Interprocedural Heap Analysis using Access Graphs and ...rohanpadhye/files/mtp...Actual heap layout...

Interprocedural Heap Analysis using Access Graphs andValue Contexts

with applications to liveness-based garbage collection

Rohan Padhyeunder the guidance of

Prof. Uday Khedker

Department of Computer Science & EngineeringIndian Institute of Technology Bombay

M.Tech Project

Outline

1 Background and MotivationHeap Reference AnalysisKey Issues

2 Heap Alias AnalysisNeed for Alias AnalysisExisting AbstractionsProposed Abstraction: Acccessor Relationship Graph

3 Interprocedural AnalysisExisting FrameworksOur Framework: Value ContextsThe Role of Call Graphs

4 Access Graphs for Garbage CollectionExisting IdeasNovel Technique: Dynamic Heap Pruning

5 Summary & Future Work

Rohan Padhye (IIT Bombay) Interprocedural Heap Analysis MTP 2 / 32

Background

Heap Reference Analysis [Khedker, Sanyal & Karkare, 2007]

S1: x = root

S2: while (x.val > M):

S3: x = x.l

S4: x = x.r

S5: print x.val

S6: EXIT

x l3 r4

Access graph for x at S2.

The binary tree in the heap at S2.Filled nodes are live objects.

Key Issues

Three main issues in performing Heap Reference Analysis:

1 How to perform a precise alias analysis for arbitrary access paths inthe heap?

2 How to implement whole-program heap reference analysis in aninter-procedural manner?

3 How to use the resulting access graphs to improve garbagecollection?

Outline

Need for Alias Analysis

x .p = zS4

u = y .pS5

v = u.qS6

use vS7

x and y do not alias at S4.

y p5 q6

LVOUT4y p5 q6

x = yS2 S3

x .p = zS4

u = y .pS5

v = u.qS6

use vS7

x may alias y at S4

y p5 q6

LVOUT4y p5 q6

x = yS1

x .p = zS4

u = y .pS5

v = u.qS6

use vS7

x must alias y at S4

LVOUT4y p5 q6

May-alias analysis is required for sound heap liveness analysis.

Must-alias analysis is desirable for performing strong updates.

In general, alias queries may not be as straightforward as thepreceeding examples:

w .r = z

x p3 q4 r5

In the above program, z is live if w may be aliased to any objectaccessible by the pattern x(.p)∗.q.

The key obervation is here is that we need to determine aliasesbetween live access patterns.

Access Graphs and Access Patterns

S1: w.r = z

S2: while (...):

S3: x = x.p

S4: x = x.q

S5: x = x.r

S6: use x

S7: EXIT

Consider liveness at S2.

Access Graph

x p3 q4 r5

Equivalent Automaton

x p q r

Access Patterns

x/p3 : x .p(.p)∗x/q4 : x(.p)∗.qx/r5 : x(.p)∗.q.r

Approaches to Heap Alias Analysis

Modelling an unbounded number of objects using a finite abstraction:

Muchnick & Jones, 1981: k-limited graph

Chase, Wegman & Zadeck, 1990: Merge on allocation sites

Sagiv, Reps & Wilhelm, 1996: “Materialization”

Sagiv, Reps & Wilhelm, 1999: 3-valued logic

Our approach: Use access patterns from liveness graphs toimprove expressibility of points-to graph

Approaches to Heap Alias Analysis

Modelling an unbounded number of objects using a finite abstraction:

Muchnick & Jones, 1981: k-limited graph

Chase, Wegman & Zadeck, 1990: Merge on allocation sites

Sagiv, Reps & Wilhelm, 1996: “Materialization”

Sagiv, Reps & Wilhelm, 1999: 3-valued logic

Our approach: Use access patterns from liveness graphs toimprove expressibility of points-to graph

Proposed Approach

y = newS0

z = newS1

t = newS2

t.n = xS3

x = tS4

a = xS5

b = a.nS6

a.n = yS7 b.n = zS8

use x .nS9

exitS10

Actual heap layout after S6

x · · ·n n n n

P0: Initial Points-to Analysis

PTOUT6 = PTIN7 = PTIN8:

x S2 n

y S0 z S1

P1: Points-to Analysis using L1PTOUT6 = PTIN7 = PTIN8:

x S2 S2 S2x , a x/n9, b −

L1: Liveness after P0

LVIN9 = LVOUT7 = LVOUT8:x n9

LVIN7 (considering amay= x):

a x n9 y, ,

LVIN8 (considering bmay= x):

b x n9 z, ,

LVOUT6 = LVIN7 ∪ LVIN8:a b x n9 y, , , z,

LVIN7 (considering amust= x):

LVIN8 (considering b 6= x):

LVOUT6 = LVIN7 ∪ LVIN8:x n9 y,

We are not performing “materialization”.P1 does not use P0 and L2 does not use L1.These are new passes from scratch!Li uses Pi−1 for implicit updates.Pi uses Li for expressibility.

Proposed Approach

y = newS0

z = newS1

t = newS2

t.n = xS3

x = tS4

a = xS5

b = a.nS6

a.n = yS7 b.n = zS8

use x .nS9

exitS10

x · · ·n n n n

x S2 n

y S0 z S1

x S2 S2 S2x , a x/n9, b −

a x n9 y, ,

b x n9 z, ,

Proposed Approach

y = newS0

z = newS1

t = newS2

t.n = xS3

x = tS4

a = xS5

b = a.nS6

a.n = yS7 b.n = zS8

use x .nS9

exitS10

x · · ·n n n n

x S2 n

y S0 z S1

x S2 S2 S2x , a x/n9, b −

a x n9 y, ,

b x n9 z, ,

Proposed Approach

y = newS0

z = newS1

t = newS2

t.n = xS3

x = tS4

a = xS5

b = a.nS6

a.n = yS7 b.n = zS8

use x .nS9

exitS10

x · · ·n n n n

x S2 n

y S0 z S1

x S2 S2 S2x , a x/n9, b −

a x n9 y, ,

b x n9 z, ,

Proposed Approach

y = newS0

z = newS1

t = newS2

t.n = xS3

x = tS4

a = xS5

b = a.nS6

a.n = yS7 b.n = zS8

use x .nS9

exitS10

x · · ·n n n n

x S2 n

y S0 z S1

x S2 S2 S2x , a x/n9, b −

a x n9 y, ,

b x n9 z, ,

Proposed Approach

y = newS0

z = newS1

t = newS2

t.n = xS3

x = tS4

a = xS5

b = a.nS6

a.n = yS7 b.n = zS8

use x .nS9

exitS10

x · · ·n n n n

x S2 n

y S0 z S1

x S2 S2 S2x , a x/n9, b −

a x n9 y, ,

b x n9 z, ,

Proposed Approach

y = newS0

z = newS1

t = newS2

t.n = xS3

x = tS4

a = xS5

b = a.nS6

a.n = yS7 b.n = zS8

use x .nS9

exitS10

x · · ·n n n n

x S2 n

y S0 z S1

x S2 S2 S2x , a x/n9, b −

a x n9 y, ,

b x n9 z, ,

Proposed Approach

Key idea: distinguish between objects accessible by distinct sets ofaccess patterns.

Thus, our approach is more precise than naive summarization in that:1 Unnecessary may-aliases are avoided.2 Useful must-aliases are discovered.

Inter-dependence of liveness and points-to analysis:1 Perform naive points-to (summarize on alloc sites).2 Backward analysis to get huge liveness info (sound but imprecise).3 Again do points-to, distinguishing on access patterns found above.4 Another round of backward analysis to get precise liveness info.5 Fixed point...?

Accessor Relationship Graph

Symbol Definition Cardinality

V Variables Proportional to program sizeM Memory allocation sites Proportional to program sizeR Field dereference points Proportional to program sizeA Access graph nodes |V |+ |V | × |R|H Heap graph nodes |M| × 2|A|

Definition

Accessor Relationship Graph is a 3-tuple 〈Ev ,Ef , summary〉, where:

Ev ⊆ V × H

Ef ⊆ H × F × H

summary : H → {true, false}

Accessor Relationship Graph

Symbol Definition Cardinality

V Variables Proportional to program sizeM Memory allocation sites Proportional to program sizeR Field dereference points Proportional to program sizeA Access graph nodes |V |+ |V | × |R|H Heap graph nodes |M| × 2|A|

Definition

Accessor Relationship Graph is a 3-tuple 〈Ev ,Ef , summary〉, where:

Ev ⊆ V × H

Ef ⊆ H × F × H

summary : H → {true, false}

Lattice Representation

Definition

〈Ev ,Ef , summary〉 w 〈E ′v ,E ′f , summary ′〉 if:

Ev ⊆ E ′v

Ef ⊆ E ′f∀k ∈ H : summary(k)⇒ summary ′(k)

Definition

〈Ev ,Ef , summary〉 u 〈E ′v ,E ′f , summary ′〉 = 〈E ′′v ,E ′′f , summary ′′〉 such that:

E ′′v = Ev ∪ E ′v

E ′′f = Ef ∪ E ′f∀k ∈ H : summary ′′(k) = summary(k) ∨ summary ′(k)

Lattice Representation

Definition

〈Ev ,Ef , summary〉 w 〈E ′v ,E ′f , summary ′〉 if:

Ev ⊆ E ′v

Ef ⊆ E ′f∀k ∈ H : summary(k)⇒ summary ′(k)

Definition

〈Ev ,Ef , summary〉 u 〈E ′v ,E ′f , summary ′〉 = 〈E ′′v ,E ′′f , summary ′′〉 such that:

E ′′v = Ev ∪ E ′v

E ′′f = Ef ∪ E ′f∀k ∈ H : summary ′′(k) = summary(k) ∨ summary ′(k)

Data Flow Analysis

Normalization: Θ(X , L) = Consistency + Reachability

x = x .nS5

n8n6n5x x S1 S1 S1 S1n n n

x x/n5 x/n6 x/n8

n8n6x x S1 S1 S1 S1n n n

x x/n5x

x/n6 x/n8

Data Flow Equations:

PTINb = up∈pred(b)

Θ(PTOUTp, LVINb)

PTOUTb = Θ(fb(PTINb), LVOUTb)

Data Flow Analysis

Normalization: Θ(X , L) = Consistency + Reachability

x = x .nS5

n8n6n5x x S1 S1 S1 S1n n n

x x/n5 x/n6 x/n8

n8n6x x S1 S1 S1 S1n n n

x x/n5x

x/n6 x/n8

Data Flow Equations:

PTINb = up∈pred(b)

Θ(PTOUTp, LVINb)

PTOUTb = Θ(fb(PTINb), LVOUTb)

System Model

L̂ : S × AP → {true, false} (Results of liveness analysis)

P̂ : S × AP × AP → {true, false} (Results of points-to analysis)

HLA : P̂ → L̂ (Heap Liveness Analysis)

PTA : L̂→ P̂ (Heap Points-To Analysis)

L̂0 = λsλa.false

∀i ≥ 0 : P̂i = PTA(L̂i )

∀i ≥ 0 : L̂i+1 = HLA(P̂i )

L̂i ⊆ L̂j iff ∀s ∈ S ,∀a ∈ AP : L̂i (s, a)⇒ L̂j(s, a)

P̂i ⊆ P̂j iff ∀s ∈ S ,∀a ∈ AP,∀b ∈ AP : P̂i (s, a, b)⇒ P̂j(s, a, b)

System Model

L̂ : S × AP → {true, false} (Results of liveness analysis)

P̂ : S × AP × AP → {true, false} (Results of points-to analysis)

HLA : P̂ → L̂ (Heap Liveness Analysis)

PTA : L̂→ P̂ (Heap Points-To Analysis)

L̂0 = λsλa.false

∀i ≥ 0 : P̂i = PTA(L̂i )

∀i ≥ 0 : L̂i+1 = HLA(P̂i )

L̂i ⊆ L̂j iff ∀s ∈ S ,∀a ∈ AP : L̂i (s, a)⇒ L̂j(s, a)

P̂i ⊆ P̂j iff ∀s ∈ S ,∀a ∈ AP,∀b ∈ AP : P̂i (s, a, b)⇒ P̂j(s, a, b)

Precision of Liveness

L̂0 P̂0 L̂1 P̂1 L̂2 P̂2 L̂3 P̂3 L̂4 · · ·

Theorem

The results of the second round of heap liveness analysis is the mostprecise result which is also sound. That is, ∀k > 0 : L̂2 ⊆ L̂k .

Lemma (1)

∀i , j : L̂i ⊆ L̂j ⇒ P̂i ⊇ P̂j

Lemma (2)

∀i , j : P̂i ⊆ P̂j ⇒ L̂i+1 ⊆ L̂j+1

Proof.

1. ∀k ≥ 0 : L̂0 ⊆ L̂k (By Definition)2. ∀k ≥ 0 : P̂0 ⊇ P̂k (Lemma 1)3. ∀k ≥ 0 : L̂1 ⊇ L̂k+1 (Lemma 2)4. ∀k ≥ 0 : P̂1 ⊆ P̂k+1 (Lemma 1)5. ∀k ≥ 0 : L̂2 ⊆ L̂k+2 (Lemma 2)6. ∀k > 0 : L̂2 ⊆ L̂k (Step 3 and 5)

L̂0 P̂0 L̂1 P̂1 L̂2 P̂2 L̂3 P̂3 L̂4 · · ·

Theorem

Lemma (1)

∀i , j : L̂i ⊆ L̂j ⇒ P̂i ⊇ P̂j

Lemma (2)

∀i , j : P̂i ⊆ P̂j ⇒ L̂i+1 ⊆ L̂j+1

Proof.

L̂0 P̂0 L̂1 P̂1 L̂2 P̂2 L̂3 P̂3 L̂4 · · ·

Theorem

Lemma (1)

∀i , j : L̂i ⊆ L̂j ⇒ P̂i ⊇ P̂j

Lemma (2)

∀i , j : P̂i ⊆ P̂j ⇒ L̂i+1 ⊆ L̂j+1

Proof.

L̂0 P̂0 L̂1 P̂1 L̂2 P̂2 L̂3 P̂3 L̂4 · · ·

Theorem

Lemma (1)

∀i , j : L̂i ⊆ L̂j ⇒ P̂i ⊇ P̂j

Lemma (2)

∀i , j : P̂i ⊆ P̂j ⇒ L̂i+1 ⊆ L̂j+1

Proof.

Outline

Interprocedural Analysis

No existing implementation of inter-procedural heap reference analysis

Soot has excellent API for data flow analysis - only intraprocedural

IFDS/IDE solver [Bodden, SOAP 2012]

f ({x , y , z}) = f ({x}) u f ({y}) u f ({z})Functions on 2D reduced to functions on DModelled as a graph reachability problemMain limitation: Requires distributive flow functionsNot suitable for many types of heap analysis

x = y .n

y o1 o2n

x = y .n

y o1 o2n

x = y .n

y o1 o2n

f ({x , y , z}) = f ({x}) u f ({y}) u f ({z})

Functions on 2D reduced to functions on DModelled as a graph reachability problemMain limitation: Requires distributive flow functionsNot suitable for many types of heap analysis

x = y .n

y o1 o2n

f ({x , y , z}) = f ({x}) u f ({y}) u f ({z})Functions on 2D reduced to functions on D

Modelled as a graph reachability problemMain limitation: Requires distributive flow functionsNot suitable for many types of heap analysis

x = y .n

y o1 o2n

f ({x , y , z}) = f ({x}) u f ({y}) u f ({z})Functions on 2D reduced to functions on DModelled as a graph reachability problem

Main limitation: Requires distributive flow functionsNot suitable for many types of heap analysis

x = y .n

y o1 o2n

f ({x , y , z}) = f ({x}) u f ({y}) u f ({z})Functions on 2D reduced to functions on DModelled as a graph reachability problemMain limitation: Requires distributive flow functions

Not suitable for many types of heap analysis

x = y .n

y o1 o2n

x = y .n

y o1 o2n

x = y .n

y o1 o2n

x = y .n

y o1 o2n

The most general and precise solutions:

Call Strings (maintain an abstract call stack) [Sharir & Pnueli, 1981]

Functional (flow functions for call statements) [Sharir & Pnueli, 1981]

Function composition methodTabulation method

Modified call-strings method [Khedker & Karkare, 2008]

Value-based termination of call string construction

Value contexts [Padhye & Khedker, 2013]

Reformulation of tabulation methodSuitable for bi-directional interleaved analysesCan map arbitrary call string to value context (dynamic optimizations)Context-sensitive data flow solution (specialization)

Reformulation of tabulation method

Suitable for bi-directional interleaved analysesCan map arbitrary call string to value context (dynamic optimizations)Context-sensitive data flow solution (specialization)

Reformulation of tabulation methodSuitable for bi-directional interleaved analyses

Can map arbitrary call string to value context (dynamic optimizations)Context-sensitive data flow solution (specialization)

Reformulation of tabulation methodSuitable for bi-directional interleaved analysesCan map arbitrary call string to value context (dynamic optimizations)

Context-sensitive data flow solution (specialization)

Value Contexts

Value contexts:

X = 〈method , entryValue〉exitValue(X )

Data Flow Analysis is performed using traditional work-list method

Work-list contains 〈context, node〉 pairs

Call-sites: Find value context X = 〈method , entryValue〉

Found: Re-use exitValue(X )Not found: Create new X and add all nodes to work-listRecord transition from this call-site to X

Exit-sites: Set exitValue(X ) and add callers to work-list

Value Contexts

Value contexts:

X = 〈method , entryValue〉

exitValue(X )

Value Contexts

Value contexts:

Value Contexts

Value contexts:

Value Contexts

Value contexts:

Value Contexts

Value contexts:

Value Contexts

Value contexts:

Call-sites: Find value context X = 〈method , entryValue〉Found: Re-use exitValue(X )

Not found: Create new X and add all nodes to work-listRecord transition from this call-site to X

Value Contexts

Value contexts:

Call-sites: Find value context X = 〈method , entryValue〉Found: Re-use exitValue(X )Not found: Create new X and add all nodes to work-list

Record transition from this call-site to X

Value Contexts

Value contexts:

Call-sites: Find value context X = 〈method , entryValue〉Found: Re-use exitValue(X )Not found: Create new X and add all nodes to work-listRecord transition from this call-site to X

Value Contexts

Value contexts:

Call-sites: Find value context X = 〈method , entryValue〉Found: Re-use exitValue(X )Not found: Create new X and add all nodes to work-listRecord transition from this call-site to X

Example - Sign Analysis

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Context Proc. Entry Exit

X0 main >X1 f a+b−

X2 g u+

X3 f a−b+

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >

X1 f a+b−

X2 g u+

X3 f a−b+

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >

X1 f a+b−

X2 g u+

X3 f a−b+

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >

X1 f a+b−

X2 g u+

X3 f a−b+

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >

X2 g u+

X3 f a−b+

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X2 g u+

X3 f a−b+

Value Contexts

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X2 g u+

X3 f a−b+

Value Contexts

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉

〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X2 g u+

X3 f a−b+

Value Contexts

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉

〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >X2 g u+ >

X3 f a−b+

Value Contexts

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉

〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >X2 g u+ >

X3 f a−b+

Value Contexts

X0 X1 X2

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉

〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >X2 g u+ >

X3 f a−b+

Value Contexts

X0 X1 X2

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉

〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >X2 g u+ >X3 f a−b+ >

Value Contexts

X0 X1 X2

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉

〈X3, a−b+〉

〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉

〈X1, a+b−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >X2 g u+ >X3 f a−b+ a−b+c−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >X2 g u+ >X3 f a−b+ a−b+c−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X3, a−b+〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− >X2 g u+ u+v−

X3 f a−b+ a−b+c−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X3, a−b+c−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+〉〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X3, a−b+c−〉〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > >X1 f a+b− a+b−c−

X2 g u+ u+v−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X2 g u+ u+v−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X2 g u+ u+v−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X2 g u+ u+v−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

main()

p = 5n1

q = f(p, -3)c1

r = g(-q)c4

exitn6

f(a, b)

if (...)n2

c = a * bn3 c = g(10)c2

return cn5

v = f(-u, u)c3

return vn6

〈X0,>〉

〈X0, p+〉

〈X0, p+q−〉

〈X0, p+q−r−〉

〈X1, a+b−〉〈X3, a−b+〉

〈X1, a+b−c−〉〈X3, a−b+c−〉

〈X2, u+〉

〈X2, u+v−〉

X0 main > p+q−r−

X1 f a+b− a+b−c−

X2 g u+ u+v−

Value Contexts

X0 X1 X2 X3

c1 c2 c3

Context Transitions

− 0 +

⊥Component

Lattice

Implementation Framework

Context<M,N,A>

+ getMethod(): M+ getEntryValue() : A+ getExitValue() : A+ getValueBefore(N) : A+ getValueAfter(N) : A

InterProceduralAnalysis<M,N,A>

+ topValue() : A+ boundaryValue(M) : A+ copy(A) : A+ meet(A,A) : A+ normalFlowFunction(Context<M,N,A>, N, A) : A+ callEntryFlowFunction(Context<M,N,A>, M, N, A) : A+ callExitFlowFunction(Context<M,N,A>, M, N, A) : A+ callLocalFlowFunction(Context<M,N,A>, N, A) : A+ programRepresentation() : ProgramRepresentation<M,N>+ doAnalysis() : void+ getContexts() : Map<M,List<Context<M,N,A>>>+ getMeetOverPathsSolution() : DataFlowSolution<M,N,A>

ForwardInterProceduralAnalysis<M,N,A>

+ doAnalysis() : void

BackwardInterProceduralAnalysis<M,N,A>

+ doAnalysis() : void

ProgramRepresentation<M,N>

+ getEntryPoints() : List<M>+ getControlFlowGraph(M) : DirectedGraph<N>+ isCall(N) : boolean+ resolveTargets(M, N) : List<M>

https://github.com/rohanpadhye/vasco

The Role of Call Graphs

Context-sensitivity only useful if call graph is precise

OOP: Use points-to analysis to resolve virtual calls

Imprecise points-to analysis ⇒ “spurious” edges

SPARK: Thousands of spurious edges even for small programs

e.g. Over 250 targets for x.hashCode() in HashSet

Affects efficiency and precision of interprocedural analysis

Points-to Analysis using Value Contexts

Flow and context-sensitive points-to analysis (FCPA)Context-sensitive call graph constructed on-the-fly

Flow and context-sensitive points-to analysis (FCPA)

Context-sensitive call graph constructed on-the-fly

Results of Points-To Analysis

Tested on 7 benchmarks from SPEC JVM98 and DaCapo 2006

Time to analyze: 1.15 sec (compress) to 697.4 sec (antlr)

Average contexts per method: 4.24 (mpegaudio) to 25.04 (jess)

Number of interprocedural paths in resulting call graph (for k = 10):

Over 96% less paths in FCPA over SPARK for 3 benchmarks62-92% less paths in FCPA over SPARK for remaining benchmarks

Over 96% less paths in FCPA over SPARK for 3 benchmarks

62-92% less paths in FCPA over SPARK for remaining benchmarks

Outline

Access Graphs for Garbage Collection

How to use access graphs for improving garbage collection?

1 Assign null to dead access paths.

Requires availability and anticipability analysis to prevent exceptions.Cannot nullify access paths that are not provably safe to dereference.The safety analyses themselves depend on alias information.Increase in code size and possible performance penalty.Redundant nullification of same reference from aliased access paths.

2 Augment garbage collector to traverse access graphs.

No need of safety analysis.Perfect alias information available at run-time.Difficult to map named variables and fields to run-time offsets.Optimizations after HRA (static or JIT) invalidate access graphs.

3 Dynamic heap pruning - a hybrid approach.

How to use access graphs for improving garbage collection?1 Assign null to dead access paths.

Requires availability and anticipability analysis to prevent exceptions.

Cannot nullify access paths that are not provably safe to dereference.The safety analyses themselves depend on alias information.Increase in code size and possible performance penalty.Redundant nullification of same reference from aliased access paths.

Requires availability and anticipability analysis to prevent exceptions.Cannot nullify access paths that are not provably safe to dereference.

The safety analyses themselves depend on alias information.Increase in code size and possible performance penalty.Redundant nullification of same reference from aliased access paths.

Requires availability and anticipability analysis to prevent exceptions.Cannot nullify access paths that are not provably safe to dereference.The safety analyses themselves depend on alias information.

Increase in code size and possible performance penalty.Redundant nullification of same reference from aliased access paths.

Requires availability and anticipability analysis to prevent exceptions.Cannot nullify access paths that are not provably safe to dereference.The safety analyses themselves depend on alias information.Increase in code size and possible performance penalty.

Redundant nullification of same reference from aliased access paths.

No need of safety analysis.

Perfect alias information available at run-time.Difficult to map named variables and fields to run-time offsets.Optimizations after HRA (static or JIT) invalidate access graphs.

No need of safety analysis.Perfect alias information available at run-time.

Difficult to map named variables and fields to run-time offsets.Optimizations after HRA (static or JIT) invalidate access graphs.

No need of safety analysis.Perfect alias information available at run-time.Difficult to map named variables and fields to run-time offsets.

Optimizations after HRA (static or JIT) invalidate access graphs.

Dynamic Heap Pruning

Manipulate the heap using a debugger!

1 Pause a running program when pruning has to be performed.2 For each frame on the call stack do:

1 Find the paused program point P using return address of next frame(or PC for top-of-stack).

2 Construct the call string σ using the sequence of return addresses fromthe bottom-of-stack.

3 Determine the value context X by traversing σ in the contexttransition graph.

4 Retrieve the access graphs for point P in context X .5 Traverse the access graphs from the root variables (stack locals) and

label heap objects with the set of accessor nodes that reach them.

3 For each labelled object in the heap do:

1 Find the set of live fields by looking at the edges out of every accessorthat reaches it.

2 Set the value of all other fields (which are dead) to null.

4 Resume the program. Let garbage collection run as normal.

1 Pause a running program when pruning has to be performed.

2 For each frame on the call stack do:

4 Retrieve the access graphs for point P in context X .

5 Traverse the access graphs from the root variables (stack locals) andlabel heap objects with the set of accessor nodes that reach them.

3 For each labelled object in the heap do:1 Find the set of live fields by looking at the edges out of every accessor

that reaches it.

that reaches it.2 Set the value of all other fields (which are dead) to null.

Outline

Summary

The following were the main contributions of this project:

1 A liveness-driven heap abstraction for precise alias analysis.

2 A generic access graph library implemented in Java.

3 A generic inter-procedural data flow analysis framework implementedin Java.

4 A flow- and context-sensitive points-to analysis implemented in Sootthat constructs precise call graphs.

5 A technique for performing dynamic heap pruning implemented usingthe Java Debug Interface (JDI).

Future Work

1 Implementation of an inter-procedural liveness-driven heap points-toanalysis.

2 Performance analysis of dynamic heap pruning on real benchmarks.

3 Shape analysis using accessor relationship graphs.

Interprocedural Heap Analysis using Access Graphs and ...rohanpadhye/files/mtp...Actual heap layout...

Documents

APEC PTIN Export Certification Workshopfscf-ptin.apec.org/docs/events/export-certificate-workshop/day-1/... · APEC PTIN Export Certification Workshop. ... #1 in global confectionery

SAT IPNT SPPIS PTIN€¦ · SAT IPNT SPPIS PTIN Pricing in effect until September 27, 2019 or while quantities last. Taxes and freight extra. Issue #SDS219071NA Prices are subject

Lecture 8 and 9: Trees and Heap Sort - COMS10007 - Algorithmspeople.cs.bris.ac.uk/.../slides/0809-heap-sort-no-pause.pdf · 2019. 2. 25. · Heap Sort (best of the two) O(n log n)

Bypassing the Maginot Line: Remotely Exploit the Hardware ... · •Reverse Engineering •Vulnerability and Exploitation. Mitigation Table Mitigation Status Heap ASLR N Heap Cookie

Heap Spray

Procedures on Heap - WordPress.com … · 28/06/2016 · Heap Sort Algorithm The heap sort algorithm starts by using procedure BUILD-HEAP to build a heap on the input array A[1

Franklin University 1 COMP 620 Algorithm Analysis Module 3: Advanced Data Structures Trees, Heap, Binomial Heap, Fibonacci Heap

Windows 8 Heap Internals final - Illmatics.comillmatics.com/Windows 8 Heap Internals (Slides).pdf · Windows 8 Heap Internals Why • Learn how the Heap Manager and Kernel Pool Allocator

Oracle Enterprise Manager 10g · The link Show Heap leads you to the Heap summary Page which breaks down the JVM heap usage by heap space and object type. The link Dump Heap to File

CSE 4080 PROJECT: SKEW HEAP, LEFTIST HEAP AND ALTERNATIVESaaw/Pourhashemi/Paper/Paper.pdf · 2007-05-02 · CSE 4080 PROJECT: SKEW HEAP, LEFTIST HEAP AND ALTERNATIVES Winter Term

Security and e-services-How to Protect Your EFIN, PTIN ......Security and e-services-How to Protect Your EFIN, PTIN, and CAF Number Diane Garibado: ... really bright up here on this

binary heaps d-ary heaps binomial heaps Fibonacci … › ~15750 › notes › binomial-heaps-slides.pdfBinary heap: heapify Theorem. Given n elements, can construct a binary heap

Windows Kernel Internals User-mode Heap Manager Heap Stats 0:006> !heap -s The process has the following heap extended settings 00000008: - Low Fragmentation Heap activated for all

Heap And Heap Sort

8 January 20161 Heap Sort CSE 2011 Winter 2011. 2 Heap Sort Consider a priority queue with n items implemented by means of a heap the space used is

1 CSC2100B Tutorial 7 Heap Heap Jianye Hao. 2 Heap Definition in Data Structure Definition in Data Structure Heap: A special form of complete binary tree

Heap Sortef

Heap Taichi : Exploiting Memory Allocation Granularity in Heap-Spraying Attacks

ad-heap: an Efficient Heap Data Structure for Asymmetric Multicore

More sorting algorithms: Heap sort & Radix sort. Heap Data Structure and Heap Sort (Chapter 7.6)