397 research outputs found
Probabilistic pointer analysis for multithreaded programs
The use of pointers and data-structures based on pointers results in circular
memory references that are interpreted by a vital compiler analysis, namely
pointer analysis. For a pair of memory references at a program point, a typical
pointer analysis specifies if the points-to relation between them may exist,
definitely does not exist, or definitely exists. The "may be" case, which
describes the points-to relation for most of the pairs, cannot be dealt with by
most compiler optimizations. This is so to guarantee the soundness of these
optimizations. However, the "may be" case can be capitalized by the modern
class of speculative optimizations if the probability that two memory
references alias can be measured. Focusing on multithreading, a prevailing
technique of programming, this paper presents a new flow-sensitive technique
for probabilistic pointer analysis of multithreaded programs. The proposed
technique has the form of a type system and calculates the probability of every
points-to relation at each program point. The key to our approach is to
calculate the points-to information via a post-type derivation. The use of type
systems has the advantage of associating each analysis results with a
justification (proof) for the correctness of the results. This justification
has the form of a type derivation and is very much required in applications
like certified code.Comment: 12 page
Probabilistic data flow analysis: a linear equational approach
Speculative optimisation relies on the estimation of the probabilities that
certain properties of the control flow are fulfilled. Concrete or estimated
branch probabilities can be used for searching and constructing advantageous
speculative and bookkeeping transformations.
We present a probabilistic extension of the classical equational approach to
data-flow analysis that can be used to this purpose. More precisely, we show
how the probabilistic information introduced in a control flow graph by branch
prediction can be used to extract a system of linear equations from a program
and present a method for calculating correct (numerical) solutions.Comment: In Proceedings GandALF 2013, arXiv:1307.416
Understanding Uncertainty in Static Pointer Analysis
Institute for Computing Systems ArchitectureFor programs that make extensive use of pointers, pointer analysis is often critical
for the effectiveness of optimising compilers and tools for reasoning about program
behaviour and correctness. Static pointer analysis has been extensively studied and
several algorithms have been proposed, but these only provide approximate solutions.
As such inaccuracy may hinder further optimisations, it is important to understand
how short these algorithms come of providing accurate information about the points-to
relations.
This thesis attempts to quantify the amount of uncertainty of the points-to relations
that remains after a state-of-the-art context- and flow-sensitive pointer analysis algorithm
is applied to a collection of programs from two well-known benchmark suites:
SPEC integer and MediaBench. This remaining static uncertainty is then compared
to the run-time behaviour. Unlike previous work that compared run-time behaviour
against less accurate context- and flow-insensitive algorithms, the goal of this work is
to quantify the amount of uncertainty that is intrinsic to the applications and that defeat
even the most accurate static analyses.
In a first step to quantify the uncertainties, a compiler framework was proposed and
implemented. It is based on the SUIF1 research compiler framework and the SPAN
pointer analysis package. This framework was then used to collect extensive data
from the static points-to analysis. It was also used to drive a profiled execution of the
programs in order to collect the real run-time points-to data. Finally, the static and the
run-time data were compared.
Experimental results show that often the static pointer analysis is very accurate, but
for some benchmarks a significant fraction, up to 25%, of their accesses via pointer dereferences
cannot be statically fully disambiguated. We find that some 27% of these
de-references turn out to access a single memory location at run time, but many do
access several different memory locations. We find that the main reasons for this are
the use of pointer arithmetic and the fact that some control paths are not taken. The
latter is an example of a source of uncertainty that is intrinsic to the application
Hardware-Assisted Dependable Systems
Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations, unavailability of internet services, data losses, malfunctioning components, and consequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catastrophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data.
Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead.
In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs.
Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead
Probabilistic Points-to Analysis for Java
Abstract. Probabilistic points-to analysis is an analysis technique for defining the probabilities on the points-to relations in programs. It provides the compiler with some optimization chances such as speculative dead store elimination, speculative redundancy elimination, and speculative code scheduling. Although several static probabilistic points-to analysis techniques have been developed for C language, they cannot be applied directly to Java because they do not handle the classes, objects, inheritances and invocations of virtual methods. In this paper, we propose a context-insensitive and flow-sensitive probabilistic points-to analysis for Java (JPPA) for statically predicting the probability of points-to relations at all program points (i.e., points before or after statements) of a Java program. JPPA first constructs an interprocedural control flow graph (ICFG) for a Java program, whose edges are labeled with the probabilities calculated by an algorithm based on a static branch prediction approach, and then calculates the probabilistic points-to relations of the program based upon the ICFG. We have also developed a tool called Lukewarm to support JPPA and conducted an experiment to compare JPPA with a traditional context-insensitive and flow-sensitive points-to analysis approach. The experimental results show that JPPA is a precise and effective probabilistic points-to analysis technique for Java
Improving the Perfomance of a Pointer-Based, Speculative Parallelization Scheme
La paralelización especulativa es una técnica que intenta extraer paralelismo de los
bucles no paralelizables en tiempo de compilación. La idea subyacente es ejecutar el
código de forma optimista mientras un subsistema comprueba que no se viole la semántica
secuencial. Han sido muchos los trabajos realizados en este campo, sin embargo, no
conocemos ninguno que fuese capaz de paralelizar aplicaciones que utilizasen aritmética
de punteros. En un trabajo previo del autor de esta memoria, se desarrolló una librería
software capaz de soportar este tipo de aplicaciones. No obstante, el software desarrollado
sufría de una limitación muy importante: el tiempo de ejecución de las versiones paralelas
era mayor que el de las versiones secuenciales. A lo largo de este Trabajo de Fin de
Máster, se aborda esta limitación, encontrando y corrigiendo las razones de esta falta de
eficiencia, y situando el trabajo realizado en perspectiva, dentro de las contribuciones mundiales en este ámbito. Los resultados experimentales obtenidos con aplicaciones reales nos permiten afirmar
que estas limitaciones han sido solventadas, ya que obtenemos speedups de hasta de un
1.61 . Así, con la nueva versión de la librería se han llegado a obtener mejoras de hasta
el 421.4% respecto al tiempo de ejecución generado por la versión original de la librería
especulativa.InformáticaMáster en Investigación en Tecnologías de la Información y las Comunicacione
A Survey on Thread-Level Speculation Techniques
Producción CientíficaThread-Level Speculation (TLS) is a promising technique that allows the parallel execution of sequential code without relying on a prior, compile-time-dependence analysis. In this work, we introduce the technique, present a taxonomy of TLS solutions, and summarize and put into perspective the most relevant advances in this field.MICINN (Spain) and ERDF program of the European Union: HomProg-HetSys project (TIN2014-58876-P), CAPAP-H5 network (TIN2014-53522-REDT), and COST Program Action IC1305: Network for Sustainable Ultrascale Computing (NESUS)
- …