Post on 21-Dec-2015
Pointer and Shape Analysis Seminarhttp://www.cs.tau.ac.il/~msagiv/courses/shape.html
Mooly Sagiv
Schriber 317
msagiv@post
Office Hours Thursday 15-16
General Information
• Prerequisites– Compilers | Program Analysis– Select 3 topics by Sunday– Participate in 9 seminar talks – Present a paper
Program Analysis Statically analyze the program text (w/o input)
Determine conservative information about all (some) program executions
Applications
Verification
Each verified property holds but not all properties can be verified all programs
False alarms
Compiler optimizations
Parallelizations
Garbage collection
Alias Analysis
• Two expressions referring to the same memory location at a given program point on some (all) executions
[1] p = &a;
[2] q = &b;
[3] if (getc())
[4] q = &c
[5] *p = a
*q = c
*q = b
Points-To Analysis
• Determine if a variable points to a variable at some (all) execution paths
[1] p = &a;
[2] q = &b;
[3] if (getc())
[4] q = &c
[5] p a
q c
q b
Shape Analysis• Determine the potential shapes of memory
at a given program point
[1] p = &a;
[2] q = &b;
[3] if (getc())
[4] q = &c
ap *
ap *
bq *
ap *
cq *
ap *
bq *
ap *
cq *
Applications
• “Adapt” other optimizations – Constant propagation
x = 5;*p = 7 ;… x …
• Side-effect analysis *p = *q + * * t
• Verification– No null dereferences– No memory leaks
Iterative Program Analysis
• Start by optimistically assuming that nothing is wrong– No aliases– No points-to set– Empty sets of shape graphs
• At every iteration apply the abstract meaning of programming language statements and add more aliases/points-to/shape graphs
• Stop when no changes occur
Iterative Points-to Analysist= &a
y= &b
z= &c
p= &y p= &z
ta
ta, yb
ta, yb, z c, py
ta, yb, z c
ta, yb, z c, pz
ta, yb, z c, py, pz
ta, yb, z c ta, yb, z c*p= &t
Iterative Points-to Analysist= &a
y= &b
z= &c
p= &y p= &z
ta
ta, yb
ta, yb, z c, py ta, yb, z c, pz
ta, yb, z c, py, pz
*p= &tta, yb, z c, py, pz
ta, yb, z c, py, pz, ya, za ta, yb, z c, py, pz, ya, za
Iterative Points-to Analysist= &a
y= &b
z= &c
p= &y p= &z
ta
ta, yb
ta, yb, z c, py, pz
*p= &tta, yb, z c, py, pz
ta, yb, z c, py, pz, ya, za ta, yb, z c, py, pz, ya, za
ta, yb, z c, py, ya, za ta, yb, z c, pz, ya, za
Iterative Points-to Analysist= &a
y= &b
z= &c
p= &y p= &z
ta
ta, yb
*p= &tta, yb, z c, py, pz, ya, za
ta, yb, z c, py, pz, ya, za ta, yb, z c, py, pz, ya, za
ta, yb, z c, py, ya, za ta, yb, z c, pz, ya, za
ta, yb, z c, py, pz, ya, za
Iterative Shape Analysis
t
x
n
x
t n
x
tn n
xtt
x
ntt
nt
x
t
x
t
xempty
x
tn
n
x
tn
n
n
x
tn
t n
xn
x
tn
nreturn x
x = t
t =malloc(..);
tnext=x;
x = NULL
TF
Soundness
• Every alias is detected
• Every points-to fact is detected
• Every potential shape is detected
• Every potential bug is detected
• Every enabled optimization is correct
How to give a presentation
• What to say and how to say it
• Getting through the audience
• Visual aids
What to say and how to say it
• Communicate the Key Ideas• Don’t get bogged down in Details
– The best talk make you read the paper
• Structure your talk• Use Top-Down approach
– Introduction– Body– [Technicalities]– The Conclusion
Use Examples
Introduction
• Define the problem
• Motivate the audience
• Introduce terminology
• Discuss earlier work
• Emphasize the contributions
• [Provide a road map]
Use Examples
The body
• Abstract the major results
• Explain the significance of the results
• Explain the main techniques
• Use enlightening examples
• Demonstrations are welcome
The Conclusion
• Hindsight is clearer than Foresight
• Give open problems/further work
• Indicate that your talk is over
Getting through the Audience
• Use Repetitions
• Remind, don’t assume
• Don’t over-run
• Maintain Eye Contact
• Control your voice
• Control your motion
• Take care of your appearance
Visual Aids
• PowerPoint transparencies
• Don’t overload transparencies
• Don’t use too many transparencies
• Use Overlays Properly
• Use Color Effectively
• Use Pictures and Tables
• The blackboard can be used too
Don’t overload transparencies
• The input of the program can be arbitrary.
• Let x be a prime number, i.e., all the numbers z<x do not divide x. y be the next prime number, i.e., etc.
• Arbitrary input• Prime number x
– The next prime y