scalability first pointer analysis with self tuning
play

Scalability-First Pointer Analysis with Self-Tuning Context - PowerPoint PPT Presentation

Aug 27, 2022 •216 likes •769 views

Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders Mller and Yannis Smaragdakis 1 Pointer Analysis Concept Which objects a variable may point to? Importance Fundamental for virtually

  1. Scalability-First Pointer Analysis with Self-Tuning Context Sensitivity Yue Li, Tian Tan, Anders Møller and Yannis Smaragdakis 1

  2. Pointer Analysis • Concept Which objects a variable may point to? • Importance Fundamental for virtually all static analyses e.g., call graphs, alias, etc. Useful for many software engineering tasks e.g., bug detection, security analysis, program understanding, etc. 2

  3. Problem: Unpredictable Scalability 3

  4. Problem: Unpredictable Scalability • Precise pointer analysis is hard to scale • Context Sensitivity (CS): precise but slow • Context Insensitivity (CI): imprecise but fast 4

  5. Problem: Unpredictable Scalability • Precise pointer analysis is hard to scale • Context Sensitivity (CS): precise but slow • Context Insensitivity (CI): imprecise but fast • Variants of Context Sensitivity • Object Sensitivity (obj) • Type Sensitivity (type) Less precise Faster 2obj 2type 1type CI 5

  6. Problem: Unpredictable Scalability 2obj 2type CI timeout (>10800 seconds) 10000 8000 5374 6000 4000 2950 2458 1203 2000 994 960 285 289 228 135 117 112 95 93 49 53 54 67 48 45 22 22 0 6

  7. Problem: Unpredictable Scalability • Scenario 7

  8. Problem: Unpredictable Scalability • Scenario as a part of a large-scale security analysis 8

  9. Problem: Unpredictable Scalability • Scenario as a part of a large-scale security analysis 9

  10. Problem: Unpredictable Scalability • Scenario X ? Precise 2obj X Unscalable for many X X X X X as a part of a large-scale security analysis 10

  11. Problem: Unpredictable Scalability • Scenario ? Precise 2obj Unscalable for many Imprecise for all ? Scalable CI as a part of a large-scale security analysis 11

  12. Problem: Unpredictable Scalability • Scenario ? Precise 2obj Unscalable for many Imprecise for all ? Scalable CI as a part of a large-scale security analysis • Iterate until most precise that scales: 2obj à 2type à 1type à CI • Sleepless nights and still not great precision! 12

  13. Good Scalability & High Precision regardless of the program being analyzed Scaler 13

  14. Good Scalability & High Precision regardless of the program being analyzed Scaler 2obj 2type Scaler timeout (>10800 seconds) Scalability 10000 as good as CI 8000 Precision 5374 6000 comparable to or better than the best scalable CS 4000 2950 2458 1769 1236 1194 1203 2000 960 705 652 452 285 254 289 272 95 93 93 53 45 53 54 0 14

  15. Idea Scaler 15

  16. Key Concept Number of worst-case CS points-to facts for method m c #ctx m #pts m * c : number of contexts for method m under CS c #ctx m • : number of points-to facts for method m #pts m • 16

  17. Insight • Too many CS points-to facts generated for certain methods 17

  18. Insight • Too many CS points-to facts generated for certain methods • m is scalability-critical method under CS c c > ST (Scalability Threshold) #ctx m #pts m * ( c is expensive) 18

  19. Insight • Too many CS points-to facts generated for certain methods • m is scalability-critical method under CS c c > ST (Scalability Threshold) #ctx m #pts m * ( c is expensive) • Identify scalability-critical method m c ’ #pts m ≤ ST (Scalability Threshold) #ctx m * (choose cheap c ’ ) 19

  20. Insight • Too many CS points-to facts generated for certain methods • m is scalability-critical method under CS c c > ST (Scalability Threshold) #ctx m #pts m * ( c is expensive) • Identify scalability-critical method m c ’ #pts m ≤ ST (Scalability Threshold) #ctx m * (choose cheap c ’ ) How to identify scalability-critical methods? c How to estimate ? #ctx m #pts m * 20

  21. c How to estimate #pts m ? #ctx m * Pre-analysis: points-to results of CI • #pts obtained directly m c #ctx m • obtained by leveraging Object Allocation Graph* (based on CI) Context estimation problem à Graph traversal problem *Making k-object-sensitive pointer analysis more precise with still k-limiting . Tan et al. SAS 2016 21

  22. Example Scaler 22

  23. m · #pts c #ctx m 2obj c = 1 000 000 100 000 10 000 0 method method 10 000 1 23

  24. m · #pts c #ctx m 2obj c = 1 000 000 ST: Scalability Threshold ST p 100 000 10 000 0 method method method 10 000 1 1000 2obj 24

  25. m · #pts c #ctx m 2obj c = 1 000 000 ST: Scalability Threshold ST p 100 000 10 000 0 method method method 10 000 1 1000 2obj 25

  26. m · #pts c #ctx m 2obj c = 1 000 000 ST: Scalability Threshold ST p 100 000 10 000 0 method method method 10 000 1 1000 ? 2obj 26

  27. m · #pts c #ctx m 2obj c = 1 000 000 2type c = 1type c = ST p 100 000 10 000 0 method method method 10 000 1 1000 ? 2obj 27

  28. m · #pts c #ctx m 2obj c = 1 000 000 2type c = 1type c = ST p 100 000 10 000 0 method method method 10 000 1 1000 2obj 2type 28

  29. m · #pts c #ctx m 2obj c = 1 000 000 2type c = 1type c = 100 000 ST p 10 000 0 method 1 method method method 2000 4000 10 000 1type 2type 2obj 29

  30. m · #pts c #ctx m 2obj c = 1 000 000 2type c = 1type c = For any scalability-critical method, use the 100 000 most precise CS variant that can turn it to a non-scalability-critical method ST p 10 000 0 method 1 method method method 2000 4000 10 000 1type 2type 2obj 30

  31. m · #pts c #ctx m 2obj c = 1 000 000 2type c = 1type c = For any scalability-critical method, use the 100 000 most precise CS variant that can turn it to a non-scalability-critical method ST p 10 000 0 method 1 method method method 2000 4000 10 000 1type 2type 2obj 31

  32. Total Scalability Threshold (TST) To automatically choose an appropriate for different program p ST p 32

  33. Total Scalability Threshold (TST) To automatically choose an appropriate for different program p ST p • TST is memory size related • TST indicates analysis capacity How many points-to facts can the memory hold? 33

  34. Total Scalability Threshold (TST) To automatically choose an appropriate for different program p ST p • TST is memory size related • TST indicates analysis capacity How many points-to facts can the memory hold? Program B Program A Σ Σ c c #ctx m #ctx m #pts m #pts m * * Memory TST 34

  35. m · #pts c #ctx m 2obj c = 1 000 000 2type c = 1type c = 100 000 ST p 10 000 0 method 1 method method method 2000 4000 10 000 35

  36. m · #pts c #ctx m 2obj c = 1 000 000 2type c = 1type c = 100 000 Program P ST ) = ( A1 + A2 + A3 ≤ TST E ( ST ) E Σ p p c #ctx m #pts m * ST p ST is automatically computed p based on the above inequality 10 000 A1 A2 A3 0 method method 1 method method 10 000 2000 4000 36

  37. m · #pts c #ctx m 2obj c = 1 000 000 2type c = Program P 1type c = Σ c #ctx m #pts m * 100 000 ST ) = ( A1 + A2 + A3 ≤ TST E p ST p ST is automatically computed p based on the above inequality 10 000 A1 A2 A3 0 method method 1 method method 10 000 2000 4000 37

  38. m · #pts c #ctx m 2obj c = 1 000 000 ST is the max value 2type c = p satisfying this inequality 1type c = 100 000 ST ) = ( A1 + A2 + A3 ≤ TST E p ST p ST is automatically computed p based on the above inequality 10 000 A1 A2 A3 0 method method 1 method method 10 000 2000 4000 38

  39. Scalability-First Pointer Analysis with Scaler Self-Tuning Context Sensitivity CS Variants m · #pts c #ctx m c = 2obj 1 000 000 2type c = 1type self-tuned by c = 100 000 ST ) = E ( A1 + A2 + A3 ≤ TST ST p p ST p ST is automatically computed p based on the above inequality depends on 10 000 A1 A2 A3 0 TST method 1 method method method 2000 4000 10 000 39

  40. Results Scaler 40

  41. 10 Popular Java Programs Chart Luindex 41

  42. Settings • TST = 30M (48G Memory) - 20M, 40M, 60M, etc. are all ok - Larger TST means better precision but worse efficiency • Time budget = 3 hours (per program) Results Scaler 2obj 2type Scaler timeout (>10800 seconds) Scalability 10000 as good as CI 8000 5374 Precision 6000 4000 comparable to or better 2950 2458 1769 than the best scalable CS 1236 1194 1203 2000 960 705 652 452 285 289 254 272 95 93 93 53 45 53 54 0 42

  43. Settings • TST = 30M (48G Memory) - 20M, 40M, 60M, etc. are all ok - Larger TST means better precision but worse efficiency • Time budget = 3 hours (per program) Results Scaler Scalability Complex program as good as CI Medium-Complexity Precision program comparable to or better Luindex Simple program than the best scalable CS 43

  44. Complex program Precision Metrics Analysis Time (seconds) #may-fail #poly #reachable #call graph 3h = 10800s casts calls methods edges CI 112 2234 2778 12718 114856 2obj à 2type à 1type >3h + >3h + 1997 2117 2577 12430 111834 Scaler 452 1852 2500 12167 107410 In all cases, lower is better 44

  45. Medium-Complexity program Precision Metrics Analysis Time (seconds) #may-fail #poly #reachable #call graph 3h = 10800s casts calls methods edges CI 49 2508 2925 13036 77370 2obj à 2type à 1type 2458 1409 2182 12657 65836 Scaler 272 1452 2195 12676 66177 In all cases, lower is better 45

Recommend

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller,

Precision-Guided Context Sensitivity for Pointer Analysis Yue Li, Tian Tan, Anders Mller, Yannis Smaragdakis OOPSLA 2018 1 A New Pointer Analysis T echnique for Object-Oriented Programs 2 Pointer Analysis Determines which

841 views • 64 slides
Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias,

Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias,

Alias Analysis Last time Alias analysis I (pointer analysis) Address Taken FIAlias, which is equivalent to Steensgaard Today Alias analysis II (pointer analysis) Anderson Emami Next time Midterm review CS553

207 views • 8 slides
Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li and Jingling Xue SAS 2016 September, 2016 1 A New Pointer Analysis for Object-Oriented Programs 2 Pointer Analysis Determine which

965 views • 70 slides
CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu

CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu

CS711 Advanced Programming Languages Pointer Analysis Overview and Flow-Sensitive Analysis Radu Rugina 8 Sep 2005 Pointer Analysis Informally: determine where pointers (or references) in the program may point to. Significant amount of

339 views • 21 slides
100 Drupal performance and scalability best practices Gord Christmas gord.christmas@acquia.com

100 Drupal performance and scalability best practices Gord Christmas gord.christmas@acquia.com

100 Drupal performance and scalability best practices Gord Christmas gord.christmas@acquia.com Saturday, April 6, 13 1 Long tail of performance tuning 20% of the performance tuning will give 50% of the improvements Potentially a hundred

363 views • 10 slides
Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis)

Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis)

Alias Analysis Last time Reuse optimization Today Alias analysis (pointer analysis) Next time More alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 2 Aliasing What is aliasing? When two expressions denote

265 views • 8 slides
CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong Focus of this

CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong Focus of this

CS 293S Pointer Analysis Yufei Ding Slides adapted from Wei Le, Stephen Chong Focus of this lecture Terms and concepts Algorithms: Andersen-Style and Steensgaard-Style Advanced topics 2 What is Pointer/Alias/points-to Analysis?

347 views • 32 slides
Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University

Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University

Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan University of Colorado at Boulder Michael Hind IBM T.J. Watson Research Center 1 Pointer analysis motivation Code a = new C( ); // G What does it do? b =

439 views • 30 slides
Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1 Aliasing What is aliasing? When two expressions denote the same mutable memory location e.g.,

812 views • 19 slides
Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and

Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and

Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and Katherine Yelick U.C. Berkeley A August 23, 2007 t 23 2007 1 Hierarchical Pointer Analysis Amir Kamil Background 2 Hierarchical Pointer Analysis

650 views • 41 slides
CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference

Datalog CO444H Pointer analysis Ben Livshits 1 Call Graphs Class analysis: Given a reference variable x, what are the classes of the objects that x refers to at runtime? We saw CHA and RTA Deal with polymorphic/virtual calls:

1.01k views • 54 slides
Scalability and Replication Marco Serafini COMPSCI 532 Lecture 13 Scalability 2 Scalability

Scalability and Replication Marco Serafini COMPSCI 532 Lecture 13 Scalability 2 Scalability

Scalability and Replication Marco Serafini COMPSCI 532 Lecture 13 Scalability 2 Scalability Ideal world Linear scalability Speedup Reality Ideal Bottlenecks For example: central coordinator When do we stop

938 views • 36 slides
Laser Pointer Engineering Analysis Jeb Duncan, Eddie Hoopingarner, Cole Middlebrook, Michael

Laser Pointer Engineering Analysis Jeb Duncan, Eddie Hoopingarner, Cole Middlebrook, Michael

Laser Pointer Engineering Analysis Jeb Duncan, Eddie Hoopingarner, Cole Middlebrook, Michael Orrill 11/19/2013 Overview Background Concepts Chosen for analysis Structural Analysis Thermal Analysis Schedule Conclusion

544 views • 20 slides
Pointer Analysis CSE 501 Spring 15 Course Outline Sta8c

Pointer Analysis CSE 501 Spring 15 Course Outline Sta8c

Pointer Analysis CSE 501 Spring 15 Course Outline Sta8c analysis Dataflow and abstract interpreta8on We are here Applica8ons Beyond

515 views • 36 slides
Scalability Analysis of the Hierarchical Architecture for Distributed Virtual Environments

Scalability Analysis of the Hierarchical Architecture for Distributed Virtual Environments

Introduction Queueing Theory Analysis: Analytic Results Consistency Summary Scalability Analysis of the Hierarchical Architecture for Distributed Virtual Environments Michael Kwok Johnny W. Wong Presentation by Alexander Pokluda Cheriton

516 views • 36 slides
An Analysis of Linux Scalability to Many Cores Silas Boyd-Wickizer, Austin T. Clements, Yandong

An Analysis of Linux Scalability to Many Cores Silas Boyd-Wickizer, Austin T. Clements, Yandong

An Analysis of Linux Scalability to Many Cores Silas Boyd-Wickizer, Austin T. Clements, Yandong Mao, Aleksey Pesterev, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich MIT CSAIL What is scalability? Application does N times as much

1.01k views • 98 slides
A Probabilistic Pointer Analysis A Probabilistic Pointer Analysis for Speculative Optimization

A Probabilistic Pointer Analysis A Probabilistic Pointer Analysis for Speculative Optimization

A Probabilistic Pointer Analysis A Probabilistic Pointer Analysis for Speculative Optimization for Speculative Optimization Jeff DaSilva Jeff DaSilva Greg Steffan Greg Steffan Electrical and Computer Engineering Electrical and Computer

890 views • 38 slides
Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an

Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an

Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an integer as long as result is still within the bounds of the array Can subtract a pointer from another pointer iff both point to

140 views • 9 slides
CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs

CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs

Datalog CO444H Pointer analysis Ben Livshits 1 Approaches to Finding Reliability and Security Bugs Static Analysis Tools Black-box Testing/Fuzzing 2 Coverity: a Static Analysis Company 3 Bug Report From Coverity Actual bug Path

701 views • 59 slides
Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer

Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer

Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer is a variable that stores a memory address. Pointers are used to store the addresses of other variables or memory items. Pointers are very

742 views • 23 slides
Achieving High Throughput and Scalability with JRuby Fernando Castano fernando.castano@sun.com

Achieving High Throughput and Scalability with JRuby Fernando Castano fernando.castano@sun.com

Achieving High Throughput and Scalability with JRuby Fernando Castano fernando.castano@sun.com Sun Microsystems Agenda What is Project Kenai Early tests and re-architecture How, where and what we benchmark Tuning our

315 views • 27 slides
Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents What is a Dangling Pointer? Code Injection Object Overriding Demonstrations Remediation Summary Q&A 2 What is a

543 views • 28 slides
Pointers The Pointer Defined int *x; Read as: declare x as a pointer to a 32-bit integer

Pointers The Pointer Defined int *x; Read as: declare x as a pointer to a 32-bit integer

Pointers The Pointer Defined int *x; Read as: declare x as a pointer to a 32-bit integer Interpretation: declare x as a variable on the stack that holds the numeric address of the location in memory at which are 32 bits that we intend

359 views • 15 slides
Introduction to Program Analysis: A Pointer Centric View Uday Khedker

Introduction to Program Analysis: A Pointer Centric View Uday Khedker

Introduction to Program Analysis: A Pointer Centric View Uday Khedker (www.cse.iitb.ac.in/uday) Department of Computer Science and Engineering, Indian Institute of Technology, Bombay Dec 2017 WSSE Pune Intro to PA: Outline 1/7 An Outline

552 views • 8 slides

More recommend