1 / 78

The alias calculus Bertrand Meyer ITMO Software Engineering Seminar June 2011

The alias calculus Bertrand Meyer ITMO Software Engineering Seminar June 2011. Claims. Theory: Theory of aliasing Loss of precision is small New concepts, in particular inverse variables Abstract, does not mention stack & heap Simple, implementable

amable
Télécharger la présentation

The alias calculus Bertrand Meyer ITMO Software Engineering Seminar June 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The alias calculusBertrand Meyer ITMO Software Engineering SeminarJune 2011

  2. Claims • Theory: • Theory of aliasing • Loss of precision is small • New concepts, in particular inverse variables • Abstract, does not mention stack & heap • Simple, implementable • Insights into the essence of object-oriented programming • Practice: • Alias calculus • Almost entirely automatic • Implemented

  3. Reference Steps Towards a Theory and Calculus of Aliasing International Journal of Software and Informatics July 2011 http://se.ethz.ch/~meyer/publications/aliasing/alias-revised.pdf

  4. The question under study e f • (If so, we say that e and f are aliased to each other, meaning potentially aliased.) Given expressions e and f (of reference types) and a program location p: Atp, can eandfever be attached to the same object?

  5. “Given” expressions only x a a • y may become aliased to: • x, x  a, x  a  a, x  a  a  aetc. • (infinite set of expressions!) a a Consider from y := x loop y := y  a end

  6. An example of alias analysis Consider two linked list structures known through x and y: x  right y item • Computing the alias relation shows that: • If x ≠ y, then no cell reachable from x ( or ) can be reached from y ( or ), and conversely • Without this assumption, such aliasing is possible

  7. Why alias analysis is important b -- c = c, i.e. True a ? set_a (c) x.set_a (c) Understand as x.a := c -- y.a = b -- y.a = b x -- x.a = c -- x.a = c y c 1. Without it, cannot apply standard proof techniques to programs involving pointers 2. Concurrent program analysis, in particular deadlock 3. Program optimization

  8. Basic notion A binary relation is an alias relationif it is symmetric andirreflexive Can alias x to y and y to z but not x to z Definition: Not necessarily transitive: ifcthen x := y else y := z end

  9. Formulae of interest The calculus defines, for any instruction p and any alias relation a,the value of a » p denoting: The aliasing relation resulting from executing pfrom an initial state in which the aliasing relation is a For an entire program: compute » p

  10. The programming language p, q, …: instructions x, y, …: variables • z := x y • x r … • Current • r do p end • call r • pn -- for integer n • loop p end E4: O-O E3: procedures • cut x, y E2:loops E1:cut E0:basic constructs Eiffel: x := Void Java etc.: x = null; • skip • create x • x := y • forget x • (p ; q) • then p else q end

  11. Describing an alias relation • Set of binary relations on E; formally: P(E x E) D Identity on E = Set difference {[x, y], [y, x], [y, z], [z, y]}  {[x, y], [y, x], [x, z], [z, x], [y, z], [z, y]} “Complete” alias relation • If r is a relation in E E, the following is an alias relation: r (r  r-1) ― Id [E] • Example: {[x, x], [x, y], [y, z]}= • Generalized to sets: • {x, y, z} =

  12. Canonical form & alias diagrams x, y, y, z, x, u, v {x, y}  { y, z}  {x, u, v} x , y y y y, z • An alias diagram: • (not canonical) y y x, u, v x x • Make it canonical: Canonical form of an alias relation: union of complete alias relations, e.g. , meaning None of the sets of expressionsis a subset of another

  13. Alias calculus for basic operations (E0) a deprived of all pairs involving x e.g.x, y, y, z, x, u, v \- {x, u} = y, z, u, v Override, see next a » skip = a a » (then p else q end )= (a » p)  (a » q) a » (p ; q) = (a » p) » q a » (forget x) = a \- {x} a » (create x) = a \- {x} a » (x := y) = a [x: y]

  14. The forgetrule y y x, x, a deprived of allpairs involving x y, z u, v x, x, a » (forget x)= a \- {x}

  15. The assignment rule (E0) a deprived of all pairs involving x  Symmetrize and de-reflect All pairs [x, u] where u is either aliased to y in b or y itself a » (x := y) = a [x: y] with: a [x: y] =given b = a \- {x} then b  ({x}  (b / y)) end

  16. Operations on alias relations  “Minus” Set of all expressions  “Quotient”, similar to equivalence class in equivalence relation For an alias relation a in E E, an expression x, and a set of expressions A E, the following are alias relations: r \– A = r — E x A a / y = {z: E | (z = y)  [y, z]  a}

  17. The assignment rule (E0) Value of a » (x := y) a deprived of all pairs involving x Symmetrize and de-reflect  All u aliased to yin b, plusy itself All pairs [x, u] where u is either aliased to y in b or y itself a [x: y] = given b = a \- {x} then b  ({x}  ( b / y )) end

  18. Assignment example 1 x , y , z x, u, v , z Before After z := x

  19. Assignment example 2 x x , y , y x, u, v Before After x := u

  20. Assignment example 3 x x , y , y x, z x, u, v x, Before After x := z

  21. The assignment rule (E0) Value of a » (x := y)  a [x: y] = given b = a \- {x} then b  ({x}  (b / y)) end

  22. The cut instruction E1:cut E0:basic constructs • E1 is E0 plus the instruction cut x, y • Semantics: remove aliasing, if any, between x and y

  23. Cut example 1 x x , y , y x, u, v Before After cut x, y

  24. Cut example 2 x , y x , v x, u, v x, Before After cut x, u

  25. Cut rule Set difference a » cut x, y = a ― x, y

  26. The role of cut Alias relation:  x, u, x, y x, u, z, x, y, z cut x, y; cut x, y informs the alias calculus with non-alias properties coming from other sources Example: ifm < n thenx := u elsex := y end m := m + 1 ifm < n thenz := x end But here x cannot be aliased to y (only to u). The alias theory does not know this property! To take advantage of it, add the instruction This expressionrepresents checkx /= y end (Eiffel) assertx != y ; (JML, Spec#)

  27. Introducing repetitions E2:loops E1:cut E0:basic constructs • E2 is E1 plus: • pn(for integer n): n executions of p (auxiliary notion) • loop p end : any sequence (incl. empty) of executions of p

  28. E2 alias calculus nN a » p0 = a a » pn+1 = (a » pn) » p -- For n  0 -- Also equal to (a » p) » pn a » (loop p end) = (a » pn)

  29. Loop aliasing theorem (1) • a » (loop p end) = (a » pn) nN n:0 N k:0 n For any a and p, there exists a constant NN such that a » (loop p end) = (a » pn) Proof : the sequence sn = (a » pk) is non-decreasing (with respect to inclusion) on a finite set More generally, for every construct p of E2, the function l a | (a » p) is non-decreasing

  30. Loop aliasing theorem (2) k:0 n • a » (looppend) is also the fixpoint of the sequence t0 = a tn+1 = tn(tn » p) • Gives a practical way to compute a » (looppend) Proof: by induction. If sn is original sequence (a » pn), prove separately sn tnand tn sn

  31. Introducing procedures: E3 E3: procedures • Alias calculus notations: • rdenotes body of r (i.e. ri = pi) • rdenotes formals of r (here f) E2:loops E1:cut E0:basic constructs • A program is now a sequence of procedure definitions (one designated as main): ri (f) do piend • Instructions: as before, plus call ri(a) • -- Procedure call

  32. Handling arguments i.e. formal1 :=actual1;… ; formaln:=actualn Generalize notation a [x: y]to lists: use • a [a: b] as abbreviation for • (…((a [a1:b1])[a2:b2]) …[an:bn] • For example: a [r : a] • The calculus will treat • callr (a) as • r := a ; call r • (With recursion, possible loss of precision)

  33. Call rule Body of r Formal arguments of r With arguments: • a » call r (v) = a[r: a] » r Without arguments: a » call r = a » r

  34. Using the call rule • a » call r (a) = a [r: a] » r • Because of recursion, no longer just definition but equation • For entire set of procedures P, this gives a vector equation a » P = AL (a » P) • Interpret as fixpoint equation and solve iteratively • (Fixpoint exists: increasing sequence on finite set)

  35. Object-oriented mechanisms: E4 E4: O-O E3: procedures E2:loops E1:cut E0:basic constructs • “General relativity”: • 1. Qualified expressions: x yCan be used as source (not target!) of assignments x := y z • 2. Qualified calls: callx r (v) • 3. Current

  36. Assignment (original rule) Value of a » (x := y) a deprived of all pairs involving x  All u aliased to yin b, plusy itself Example: x := y z All pairs [x, u] where u is either aliased to y in b or y itself This includes[x, y] ! a [x: y] = given b = a \- {x} then b  ({x}  (b / y) ) end

  37. Assigning a qualified expression • x := x y x y x x z x does not get aliased tox y! (only to any z that was aliased tox y) := x y

  38. Assignment rule revisited a deprived of all pairs involving x Value of a » (x := y) or an expression starting with x  Example: x := y z a [x: y] = given b = a \–{x} then b  ({x}  (b / y)) end

  39. Alias diagrams (E0 to E3) Value nodes Value nodes Value nodes Source node Single source node(represents stack) Each value node represents a set of possible run-time values Links: only from source tovalue nodes (will becomemore interesting with E4!) Edge label: set ofvariables; indicates theycan all be aliased to each other x , y y, z x, u, v

  40. Alias diagrams (E4) Value nodes Value nodes Object nodes Source node x y x x z Links may now exist between value nodes(now called object nodes) Cycles possible (see next) := x y

  41. New laws, inverse variables x Current= x Current x = x x’ x = Current x x’ = Current Current’ = Current

  42. New form of call: qualified In E4: call x  r (a, b, …)

  43. Distribution operator:  For a list a=<u, v, w, …>: x a = <xu, x  v, x  v, …> For a relation r in E E : x r = {[xu, x  v] | [u, v]  r} Example: x ( u, v, w, u, y ) = xu, x  v, xw, xu, x  y

  44. Handling arguments (unqualified call) a » call r (a) = a [r: a] » r

  45. Handling arguments: unqualified call Was written r a » callr (a) = a [ ` r: a] » callr )

  46. Handling arguments: qualified call Current x’ x target a » call x r (a) = a [ xr: a] » call x r) • Treat • call x r (v) as • x formals := a ; callx r

  47. Handling arguments: an example Current x’ x target Eiffel: x  r (a, b) With, in a class C: r (t: T ; u: U) Handled as: x  t := a x  u := b callx  r

  48. Without arguments: unqualified call rule Body of r a » call r = a » r

  49. Qualified call rule • Example: • d := c • x  r (d) • with • r (u: U) • do • v := u • end • Handled as: • d := c • call • with • r • do • v := u • end Current , d c x r x’ x u, v u := x’ d target Inverse variable a » call x r= x  ((x’ a) » r)

  50. The rule in action • d := c • call • with • r • do • v := u • end • Alias relation: Current c , d , d c, d x r Current • Prefix with x’ : x’ x’ x u, x’c, x’ d x v, x u := x’ c x’c, x’d u, x’ c, x’ d c, x d x v, u, x’ c, x’d x’c, x’d target • Prefix with x : u, c x x’c, d x v, c, x xv, xu, c, d x a » call x r= x  ((x’ a) » r)

More Related