Recovering memory access patterns of executable programs
Pages 440 - 456
Abstract
This paper deals with the binary analysis of executable programs, with the goal of understanding how they access memory. It explains how to statically build a formal model of all memory accesses. Starting with a control flow graph of each procedure, well-known techniques are used to structure this graph into a hierarchy of loops in all cases. The paper shows that much more information can be extracted by performing a complete data-flow analysis over machine registers after the program has been put in static single assignment (SSA) form. By using the SSA form, registers used in addressing memory can be symbolically expressed in terms of other previously set registers. By including the loop structures in the analysis, loop indices and trip counts can also often be expressed symbolically. The whole process produces a formal model made of loops where memory accesses are linear expressions of loop counters and registers. The paper provides a quantitative evaluation of the results when applied to several dozens of SPEC benchmark programs. Because static analysis has no access to input data, the paper ends by describing a lightweight instrumentation strategy that collects at run time enough information to rebuild an exact trace. The section on applications also describes how the techniques developed in this paper can be used to perform automatic parallelization of binary code. Highlights We show how to parse binary programs and build a formal model of how they use memory. The paper focuses on loops and access functions. It explains how to obtain linear access functions, and loops with linear bounds. The efficacy of the approach is evaluated on almost 40 benchmark programs. One immediate application is the optimization of memory tracing. We also describe some applications to automatic parallelization of binary code.
References
[1]
W. Amme, P. Braun, E. Zehendner, F. Thomasset, Data dependence analysis of assembly code, in: Parallel Architectures and Compilation Techniques, 1998, Oct 1998, pp. 340-347.
[2]
A.W. Appel, M. Ginsburg, Modern Compiler Implementation in C, Cambridge University Press, 2004.
[3]
G. Balakrishnan, T. Reps, Analyzing memory accesses in x86 executables, in: Proceedings of the 13th International Conference, Compiler Construction 2004, Springer-Verlag, 2004, pp. 5-23.
[4]
U. Bondhugula, A. Hartono, J. Ramanujam, P. Sadayappan, A practical automatic polyhedral parallelizer and locality optimizer, SIGPLAN Notices, 43 (2008) 101-113.
[5]
C. Cifuentes, A. Fraboulet, Intraprocedural static slicing of binary executables, in: IEEE International Conference on Software Maintenance, 1997, p. 188.
[6]
R. Cytron, J. Ferrante, B.K. Rosen, M.N. Wegman, F.K. Zadeck, Efficiently computing static single assignment form and the control dependence graph, ACM TOPLAS, 13 (1991) 451-490.
[7]
P. Feautrier, Parametric integer programming, RAIRO Recherche Opérationnelle, 22 (1988).
[8]
M.P. Gerlek, E. Stoltz, M. Wolfe, Beyond induction variables: detecting and classifying sequences using a demand-driven ssa form, ACM TOPLAS, 17 (1995) 85-122.
[9]
P. Havlak, Nesting of reducible and irreducible loops, ACM TOPLAS, 19 (1997) 557-567.
[10]
Intel Corp. Intel 64 and IA-32 architectures software developer's manual, 2009. http://www.intel.com.
[11]
J. Janssen, H. Corporaal, Making graphs reducible with controlled node splitting, ACM TOPLAS, 19 (1997) 1031-1052.
[12]
K. Kennedy, J.R. Allen, Optimizing Compilers for Modern Architectures: A Dependence-Based Approach, Morgan Kaufmann Publishers Inc, San Francisco, CA, USA, 2002.
[13]
A. Ketterlin, Ph. Clauss, Efficient memory tracing by program skeletonization, in: Proceedings of the IEEE International Symposium on Performance Analysis of Systems and Software, IEEE Computer Society, Washington, DC, USA, 2011, pp. 97-106.
[14]
J. Larus, Efficient program tracing, Computer, 26 (1993) 52-61.
[15]
T. Lengauer, R.E. Tarjan, A fast algorithm for finding dominators in a flowgraph, ACM TOPLAS, 1 (1979) 121-141.
[16]
C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, K. Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation, in: PLDI'05, ACM, New York, NY, USA, 2005, pp. 190-200.
[17]
T. Moseley, D.A. Connors, D. Grunwald, R. Peri, Identifying potential parallelism via loop-centric profiling, in: CF'07, ACM, New York, NY, USA, 2007, pp. 143-152.
[18]
T. Moseley, A. Shye, V.J. Reddi, D. Grunwald, R. Peri, Shadow profiling: hiding instrumentation costs with parallelism, in: CGO'07, IEEE Computer Society, Washington, DC, USA, 2007, pp. 198-208.
[19]
S. Muchnick, Advanced Compiler Design and Implementation, Morgan Kaufmann, 1997.
[20]
B. Pradelle, A. Ketterlin, Ph. Clauss, Polyhedral parallelization of binary code, ACM Transactions on Architecture and Code Optimization (TACO), 8 (2012) 39:1-39:21.
[21]
W. Pugh, D. Wonnacott, Constraint-based array dependence analysis, ACM TOPLAS, 20 (1998) 635-678.
[22]
G. Ramalingam, On loops, dominators, and dominance frontier, in: PLDI'00, ACM, New York, NY, USA, 2000, pp. 233-241.
[23]
G. Ramalingam, J. Field, F. Tip, Aggregate structure identification and its application to program analysis, in: POPL'99, ACM, New York, NY, USA, 1999, pp. 119-132.
[24]
B. Scholz, C. Zhang, C. Cifuentes, User-input dependence analysis via graph reachability, in: SCAM'08, 2008, pp. 25-34.
[25]
The Standard Performance Evaluation Corporation (SPEC). The spec OpenMP and SPEC CPU2006 benchmark suites, 2009. http://www.spec.org.
[26]
S. Unger, F. Mueller, Handling irreducible loops: optimized node splitting versus DJ-graphs, ACM TOPLAS, 24 (2002) 299-333.
[27]
M.J. Wolfe, High Performance Compilers for Parallel Computing, Addison-Wesley Longman Publishing Co., Inc, Boston, MA, USA, 1995.
- Recovering memory access patterns of executable programs
Recommendations
Recovering the Memory Behavior of Executable Programs
SCAM '10: Proceedings of the 2010 10th IEEE Working Conference on Source Code Analysis and ManipulationThis paper deals with the binary analysis of executable programs, with the goal of understanding how they access memory. It explains how to statically build a formal model of all memory accesses. Starting with a control-flow graph of each procedure, ...
Parallel-stage decoupled software pipelining
CGO '08: Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimizationIn recent years, the microprocessor industry has embraced chip multiprocessors (CMPs), also known as multi-core architectures, as the dominant design paradigm. For existing and new applications to make effective use of CMPs, it is desirable that ...
On the automatic parallelization of subscripted subscript patterns using array property analysis
ICS '21: Proceedings of the 35th ACM International Conference on SupercomputingParallelizing loops with subscripted subscript patterns at compile-time has long been a challenge for automatic parallelizers. In the class of irregular applications that we have analyzed, the presence of subscripted subscript patterns was one of the ...
Comments
Information & Contributors
Information
Published In
Copyright © Elsevier B.V.
Publisher
Elsevier North-Holland, Inc.
United States
Publication History
Published: 01 February 2014
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 12 Feb 2025