1 / 50

A Semantics for Procedure Local Heaps and its Abstractions

Noam Rinetzky Tel Aviv University. A Semantics for Procedure Local Heaps and its Abstractions. Noam Rinetzky Tel Aviv University. www.cs.tau.ac.il/~maon. Joint work with. Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University

norm
Télécharger la présentation

A Semantics for Procedure Local Heaps and its Abstractions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Noam Rinetzky Tel Aviv University A Semantics for Procedure Local Heapsand its Abstractions Noam Rinetzky Tel Aviv University www.cs.tau.ac.il/~maon Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes

  2. Motivation • Interprocedural shape analysis • Conservative static pointer analysis • Heap intensive programs • Imperative programs with procedures • Recursive data structures • Goals • Precision • Efficiency

  3. x x X X y g t Main idea • Procedures as local heap transformers call p(x); y g t

  4. Main Results • Concrete operational semantics • Large step • Functional analysis • Storeless • Shape abstractions • Local heap • Observationally equivalent to “standard” semantics • Java and “clean” C • Abstractions • Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02] • May-alias [Deutsch, PLDI ‘94] • …

  5. Outline • Motivating example • Why semantics • Localized Heap Storeless Semantics • Shape abstraction

  6. n n t n n q q n n n n p x n n n t t r r n n n n n n Example static List reverse(List t) { } static void main() { } … p List x = reverse(p); List y = reverse(q); List z = reverse(x); return r;

  7. n n n n t t n n n n p p x x n n n n n q y t t r r n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); q List y = reverse(q); List z = reverse(x); return r;

  8. n t t n n p n t n p p x x n n n n n n n n q x q y y z t t r r n n n n n n n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); List y = reverse(q); List z = reverse(x); return r;

  9. Cutpoints • Separatingobjects • Not pointed-to by a parameter

  10. n n n n n Cutpoints • Separatingobjects • Not pointed-to by a parameter proc(x) n p x Stack sharing

  11. n n n n n n n Cutpoints • Separatingobjects • Not pointed-to by a parameter proc(x) proc(x) n n n n n x p x n n y Stack sharing Heap sharing

  12. n n n n n n n n t t t t p x p n n n n n n y q q n y n n x y q n n n n p q Sharing patterns

  13. t p n n n p x n n n n n n q z q x y y r r t t n n n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); List y = reverse(q); n n n p x List z = reverse(x); return r;

  14. Outline • Motivating example • Why semantics • Localized Heap Storeless Semantics • Shape abstraction

  15. Operational semantics   Abstract transformer Abstract Interpretation[Cousot and Cousot, POPL ’77]

  16. Operational semantics Abstract transformer ’ ’ Introducing local heap semantics ~ Part I Local heap Operational semantics Part II

  17. Outline • Motivating example • Why semantics • LSL: Localized Heap Storeless Semantics • Shape abstraction

  18. Programming model • Single threaded • Procedures • Value parameters • Recursion • Heap • Recursive data structures • Destructive update • No explicit addressing (&, cast)

  19. Simplifying assumptions • No primitive values (reference only) • No globals • Formals not modified

  20. Object  address Memory state: Object: FieldIdAddress Heap: AddressObject Natural Addresses do not affect shape 0x10 n n 0x12 0x12 0x11 0x12 n 0x14 0x0 0x13 0x14 n 0x0 0x10 0x15 … … x0x10 x0x14 x Store-based semantics ~

  21. y.n.n x.n.n y x x.n y.n n n n n y x x n n y x.n.n y.n.n x y x.n y.n Storeless semantics • No addresses • Memory state: • Object: 2Access paths • Heap: 2Object • Alias analysis y=x x=null

  22. n n n t n n n t z z.n z.n.n x z.n.n.n x t.n.n.n t.n.n t.n t z n n n n n n n q q y.n.n y.n.n y.n y.n y y y y t n n n r r.n r.n.n t r.n.n.n t n n n r r.n r.n.n t r.n.n.n r r Example static void main() { } static List reverse(List t) { return r; } List x = reverse(p); List y = reverse(q); t.n.n.n t.n.n t.n t n n n x.n.n.n p x.n.n x.n x p x List z = reverse(x); p?

  23. n n n p L L t t n p z p.n z.n p.n.n z.n.n x p.n.n.n z.n.n.n n n x t.n.n.n L t.n.n t.n t z n n n n n n n q q y.n.n y.n.n y.n y.n y y y y L t n n n L r L.n r.n L.n.n r.n.n t L.n.n.n r.n.n.n L t n n n L r L.n r.n L.n.n r.n.n t L.n.n.n r.n.n.n r r Example static void main() { } static List reverse(List t) { return r; } List x = reverse(p); List y = reverse(q); t.n.n.n L t.n.n t.n t n n n x.n.n.n p x.n.n x.n x p x List z = reverse(x);

  24. Cutpoint labels • Relate pre-state with post-state • Additional roots • Mark cutpoints at and throughout an invocation

  25. Cutpoint labels • Cutpoint label: the set of access paths that point to a cutpoint • when the invoked procedure starts t.n.n.n L t.n.n t.n t t L L  {t.n.n.n}

  26. L L t t n n n n n n t.n.n.n L t.n.n.n L t.n.n t.n.n t.n t.n t t Sharing patterns • Cutpoint labels encode sharing patterns n n w.n w w p Stack sharing Heap sharing L  {t.n.n.n}

  27. { r ,{t.n.n.n}}, {r.n, {t.n.n.n}.n}, , {t.n.n.n} {r.n, {t.n.n.n}.n.n}, { t, r.n.n.n, {t.n.n.n}.n.n.n} L={h.n.n.n} r n n n r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L Memory states L = CPL,A

  28. Formal semantics Ordinary statements

  29. Procedure call semantics

  30. Observational equivalence • L  L (Local-heap Storeless Semantics) • G  G (Global-heap Store-based Semantics) L and Gobservationally equivalent when for every access paths ,    =  (L)   =  (G)

  31. Main theorem: semantics equivalence • L  L (Local-heap Storeless Semantics) • G  G (Global-heap Store-based Semantics) • L and G observationally equivalent st,L  Lst,G  G LSL GSB L and L areobservationally equivalent

  32. Corollaries • Preservation of invariants •  =  • Detection of memory leaks

  33. Application • Justify soundness of static analysis • May-alias analysis [TAU-TR-26/04] • Shape Analysis

  34. Outline • Motivating example • Why semantics • LSL: Localized Heap Storeless Semantics • Shape abstraction

  35. Shape Abstraction • Shape descriptorsrepresent unbounded memory states • Conservatively • Bounded way

  36. AShape abstraction L={t.n.n.n} r n n n r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L

  37. r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n AShape abstraction L=* r n n n t L

  38. AShape abstraction L=* n r n n t L

  39. AShape abstraction L={t.n.n.n} n n n r r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L L=* n r n n t L

  40. AShape abstraction L1={h.n} L2={h.n.n} L1 L2 n n n r L1 r.n L2, L1.n, r.n.n t, L2.n, L1.n.n, r.n.n.n t L=* n L r n n t

  41. Application (joint work with Eran Yahav) • A framework shape analysis using local heaps • Parametric abstraction • Local heap (lists, trees, …) • Sharing patterns

  42. Application • Single threaded Java programs • Properties proved • Absence of null derferences • Listness preservation • API conformance • Recursive  Iterative • Procedural abstraction

  43. Procedural abstraction

  44. Recursion vs. Iteration

  45. static void main() { List p = create(4); List q = create(3); List x = reverse(p); List y = reverse(q); List z = reverse(x); } class List { int d; List n; static List reverse(List t) { if (t == null || t.n == null) return t; List tn = t.n; t.n = null; List r = reverse(tn); tn.n = t; return r; } Demo

  46. Related work • Storeless semantics • Jonkers, Algorithmic Languages ‘81 • Deutsch, ICCL ‘92

  47. Related work • Interprocedural shape analysis • Rinetzky and Sagiv, CC ’01 • Global heap • Jeannet et al., SAS ’04 • Local heap, relational • Chong and Rugina, SAS ’03 • Local heap • Hackett and Rugina, POPL ’05 • Staged analysis

  48. Related work • Local reasoning • Ishtiaq and O’Hearn, POPL ‘01 • Reynolds, LICS ’02

  49. Summary • Operational semantics • Storeless • Local heap • Cutpoints • Equivalence theorem • Applications • Shape analysis • May-alias analysis

  50. End A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm AVACS Technical Report 1 Interprocedural functional shape analysis using local heaps Noam Rinetzky, Mooly Sagiv, and Eran Yahav School of Computer Science, Tel Aviv University, Technical Report 26/04 www.cs.tau.ac.il/~maon

More Related