DEPENDEX 1 - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

DEPENDEX 1

Description:

Given a method m(p1,..,pn) ... terms of p1,...,pn over-approximating the ... over collections we introduce a virtual counter bounded by the collection size ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 29
Provided by: publicaci
Category:

less

Transcript and Presenter's Notes

Title: DEPENDEX 1


1
Synthesizing parametric specifications of dynamic
memory utilization in object-oriented programs
  • Víctor Braberman DC, FCEN, UBA, Argentina
  • Diego Garbervetsky DC, FCEN, UBA, Argentina
  • Sergio Yovine Verimag. France
  • Dependable Software Research Group DEPENDEX

2
Motivation
How much dynamic memory is allocated when method
m1 is invoked?
  • void m1(int k)
  • for(i1iltki)
  • a new A()
  • m2(i)
  • void m2(int n)
  • for(j1jltnj)
  • b new B()

Not a trivial task!
3
Context
  • Problem undecidable in general
  • Impossible to find an exact expression of dynamic
    memory allocation even knowing program inputs
  • Several techniques for functional languages
  • Usually linear upper bounds
  • Less explored for Object Oriented programs

4
Our work
A general technique to find non-linear parametric
upper- bounds of dynamic memory utilization
  • Given a method m(p1,..,pn)
  • memAlloc(m) symbolic expression (a polynomial)
    in terms of p1,,pn over-approximating the amount
    of dynamic memory allocated by any run starting
    at m

5
Key idea Counting visits to statements that
allocates memory
  • for(i0iltni)
  • for(j0jltij)
  • new C()
  • Dynamic Memory allocations ? number of visits to
    new statements
  • ? number of possible variable assignments at
    statements control location
  • ? number of integer solutions of a predicate
    constraining variable assignments at its control
    location (i.e. an invariant)

For linear invariants, of integer solutions
of integer points Ehrhart polynomial (size(C)
( ½k2½k))
6
Our approach
  1. Identify every allocation site (new statement)
    reachable from the method under analysis (MUA)
  2. Generate invariants describing possible variables
    assignments at each allocation site (the
    iteration space)
  3. Count the number solutions for the invariant in
    terms of MUA parameters ( of visits to the
    allocation site)
  4. Adapt those expressions to take into account the
    size of object allocated (their types)
  5. Sum up the resulting expression for each
    allocation site

7
Running Example
  • void m0(int mc)
  • 1 m1(mc)
  • 2 B m2Arrm2(2 mc)
  • void m1(int k)
  • 3 for (int i 1 i lt k i)
  • 4 A a new A()
  • 5 B dummyArr m2(i)
  • B m2(int n)
  • 6 B arrB new Bn
  • 7 for (int j 1 j lt n j)
  • 8 B b new B()
  • 9 return arrB

8
Step 1Identifying allocation sites
  • Distinguish program locations not only by a
    method-local control location but also by a
    call chain
  • Creation Site (csp.l) a path p from the MUA to
    a new statement at l.
  • Denotes a statement and a call stack.
  • Example m0.2.m2.6, cs for statement new B with
    stack (m0.2).

Creation sites reachable from m0CSm0
m0.1.m1.4, m0.1.m1.5.m2.6, m0.1.m1.5.m2.8,
m0.2.m2.6, m0.2.m2.8
m2 is called at least twice ? 2 static traces
for 6newB and 8new B
9
Step 2Finding invariants for creation sites
  • We need invariants involving variables in a path
    through several methods (appearing in the
    creation site)

void m0(int mc) 1 m1(mc) 2 B m2Arrm2(2
mc) void m1(int k) 3 for(int i 1 i lt
k i) 4 A a new A() 5 B dummyArr
m2(i) B m2(int n) 6 B arrB new
Bn 7 for(int j 1 j lt n j) 8 B b
new B() 9 return arrB
Im0(m0.1.m1.4)?kmc ? 1ik
Creation Site invariants can be generated using
local invariants and binding the calls
Im0 (m0.1.m1.5.m2.6)?kmc ? 1ik ?
ni Im0(m0.1.m1.5.m2.8)?kmc ? 1ik ? ni ?
1jn
Im0(m0.2.m2.6)?n2mc Im0(m0.2.m2.8)?n2mc ?
1jn
10
Step 3 Counting the number of solutions (in
terms of MUA parameters)
  • Example
  • of visits (in terms of m0 parameters) to m2.8
    for the stack configuration m0.1.m1.5?
  • Recall Im0(m0.1.m1.5.m2.8)?kmc ? 1ik ? ni
    ?1jn
  • Then of visits in terms of mc (method m0
    parameter)
  • (k,i,j,n) (kmc ? 1ik ? ni ? 1jn)
  • ½ mc2 ½ mc

11
Step 4Transforming number of visits into memory
consumption
  • We know how to approximate number of visits of a
    creation site, but not dynamic memory allocations
  • Example
  • How much memory (in terms of m0 parameters) is
    allocalated by to m2.8 for the stack
    configuration m0.1.m1.5?
  • Recall of visits in terms of mc (method m0
    parameter) ½ mc2 ½ mc
  • Then memory allocated is size(B)½ mc2 ½ mc
  • S(m,cs) computes an upper bound of the amount of
    memory allocated by one creation site, in terms
    of the parameters of m
  • Transforms of visits into estimations of memory
    consumptions
  • Special treatment for arrays allocations (new
    Te1..en)
  • Treated as n nested loops
  • for(t10t1lte1t1)for(tn0tnltentn) new RefT

12
Step 5 Summing up expressions
  • To predict the amount of memory allocated by a
    method m.
  • memAlloc(m) computeAlloc(m,CSm)
  • For every creation site Get an invariant,
    compute the S function and sum them up

where
  • memAlloc(m0) S(m0,m0.1.m1.4)S(m0,m0.1.m1.5.m2.6)
    S(m0,m0.1.m1.5.m2.8)S(m0,m0.2.m2.6)S(m0,m0.2
    .m2.8 ) size(B) (1/2 mc2 5/2 mc)
    size(B) (1/2 mc2 5/2 mc)
    size(A) mc

13
Experiments
  • We tested our prototype with some JOlden and
    JavaGrande benchmarks.

Obtained by hand
  • In general, when the amount of memory allocated
    is polynomial , we obtained accurate upper bounds
  • The main issue is finding good invariants

14
Scoped-memory Management
  • Leveraging escape analysis, we can compute upper
    bounds of memory escaping and captured by a
    method (assuming a region per method)
  • memEscapes(m) computeAlloc(m,escapes(m))
  • memCaptured(m)computeAlloc(m,capture(m))
  • Useful for RTSJ
  • Predicting regions sizes
  • Predicting how much allocated memory by the MUA
    will remain uncollected after its execution

15
Prototype Tool
16
Conclusions
  • A technique that computes non-linear parametric
    upper bounds of dynamic memory allocation
  • An application to scoped memory management
  • Use for estimating region size in RTSJ
  • Useful for embedded systems
  • Benchmarks results are promising
  • But many challenges remain

17
Current and future Work
  • Find a symbolic upper-bound of memory required to
    run a method (assuming scoped-memory management)
  • We need to solve an optimization problem
    (symbolically)
  • Improving precision of upper-bounds under weaker
    invariants
  • if (cond) then B1 else B2 statements, not
    capturing cond
  • The same for polymorphism
  • Dealing with recursion
  • Automated code generation for RTSJ
  • Using memCaptured estimator to determine regions
    size

18
Extra Material
  • How we compute the path invariants
  • Memory required to run a method
  • Improving method precision
  • Counting (more formally)
  • Definition of function S()

19
On computing Invariants
  • We need linear invariants involving variables in
    a path through several methods
  • Strategy we compute or annotate local invariants
    and bind them
  • Our technique could deal with some patterns of
    iteration beyond integer-counter based ones.
  • for iterations over collections we introduce a
    virtual counter bounded by the collection size
    (i.e. ?0?i ?c.size())
  • We (try) to obtain invariants that only
    predicates about inductive set of variables
    (roughly speaking, a subset of variables which is
    enough to count the number of visits of a given
    statement)
  • Currently we approximate inductive variables sets
    by combining a field sensitive live variables
    analysis and manual adjustments

20
Step 2Finding invariants for creation sites
  • We need linear invariants involving variables in
    a path through several methods
  • We compute or annotate local invariants and bind
    them

?
Example for cs m0.1.m1.5.m2.8 I(m0.1)? I(m1.5)?
1ik I(m2.8)?1jn I(m0.1.m1)? kmc
I(m1.5.m2)?ni (bindings) Im0(m0.1.m1.5.m2.8)?k
mc ? 1ik ? ni ? 1jn
?
?
?
?
21
Computing invariants using Daikon
22
Memory required to run a method
  • Knowing the amount memory captured by a method is
    not enough
  • We must consider the regions of the method it
    calls
  • They are not in terms of MUA parameters
  • A method could be called several times with
    different arguments

23
Two maximization problems
  • In any run only one stack (path) configuration
    will be active (single-threading)
  • required(m0)(mc) max (rsize(m0.1.m1.5,mc)

    rsize(m0.1.m1.5.m2,mc),
    rsize(m0.2.m2,mc))
  • In one path a region can be created several times
    and have different sizes
  • memCapture(m2) depends may vary depending on i in
    the path m0.1.m1.5.m2
  • For every path, we need an expression in terms of
    MUA parameters that maximizes the size of every
    region in the path

24
Maximizing a path
  • rsize(?.m,pmr)Maximize memCaptured(m)
    subject to Imr(?)P/pmr
  • This is, find an expression in terms of method mr
    parameters that represents the maximum region for
    method m
  • knowing that m will be called with stack ?
  • and the variables in call stack are constrained
    by the invariant Imr(?)

25
Improving technique precision
The statements 3 and 4 will have the same
invariant And the technique will sum their
upper-bounds ignoring the impossibility of visit
both statements 3 and 4 in the same iteration!
  • computeAlloc relies on having good invariants
    capturing control-flow decisions
  • Consider this example
  • 1 for(int i1iltni)
  • 2 if(t(i))
  • 3 ai new Integer2i 1in ? t(i)
  • 4 else
  • 5 ai new Integer10 1in ? ?t(i)
  • What happens if t(i) cannot be capture by the
    invariants?

26
Improving precision (cont)
  • How do we cope with this problem?
  • Find a condition that maximizes the amount of
    memory allocated by the statements knowing that
    they cannot by executed together
  • In the example we can add a new restriction over
    i
  • 31in ? igt5
  • 51in ? i5

27
Counting the number of solutions (more formally)
  • Given an invariant and a set of selected
    variables (parameters) we can get an expression
    in terms of their parameters
  • It represents the number solutions to the
    invariant, fixing the values of that parameters
  • Example Im0(m0.1.m1.5.m2.8)?kmc ? 1ik ? ni
    ? 1jn
  • C(Im0(m0.1.m1.5.m2.8),k,i,j,n,mc)(mc)
  • (k,i,j,n) (kmc ? 1ik ? ni ? 1jn)
  • ½ mc2 ½ mc

Counting the number of solutions for an invariant
for a creation site csp.l over approximates the
number of visits of the new statement when
program stack is p
  • Theoretical Framework
  • Given a set of constraints ? such that
    var(?)P?W, the number of solutions for ? fixing
    the values of P C(?,W, P)(p) w ?W/w,P/p
    is a function in terms of P.
  • For polytypes, of integer solutions of
    integer points Ehrhart polynomial

28
Function S (more formally)
  • C(Ics,W,P) approximates number of visits of a
    creation site
  • S(I,P,cs) computes an upper bound of the amount
    of memory allocated by a creation site, in terms
    of P using C(Ics,W,P)
  • Example for creation site m0.1.m1.5.m2.8(new B)
  • Im0(m0.1.m1.5.m2.8)?kmc ? 1ik ? ni ?
    1jn,
  • C(Im0(m0.1.m1.5..m2.8),n,i,k,j,mc) ½ mc2 ½
    mc
  • S(Im0(m0.1.m1.5.m2.8),mc, m0.2.m2.8)
    size(B)(C(Im0(m0.1.m1.5.m2.8),n,i,k,j,mc)siz
    e(B)½ mc2 ½ mc
  • Adaptations performed by S(I,P,cs)
  • new T() Size(T)C(I,W,P)
  • new Te1..en Size(T) C(I ?0t1lte1
    ?0tnlten ,W,P)
  • Simulating n nested loops for(t10t1lte1t1)fo
    r(tn0tnltentn) new T
Write a Comment
User Comments (0)
About PowerShow.com