Flow insensitivity and imprecision If you ignore flow, then you lose precision. main() { x := &y;......
23
Flow insensitivity and imprecision If you ignore flow, then you lose precision. main() { x := &y; ... x := &z; } Flow insensitive analysis tells us that x may point to z here! But, insensitivity may alleviate two bottlenecks: (1) space : mem exhausted by large programs
-
date post
20-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Flow insensitivity and imprecision If you ignore flow, then you lose precision. main() { x := &y;......
Flow insensitivity and imprecision
If you ignore flow, then you lose precision.
main() { x := &y;
...
x := &z;}
Flow insensitive analysis tells us that x may point to z here!
But, insensitivity may alleviate two bottlenecks:
(1) space : mem exhausted by large programs
(2) time : need speed for JIT or edit , compile loop
Andersen’s : worst case complexity
*x = yx
a b c
y
d e f
x
a b c
y
d e f
Worst case:
N2 per statement
at least N3 for the whole program
Andersen’s is in fact O(N3)
New idea: one successor per node
Each node can point to at most one “thing”.
“Thing” : everything a var may point to.
x
a,b,c
y
d,e,f
*x = yx
a,b,c
y
d,e,f
x
*x = y
y
More general case for *x = y
x
*x = y
y x y
More general case for *x = y
x
*x = y
y x y x y
More general case for *x = y
x
x = *y
y
Handling: x = *y
More general case for x = *y
x
x = *y
y x y
Handling: x = *y
More general case for x = *y
x
x = *y
y x y x y
Handling: x = *y
More general case for x = *y
x
x = y
y
Handling: x = y
More general case for x = y
x
x = y
y x y
Handling: x = y
More general case for x = y
x
x = y
y x y x y
Handling: x = y
More general case for x = y
x
x = y
y x y x y
Handling: x = y (what about y = x?)
More general case for x = y
x
x = y
y x y x y
Handling: x = y (what about y = x?)
same result for y = x !
More general case for x = y
x = &y
x y
Handling: x = &y
More general case for x = &y
x = &y
x yx y
Handling: x = &y
More general case for x = &y
x = &y
x y x
y,…
x y
Handling: x = &y
More general case for x = &y
Our favorite example, once more!
S1: l := new Cons
p := l
S2: t := new Cons
*p := t
p := t
1
2
3
4
5
Our favorite example, once more!
S1: l := new Cons
p := l
S2: t := new Cons
*p := t
p := t
l
S1
t
S2
p
l
S1
l
S1
p
l
S1
t
S2
p
l
S1,S2
tp
1
2
3
4
5
1 2
3
l
S1
t
S2
p
4
5
Flow insensitive loss of precision
S1: l := new Cons
p := l
S2: t := new Cons
*p := t
p := t
l
t
S1
p
S2
l
t
S1
p
S2
l
t
S1
p
S2
l
t
S1
p
S2
Flow-sensitiveSubset-based
Flow-insensitiveSubset-based
l
t
S1
p
S2
l
S1,S2
tp
Flow-insensitiveUnification-based
bar() { i := &a; j := &b; foo(&i); foo(&j); // i pnts to what? *i := ...;}
void foo(int* p) { printf(“%d”,*p);}
1234
Another example
bar() { i := &a; j := &b; foo(&i); foo(&j); // i pnts to what? *i := ...;}
void foo(int* p) { printf(“%d”,*p);}
i
a
j
b
p
i
a
i
a
j
b
i
a
j
b
p
i,j
a,b
p
1234
1 2
Another example
4
3
Steensgaard and beyond
Well engineered implementation of Steensgaard:
2.1 MLOC in 1 minute (Word97)
One Level Flow (Das PLDI 00)
extension to Steensgaard
achieves higher precision
2.1 MLOC in 2 minutes (Word 97)
