program analysis and design conformance martin rinard laboratory for computer science massachusetts...
DESCRIPTION
Research Overview Transformations Automatic Parallelization Object-Oriented Programs with Linked Data Structures [PLDI96] Divide and Conquer Programs [PPoPP99, PLDI00] Synchronization Optimizations Lock Coarsening [POPL97,PLDI98] Synchronization Elimination [OOPSLA99] Optimistic Synchronization Primitives [PPoPP97] Memory Management Optimizations Stack Allocation [OOPSLA99,PLDI01] Per-Thread Heap AllocationTRANSCRIPT
![Page 1: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/1.jpg)
Program Analysis and Design Conformance
Martin RinardLaboratory for Computer Science
Massachusetts Institute of Technology
![Page 2: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/2.jpg)
Research OverviewProgram Analysis
• Commutativity Analysis for C++ Programs [PLDI96]
• Memory Disambiguation for Multithreaded C Programs• Pointer Analysis [PLDI99]• Region Analysis [PPoPP99, PLDI00]
• Pointer and Escape Analysis for Multithreaded Java Programs [OOPSLA99, PLDI01, PPoPP01]
![Page 3: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/3.jpg)
Research OverviewTransformations
• Automatic Parallelization• Object-Oriented Programs with Linked Data
Structures [PLDI96]• Divide and Conquer Programs [PPoPP99, PLDI00]
• Synchronization Optimizations• Lock Coarsening [POPL97,PLDI98]• Synchronization Elimination [OOPSLA99] • Optimistic Synchronization Primitives [PPoPP97]
• Memory Management Optimizations• Stack Allocation [OOPSLA99,PLDI01]• Per-Thread Heap Allocation
![Page 4: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/4.jpg)
Research OverviewVerifications of Safety Properties
• Data Race Freedom [PLDI00]• Array Bounds Checks [PLDI00]• Correctness of Region-Based Allocation
[PPoPP01]• Credible Compilation [RTRV99]
• Correctness of Dataflow Analysis Results• Correctness of Standard Compiler
Optimizations
![Page 5: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/5.jpg)
Talk Overview• Memory Disambiguation
• Goal: Verify Data Race Freedom for Multithreaded Divide and Conquer Programs
• Analyses: • Pointer Analysis• Accessed Region Analysis
• Experience integrating information from the developer into the memory disambiguation analysis
• Role Verification• Design Conformance
![Page 6: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/6.jpg)
Basic Memory Disambiguation Problem
*p = v
Without Any Analysis:
*p=v may access any location
*p = v;(write v into the memory location that p points
to)What memory locations may *p=v access?
![Page 7: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/7.jpg)
*p = v;(write v into the memory location that p points
to)What memory location may *p=v access?
*p = v
With Analysis:
*p=v does not access these memory locations !
*p=v may access this location
*p=v may access this location
Basic Memory Disambiguation Problem
![Page 8: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/8.jpg)
Static Memory Disambiguation
Analyze the program to characterize the memory locations that statements
in the program read and write
Fundamental problem in program analysis with many applications
![Page 9: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/9.jpg)
Application: Verify Data Race Freedom
*p = v1;
*q = v2; *q = v2
*p = v1||
*q = v2
*p = v1
Program Does This
NOT This
![Page 10: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/10.jpg)
Example - Divide and Conquer Sort
47 6 1 53 8 2
![Page 11: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/11.jpg)
8 2536 147
Example - Divide and Conquer Sort
47 6 1 53 8 2
Divide
![Page 12: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/12.jpg)
2 8531 674
8 2536 147
47 6 1 53 8 2
Example - Divide and Conquer Sort
Conquer
Divide
![Page 13: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/13.jpg)
Example - Divide and Conquer Sort
2 8531 674 Conquer
8 2536 147 Divide
47 6 1 53 8 2
41 6 7 32 5 8Combine
![Page 14: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/14.jpg)
Example - Divide and Conquer Sort
2 8531 674 Conquer
8 2536 147 Divide
47 6 1 53 8 2
41 6 7 32 5 8Combine
21 3 4 65 7 8
![Page 15: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/15.jpg)
Divide and Conquer Algorithms• Lots of Generated Concurrency
• Solve Subproblems in Parallel
![Page 16: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/16.jpg)
Divide and Conquer Algorithms• Lots of Recursively Generated Concurrency
• Recursively Solve Subproblems in Parallel
![Page 17: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/17.jpg)
Divide and Conquer Algorithms• Lots of Recursively Generated Concurrency
• Recursively Solve Subproblems in Parallel• Combine Results in Parallel
![Page 18: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/18.jpg)
“Sort n Items in d, Using t as Temporary Storage”
void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n);
![Page 19: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/19.jpg)
“Sort n Items in d, Using t as Temporary Storage”
void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n);
Divide array into subarrays and recursively sort subarrays in
parallel
![Page 20: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/20.jpg)
“Sort n Items in d, Using t as Temporary Storage”
void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n);
Subproblems Identified
Using Pointers Into Middle of Array
47 6 1 53 8 2d
d+n/4d+n/2
d+3*(n/4)
![Page 21: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/21.jpg)
“Sort n Items in d, Using t as Temporary Storage”
void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n); 74 1 6 53 2 8
dd+n/4d+n/2
d+3*(n/4)
Sorted Results Written Back Into
Input Array
![Page 22: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/22.jpg)
“Merge Sorted Quarters of d Into Halves of t”
void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n); 74 1 6 53 2 8
41 6 7 32 5 8d
tt+n/2
![Page 23: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/23.jpg)
“Merge Sorted Halves of t Back Into d”void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n); 21 3 4 65 7 8
41 6 7 32 5 8d
tt+n/2
![Page 24: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/24.jpg)
“Use a Simple Sort for Small Problem Sizes”
void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n); 47 6 1 53 8 2
dd+n
![Page 25: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/25.jpg)
“Use a Simple Sort for Small Problem Sizes”
void sort(int *d, int *t, int n) if (n > CUTOFF) {
spawn sort(d,t,n/4); spawn sort(d+n/4,t+n/4,n/4);spawn sort(d+2*(n/2),t+2*(n/2),n/4);spawn
sort(d+3*(n/4),t+3*(n/4),n-3*(n/4));sync;spawn merge(d,d+n/4,d+n/2,t);spawn
merge(d+n/2,d+3*(n/4),d+n,t+n/2);sync;merge(t,t+n/2,t+n,d);
} else insertionSort(d,d+n); 47 1 6 53 8 2
dd+n
![Page 26: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/26.jpg)
What Do You Need To Know To Verify Data Race Freedom?
Points-to Information(data blocks that pointers point into)
Region Information(accessed regions within data blocks)
![Page 27: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/27.jpg)
d and t point to different memory blocksCalls to sort access disjoint parts of d and t
Together, calls access [d,d+n-1] and [t,t+n-1]
sort(d,t,n/4);
sort(d+n/4,t+n/4,n/4);
sort(d+n/2,t+n/2,n/4);
sort(d+3*(n/4),t+3*(n/4), n-3*(n/4));
Information Needed To Verify Race Freedom
dt
dt
dt
dt
d+n-1t+n-1
d+n-1t+n-1
d+n-1t+n-1
d+n-1t+n-1
![Page 28: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/28.jpg)
d and t point to different memory blocksFirst two calls to merge access disjoint parts of
d,tTogether, calls access [d,d+n-1] and [t,t+n-1]
merge(d,d+n/4,d+n/2,t);
merge(d+n/2,d+3*(n/4), d+n,t+n/2);
merge(t,t+n/2,t+n,d);
dt
dt
d+n-1t+n-1
d+n-1t+n-1
dt
d+n-1t+n-1
Information Needed To Verify Race Freedom
![Page 29: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/29.jpg)
d d+n-1
Information Needed To Verify Race Freedom
Calls to insertionSort access [d,d+n-1]
insertionSort(d,d+n);
![Page 30: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/30.jpg)
What Do You Need To Know To Verify Data Race Freedom?
Points-to Information(d and t point to different data
blocks)
Symbolic Region Information(accessed regions within d and t
blocks)
![Page 31: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/31.jpg)
How Hard Is It To Figure These Things Out?
![Page 32: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/32.jpg)
Challenging
How Hard Is It For the Program Analysis To Figure These Things
Out?
![Page 33: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/33.jpg)
How Hard Is It For the Program Analysis To Figure These Things
Out?void insertionSort(int *l, int *h) {
int *p, *q, k;for (p = l+1; p < h; p++) {
for (k = *p, q = p-1; l <= q && k < *q; q--)*(q+1) = *q;
*(q+1) = k;}
}Not immediately obvious that
insertionSort(l,h) accesses [l,h-1]
![Page 34: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/34.jpg)
void merge(int *l1, int*m, int *h2, int *d) {int *h1 = m; int *l2 = m;while ((l1 < h1) && (l2 < h2))
if (*l1 < *l2) *d++ = *l1++;else *d++ = *l2++;
while (l1 < h1) *d++ = *l1++;while (l2 < h2) *d++ = *l2++;
}
Not immediately obvious that merge(l,m,h,d)
accesses [l,h-1] and [d,d+(h-l)-1]
How Hard Is It For the Program Analysis To Figure These Things
Out?
![Page 35: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/35.jpg)
Issues• Heavy Use of Pointers
• Pointers into Middle of Arrays• Pointer Arithmetic• Pointer Comparison
• Multiple Procedures• sort(int *d, int *t, n)• insertionSort(int *l, int *h)• merge(int *l, int *m, int *h, int *t)
• Recursion• Multithreading
![Page 36: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/36.jpg)
Pointer Analysis• For each program point, computes
where each pointer may point
e.g. “ p x before statement *p = 1”• Complications
1. Statically unbounded number of locations • recursive data structures (lists, trees)• dynamically allocated arrays
2. Multiple possible executions of the program• may create different dynamic data
structures
![Page 37: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/37.jpg)
Memory Abstraction
Physical Memory
Abstract Memory
Stack Heapp
i
head
r
p head
r
q v
q v
j
i
j
Allocation block for each variable declarationAllocation block for each memory allocation site
![Page 38: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/38.jpg)
Memory Abstraction
Physical Memory
Abstract Memory
Stack Heapp
i
head
r
p head
r
q v
q v
j
i
j
Allocation block for each variable declarationAllocation block for each memory allocation site
![Page 39: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/39.jpg)
Pointer Analysis Summary• Key Challenge for Multithreaded
Programs: Analyzing interactions between threads
• Solution: Interference Edges• Record edges generated by each
thread• Captures effect of parallel threads on
points-to information of other threads
![Page 40: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/40.jpg)
What Pointer Analysis Gives Us
• Disambiguation of Memory Accesses Via Pointers• Pointer-based loads and stores: use pointer analysis
results to derive the allocation block that each pointer-based load or store statement accesses
• MOD-REF or READ-WRITE SETS Analysis:• All loads and stores• Procedures: use the memory access information for
loads and stores to compute the allocation blocks that each procedure accesses
![Page 41: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/41.jpg)
Is This Information Enough?
![Page 42: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/42.jpg)
Is This Information Enough?
NONecessary but not Sufficient
Parallel Tasks Access (Disjoint) Regions of Same Allocated Block of
Memory
![Page 43: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/43.jpg)
Structure of Analysis
Bounds Analysis
Region Analysis
Data Race Freedom
Symbolic Upper and LowerBounds for Each Memory Access in Each Procedure
Symbolic Regions AccessedBy Execution of Each Procedure
Check that Parallel Threads Are Independent
Pointer Analysis Disambiguate Memory at the Granularity of Allocation Blocks
![Page 44: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/44.jpg)
Running Example – Array Increment
void f(char *p, int n) if (n > CUTOFF) {spawn f(p, n/2); /* increment first half */spawn f(p+n/2, n/2); /* increment second half */sync;} else {/* base case: increment small array */int i = 0;while (i < n) { *(p+i) += 1; i++; }}
![Page 45: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/45.jpg)
Bounds Analysis
Region Analysis
Data Race Detection
Symbolic Upper and LowerBounds for Each Memory Access in Each Procedure
Pointer Analysis
Intra-procedural Bounds Analysis
![Page 46: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/46.jpg)
Intraprocedural Bounds Analysis
GOAL: For each pointer and array index variable at each program point, derive lower and upper bounds
E.g. “ 0 i n-1 at statement *(p+i) += 1 ”
• Bounds are symbolic expressions• variables represent initial values of parameters
of enclosing procedure• bounds are combinations of variables• example expression for f(p,n): p+(n/2)-1
![Page 47: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/47.jpg)
What are upper and lower bounds for i at each program point in base case?
int i = 0;while (i < n) { *(p+i) += 1; i++; }
Intraprocedural Bounds Analysis
![Page 48: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/48.jpg)
Bounds Analysis, Step 1Build control flow graph
i = 0
i < n
*(p+i) += 1
i = i+1
![Page 49: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/49.jpg)
Set up bounds at beginning of basic blocks
Bounds Analysis, Step 2
l1 i u1i = 0
i < n
*(p+i) += 1
i = i+1
l2 i u2
l3 i u3
![Page 50: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/50.jpg)
Compute transfer functionsBounds Analysis, Step 3
l1 i u1i = 0
i < n
*(p+i) += 1
i = i+1
l2 i u2
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
![Page 51: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/51.jpg)
l2 i n-1 n i u2
l2 i u2
Compute transfer functionsBounds Analysis, Step 3
l1 i u1i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
![Page 52: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/52.jpg)
Key Step: set up constraints for boundsBounds Analysis, Step 4
l2 i n-1 n i u2
l2 i u2
i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
Build Region Constraints
[ 0, 0 ] [ l2 , u2 ] [ l3+1, u3+1 ] [ l2 ,
u2 ] [ l2 , n-1 ] [ l3 , u3 ]
l1 i u1
![Page 53: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/53.jpg)
Key Step: set up constraints for boundsBounds Analysis, Step 4
l2 i n-1 n i u2
l2 i u2
i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
Build Region Constraints
[ 0, 0 ] [ l2 , u2 ] [ l3+1, u3+1 ] [ l2 ,
u2 ] [ l2 , n-1 ] [ l3 , u3 ]
l1 i u1
![Page 54: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/54.jpg)
Key Step: set up constraints for boundsBounds Analysis, Step 4
l2 i n-1 n i u2
l2 i u2
i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
Build Region Constraints
[ 0, 0 ] [ l2 , u2 ] [ l3+1, u3+1 ] [ l2 ,
u2 ] [ l2 , n-1 ] [ l3 , u3 ]
l1 i u1
![Page 55: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/55.jpg)
Key Step: set up constraints for boundsBounds Analysis, Step 4
l2 i n-1 n i u2
l2 i u2
i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
Build Region Constraints
[ 0, 0 ] [ l2 , u2 ] [ l3+1, u3+1 ] [ l2 ,
u2 ] [ l2 , n-1 ] [ l3 , u3 ]
- i +
![Page 56: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/56.jpg)
Key Step: set up constraints for boundsBounds Analysis, Step 4
l2 i n-1 n i u2
l2 i u2
i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
Build Region Constraints
[ 0, 0 ] [ l2 , u2 ] [ l3+1, u3+1 ] [ l2 ,
u2 ] [ l2 , n-1 ] [ l3 , u3 ]
- i +
![Page 57: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/57.jpg)
Key Step: set up constraints for boundsBounds Analysis, Step 4
l2 i n-1 n i u2
l2 i u2
i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
Build Region Constraints
[ 0, 0 ] [ l2 , u2 ] [ l3+1, u3+1 ] [ l2 ,
u2 ] [ l2 , n-1 ] [ l3 , u3 ]
- i +
l2 0l2 l3+1l3 l2
0 u2
u3+1 u2
n-1 u3
Inequality Constraints
![Page 58: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/58.jpg)
Generate symbolic expressions for bounds
Goal: express bounds in terms of parameters
Bounds Analysis, Step 5
l2 = c1p + c2n + c3
l3 = c4p + c5n + c6
u2 = c7p + c8n + c9
u3 = c10p + c11n + c12
![Page 59: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/59.jpg)
Generate symbolic expressions for bounds
Goal: express bounds in terms of parameters
l2 = c1p + c2n + c3
l3 = c4p + c5n + c6
Bounds Analysis, Step 5
u2 = c7p + c8n + c9
u3 = c10p + c11n + c12
l2 0l2 l3+1l3 l20 u2
u3+1 u2
n-1 u3
![Page 60: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/60.jpg)
c1p + c2n + c3 0c1p + c2n + c3 c4p + c5n + c6 +1c4p + c5n + c6 c1p + c2n + c3
Substitute expressions into constraintsBounds Analysis, Step 6
0 c7p + c8n + c9
c10p + c11n + c12 +1 c7p + c8n + c9
c7p + c8n + c9 c10p + c11n + c12
![Page 61: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/61.jpg)
Reduce symbolic inequalities to linear inequalities
c1p + c2n + c3 c4p + c5n + c6
if
c1 c4, c2 c5, and c3 c6
Bounds Analysis, Step 7
![Page 62: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/62.jpg)
Apply reduction and generate a linear programc1 0 c2 0 c3 0c1 c4 c2 c5 c3 c6+1c4 c1 c5 c2 c6 c3
Bounds Analysis, Step 8
0 c7 0 c8 0 c9
c10 c7 c11 c8 c12+1
c9
c7 c10 c8 c11 c9 c12
![Page 63: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/63.jpg)
Apply reduction and generate a linear programc1 0 c2 0 c3 0c1 c4 c2 c5 c3 c6+1c4 c1 c5 c2 c6 c3
lower bounds upper bounds
Bounds Analysis, Step 8
Objective Function:max: (c1 + ••• + c6) - (c7 + ••• + c12)
0 c7 0 c8 0 c9
c10 c7 c11 c8 c12+1
c9
c7 c10 c8 c11 c9 c12
![Page 64: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/64.jpg)
Solve linear program to extract boundsBounds Analysis, Step 10
c1=0 c2 =0 c3 =0 c4=0 c5 =0 c6 =0 c7=0 c8 =1 c9 =0 c10=0 c11=1 c12=-1
l2 i n-1 n i u2
l2 i u2
- i +i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
Solution
![Page 65: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/65.jpg)
Solve linear program to extract boundsBounds Analysis, Step 9
u2 = nu3 = n-1
l2 i n-1 n i u2
l2 i u2
- i +i = 0
i < n
*(p+i) += 1
i = i+1
l3 i u3
0 i 0
l3 i u3
l3+1 i u3+1
l2 = 0l3 = 0
c1=0 c2 =0 c3 =0 c4=0 c5 =0 c6 =0 c7=0 c8 =1 c9 =0 c10=0 c11=1 c12=-1
Solution
Symbolic Bounds
![Page 66: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/66.jpg)
Substitute bounds at each program pointBounds Analysis, Step 10
0 i n-1 n i n
0 i n
- i +i = 0
i < n
*(p+i) += 1
i = i+1
0 i n-1
0 i 0
0 i n-1
1 i n
u2 = nu3 = n-1
l2 = 0l3 = 0
c1=0 c2 =0 c3 =0 c4=0 c5 =0 c6 =0 c7=0 c8 =1 c9 =0 c10=0 c11=1 c12=-1
Solution
Symbolic Bounds
![Page 67: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/67.jpg)
0 i n-1 n i n
0 i n
- i +i = 0
i < n
*(p+i) += 1
i = i+1
0 i n-1
0 i 0
0 i n-1
1 i n
Compute access regions at each load or store
Access Regions
[p,p+n-1] u2 = nu3 = n-1
l2 = 0l3 = 0
c1=0 c2 =0 c3 =0 c4=0 c5 =0 c6 =0 c7=0 c8 =1 c9 =0 c10=0 c11=1 c12=-1
Solution
Symbolic Bounds
![Page 68: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/68.jpg)
Bounds Analysis
Region Analysis
Data Race Detection
Symbolic Regions AccessedBy Execution of Each Procedure
Pointer Analysis
Interprocedural Region Analysis
![Page 69: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/69.jpg)
• Same Approach• Set up target bounds of accessed regions• Build a constraint system to compute these
bounds• Constraint System
Accessed regions for a procedure must include: 1. Regions accessed by statements in the
procedure 2. Regions accessed by invoked procedures
Interprocedural Region AnalysisGOAL: Compute accessed regions of
memory for each procedure E.g. “ f(p,n) accesses [p, p+n-1] ”
![Page 70: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/70.jpg)
void f(char *p, int n) if (n > CUTOFF) {
spawn f(p, n/2);spawn f(p+n/2, n/2);sync;
} else {int i = 0;while (i < n) { *(p+i) += 1; i++; }
}[ p, p+n-1 ]
Region Analysis in Example
![Page 71: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/71.jpg)
f(p,n) accesses[ l(p,n), u(p,n) ]
Region Analysis in Example
void f(char *p, int n) if (n > CUTOFF) {
spawn f(p, n/2);spawn f(p+n/2, n/2);sync;
} else {int i = 0;while (i < n) { *(p+i) += 1; i++; }
}[ p, p+n-1 ]
![Page 72: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/72.jpg)
[ l(p,n/2), u(p,n/2) ][ l(p+n/2,n/2), u(p+n/2,n/2) ]
Region Analysis in Example
void f(char *p, int n) if (n > CUTOFF) {
spawn f(p, n/2);spawn f(p+n/2, n/2);sync;
} else {int i = 0;while (i < n) { *(p+i) += 1; i++; }
}[ p, p+n-1 ]
f(p,n) accesses[ l(p,n), u(p,n) ]
![Page 73: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/73.jpg)
Derive Constraint System• Region constraints
[ l(p,n/2), u(p,n/2) ] [ l(p,n), u(p,n) ]www [ l(p+n/2,n/2), u(p+n/2,n/2) ] [ l(p,n), u(p,n) ]www
[ p, p+n-1 ] [ l(p,n), u(p,n) ]www
• Reduce to inequalities between lower/upper bounds
• Further reduce to a linear program and solve:l(p,n) = pu(p,n) = p+n-1
• Access region for f(p,n): [p, p+n-1]
![Page 74: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/74.jpg)
Bounds Analysis
Region Analysis
Data Race Freedom Check that Parallel Threads Are Independent
Pointer Analysis
Data Race Freedom
![Page 75: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/75.jpg)
• Dependence testing of two statements• Do accessed regions intersect?• Based on comparing upper and lower
bounds of accessed regions
• Absence of data races• Check that all the statements that execute
in parallel are independent
Data Race Freedom
![Page 76: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/76.jpg)
Data Race Freedom
void f(char *p, int n) if (n > CUTOFF) {
spawn f(p, n/2);spawn f(p+n/2, n/2);sync;
} else {int i = 0;while (i < n) { *(p+i) += 1; i++; }
}
f(p,n) accesses[ p, p+n-1 ]
![Page 77: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/77.jpg)
[ p, p+n/2-1 ][ p+n/2, p+n-1 ]
Data Race Freedom
void f(char *p, int n) if (n > CUTOFF) {
spawn f(p, n/2);spawn f(p+n/2, n/2);sync;
} else {int i = 0;while (i < n) { *(p+i) += 1; i++; }
}
f(p,n) accesses[ p, p+n-1 ]
![Page 78: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/78.jpg)
No data races !
Data Race Freedom
void f(char *p, int n) if (n > CUTOFF) {
spawn f(p, n/2);spawn f(p+n/2, n/2);sync;
} else {int i = 0;while (i < n) { *(p+i) += 1; i++; }
}
![Page 79: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/79.jpg)
Fundamental Property of the Analysis:
No Fixed Point Computations• The analysis does not use fixed-point
computations:• The problem is reduced to a linear program• The solution to the linear program directly gives
the symbolic lower and upper bounds
• Fixed-point approaches:• Termination is not guaranteed: analysis domain of
symbolic expressions has infinite ascending chains
• Use imprecise techniques to ensure termination:• Artificially truncate number of iterations• Use imprecise widening operators
![Page 80: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/80.jpg)
Experience• Set of benchmark programs
• Two versions of each benchmark • Sequential version written in C• Multithreaded version written in Cilk
• Experiments:1. Data Race Freedom for the multithreaded versions2. Array Bounds Violation Detection for both
sequential and multithreaded versions3. Automatic Parallelization for the sequential
version
![Page 81: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/81.jpg)
Data Races and Array Bounds Violations
Application Data races(multithreade
d)
Array Bounds Violations
(multithreaded)
Array Bounds Violations
(sequential)
QuickSort NO NO NO
MergeSort NO NO NO
BlockMul NO NO NO
NoTempMul
NO NO NO
LU NO NO NO
Knapsack YES NO NO
Heat NO NO NO
![Page 82: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/82.jpg)
0
2
4
6
8
0 2 4 6 80
2
4
6
8
0 2 4 6 80
2
4
6
8
0 2 4 6 8
Parallel Performance
Quicksort Mergesort Heat0
2
4
6
8
0 2 4 6 80
2
4
6
8
0 2 4 6 80
2
4
6
8
0 2 4 6 8
BlockMul NoTempMul LU
![Page 83: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/83.jpg)
Summary• Sophisticated Memory Disambiguation
Analysis• Points-to Information• Accessed Region Information
• Automatic • Interprocedural• Handles Multithreaded Programs• Other Uses Besides Data Race Freedom
• Bitwidth Analysis• Array-Bounds Check Elimination• Buffer Overrun Detection
![Page 84: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/84.jpg)
Bigger Picture• Analysis has a very specific goal• Developer understands and cares about
results• Points-to and region information is (implicitly)
part of the interface of each procedure• Developer understands interfaces• Developer has expectations about analysis
results• Analysis can identify serious programming
errors• Developer expectations are implicit
![Page 85: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/85.jpg)
IdeaEnhance procedure interface to make points-to and region information explicit
• Points-to language• Points-to graphs at entry and exit• Effect on points-to relationships
• Region language• Symbolic specification of accessed
regions• Developer provides information• Analysis verifies that it is correct, and
that correctness implies data race freedom
![Page 86: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/86.jpg)
Points-to Languagef(p, q, n) {
context {entry: p->_a, q->_b;exit: p->_a, _a->_c, q->_b, _b->_d;}context {entry: p->_a, q->_a;exit: p->_a, _a->_c, q->_a;}
}
![Page 87: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/87.jpg)
Points-to Languagef(p, q, n) {
context {entry: p->_a, q->_b;exit: p->_a, _a->_c, q->_b, _b->_d;
}context {
entry: p->_a, q->_a;exit: p->_a, _a->_c,
q->_a;}
}
pq
pq
pq
pq
Contexts for f(p,q,n)
entry
exit
![Page 88: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/88.jpg)
Verifying Points-to InformationOne (flow sensitive) analysis per context
f(p,q,n) {...
}
pq
pq
pq
pq
Contexts for f(p,q,n)
entry
exit
![Page 89: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/89.jpg)
Verifying Points-to InformationStart with entry points-to graph
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exit
pq
Contexts for f(p,q,n)
![Page 90: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/90.jpg)
Verifying Points-to InformationAnalyze procedure
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exit
pq
Contexts for f(p,q,n)
![Page 91: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/91.jpg)
Verifying Points-to InformationAnalyze procedure
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exitpq
Contexts for f(p,q,n)
![Page 92: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/92.jpg)
Verifying Points-to InformationCheck result against exit points-to graph
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exitpq
Contexts for f(p,q,n)
![Page 93: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/93.jpg)
Verifying Points-to InformationSimilarly for other context
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exit
Contexts for f(p,q,n)
![Page 94: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/94.jpg)
Verifying Points-to InformationStart with entry points-to graph
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exit
pq
Contexts for f(p,q,n)
![Page 95: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/95.jpg)
Verifying Points-to InformationAnalyze procedure
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exit
pq
Contexts for f(p,q,n)
![Page 96: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/96.jpg)
Verifying Points-to InformationCheck result against exit points-to graph
f(p,q,n) {...
}
pq
pq
pq
pq
entry
exitpq
Contexts for f(p,q,n)
![Page 97: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/97.jpg)
Analysis of Call Statements
g(r,n) {..f(r,s,n);..
}
![Page 98: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/98.jpg)
Analysis of Call StatementsAnalysis produces points-graph before call
g(r,n) {..f(r,s,n);..
}
rs
![Page 99: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/99.jpg)
pq
pq
pq
pq
entry
exit
Contexts for f(p,q,n)
Analysis of Call StatementsRetrieve declared contexts from callee
g(r,n) {..f(r,s,n);..
}
rs
![Page 100: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/100.jpg)
pq
pq
pq
pq
entry
exit
Contexts for f(p,q,n)
Analysis of Call StatementsFind context with matching entry graph
g(r,n) {..f(r,s,n);..
}
rs
![Page 101: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/101.jpg)
pq
pq
pq
pq
entry
exit
Contexts for f(p,q,n)
Analysis of Call StatementsFind context with matching entry graph
g(r,n) {..f(r,s,n);..
}
rs
![Page 102: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/102.jpg)
pq
pq
pq
pq
entry
exit
Contexts for f(p,q,n)
Analysis of Call StatementsApply corresponding exit points-to graph
g(r,n) {..f(r,s,n);..
}
rs
rs
![Page 103: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/103.jpg)
Analysis of Call StatementsContinue analysis after call
g(r,n) {..f(r,s,n);..
}
rs
![Page 104: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/104.jpg)
Analysis of Call Statements
g(r,n) {..f(r,s,n);..
}
rs
Result• Points-to declarations
separate analysis of multiple procedures
• Transformed • global, whole-program
analysis into • local analysis that
operates on each procedure independently
![Page 105: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/105.jpg)
Experience• Implemented points-to and region languages• Integrated with points-to and region
analyses• Divide and Conquer Benchmarks
• Quicksort (QS)• Mergesort (MS)• Matrix multiply (MM)• LU decomposition (LU)• Heat (H)
• We added points-to and region information
Sorting Programs
Dense MatrixComputationsScientific Computation
![Page 106: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/106.jpg)
Programming OverheadProportion of C Code, Region
Declarations, and Points-to Declarations
0.00
0.25
0.50
0.75
1.00
QS MS MM LU H
C Code
RegionDeclarationsPoints-toDeclarations
![Page 107: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/107.jpg)
EvaluationHow difficult is it to provide declarations?
Not that difficult.• Have to write comparatively little code• Must know information anyway
How much benefit does analysis obtain?Substantial benefit.
• Simpler analysis software (no complex interprocedural analysis)
• More scalable, precise analysis
![Page 108: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/108.jpg)
EvaluationSoftware Engineering Benefits of Points-to
and Region Declarations
• Improved communication between developer and analysis
• Analysis reflects developer’s expectations
• Enhanced code reliability • Enhanced interface information• Analyze incomplete programs
•Programs that use libraries•Programs under development
![Page 109: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/109.jpg)
EvaluationDrawbacks of Points-to and Region
Declarations• Have to learn new language• Have to integrate into development
process• Legacy software issues
(programmer may not know points-to and region information)
![Page 110: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/110.jpg)
Steps to Design ConformanceVerify that Program Correctly Implements Key Design
Properties as Expressed by Developer or Designer• Role Verification• Design Conformance for Object Models
(joint with Daniel Jackson, MIT LCS)• Context: Air Traffic Control Software
• MIT LCS (Daniel Jackson, Martin Rinard) MIT Aero-Astro Department (R. John Hansman) NASA Ames Research Center (Michelle Eshow) Kansas State University CS Dept. (David Schmidt)
• CTAS (Center/TRACON Automation System)
![Page 111: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/111.jpg)
Role Verification• Objects play different roles during their
lifetime in computation• Parked Aircraft, Taxiing Aircraft, Cleared for
Takeoff Aircraft, In Flight Aircraft• Roles reflect constraints on activities of object• System actions must respect role constraints
• Parked Aircraft can’t take off• Action violations indicate system confusion
• Goals• Obtain role information from developer• Check that program uses roles correctly
![Page 112: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/112.jpg)
Role Classification
• Two General Kinds of Classification• Content-based (predicate on
object fields determines role) • Relative (points-to relationships
determine role)• Role Classification is Application
Dependent
Aircraft
Flying Aircraft
Parked Aircraft
Taxiing Aircraft
Cleared Aircraft
Class
Roles
![Page 113: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/113.jpg)
Standard View of Object
Fields
OutgoingReferences List of Meter
FixesSequence Of PointsString
RunwayObjectGate
Object
••
•
IncomingReferences
Flight PlanTrajectory
Flight NameRunway
Gate
![Page 114: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/114.jpg)
Relative Role ClassificationPoints-to relationships define roles
• Specify sources of incoming edges• Field of an object playing a given role• Global or local variable
• Specify target of outgoing edges• Specify available fields in each role
![Page 115: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/115.jpg)
Example Roles
Gate Object
Aircraft•••
Parked Aircraft
Flight PlanTrajectory
Flight NameRunway
Gate
![Page 116: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/116.jpg)
Trajectory
Gate
Example Roles
Runway ObjectAircraft
•••
Cleared for Takeoff Aircraft
Flight Plan
RunwayFlight Name
List of MeterFixes
String
![Page 117: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/117.jpg)
Role Verification• Analysis Obtains
• Role Definitions• Method Information
• Roles of parameters and globals on entry• Role changes that method performs• Role of return value
• Intraprocedural Analysis• Simulates potential executions of method• Precise abstraction of heap• Use role information for invoked methods• Verify correctness of role information
![Page 118: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/118.jpg)
Benefits of Roles• Software Engineering Benefits
• Safety checks that take application semantics into account
• Enhanced implementation transparency
• Transformations Enabled By Precise Referencing Behavior• Safe real-time memory management• Parallelization and race detection for
Programs with linked data structures• Optimized Atomic Transactions
![Page 119: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/119.jpg)
Key Issue: Obtaining Role Information
• Range of Developer and Designer Involvement• Some Involvement Reasonable and
Necessary: Roles Reflect Application-Specific Properties
• Primary Focus: Role Definitions• Determine analysis distinctions• Relevance of extracted information
• Secondary Focus: Method Specifications• Developer specifies roles of parameters• Analysis extracts role changes
![Page 120: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/120.jpg)
Design Conformance• Software Development Activities
• Requirements• Design• Implementation
• Design is Partial• Focus on Important Aspects• Omit Many Low-Level Details
• Design and Implementation are Disconnected• No guarantee that code conforms to design
![Page 121: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/121.jpg)
Goal of Design Conformance• Establish and mechanically check
conformance• Use specific design formalism (object
models)• Boxes (objects) and Arrows (relations
between objects)Aircraft
Flying Aircraft
Parked Aircraft
Taxiing Aircraft
Cleared Aircraft
MeterFix
Flight Plan Flight Plan+ +
![Page 122: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/122.jpg)
Key Issue• Establishing correspondence between object
model and implementation• Object models usually at a higher level of
abstraction• Many relations in object model realized as
group of objects and references• Object model may entirely omit some objects
or references• Enables designer to focus on important aspects• But complicates path to conformance analysis
![Page 123: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/123.jpg)
Aircraft
Flying Aircraft
Parked Aircraft
Taxiing Aircraft
Cleared Aircraft
MeterFixFlight Plan Flight Plan
+ +
Gate Object
Aircraft•••
Flight PlanTrajectory
Flight NameRunway
Gate
Trajectory
GateRunway Object
Aircraft•••
Flight Plan
RunwayFlight Name
List of MeterFixes
String
Aircraft
MeterFix
Flight Plan+
AbstractObject Model
ConcreteObject Model
IntermediateObject Model
Roles
![Page 124: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/124.jpg)
Concretization Specifications• Maps Between Object Models• Enables Designer/Developer to Establish
Correspondence Between Object Models• Specify how Object Model is Realized in
Code• Foundation for design conformance
analysis• Guides implementation of object model• Implementation patterns for object
models
![Page 125: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/125.jpg)
Design Conformance Benefits• Higher Confidence in Software
• Promote clean implementation of design
• Guarantee important design properties
• Design becomes useful throughout entire development cycle• Updated as implementation changes• Reliable source of information
• Enables more precise, relevant analysis
![Page 126: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/126.jpg)
Related Work• Pointer Analysis
• Landi, Ryder, Zhang – PLDI93• Emami, Ghiya, Hendren – PLDI94• Wilson, Lam – PLDI96• Rugina, Rinard – PLDI99• Rountev, Ryder – CC01• Salcianu, Rinard – PPoPP01
• Region Analysis• Triolet, Irigoin, Feautrier- PLDI86• Havlak, Kennedy – IEEE TPDS91• Rugina, Rinard – PLDI00
• Pointer Specifications• Hendren, Hummel, Nicolau – PLDI92• Guyer, Lin – LCPC00
![Page 127: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/127.jpg)
Related Work• Shape Analysis
[CWZ90,GH96,FL97,SRW99,MS01]• Extended Type Systems
• FX/87 [GJLS87]• Dependent Types [XF99]
• Program Verification• ESC [DLNS98]• PVS [ORRSS96]
• Implementations of Object Models [HBR00]
![Page 128: Program Analysis and Design Conformance Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology](https://reader036.vdocuments.us/reader036/viewer/2022062504/5a4d1b4c7f8b9ab0599a5f7e/html5/thumbnails/128.jpg)
Conclusion• Developer and Designer Interact with Analysis• Benefits
• More precise, relevant analysis• Verify key safety and design properties• Enhance utility of design• Enable powerful transformations
• Key Issue:• Determining appropriate abstractions to leverage• Access regions, roles, object models
• Abstractions Share Several Features• Identify important properties of data• Relate properties of data to behavior of
computation