modular heap analysis of higher order programs ravichandhran madhavan + * ganesan ramalingam * kapil...
TRANSCRIPT
![Page 1: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/1.jpg)
Modular Heap Analysis Of Higher Order ProgramsRavichandhran Madhavan + *Ganesan Ramalingam *Kapil Vaswani *
* Microsoft Research India+ EPFL, Switzerland
![Page 2: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/2.jpg)
Goal 1: Analyze Modularly
β’ Compute succinct summaries for procedures
β’ Summaries: total functions approximating the relational semantics
πΎ (ππ’ππππ π¦ π)
Input State
Output States
[π ]πβ
![Page 3: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/3.jpg)
Goal 2: Track Heap Information
β’ The summary of a procedure should capture the transformation of the input mutable heap
Goal 3: Analyze HO programs
β’ Should be able to summarize higher order proceduresβ’ Input state includes data as well as code
![Page 4: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/4.jpg)
Challengeβ’ Indirect procedure calls esp. Call backsβ’ Virtual method calls, function pointer calls, lambda expressions
Foo(PTR* p , FP* fp){ *p = (**fp)(0);}
Count() { iter = this.iterator(); i = 0; while(iter.HasNext()) { iter.next(); i++; } }
![Page 5: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/5.jpg)
Challengeβ’ All widely used languages support Higher Order constructs
But how do existing modular analyses
handle them ?
![Page 6: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/6.jpg)
A Common Hackβ’ Estimate the targets of the indirect calls through an
inexpensive analysis E.g.
β’ CHA, RTI analysis for OO programsβ’ Light weight pointer analysis β¦
β’ Construct a conservative call graph
β’ Analyze bottom up
![Page 7: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/7.jpg)
Limitations of the Hackβ’ Over-approximated targets
β’ A call-graph is necessarily context insensitive for HO programs
A
C
B
D
EBβs context
Aβs context
![Page 8: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/8.jpg)
Limitations of the Hackβ’ Inability to construct client independent summaries
Foo(FP* fp){ (*fp)(β¦);}
m1(){ β¦}
C1(){ Foo(m1);}
m2(){ β¦}
C2(){ Foo(m2)}
Resolved to m1
Summary:
![Page 9: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/9.jpg)
Limitations of the Hack
β’ Reuse of summaries possible only within an analysisβ’ Need to analyze libraries together with clientsβ’ Need to reanalyze libraries for each new client
Doesnβt allow library compositional analysis
![Page 10: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/10.jpg)
Our approach
β’ Use existing techniques for summarizing first-order code segments:
β’ [Whaley, Salcianu, Rinard, OOPSLA β99, VMCAI β04]β’ [Madhavan et al., SAS β11]
β’ Retain the call backs in the summaries
![Page 11: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/11.jpg)
Our approach
β’ Perform as much simplification as possible without the knowledge of the calling context
β’ Eliminate fully resolved calls from the summaries
Enables efficient library compositional analysis
![Page 12: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/12.jpg)
Illustration1
7
2
4
3
5
6
*fp(a,b)π24
π13π12
π56
π67π47
![Page 13: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/13.jpg)
Illustration1
7
2
4
3
5
6
*fp(a,b)π24
π13π12
π56
π67π47
![Page 14: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/14.jpg)
Illustration
3
5
6
*fp(a,b)
π13
π56
π67
7
1
π17
![Page 15: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/15.jpg)
Illustration
3
5
*fp(a,b)
7
1
π17
π57
π13
![Page 16: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/16.jpg)
Exploiting Local Context
3
5
*fp(a,b)
7
1
π17
π57=(π π ,πβ²)
π13
3
5
*fp(a,b)
7
1
π17
π β²
π13
π πβπ13
Frame Rule
![Page 17: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/17.jpg)
Exploiting Local Context
3
5
*fp(a,b)
7
1
π17
π57=(π π ,πβ²)
π13
3
5
*fp(a,b)
7
1
π β²
π13Frame Rule
![Page 18: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/18.jpg)
Flow Insensitive Abstraction
3
5
*fp(a,b)
7
1
π
π
π
π
3
5
*fp(a,b)
7
1
π57
π13
π17
π=π13βπ17βπ57
![Page 19: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/19.jpg)
Flow Insensitive Abstraction
(π , \{π1 ,β¦ ,ππ \})
HO summary = First order summary +
set of call backs
π1β¦ππ
2
3
4
1
π
π
π
π
![Page 20: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/20.jpg)
Composition Operation
(π1 ,π1)π1;π2 ;β¦;ππ π1β¦ππ
2
3
4
1
π1
π1
π1
π1
(π2 ,π2)ππ+1;β¦;ππ π1β¦π π
6
7
8
5
π2
π2
π2
π2
ID
![Page 21: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/21.jpg)
Composition Operation
(π1 ,π1)π1;π2 ;β¦;ππ
(π2 ,π2)ππ+1;β¦;ππ
π1β¦ππ
2
3
4
1
π1
π1
π1
π1
π1β¦π π
6
7
8
5
π2
π2
π2
π2
IDπ2βπ1
![Page 22: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/22.jpg)
Composition Operation
β’ where , is the composed abstract state
β’ When the first order summaries (and hence composition) are isotonic:
(π2 ,π2 )β (π1 ,π1 )=(π2βπ1 ,π1βͺπ2)
![Page 23: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/23.jpg)
Handling Direct Callsβ’ Handle direct calls via summary composition
(ππ ,ππ)
(ππ ,ππ)
ΒΏ
Call backs in the callee are inlined in the caller
![Page 24: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/24.jpg)
Indirect call Resolution
(π , \{π1 \})
3
5
7
1
π π
π
π1B (ππ , \{π2 \})
(π βππ )ββπ
(π2 , \{π1 ,π2 \})
π
A
![Page 25: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/25.jpg)
Indirect Call Resolution
A
(π , \{π1 \})
calls B
B
(π4β , \{π1 ,π2 ,π3 \})(π2
β , \{π1 ,π2 \})
calls C
C
(π3β , \{π1 ,π2 ,π3 \})
calls B calls A
(ππ , \{π2 \})
(ππ , \{π3 \})
![Page 26: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/26.jpg)
Indirect Call Resolution
A
(π πβ 1β ,π πβ1)
β¦
BC
(ππ , \{π2 \})
(ππ , \{π3 \})
(π πβ ,ππ)β¦..
Fixed point
![Page 27: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/27.jpg)
Eliminating resolved calls
(a) is Non escaping.Unreachable from
indirect calls and prestate
π2
(b) and are unreachable from prestate and other call backs
ππ1
*fp1
β¦
Resolved calls
Foo
*fp2
ππ2 β¦
π1Bar
![Page 28: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/28.jpg)
Experimental Evaluation
β’ Applied to Purity/Side-effects Analysis for C# libraries
β’ Every method is classified as:
β’ Pure β No side-effects β’ Conditionally Pure β Purity depends on the calling contextβ’ Impure β Has side-effectsβ’ Impure and Incomplete β Has side-effects and can have more
depending on the calling context
![Page 29: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/29.jpg)
Experimental ResultsBenchmark LOC Pure C-Pure Impure I-Impure Time
DocX 10K ~ 1 min
FB APIs 2.2% 32%
Data Disp. 57%
Test APIs
Json Libs
Quickgraph
Refactory libs 30% 8%
Utility Libs 32% 8%
PDF libs 28.4%
GPS libs 250K ~ 2 hrs
10 β 20%
15 β 30%
20 β 30%
2 β 27 min
![Page 30: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/30.jpg)
Analysis StatisticsBenchmark Unresolved
CallsNon Escaping Abs. Objects
DocX
FB APIs 9%
Data Disp.
Test APIs
Json Libs 7.3
Quickgraph
Refactory libs
Utility Libs
PDF libs 37%
GPS libs 5.9
2 β 4
10 β 33 %
![Page 31: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/31.jpg)
Comparison with CHA CG based Bottom up Analysis
Benchmark Time # of SCCs Avg. Scc size
DocX 12x 0 NA
FB APIs 11x 3x 1.5x
Data Disp. 6x 6x
Test APIs 6x 2x 1.25x
Json Libs 2x 6x
Quickgraph 11x 33x
Refactory libs 1.4x 5.6x
Utility Libs 30x 4x 12x
PDF libs 2x 3.5x 1.5x
![Page 32: Modular Heap Analysis Of Higher Order Programs Ravichandhran Madhavan + * Ganesan Ramalingam * Kapil Vaswani * * Microsoft Research India + EPFL, Switzerland](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5516e2d055034603568b45c8/html5/thumbnails/32.jpg)
Conclusion
β’ A principled approach
β’ Formalized as an Abstract Interpretation
β’ A generic theory agnostic to the underlying compositional heap analysis
β’ Goto www.rise4fun.com/seal for a hands-on experience