talk-2018-11-uppsala/slides.tex

755 lines
24 KiB
TeX
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

% vim: spell spelllang=en
\documentclass[12pt,xcolor={usenames,dvipsnames}]{beamer}
\usetheme{Warsaw}
\usepackage[utf8]{inputenc}
\usepackage[english]{babel}
\usepackage[T1]{fontenc}
\usepackage{amsmath}
\usepackage{amsfonts}
\usepackage{amssymb}
\usepackage{booktabs}
\usepackage{makecell}
\usepackage{ifthen}
\usepackage{colortbl}
\usepackage{tabularx}
\usepackage{pifont}
\usepackage{multirow}
\usepackage[many]{tcolorbox}
\usepackage[absolute,overlay]{textpos}
\usetikzlibrary{arrows.meta,shapes}
\usepackage{texlib/my_listings}
\usepackage{texlib/specific}
\usepackage{texlib/common}
\usepackage{texlib/todo}
\usepackage{inconsolata}
\lstset{basicstyle=\footnotesize\ttfamily}
\renewcommand\theadalign{c}
\renewcommand\theadfont{\scriptsize\bfseries}
\setbeamertemplate{navigation symbols}{}
\setbeamertemplate{headline}{}
\newcommand{\cmark}{\color{OliveGreen}\ding{52}}
\newcommand{\xmark}{\color{BrickRed}\ding{56}}
%\let\tempone\itemize
%\let\temptwo\enditemize
%\renewenvironment{itemize}{\tempone\addtolength{\itemsep}{0.5\baselineskip}}{\temptwo}
\newcommand{\sectiontitleframe}{
\begin{frame}
\vfill
\centering
\begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title}
\usebeamerfont{title}\insertsectionhead\par%
\end{beamercolorbox}
\vfill
\end{frame}}
\lstdefinelanguage{gdb}{
morekeywords={gdb},
sensitive=false,
}
\lstdefinelanguage{cfiasm}{
morekeywords={cfi_startproc,cfi_def_cfa_offset,cfi_offset,cfi_def_cfa_register},
sensitive=false,
}
\newcommand{\thenalert}[1]{\only<1>{#1}\only<2>{\alert{#1}}}
\newcommand{\slidecountline}{
\ifthenelse{\theframenumber = 0}
{}
{\insertframenumber/\inserttotalframenumber}}
\setbeamertemplate{footline}
{
\leavevmode%
\hbox{%
\hskip0.9\paperwidth
%\begin{beamercolorbox}[wd=.4\paperwidth,ht=2.25ex,dp=1ex,center]{author in head/foot}%
% \usebeamerfont{author in head/foot}\insertshortauthor
%\end{beamercolorbox}%
\begin{beamercolorbox}[center, wd=.1\paperwidth,ht=2.25ex,dp=1ex,center]{title in head/foot}%
\slidecountline{}
\end{beamercolorbox}}%
\vskip0pt%
}
\setbeamercolor{block title}{use=structure,fg=white,bg=structure.fg!75!black}
\setbeamercolor{block title alerted}{use=alerted text,fg=white,bg=alerted
text.fg!75!black}
\setbeamercolor{block title example}{use=example text,fg=white,bg=example
text.fg!75!black}
%\setbeamertemplate{frametitle}{
% \leavevmode%
% \hbox{%
% \begin{beamercolorbox}[wd=\paperwidth,ht=2.25ex,dp=1ex,center]{title in head/foot}%
% \usebeamerfont{author in head/foot}\insertframetitle
% \end{beamercolorbox}%
% }
% \vskip0pt%
% %\color{black}\bfseries\insertframetitle\par\vskip-6pt\hrulefill
%}
\newcolumntype{b}{X}
\newcolumntype{s}{>{\hsize=.43\hsize}X}
\newcommand{\lstinl}
{\lstinline[language=C, keepspaces=true, basicstyle=\ttfamily]}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\title[] {Reliable and Fast DWARF-based Stack Unwinding}
\author[\slidecountline]{\alert{\textbf{Théophile Bastian}}\\
\textbf{Stephen Kell} \\
\textbf{Francesco Zappa Nardelli}}
\date{}
%\subject{}
%\logo{}
\institute{ENS Paris, University of Kent, Inria}
\begin{document}
\begin{frame}
\addtocounter{framenumber}{-1}
\titlepage{}
\vspace{-2em}
\begin{columns}
\begin{column}{0.55\textwidth}
\begin{tcolorbox}[halign=center, colframe=blue]
\textbf{Webpage} (incl. slides)
\smallskip
\vspace{0.5em}
{\small\url{https://huit.re/frdwarf}}\\
\vspace{0.5em}
\end{tcolorbox}
\end{column}
\begin{column}{0.55\textwidth}
\begin{tcolorbox}[colframe=blue]
\begin{center}\textbf{Funding}\end{center}
\vspace{-1em}
\smallskip
ONR VerticA \\
Google Research Fellowship
\end{tcolorbox}
\end{column}
\end{columns}
\begin{textblock*}{0.22\textwidth}[0.5,0](0.15\paperwidth,0.38\paperheight)%
\includegraphics[width=\linewidth]{img/stephen_circ.jpg}
\end{textblock*}
\begin{textblock*}{0.22\textwidth}[0.5,0](0.85\paperwidth,0.38\paperheight)%
\includegraphics[width=\linewidth]{img/fzn_circ.jpg}
\end{textblock*}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{DWARF and stack unwinding data}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Introduction}
\begin{frame}[fragile]{}
\begin{columns}[c]
\begin{column}{0.65\textwidth}
\begin{lstlisting}[basicstyle=\tt,language=gdb, numbers=none, escapechar=|]
$ ./a.out
Segmentation fault.
|\pause|(gdb) backtrace
#0 |0x54625| in fct_b
#1 |\color{blue}0x54663| in fct_a
#2 |\color{red}0x54674| in main
\end{lstlisting}
\pause{}
\begin{center}
\textbf{\Large How does it work?}
\end{center}
\end{column}
\begin{column}{0.35\textwidth}
\pause{}
\includegraphics[width=0.95\linewidth]{img/call_stack}
\end{column}
\end{columns}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Stack frames and unwinding}
\begin{frame}
\begin{columns}[c]
\begin{column}{0.65\textwidth}
\begin{center}
\large\bf
How do we get\\
the return address?
\vspace{2em}
\onslide<2>{What if we only have \reg{rsp}?}
\end{center}
\end{column}
\begin{column}{0.35\textwidth}
\includegraphics[width=0.95\linewidth]{img/call_stack}
\end{column}
\end{columns}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{DWARF tables}
\newcolumntype{a}{>{\columncolor{RedOrange}}l}
\begin{frame}{DWARF unwinding data}
\tt \footnotesize
\begin{center}
\begin{tabular}{
>{\columncolor{YellowGreen}}l
>{\columncolor{Thistle}}l
l l l l l l
>{\columncolor{Apricot}}l}
~PC & CFA & rbx & rbp & r12 & r13 & r14 & r15 & ra \\
0084950 & rsp+8 & u & u & u & u & u & u & c-8 \\
0084952 & rsp+16 & u & u & u & u & u & c-16 & c-8 \\
0084954 & rsp+24 & u & u & u & u & c-24 & c-16 & c-8 \\
0084956 & rsp+32 & u & u & u & c-32 & c-24 & c-16 & c-8 \\
0084958 & rsp+40 & u & u & c-40 & c-32 & c-24 & c-16 & c-8 \\
0084959 & rsp+48 & u & c-48 & c-40 & c-32 & c-24 & c-16 & c-8 \\
\rowcolor{Aquamarine} 008495a & rsp+56 & c-56 & c-48 & c-40 & c-32 & c-24 & c-16 & c-8 \\
0084962 & rsp+64 & c-56 & c-48 & c-40 & c-32 & c-24 & c-16 & c-8 \\
0084a19 & rsp+56 & c-56 & c-48 & c-40 & c-32 & c-24 & c-16 & c-8 \\
0084a1d & rsp+48 & c-56 & c-48 & c-40 & c-32 & c-24 & c-16 & c-8 \\
0084a1e & rsp+40 & c-56 & c-48 & c-40 & c-32 & c-24 & c-16 & c-8 \\
\end{tabular}
\end{center}
\only<1>{\vspace{19mm}}
\begin{columns}
\begin{column}{0.50\textwidth}
\onslide<2->{
\begin{tcolorbox}[enhanced, halign=center, frame hidden, colback=YellowGreen]
\textbf{For each instruction\ldots}\\
(identified by its program counter)
\end{tcolorbox}
}
\end{column}
\begin{column}{0.50\textwidth}
\onslide<3->{
\begin{tcolorbox}[enhanced, halign=center, frame hidden,
interior style={right color=Apricot, left color=Thistle}]
\textbf{\ldots{}an expression to compute its return address
location on the stack}
\end{tcolorbox}
}
\end{column}
\end{columns}
\end{frame}
\begin{frame}[t, fragile]{The real DWARF}
\begin{lstlisting}[numbers=none, language=]
30 24 34 FDE pc=004020..004040
DW_CFA_def_cfa_offset: 16
DW_CFA_advance_loc: 6 to 0000000000004026
DW_CFA_def_cfa_offset: 24
DW_CFA_advance_loc: 10 to 0000000000004030
DW_CFA_def_cfa_expression (DW_OP_breg7 (rsp): 8; DW_OP_breg16 (rip): 0; DW_OP_lit15; DW_OP_and; DW_OP_lit11; DW_OP_ge; DW_OP_lit3; DW_OP_shl; DW_OP_plus)
[...]
\end{lstlisting}
\pause{}
\vfill
\begin{itemize}
\bf
\item[\textbf{$\longrightarrow$}] \alert{bytecode} for a
\alert{Turing-complete stack machine}
\item[\textbf{$\longrightarrow$}] which is \alert{interpreted on
demand at runtime}\\to reconstruct the table
\end{itemize}
\end{frame}
\begin{frame}{What does this imply?}
Your compiler actually generates codes for \alert{two machines}:\\
your processor and the DWARF VM\@.
\vfill{}
\begin{columns}
\begin{column}{0.45\textwidth}
\begin{center}
\begin{tikzpicture}
\begin{scope}[every node/.style={rectangle,thick,draw,scale=0.95}]
\node (cmd) at (0, 3.0) {
\lstbash{\$ gcc -S foo.c}
};
\node (asm) at (0, 0) {
\lstinputlisting[numbers=none, language=cfiasm]{src/main_cfi.s}
};
\end{scope}
\begin{scope}[>={Stealth[black]},
every path/.style={draw=black,very thick}]
\path [->] (cmd) -- (asm);
\end{scope}
\end{tikzpicture}
%\vspace{0.2em}
\textbf{\lstc{.cfi_*}: \alert{inline DWARF!}}
\end{center}
\end{column}
\begin{column}{0.55\textwidth}
\begin{itemize}
\item[$\implies$] \alert{Cumbersome} to generate for the
\alert{compiler}
\begin{itemize}
\item[$\leadsto$] might do it wrong
\item[$\leadsto$] might not do it at all
\end{itemize}
\item[$\implies$] If you write \alert{inline asm}, \alert{you} must write
inline DWARF\@!
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\begin{frame}
\lstinputlisting[language=bash,numbers=none,basicstyle=\tt\fontsize{8pt}{9pt}\selectfont]{src/lowlevellock_dw_extr.c}
\only<2>{
\begin{textblock*}{0.60\textwidth}[0.5,0.5](0.5\paperwidth,0.5\paperheight)%
\begin{tcolorbox}[halign=center, colframe=OliveGreen, colback=YellowGreen]
In \prog{glibc}, \prog{lowlevellock.h}:
\alert{off by one error in unwinding data}.
\lstinputlisting[language=gdb,numbers=none]{src/lowlevellock_backtrace}
\end{tcolorbox}
\end{textblock*}
}
\only<3->{
\begin{textblock*}{0.90\textwidth}[0.5,0](0.5\paperwidth,0.10\paperheight)%
\begin{tcolorbox}[halign=center, colframe=red, colback=Lavender]
\bf \LARGE
Complex \,\& \,slow
\end{tcolorbox}
\end{textblock*}
}
\only<4->{
\begin{textblock*}{0.90\textwidth}[0.5,0](0.5\paperwidth,0.30\paperheight)%
\begin{tcolorbox}[halign=center, colframe=red, colback=Lavender]
\LARGE
\textbf{Pervasive:}\\ relied upon by profilers, debuggers,
aaand\ldots{}
\onslide<4->{
C++ exceptions. \\
\medskip{}
\textbf{$\leadsto$ not only for debuggers!}}
\end{tcolorbox}
\end{textblock*}
}
\end{frame}
\newcommand{\LinusMailOne}{
``Sorry, but last time was too f\dots painful. The whole (and
only) point of unwinders is to make debugging easy
when a bug occurs. But \alert{the dwarf unwinder had bugs}
itself, or \alert{our dwarf information had bugs}, and in either
case it actually turned several trivial bugs into a \alert{total
undebuggable hell}.''
}
\newcommand{\LinusMailTwo}{
``If you can \alert{mathematically prove that the unwinder is
correct} — even in the presence of bogus and actively
incorrect unwinding information — and never ever
follows a bad pointer, \alert{Ill reconsider}.''
}
\newcommand{\LinusSource}{
\hfill ---~Linus Torvalds, 2012
}
\begin{frame}
\begin{columns}
\begin{column}{0.75\textwidth}
\LinusMailOne{}
\end{column}
\begin{column}{0.25\textwidth}
\includegraphics[width=\textwidth]{img/roundtorvalds.png}
\end{column}
\end{columns}
\only<1-2>{
\vspace{1em}
\LinusSource{}
}
\vspace{1em}
\only<2>{
\begin{center}
\Large\bf
\alert{This is where we still are!}
\end{center}
}
\only<3>{
\LinusMailTwo{}
\vspace{1em}
\LinusSource{}
}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Correctness by construction:\\*\textbf{synthesis of unwinding tables}}
\sectiontitleframe{}
\newcommand{\tblrowval}[4]{#1 & #2 & \only<2->{#3} & \only<2->{#4} \\}
\newcommand{\blknote}[1]
{\begin{block}{}
\centering\large
#1
\end{block}}
\newcommand{\blklnote}[1]
{\begin{block}{}
\large
#1
\end{block}}
\newcommand{\tblhl}{\rowcolor{Tan}}
\begin{frame}
\newcommand{\firsttblrows}{
\tblrowval{\hspace{-2ex}<{\bf foo}>:}{}{\textbf{CFA}}{\textbf{ra}}
\rowonly<4>{\tblhl{}} \tblrowval{push}{\%r15}{rsp+8}{c-8}
\rowonly<5>{\tblhl{}} \tblrowval{push}{\%r14}{rsp+16}{c-8}
\rowonly<6>{\tblhl{}} \tblrowval{mov}{\$0x3,\%eax}{rsp+24}{c-8}
\rowonly<7>{\tblhl{}} \tblrowval{push}{\%r13}{rsp+24}{c-8}
\tblrowval{push}{\%r12}{rsp+32}{c-8}
\tblrowval{push}{\%rbp}{rsp+40}{c-8}
\tblrowval{push}{\%rbx}{rsp+48}{c-8}
\tblrowval{sub}{\$0x68,\%rsp}{rsp+56}{c-8}
}
{\only<3>{
\begin{textblock*}{\textwidth}[0.5,0.5](0.5\paperwidth,0.5\paperheight)%
\begin{tcolorbox}[halign=center, colframe=red, colback=Lavender]
\large
\alert{\bf Assumptions}
\vspace{0.6em}
\begin{itemize}
\item the compiler generated the unwinding data
\item we have a reliable DWARF interpreter
\end{itemize}
\end{tcolorbox}
\end{textblock*}
}}
\only<-9>{
\begin{table}
\ttfamily\large
\begin{tabularx}{0.9\linewidth}{
l
b
>{\columncolor{SkyBlue}}s
>{\columncolor{SkyBlue}}s
}
\firsttblrows{}%
\tblrowval{add}{\$0x68,\%rsp}{rsp+160}{c-8}
\tblrowval{pop}{\%rbx}{rsp+56}{c-8}
\end{tabularx}
\end{table}
\blknote{
\centering
\begin{overlayarea}{0.9\textwidth}{2.6em}
\only<4>{Upon function call, \alert{ra = *(\reg{rsp})}}
\only<5>{\texttt{push} decreases \reg{rsp} by 8: %
\alert{ra = *(\reg{rsp} + 8)}}
\only<6>{and again: %
\alert{ra = *(\reg{rsp} + 16)}}
\only<7>{This \texttt{mov} leaves \reg{rsp} untouched: \\%
\alert{ra = *(\reg{rsp} + 16)}}
\only<8>{The unwinding table captures an \alert{abstract execution}
of the code\ldots}
\only<9>{\ldots and thus is \alert{redundant with the binary}.}
\end{overlayarea}
}
}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Unwinding data synthesis from binaries}
\begin{frame}{Synthesis strategy}
\begin{itemize}
\item Upon entering a function, we know
\[ \cfa = \reg{rsp} - 8
\qquad \ra = \cfa + 8 \]
\item The semantics of each instruction specifies \alert{how it changes
the \cfa}.
\begin{itemize}
\item Heuristic to decide whether we index with \reg{rbp} or
\reg{rsp}
\end{itemize}
\item With a \alert{symbolic execution} with an abstract semantics,\\
we can \alert{synthesize the
unwinding table} line by line.
\item Control flow: forward data-flow analysis
\item The fixpoints are immediate, cf article
\end{itemize}
\vspace{1em}
\begin{tcolorbox}[halign=center, colframe=OliveGreen, colback=YellowGreen]
\large
Implemented on top of CMU's \prog{BAP}
\end{tcolorbox}
\end{frame}
\begin{frame}{}
\vfill
\centering
\begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title}
\Large
Demo time!
\end{beamercolorbox}
\vfill
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Unwinding data compilation}
\begin{frame}
\begin{center}
\Huge
Unwinding data is
\textsc{slo\pause{}o\pause{}o\pause{}o\pause{}o\pause{}o\pause{}o\pause{}o\pause{}w}.
\end{center}
\vspace{2em}
\pause{}
So much that \prog{perf} cannot unwind online!
It must \alert{copy to disk the whole call stack} every few instants and
\alert{analyze it later} at report time!
\end{frame}
\sectiontitleframe{}
\subsection{Compilation ahead-of-time}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[shrink]
\vspace{0.5cm}
\begin{tikzpicture}
\begin{scope}[every node/.style={rectangle,thick,draw,scale=0.95}]
\node (dwarf) at (0, 0) {
\lstinputlisting[basicstyle=\tiny\tt,numbers=none,language=]{src/dw_plt_abbr}
};
\onslide<2->{
\node (table) at (0.5\textwidth, -0.23\textheight) {
\tiny\tt
\begin{tabular}{
>{\columncolor{YellowGreen}}l
>{\columncolor{Thistle}}l
l l
>{\columncolor{Apricot}}l}
~PC & CFA & rbx & rbp & ra \\
0084950 & rsp+8 & u & u & c-8 \\
0084952 & rsp+16 & u & u & c-8 \\
0084954 & rsp+24 & u & u & c-8 \\
0084956 & rsp+32 & u & u & c-8 \\
\end{tabular}
};
}
\onslide<3->{
\node (csrc) at (0, -0.6\textheight) {
\lstinputlisting[basicstyle=\tiny,numbers=none,language=C]{src/fib7/fib7.eh_elf_basic.c}
};
\node (ehelf) at (0.55\textwidth, -0.75\textheight) {
ELF file:
``\ehelf{}''
};
}
\end{scope}
\begin{scope}[>={Stealth[black]},
every node/.style={fill=white,rectangle},
every path/.style={draw=black,very thick}]
\only<2->{\path [->] (dwarf) -| node {runtime} (table);}
\only<3->{
\path [->] (dwarf) edge node {ahead of time} (csrc);
\path [->] (csrc) -| node {gcc, AoT} (ehelf);
}
\end{scope}
\end{tikzpicture}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\begin{itemize}
\item \alert{libunwind}: most common library for
unwinding
\bigskip{}
\item \alert{\texttt{libunwind-eh\_elf}}: modified version to support
\ehelfs{}
\item[$\leadsto$] Same API, almost \alert{``relink-and-play''} for existing projects!
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Results}
\begin{frame}{Performances}
\begin{center}
\Large\bf Unwinding speedup vs.\ libunwind:
\begin{tabular}{rl}
\alert{x15} &on \prog{\tt{}perf gzip}\\
\alert{x25} &on \prog{\tt{}perf hackbench}\\
\end{tabular}
\end{center}
\vfill
\begin{center}
\Large\bf Space overhead vs. DWARF:\\
\alert{x2.6 -- x3}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section*{Conclusion}
\setcounter{section}{0}
\begin{frame}{}
\vfill
\centering
\begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title}
\Large
What's next?
\end{beamercolorbox}
\vfill
\end{frame}
\begin{frame}{}
\begin{itemize}
\item{} Synthesis + compare = verification of unwinding data!
\item{} Integrate synthesis into compilers \& debuggers\\
$\rightarrow$ support for inline assembly, fallback method, \ldots
\item{} Integrate into \prog{perf} for online unwinding
\item{} Probably many more cool projects!
\end{itemize}
\vspace{1em}
\begin{center}
Come and chat if interested! \texttt{:)}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section*{Extra slides}
\begin{frame}[noframenumbering]
\end{frame}
\begin{frame}[noframenumbering]{Fixpoint upon control flow merge}
\begin{columns}
\begin{column}{0.3\textwidth}
\begin{tikzpicture}
\begin{scope}[every node/.style={rectangle,thick,draw,scale=0.95}]
\node (if) at (0, 5) {\lstbash{if cnd}};
\node (then) at (-1, 3) { \lstbash{then A} };
\node (else) at (1, 3) { \lstbash{else B} };
\node (after) at (0, 1) { \lstbash{C} };
\end{scope}
\node [circle, thick, draw, minimum size=3em, color=red] (circafter) at (0, 1) {};
\begin{scope}[>={Stealth[black]}, every path/.style={draw=black,very thick}]
\path [->] (if) -- (then);
\path [->] (if) -- (else);
\path [->] (then) -- (after);
\path [->] (else) -- (after);
\end{scope}
\end{tikzpicture}
\end{column}
\begin{column}{0.6\textwidth}
\begin{center}
If eg.
\[
CFA(A) = c-48 \qquad CFA(B) = c-52
\]
no possible unwinding data for C, \alert{even for the
compiler}!
\vspace{1em}
Also, \alert{no possible clean function postlude}!
\vspace{2em}
$\implies$ $CFA(A) = CFA(B)$ and merge is immediate
\end{center}
\end{column}
\end{columns}
\end{frame}
\begin{frame}[noframenumbering]{Fixpoint upon loop control flow merge}
\begin{columns}
\begin{column}{0.3\textwidth}
\begin{tikzpicture}
\begin{scope}[every node/.style={rectangle,thick,draw,scale=0.95}]
\node (inbound) at (0, 7) {\lstbash{A}};
\node (while) at (0, 5) {\lstbash{for i in ...}};
\node (do) at (0, 3) { \lstbash{do a = array[i]; B} };
\node (done) at (0, 1) { \lstbash{C} };
\end{scope}
\node [ellipse, thick, draw, minimum width=10em, minimum height=3em, color=red] (circafter) at (0, 3) {};
\begin{scope}[>={Stealth[black]}, every path/.style={draw=black,very thick}]
\path [->] (inbound) -- (while);
\path [->] (while) edge[bend right] (do);
\path [->] (do) -- (done);
\path [->] (do) edge[bend right] (while);
\end{scope}
\end{tikzpicture}
\end{column}
\begin{column}{0.6\textwidth}
\begin{center}
{\large\alert{Variable stack frame size!}}
\vspace{1em}
We cannot hope for a simple invariant\dots\\
but the compiler cannot
either.
\vspace{1em}
{
\large\alert{$\implies$} the compiler will\\
\alert{fallback to \reg{rbp}}\\
}
even with \lstbash{--fomit-frame-pointer}
\end{center}
\end{column}
\end{columns}
\end{frame}
\end{document}