1 / 32

Modular Heap Analysis Of Higher Order Programs

Modular Heap Analysis Of Higher Order Programs. Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland. Goal 1: Analyze Modularly. Compute succinct summaries for procedures

aoife
Download Presentation

Modular Heap Analysis Of Higher Order Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modular Heap Analysis Of Higher Order Programs RavichandhranMadhavan+ * GanesanRamalingam* KapilVaswani * * Microsoft Research India + EPFL, Switzerland

  2. Goal 1: Analyze Modularly • Compute succinct summaries for procedures • Summaries: total functions approximating the relational semantics Input State Output States

  3. Goal 2: Track Heap Information • The summary of a procedure should capture the transformation of the input mutable heap Goal 3: Analyze HO programs • Should be able to summarize higher order procedures • Input state includes data as well as code

  4. Challenge • Indirect procedure calls esp. Call backs • Virtual method calls, function pointer calls, lambda expressions Count() { iter= this.iterator(); i= 0; while(iter.HasNext()) { iter.next(); i++; } } Foo(PTR* p , FP* fp) { *p = (**fp)(0); }

  5. Challenge • All widely used languages support Higher Order constructs But how do existing modular analyses handle them ?

  6. A Common Hack • Estimate the targets of the indirect calls through an inexpensive analysis E.g. • CHA, RTI analysis for OO programs • Light weight pointer analysis … • Construct a conservative call graph • Analyze bottom up

  7. Limitations of the Hack • Over-approximated targets • A call-graph is necessarily context insensitivefor HO programs A A’s context D C B E B’s context

  8. Limitations of the Hack • Inability to construct client independent summaries C2() { Foo(m2) } m1() { … } C1() { Foo(m1); } m2() { … } Foo(FP* fp) { (*fp)(…); } Resolved to m1 Summary:

  9. Limitations of the Hack • Reuse of summaries possible only within an analysis • Need to analyze libraries together with clients • Need to reanalyze libraries for each new client Doesn’t allow library compositional analysis

  10. Our approach • Use existing techniques for summarizing first-order code segments: • [Whaley, Salcianu, Rinard, OOPSLA ‘99, VMCAI ’04] • [Madhavan et al., SAS ‘11] • Retain the call backs in the summaries

  11. Our approach • Perform as much simplification as possible without the knowledge of the calling context • Eliminate fully resolved calls from the summaries Enables efficient library compositional analysis

  12. Illustration 1 2 3 *fp(a,b) 5 4 6 7

  13. Illustration 1 2 3 *fp(a,b) 5 4 6 7

  14. Illustration 1 3 *fp(a,b) 5 6 7

  15. Illustration 1 3 *fp(a,b) 5 7

  16. Exploiting Local Context 1 1 Frame Rule 3 3 *fp(a,b) *fp(a,b) 5 5 7 7

  17. Exploiting Local Context 1 1 Frame Rule 3 3 *fp(a,b) *fp(a,b) 5 5 7 7

  18. Flow Insensitive Abstraction 1 1 3 3 *fp(a,b) *fp(a,b) 5 5 7 7

  19. Flow Insensitive Abstraction 1 2 3 HO summary = First order summary + set of call backs 4

  20. Composition Operation 1 5 2 6 3 7 ID 4 8

  21. Composition Operation 1 2 3 4 ID 5 6 7 8

  22. Composition Operation • where , is the composed abstract state • When the first order summaries (and hence composition) are isotonic:

  23. Handling Direct Calls • Handle direct calls via summary composition Call backs in the callee are inlined in the caller

  24. Indirect call Resolution A 1 3 B 5 7

  25. Indirect Call Resolution A C B calls B calls C calls B calls A

  26. Indirect Call Resolution A C B ….. Fixed point

  27. Eliminating resolved calls Resolved calls *fp2 *fp1 … … Foo Bar (b) and are unreachable from prestate and other call backs (a) is Non escaping. Unreachable from indirect calls and prestate

  28. Experimental Evaluation • Applied to Purity/Side-effects Analysis for C# libraries • Every method is classified as: • Pure – No side-effects • Conditionally Pure – Purity depends on the calling context • Impure – Has side-effects • Impure and Incomplete – Has side-effects and can have more depending on the calling context

  29. Experimental Results 15 – 30% 2 – 27 min 10 – 20% 20 – 30%

  30. Analysis Statistics 2 – 4 10 – 33 %

  31. Comparison with CHA CG based Bottom up Analysis

  32. Conclusion • A principled approach • Formalized as an Abstract Interpretation • A generic theory agnostic to the underlying compositional heap analysis • Gotowww.rise4fun.com/seal for a hands-on experience

More Related