Rethinking Soot for Summary-Based Whole-Program Analysis
•
1 gostou•302 visualizações
Rethinking Soot for Summary-Based Whole-Program Analysis, SOAP'2012
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Mais de Dacong (Tony) Yan
Mais de Dacong (Tony) Yan (9)
Último
Último (20)
Rethinking Soot for Summary-Based Whole-Program Analysis
- 1. Rethinking Soot for Summary-Based Whole- Program Analysis Dacong Yan1, Guoqing Xu2, Atanas Rountev1 1 Ohio State University 2 University of California, Irvine PRESTO: Program Analyses and Software Tools Research Group, Ohio State University
- 2. Overview • Programs are built with reusable components – Standard libraries in Java, C++, C# – Domain-specific libraries and frameworks • Whole-program analysis – Analysis of both application and library code – Methods are analyzed under different contexts • Summary-based analysis – Pre-analysis of library code (summary generation) – Reuse result of pre-analysis (summary application) • Challenges – Carefully designed abstractions and algorithms 2 – Infrastructure for summary generation and application
- 3. Case Study: An Alias Analysis [ISSTA’11] m(a) { c = new …; // o1 a.f = c; return c.g; } d = new …; // o2 b = m(d); // call m 3
- 4. Case Study: An Alias Analysis [ISSTA’11] m(a) { f a sa o1 c c = new …; // o1 g a.f = c; entrym ret sf return c.g; exitm } o2 d d = new …; // o2 b sm b = m(d); // call m 4
- 5. Case Study: An Alias Analysis [ISSTA’11] m(a) { f a sa o1 c c = new …; // o1 g a.f = c; entrym ret sf return c.g; exitm } o2 d d = new …; // o2 b sm b = m(d); // call m b alias? d 5
- 6. Case Study: An Alias Analysis [ISSTA’11] m(a) { f a sa o1 c c = new …; // o1 g a.f = c; entrym ret sf return c.g; exitm } o2 d d = new …; // o2 b sm b = m(d); // call m b alias? d 6
- 7. Case Study: An Alias Analysis [ISSTA’11] m(a) { f a sa o1 c c = new …; // o1 g a.f = c; entrym ret sf return c.g; exitm } o2 d d = new …; // o2 b sm b = m(d); // call m 7
- 8. Case Study: An Alias Analysis [ISSTA’11] m(a) { f a sa o1 c c = new …; // o1 g a.f = c; entrym ret sf return c.g; exitm } o2 d d = new …; // o2 b sm b = m(d); // call m f, g summary(m): sa sg 8
- 9. Experimental Evaluation • 19 Java programs – For all programs, more than 50% of nodes in the call graph are methods in the Java standard library – For most programs, the percentage exceeds 80% • Two experiments – Summary-based construction of program representation – Summary-based computation of graph reachability • Results – Significant potential savings in analysis running time – Additional savings limited by infrastructure 9
- 10. Discussion • Goal: support summary-based analysis in Soot • Problems with ad-hoc extensions – Difficulty in code maintenance – Difficulty in comparing analyses – Limited benefits in summarization • Issues to consider – Configuration mechanisms – Management of summary information – Verification of summary information 10
- 11. Discussion • Configuration mechanisms – Customization to allow summary-based analysis – Dependence between analyses • Management of summary information – Unified summary APIs – Techniques of data structure persistence – Mapping back to program entities • Verification of summary information – Consistency between summary and Jimple – Code changes 11
- 12. Conclusion • Case study on an alias analysis • Potential savings in analysis running time with summarization • Discussion on supporting summary-based analysis – Configuration mechanisms – Management of summary information – Verification of summary information 12
- 13. Thank you 13