PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
efficient and precise points to analysis

Efficient and Precise Points-to Analysis: Modeling the Heap by - PowerPoint PPT Presentation

Sep 10, 2022 •115 likes •800 views

Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian Tan, Yue Li and Jingling Xue PLDI 2017 June, 2017 1 A New Points-to Analysis T echnique for Object-Oriented Programs 2 Points-to Analysis

  1. Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata Tian Tan, Yue Li and Jingling Xue PLDI 2017 June, 2017 1

  2. A New Points-to Analysis T echnique for Object-Oriented Programs 2

  3. Points-to Analysis  Determines ◦ “which objects a variable can point to?” 3

  4. Uses of Points-to Analysis Clients Tools  Security analysis  Bug detection  Compiler optimization Chord  Program verification  Program understanding …  … 4

  5. Uses of Points-to Analysis Clients Tools  Security analysis  Bug detection  Compiler optimization Chord  Program verification  Program understanding …  … Call Graph 5

  6. Existing Call Graph Construction  On-the-fly construction (run with points-to analysis) ◦ Precise ◦ Inefficient 6

  7. Existing Call Graph Construction  On-the-fly construction (run with points-to analysis) ◦ Precise ◦ Inefficient  3-object-sensitive points-to analysis ◦ Very precise ◦ Adopted by, e.g., Chord 7 7

  8. 3-Object-Sensitive Points-to Analysis  Analyze Java programs ◦ Intel Xeon E5 3.70GHz,128GB of memory ◦ Time budget: 5 hours (18000 secs) 8

  9. 3-Object-Sensitive Points-to Analysis  Analyze Java programs ◦ Intel Xeon E5 3.70GHz,128GB of memory ◦ Time budget: 5 hours (18000 secs) Analysis time (sec.) 14469 pmd (4 hours) Unscalable findbugs (> 5 hours) 0 5000 10000 15000 9

  10. T wo Mainstreams of Points-to Analysis T echniques  Model control-flow  Model data-flow 10

  11. T wo Mainstreams of Points-to Analysis T echniques  Model control-flow ◦ Context-sensitivity  Call-site- sensitivity (PLDI’04, PLDI’06)  Object- sensitivity (ISSTA’02, TOSEM’05, SAS’16)  Type- sensitivity (POPL’11)  …  Model data-flow 11

  12. T wo Mainstreams of Points-to Analysis T echniques  Model control-flow ◦ Context-sensitivity  Call-site- sensitivity (PLDI’04, PLDI’06)  Object- sensitivity (ISSTA’02, TOSEM’05, SAS’16)  Type- sensitivity (POPL’11)  …  Model data-flow ◦ Heap abstraction  Allocation-site abstraction  Type-based abstraction  … 12

  13. T wo Mainstreams of Points-to Analysis T echniques  Model control-flow ◦ Context-sensitivity  Call-site- sensitivity (PLDI’04, PLDI’06)  Object- sensitivity (ISSTA’02, TOSEM’05, SAS’16)  Type- sensitivity (POPL’11)  …  Model data-flow ◦ Heap abstraction  Allocation-site abstraction  Type-based abstraction  … 13

  14. Heap Abstraction Dynamic Static execution analysis abstracted or partitioned … … Finite Infinite-size (abstract) heap objects 14

  15. Allocation-Site Abstraction  One object per allocation site 1 A a1 = new A(); 2 A a2 = new A(); 3 B b = new B() ; 15

  16. Allocation-Site Abstraction  One object per allocation site o 1 A 1 A a1 = new A(); A o 2 2 A a2 = new A(); 3 B b = new B() ; o 3 B 16

  17. Allocation-Site Abstraction  One object per allocation site ◦ Adopted by all mainstream points-to analyses o 1 A 1 A a1 = new A(); A o 2 2 A a2 = new A(); 3 B b = new B() ; o 3 B 17

  18. Allocation-Site Abstraction  Over-partition for call graph construction o 1 o 2 A A o 1 A 1 A a1 = new A(); void foo(Object o) { o.toString(); 2 A a2 = new A(); A o 2 3 foo(a1); } 4 foo(a2); A::toString() 18

  19. Allocation-Site Abstraction  Over-partition for type-dependent clients ◦ Call graph construction ◦ Devirtualization ◦ May-fail casting o 1 o 2 A A ◦ … o 1 A 1 A a1 = new A(); void foo(Object o) { o.toString(); 2 A a2 = new A(); A o 2 3 foo(a1); A a = (A) o; 4 foo(a2); } 19

  20. Type-Based Abstraction  One object per type 1 A a1 = new A(); 2 A a2 = new A(); 3 B b = new B() ; 20

  21. Type-Based Abstraction  One object per type A o 1 A a1 = new A(); 2 A a2 = new A(); B o 3 B b = new B(); 21

  22. Type-Based Abstraction  Precision loss for type-dependent clients A o A a1 = new A(); A a2 = new A(); B o B b = new B(); C c = new C(); C o a1.f = b; a2.f = c; Object o = a1.f; o.toString(); 22

  23. Type-Based Abstraction  Precision loss for type-dependent clients A o A a1 = new A(); A a2 = new A(); B o B b = new B(); C c = new C(); C o B o A o a1.f = b; a2.f = c; C o Object o = a1.f; o.toString(); 23

  24. Type-Based Abstraction  Precision loss for type-dependent clients A o A a1 = new A(); A a2 = new A(); B o B b = new B(); C c = new C(); C o B o A o a1.f = b; a2.f = c; C o B o Object o = a1.f; o.toString(); C o 24

  25. Type-Based Abstraction  Precision loss for type-dependent clients A o A a1 = new A(); A a2 = new A(); B o B b = new B(); C c = new C(); C o B o A o a1.f = b; a2.f = c; C o B o Object o = a1.f; B::toString() o.toString(); C o C::toString() 25

  26. Type-Based Abstraction  Precision loss for type-dependent clients A o A a1 = new A(); A a2 = new A(); B o B b = new B(); C c = new C(); C o B o A o a1.f = b; a2.f = c; C o B o Object o = a1.f; B::toString() o.toString(); C o C::toString() False positive 26

  27. Our Goal: Improve Efficiency Preserve Precision 27

  28. M AHJONG : A New Heap Abstraction Analysis Time (sec.) 128 14469 pmd (4 fours) 524 Unscalable findbugs (> 5 hours) MAHJONG Allocation-site abstraction Improve Efficiency Adopted by all mainstream points-to analyses 28

  29. M AHJONG : A New Heap Abstraction Analysis Time (sec.) 128 14469 pmd (4 fours) 524 Unscalable findbugs (> 5 hours) MAHJONG Allocation-site abstraction Improve Efficiency Adopted by all mainstream points-to analyses #call graph edges 44016 pmd 44004 MAHJONG Allocation-site abstraction Preserve Precision 29

  30. M AHJONG : A New Heap Abstraction Analysis Time (sec.) 128 14469 pmd (4 fours) 524 Unscalable findbugs (> 5 hours) MAHJONG Allocation-site abstraction Improve Efficiency Adopted by all mainstream points-to analyses #call graph edges 44016 pmd 44004 MAHJONG Allocation-site abstraction Preserve Precision How? 30

  31. alleviate Merging Objects Over-Partition cause Blindly Merging Objects Precision Loss 31

  32. alleviate Merging Objects Over-Partition cause Blindly Merging Objects Precision Loss f o 3 o 1 B A f o 4 C o 2 A inconsistent inconsistent types types 32

  33. alleviate Merging Objects Over-Partition cause Blindly Merging Objects Precision Loss f B o 3 o 1 B A o f A o f f C o 4 o C o 2 A inconsistent types 33

  34. Type-Consistent Objects  Definition T and O j T are type-consistent objects, O i if for every sequence of field names, = f 1 . f 2 . ... . f n : f O i T . and O j T . point to the objects of the f f same types. 34

  35. Type-Consistent Objects  Definition T and O j T are type-consistent objects, O i if for every sequence of field names, = f 1 . f 2 . ... . f n : f O i T . and O j T . point to the objects of the f f same types. M AHJONG only merges type-consistent objects 35

  36. Type-Consistent Objects  Example o 7 Y h h o 3 T f U o 9 Y o 1 g k o 11 o 5 Y X o 4 U h f o 2 T o 8 Y g o 6 X k 36

  37. Type-Consistent Objects  Example O 1 O 2 T T o 7 Y h .f U U h o 3 T f U o 9 Y o 1 .f.h Y Y g k o 11 o 5 Y X .g X X .g.k Y Y o 4 U h f o 2 T o 8 Y g o 6 X k 37

  38. Type-Consistent Objects  Example ∵ O 1 O 2 T T o 7 Y h .f U U h o 3 T f U o 9 Y o 1 .f.h Y Y g k o 11 o 5 Y X .g X X .g.k Y Y o 4 U h f T and O 2 T are o 2 T o 8 Y O 1 ∴ type-consistent objects g o 6 X k 38

  39. How to Check Type-Consistency? 39

  40. Our Solution: Sequential Automata Check Test T ype-Consistency Equivalence of Objects of Automata 40

  41. Sequential Automata  6-tuple (Q, Σ , δ , q 0 , Γ , γ ), where: ◦ Q is a set of states ◦ Σ is a set of input symbols ◦ δ is the next-state map: Q × Σ  P (Q) ◦ q 0 is the initial state ◦ Γ is a set of output symbols ◦ γ is the output map: Q  Γ 41

  42. Check Test T ype-Consistency Equivalence of Objects of Automata How? 42

  43. Objects Automata  A set of objects  Q: a set of states  A set of field names  Σ : a set of input symbols  δ : the next-state map  The field points-to map  The object to be checked  q 0 : the initial state  A set of types  Γ : a set of output symbols  The object-to-type map  γ : the output map o 4 U h f o 2 T o 8 Y o 6 X g k 43

  44. Objects Automata  A set of objects  Q: a set of states  A set of field names  Σ : a set of input symbols  δ : the next-state map  The field points-to map  The object to be checked  q 0 : the initial state  A set of types  Γ : a set of output symbols  The object-to-type map  γ : the output map objects ↔ states o 4 U h f O 2 T , O 4 U , O 6 X , O 8 Y o 2 T o 8 Y o 6 X g k 44

  45. Objects Automata  A set of objects  Q: a set of states  A set of field names  Σ : a set of input symbols  δ : the next-state map  The field points-to map  The object to be checked  q 0 : the initial state  A set of types  Γ : a set of output symbols  The object-to-type map  γ : the output map field names ↔ input symbols o 4 U h f f, g, h, k o 2 T o 8 Y o 6 X g k 45

Recommend

MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise

MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise

MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise P Precise Positioning sitioning Real-Time Kinematic (RTK) positioning Precise Point Positioning (PPP) Requires additional correction!

340 views • 14 slides
Precise Performance LTD Jake Yarranton jake@precise-performance.co.uk 07468 465754 Precise

Precise Performance LTD Jake Yarranton jake@precise-performance.co.uk 07468 465754 Precise

Precise Performance LTD Jake Yarranton jake@precise-performance.co.uk 07468 465754 Precise Performance LTD Independent Bike fitting and coaching specialists Our main focus is to help cyclists of every ability improve Experts in

388 views • 15 slides
Precise Garbage Collection in C PANKHURI February 16, 2011 Agenda Problem Statement. Precise /

Precise Garbage Collection in C PANKHURI February 16, 2011 Agenda Problem Statement. Precise /

Precise Garbage Collection in C PANKHURI February 16, 2011 Agenda Problem Statement. Precise / Conservative Garbage Collection. What will Magpie do ? C semantics and Precise GC. When will Magpie fail ? Design and Implementation. Results.

467 views • 15 slides
Optimal Prices in the Towards a Precise . . . Towards a Precise . . . Presence of Discounts:

Optimal Prices in the Towards a Precise . . . Towards a Precise . . . Presence of Discounts:

Practical Situation: . . . How to Describe . . . Formulation of the . . . Optimal Prices in the Towards a Precise . . . Towards a Precise . . . Presence of Discounts: Precise Optimization . . . A New Economic Main result Proof: Part I

449 views • 12 slides
Points-to Analysis y = &z; y z Points-to Analysis y = &z; x = &y; x y z

Points-to Analysis y = &z; y z Points-to Analysis y = &z; x = &y; x y z

Points-to Analysis y = &z; y z Points-to Analysis y = &z; x = &y; x y z Points-to Analysis y = &z; w x = &y; w = &x; x y z Points-to Analysis y = &z; w x = &y; w = &x; a x a = w; y z

612 views • 35 slides
CMPS 112, Spring 2019 Midterm (Solutions) Section Points Score Reductions 10 points Lists

CMPS 112, Spring 2019 Midterm (Solutions) Section Points Score Reductions 10 points Lists

CMPS 112, Spring 2019 Midterm (Solutions) Section Points Score Reductions 10 points Lists 15 points Snoc lists 20 points Matrices 50 points Total 95 points Instructions You have 95 minutes to complete this exam. This exam is

273 views • 11 slides
Modeling nuclear effects Modeling nuclear effects in precise oscillation experiments in precise

Modeling nuclear effects Modeling nuclear effects in precise oscillation experiments in precise

Modeling nuclear effects Modeling nuclear effects in precise oscillation experiments in precise oscillation experiments Artur M. Ankowski Virginia Tech in collaboration with O. Benhar and C. Mariani ELBNF Proto-Collaboration Meeting

510 views • 19 slides
Machining Expert Precise In Dimensions Precise In Deliveries Flexible In Business

Machining Expert Precise In Dimensions Precise In Deliveries Flexible In Business

Machining Expert Precise In Dimensions Precise In Deliveries Flexible In Business Volume Customer Oriented In Costs 2 We Are Proud Of Our History 1978 Mr. M. Ergun Alanyal established Mapar 1980 First Supply To Automotive

348 views • 20 slides
Precise Gauging & Automation Technology Address:PRECISE GAUGING & AUTOMATION TECHNOLOGY

Precise Gauging & Automation Technology Address:PRECISE GAUGING & AUTOMATION TECHNOLOGY

Precise Gauging & Automation Technology Address:PRECISE GAUGING & AUTOMATION TECHNOLOGY S No 24/2B , Opposite Konark Eureka , Old Mundhwa Road , Sainath Nagar , Kharadi , Pune 411014 INDIA Who we are? A professionally managed

1.38k views • 27 slides
Effectiveness of Career Development? Ask a Precise Question if You Want a Precise Answer Peter

Effectiveness of Career Development? Ask a Precise Question if You Want a Precise Answer Peter

1 Effectiveness of Career Development? Ask a Precise Question if You Want a Precise Answer Peter McIlveen University of Southern Queensland Career development practitioners are challenged to provide evidence of the relevance of their research,

335 views • 6 slides
Precise Electroweak Tests at LHC Fernando Marroquim Universidade Federal do Rio de Janeiro April

Precise Electroweak Tests at LHC Fernando Marroquim Universidade Federal do Rio de Janeiro April

Precise Electroweak Tests at LHC Fernando Marroquim Universidade Federal do Rio de Janeiro April 2006 Introduction Precise W Mass Measurement Precise Top Mass Measurements Single Top Production Triple gauge boson couplings

164 views • 14 slides
CMSC427 Rendering polylines Points, polylines and polygons Points Polyline Polygon Polyline can

CMSC427 Rendering polylines Points, polylines and polygons Points Polyline Polygon Polyline can

CMSC427 Rendering polylines Points, polylines and polygons Points Polyline Polygon Polyline can be rendered as each Points, polylines and polygons hMps://processing.org/reference/beginShape_.html Points Polyline Polygon beginShape(POINTS);

455 views • 11 slides
Efficient and good Delaunay meshes from points random points M. S. Ebeida et a.l Intro MPS M.

Efficient and good Delaunay meshes from points random points M. S. Ebeida et a.l Intro MPS M.

Efficient and good Delaunay meshes from random Efficient and good Delaunay meshes from points random points M. S. Ebeida et a.l Intro MPS M. S. Ebeida 1 , S. A. Mitchell 1 , Andrew A. Davidson 2 , MPS Anjul Patney 2 , Patrick Knupp 1 and

641 views • 51 slides
Points to ponder while we wait for everyone to log on Points to ponder while we wait for

Points to ponder while we wait for everyone to log on Points to ponder while we wait for

Points to ponder while we wait for everyone to log on Points to ponder while we wait for everyone to log on Points to ponder while we wait for everyone to log on Points to ponder while we wait for everyone to log on Points to ponder

777 views • 43 slides
September 27, 2013 New MAP-based Performance Policy Category Points Points Weighted Points

September 27, 2013 New MAP-based Performance Policy Category Points Points Weighted Points

September 27, 2013 New MAP-based Performance Policy Category Points Points Weighted Points Weighted Possible Earned Possible Points Earned MAP Growth 20 18 2.25 2.06 MAP 10 7 0.75 0.50 Attainment ELL 5 4 0.25 0.20 Other

467 views • 18 slides
The projective line minus three fractional 3 kinds of integral points points Darmons M

The projective line minus three fractional 3 kinds of integral points points Darmons M

The projective line minus three fractional points Bjorn Poonen The projective line minus three fractional 3 kinds of integral points points Darmons M -curves Campanas orbifolds Almost integral points Counting points of Bjorn Poonen

377 views • 23 slides
Measurement and Analysis of Online Social Networks Alan Mislove Massimiliano Marcon

Measurement and Analysis of Online Social Networks Alan Mislove Massimiliano Marcon

Measurement and Analysis of Online Social Networks Alan Mislove Massimiliano Marcon Krishna Gummadi Peter Druschel Bobby Bhattacharjee Max Planck Institute for Software Systems Rice University University of Maryland

679 views • 38 slides
Task Analy ask Analysis T sis Tool ool

Task Analy ask Analysis T sis Tool ool

Task Analy ask Analysis T sis Tool ool

61 views • 3 slides
Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic analysis for Bitcoin and derived Transaction clustering using network traffic blockchains analysis for Bitcoin and derived blockchains Biryukov, Tikhomirov Introduction Network privacy Alex

491 views • 30 slides
via Multi-Dimensional Trace Analysis Yanpei Chen, Kiran Srinivasan, Garth Goodson, Randy Katz UC

via Multi-Dimensional Trace Analysis Yanpei Chen, Kiran Srinivasan, Garth Goodson, Randy Katz UC

Design Implications for Enterprise Storage Systems via Multi-Dimensional Trace Analysis Yanpei Chen, Kiran Srinivasan, Garth Goodson, Randy Katz UC Berkeley AMP Lab, NetApp Inc. Motivation Understand data access patterns Client Server How

685 views • 26 slides
Coronavirus Covid-19: An Analysis by Milo Schield ASA Fellow Consultant: University of New

Coronavirus Covid-19: An Analysis by Milo Schield ASA Fellow Consultant: University of New

V2 Schield: 2020 Covid19 Analysis Slides 0308 1 Coronavirus Covid-19: An Analysis by Milo Schield ASA Fellow Consultant: University of New Mexico President: National Numeracy Network March 8, 2020 www.StatLit.org/pdf/

530 views • 14 slides
CS630 Object-Oriented Systems Analysis and Design Les Waguespack, Ph.D. Orientation

CS630 Object-Oriented Systems Analysis and Design Les Waguespack, Ph.D. Orientation

CS630 Object-Oriented Systems Analysis and Design Les Waguespack, Ph.D. Orientation Orientation Slides Zero: 1 We Are Here Course Title: Object-Oriented Systems Analysis and Design Course Description: This course prepares the student for

480 views • 9 slides
A Stepwise Analysis of Aggregated Crowdsourced Labels Describing Multimodal Emotional Behaviors

A Stepwise Analysis of Aggregated Crowdsourced Labels Describing Multimodal Emotional Behaviors

A Stepwise Analysis of Aggregated Crowdsourced Labels Describing Multimodal Emotional Behaviors Alec Burmania and Carlos Busso Multimodal Signal Processing (MSP) lab The University of Texas at Dallas Erik Jonsson School of Engineering and

504 views • 23 slides
Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is

Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is

Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is about taking functions and realizing them or approximating them in terms of periodic (trig) functions. Many, many practical applications. Def: R = {

192 views • 17 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2025 SAMBUZ, All right reserved.