract Base Classes. Abstract Base Classes and Pure Virtual Methods EXAMPLE
Abstract Base Classes POLYMORPHISM 2 PART Abstract Classes Static and Dynamic Casting Common Programming Errors class B { // base class virtual void m( ) =0; // pure virtual function class D1 : public
More informationCS250 Intro to CS II. Spring CS250 - Intro to CS II 1
CS250 Intro to CS II Spring 2017 CS250 - Intro to CS II 1 Topics Virtual Functions Pure Virtual Functions Abstract Classes Concrete Classes Binding Time, Static Binding, Dynamic Binding Overriding vs Redefining
More informationExtra notes on Field- sensitive points- to analysis with inclusion constraints Sept 9, 2015
Extra notes on Field- sensitive points- to analysis with inclusion constraints Sept 9, 2015 Week 3 CS6304 The Rountev et al. paper at OOPSLA 2000 extended Andersen s points- to analysis for C programs
More informationInterprocedural Analysis with Data-Dependent Calls. Circularity dilemma. A solution: optimistic iterative analysis. Example
Interprocedural Analysis with Data-Dependent Calls Circularity dilemma In languages with function pointers, first-class functions, or dynamically dispatched messages, callee(s) at call site depend on data
More informationCMSC 330: Organization of Programming Languages. Ownership, References, and Lifetimes in Rust
CMSC 330: Organization of Programming Languages Ownership, References, and Lifetimes in Rust CMSC330 Spring 2018 1 Memory: the Stack and the Heap The stack constant-time, automatic (de)allocation Data
More informationFlow-sensitive rewritings and Inliner improvements for the Graal JIT compiler
1 / 25 Flow-sensitive rewritings and for the Graal JIT compiler Miguel Garcia http://lampwww.epfl.ch/~magarcia/ 2014-07-07 2 / 25 Outline Flow-sensitive rewritings during HighTier Example Rewritings in
More informationCompiler Design Spring 2017
Compiler Design Spring 2017 7.5 Method invocation Dr. Zoltán Majó Compiler Group Java HotSpot Virtual Machine Oracle Corporation 1 Admin issues There will be a recitation session today In CAB G 11 @ 15:15
More informationCCured. One-Slide Summary. Lecture Outline. Type-Safe Retrofitting of C Programs
CCured Type-Safe Retrofitting of C Programs [Necula, McPeak,, Weimer, Condit, Harren] #1 One-Slide Summary CCured enforces memory safety and type safety in legacy C programs. CCured analyzes how you use
More informationConfigurable Software Model Checking
Configurable Software Model Checking CPAchecker Dirk Beyer Dirk Beyer 1 / 26 Software Verification C Program int main() { int a = foo(); int b = bar(a); } assert(a == b); Verification Tool TRUE i.e., specification
More informationPrecise and Efficient Points-to Analysis. via New Context-Sensitivity. and Heap Abstraction
Precise and Efficient Points-to Analysis via New Context-Sensitivity and Heap Abstraction by Tian Tan A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY
More informationAlias Analysis & Points-to Analysis. Hwansoo Han
Alias Analysis & Points-to Analysis Hwansoo Han May vs. Must Information May information The information is true on some path through a CFG Must information The information is true on all paths through
More informationProcedure and Object- Oriented Abstraction
Procedure and Object- Oriented Abstraction Scope and storage management cs5363 1 Procedure abstractions Procedures are fundamental programming abstractions They are used to support dynamically nested blocks
More informationDimensions of Precision in Reference Analysis of Object-oriented Programming Languages. Outline
Dimensions of Precision in Reference Analysis of Object-oriented Programming Languages Dr. Barbara G. Ryder Rutgers University http://www.cs.rutgers.edu/~ryder http://prolangs.rutgers.edu/ Research supported,
More informationClasses and Objects 3/28/2017. How can multiple methods within a Java class read and write the same variable?
Peer Instruction 8 Classes and Objects How can multiple methods within a Java class read and write the same variable? A. Allow one method to reference a local variable of the other B. Declare a variable
More informationConcepts of Object-Oriented Programming Peter Müller
Concepts of Object-Oriented Programming Peter Müller Chair of Programming Methodology Autumn Semester 2017 1.2 Introduction Core Concepts 2 Meeting the Requirements Cooperating Program Parts with Well-Defined
More informationPointer Analysis in the Presence of Dynamic Class Loading. Hind Presented by Brian Russell
Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan and Michael Hind Presented by Brian Russell Claim: First nontrivial pointer analysis dealing with all Java language features
More informationFree-Me: A Static Analysis for Automatic Individual Object Reclamation
Free-Me: A Static Analysis for Automatic Individual Object Reclamation Samuel Z. Guyer, Kathryn McKinley, Daniel Frampton Presented by: Jason VanFickell Thanks to Dimitris Prountzos for slides adapted
More informationPractical Affine Types and Typestate-Oriented Programming
Practical Affine Types and Typestate-Oriented Programming Philipp Haller KTH Royal Institute of Technology Stockholm, Sweden Dagstuhl Seminar 17051 Theory and Applications of Behavioural Types Schloss
More informationSMT-Style Program Analysis with Value-based Refinements
SMT-Style Program Analysis with Value-based Refinements Vijay D Silva Leopold Haller Daniel Kröning NSV-3 July 15, 2010 Outline Imprecision and Refinement in Abstract Interpretation SAT Style Abstract
More informationFlexible Goal-Directed Abstraction
University of Colorado, Boulder CU Scholar Computer Science Graduate Theses & Dissertations Computer Science Spring 1-1-2015 Flexible Goal-Directed Abstraction Samuel H. Blackshear University of Colorado
More informationInformation Science. No. For each question, choose one correct answer and write its symbol (A E) in the box.
For each question, choose one correct answer and write its symbol (A E) in the box. (A E) Q16. When compiling the program below, the name of which is prog.c, the following error is reported. Which program
More informationField Analysis. Last time Exploit encapsulation to improve memory system performance
Field Analysis Last time Exploit encapsulation to improve memory system performance This time Exploit encapsulation to simplify analysis Two uses of field analysis Escape analysis Object inlining April
More informationLearning Loop Invariants for Program Verification
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/pl-ml/code2inv
More informationWeeks 6&7: Procedures and Parameter Passing
CS320 Principles of Programming Languages Weeks 6&7: Procedures and Parameter Passing Jingke Li Portland State University Fall 2017 PSU CS320 Fall 17 Weeks 6&7: Procedures and Parameter Passing 1 / 45
More informationDependently Typed Programming with Mutable State
Dependently Typed Programming with Mutable State Aaron Stump 1 Evan Austin 2 1 Computer Science The University of Iowa 2 Computer Science The University of Kansas U.S. National Science Foundation CAREER
More informationSymDiff: A language-agnostic semantic diff tool for imperative programs
SymDiff: A language-agnostic semantic diff tool for imperative programs Shuvendu K. Lahiri 1, Chris Hawblitzel 1, Ming Kawaguchi 2, and Henrique Rebêlo 3 1 Microsoft Research, Redmond, WA, USA 2 University
More informationScalable Flow-Sensitive Pointer Analysis for Java with Strong Updates
Scalable Flow-Sensitive Pointer Analysis for Java with Strong Updates Arnab De and Deepak D Souza Department of Computer Science and Automation, Indian Institute of Science, Bangalore, India {arnabde,deepakd}@csa.iisc.ernet.in
More informationEventrons: A Safe Programming Construct for High-Frequency Hard Real-Time Applications
Eventrons: A Safe Programming Construct for High-Frequency Hard Real-Time Applications Daniel Spoonhower Carnegie Mellon University Joint work with Joshua Auerbach, David F. Bacon, Perry Cheng, David Grove
More informationRepresentation Independence, Confinement and Access Control
Representation Independence, Confinement and Access Control Anindya Banerjee and David Naumann ab@cis.ksu.edu and naumann@cs.stevens-tech.edu Kansas State University and Stevens Institute of Technology
More informationStacks and Frames Demystified. CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han
s and Frames Demystified CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han Announcements Homework Set #2 due Friday at 11 am - extension Program Assignment #1 due Tuesday Feb. 15 at 11 am - note extension
More informationDesigning Systems for Push-Button Verification
Designing Systems for Push-Button Verification Luke Nelson, Helgi Sigurbjarnarson, Xi Wang Joint work with James Bornholt, Dylan Johnson, Arvind Krishnamurthy, EminaTorlak, Kaiyuan Zhang Formal verification
More informationPass by Value. Pass by Value. Our programs are littered with function calls like f (x, 5).
Our programs are littered with function calls like f (x, 5). This is a way of passing information from the call site (where the code f(x,5) appears) to the function itself. The parameter passing mode tells
More informationPrinciples of Programming Languages
Ting Zhang Iowa State University Computer Science Department Lecture Note 16 October 26, 2010 Control Abstraction: Subroutines 1 / 26 Outline 1 Subroutines 2 Parameter Passing 3 Generic Subroutines 2 /
More informationInteractively Verifying Absence of Explicit Information Flows in Android Apps
Interactively Verifying Absence of Explicit Information Flows in Android Apps Osbert Bastani, Saswat Anand, and Alex Aiken Stanford University OOPSLA 2015 Problem Google Play Store > 1 million apps on
More informationD Programming Language
Group 14 Muazam Ali Anil Ozdemir D Programming Language Introduction and Why D? It doesn t come with a religion this is written somewhere along the overview of D programming language. If you actually take
More informationEffective Static Race Detection for Java. Part I. Chord. Chord. Chord. Chord - Overview. Problems addressed
Eective Static Race Detection or Java Mayer Naik, Alex Aiken, John Whaley Part I Introduction to Chord and Preliminaries presented by Matt McGill Chord Chord Chord is a static (data) race detection tool
More informationFlow- Context- Sensitive Pointer Analysis
Flow- Context- Sensitive Pointer Analysis Yulei Sui Supervisor: Prof. Jingling CORG UNSW December 24, 2010 1 / 38 Pointer Analysis Why Pointer Analysis? Why Pointer Analysis is difficult? Outline Flow-
More informationEstimating the Impact of Heap Liveness Information on Space Consumption in Java
Estimating the Impact of Heap Liveness Information on Space Consumption in Java by R. Shaham, E. Kolodner and M. Sagiv first presented at ISSM'02 presentation: Adrian Moos Contents what is this about?
More informationImportant From Last Time
Important From Last Time Volatile is tricky To write correct embedded C and C++, you have to understand what volatile does and does not do Ø What is the guarantee that it provides? Don t make the 8 mistakes
More informationCS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis
CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu Rugina 8 Sep 2005 Pointer Analysis Informally: determine where pointers (or references) in the program may
More information