View
8
Download
0
Category
Preview:
Citation preview
Lecture 11: Pointer Analysis17-355/17-655/17-819: Program Analysis
Rohan Padhye and Jonathan AldrichMarch 11, 2021
* Course materials developed with Claire Le Goues
1(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Extending WHILE3ADDR with Pointers
2(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Consider Constant Propagation
3(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Need to know that line 3 changes variable z!
Consider Constant Propagation
4(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Points-To Analysis: May vs. Must and Strong Updates
5(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Pointer Analysis• Two common relations used as abstract values
o Alias analysis: (x, y) alias pairso Points-to analysis: p --> q // or sets for points-to(p)o Both have may and must versions
• Very expensive to run precisely as data-flow analysiso Lattice is 2Var x Var. Yikes!o Almost always needs to be inter-procedural
§ (even if used for intra-procedural optimizations)o Context-sensitivity is often important for adequate precision
6(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Andersen’s Analysis• Flow-insensitive analysis
o Considers only nodes of a CFG (i.e., instructions) and ignores all edgeso What? Yes, really.o Trades-off precision for tractabilityo Can be combined with context-sensitive techniques
• Key idea: cast as constraint-solving problemo Abstract model of memory locations and points-to sets
§ Let 𝑙𝑥 represent location of var 𝑥§ Let 𝑝 be the set of locations pointed-to by var 𝑝
o One subset constraint per instructiono Invoke constraint solver. Done!
7(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Andersen’s Analysis
8(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Andersen’s Analysis
9(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Examplex := 42y := 108q := &xif (..) p := q
elsep := &y
r = &ps = *rprint(*s)print(*q)
10(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Dynamic Memory Allocation?
11(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Dynamic Memory Allocation
12(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Exercise
13(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Efficiency• O(n) constraints• O(n) firings per copy-constraint• O(n2) firings per assign/deref-constraint• Worst-case O(n3) firings• Can be solved in O(n3) time
o McAllester [SAS’99]• O(n2) in practice
o Sridharan et al. [SAS’09]o K-sparseness property
14(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Field-Sensitivity
15(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Field-Sensitivity
16(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
A field-insensitive approach just treats fields `.f` as dereferences `*`.
Field-Sensitive Analysis
17(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Field-Sensitive Analysis
18(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Field-Sensitive Analysis
19(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
a := new X()b := new Y()c := new Y()a.f := ba.g := cprint(a.f)
Steensgaard’s Analysis• Problem: Quadratic-in-practice is still not ultra-scalable• Challenge: Need ~LINEAR. How?
o Solution space of pointer analysis (e.g. points-to sets) itself is O(n2).• Key idea: Use constant-space per pointer. Merge aliases and
alternates into the same equivalence class.o p can point to q or r? Let’s treat q and r as the same pseudo-var and merge
everything we know about q and r.o Points-to “sets” are basically singletons
20(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Steensgaard’s Analysis - Example
21(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Steensgaard’s Analysis - Example
24(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Steensgaard’s Analysis - Exercise
25(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Steensgaard’s Analysis
26(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Steensgaard’s Analysis
27(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Steensgaard’s Analysis
28(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
• Abstract locations implemented as union-find data structureo Each union and find operation takes O(α(n)) time eacho Total algorithm running time is O(n * α(n)) ~ almost linearo Space consumption is linear
• In practice: very scalableo Millions of LoC
OOP: Dynamic Dispatch
29(c) 2021 J. Aldrich, C. Le Goues, R. Padhye
Recommended