500 likes | 626 Vues
Noam Rinetzky Tel Aviv University. A Semantics for Procedure Local Heaps and its Abstractions. Noam Rinetzky Tel Aviv University. www.cs.tau.ac.il/~maon. Joint work with. Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University
E N D
Noam Rinetzky Tel Aviv University A Semantics for Procedure Local Heapsand its Abstractions Noam Rinetzky Tel Aviv University www.cs.tau.ac.il/~maon Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes
Motivation • Interprocedural shape analysis • Conservative static pointer analysis • Heap intensive programs • Imperative programs with procedures • Recursive data structures • Goals • Precision • Efficiency
x x X X y g t Main idea • Procedures as local heap transformers call p(x); y g t
Main Results • Concrete operational semantics • Large step • Functional analysis • Storeless • Shape abstractions • Local heap • Observationally equivalent to “standard” semantics • Java and “clean” C • Abstractions • Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02] • May-alias [Deutsch, PLDI ‘94] • …
Outline • Motivating example • Why semantics • Localized Heap Storeless Semantics • Shape abstraction
n n t n n q q n n n n p x n n n t t r r n n n n n n Example static List reverse(List t) { } static void main() { } … p List x = reverse(p); List y = reverse(q); List z = reverse(x); return r;
n n n n t t n n n n p p x x n n n n n q y t t r r n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); q List y = reverse(q); List z = reverse(x); return r;
n t t n n p n t n p p x x n n n n n n n n q x q y y z t t r r n n n n n n n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); List y = reverse(q); List z = reverse(x); return r;
Cutpoints • Separatingobjects • Not pointed-to by a parameter
n n n n n Cutpoints • Separatingobjects • Not pointed-to by a parameter proc(x) n p x Stack sharing
n n n n n n n Cutpoints • Separatingobjects • Not pointed-to by a parameter proc(x) proc(x) n n n n n x p x n n y Stack sharing Heap sharing
n n n n n n n n t t t t p x p n n n n n n y q q n y n n x y q n n n n p q Sharing patterns
t p n n n p x n n n n n n q z q x y y r r t t n n n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); List y = reverse(q); n n n p x List z = reverse(x); return r;
Outline • Motivating example • Why semantics • Localized Heap Storeless Semantics • Shape abstraction
Operational semantics Abstract transformer Abstract Interpretation[Cousot and Cousot, POPL ’77]
Operational semantics Abstract transformer ’ ’ Introducing local heap semantics ~ Part I Local heap Operational semantics Part II
Outline • Motivating example • Why semantics • LSL: Localized Heap Storeless Semantics • Shape abstraction
Programming model • Single threaded • Procedures • Value parameters • Recursion • Heap • Recursive data structures • Destructive update • No explicit addressing (&, cast)
Simplifying assumptions • No primitive values (reference only) • No globals • Formals not modified
Object address Memory state: Object: FieldIdAddress Heap: AddressObject Natural Addresses do not affect shape 0x10 n n 0x12 0x12 0x11 0x12 n 0x14 0x0 0x13 0x14 n 0x0 0x10 0x15 … … x0x10 x0x14 x Store-based semantics ~
y.n.n x.n.n y x x.n y.n n n n n y x x n n y x.n.n y.n.n x y x.n y.n Storeless semantics • No addresses • Memory state: • Object: 2Access paths • Heap: 2Object • Alias analysis y=x x=null
n n n t n n n t z z.n z.n.n x z.n.n.n x t.n.n.n t.n.n t.n t z n n n n n n n q q y.n.n y.n.n y.n y.n y y y y t n n n r r.n r.n.n t r.n.n.n t n n n r r.n r.n.n t r.n.n.n r r Example static void main() { } static List reverse(List t) { return r; } List x = reverse(p); List y = reverse(q); t.n.n.n t.n.n t.n t n n n x.n.n.n p x.n.n x.n x p x List z = reverse(x); p?
n n n p L L t t n p z p.n z.n p.n.n z.n.n x p.n.n.n z.n.n.n n n x t.n.n.n L t.n.n t.n t z n n n n n n n q q y.n.n y.n.n y.n y.n y y y y L t n n n L r L.n r.n L.n.n r.n.n t L.n.n.n r.n.n.n L t n n n L r L.n r.n L.n.n r.n.n t L.n.n.n r.n.n.n r r Example static void main() { } static List reverse(List t) { return r; } List x = reverse(p); List y = reverse(q); t.n.n.n L t.n.n t.n t n n n x.n.n.n p x.n.n x.n x p x List z = reverse(x);
Cutpoint labels • Relate pre-state with post-state • Additional roots • Mark cutpoints at and throughout an invocation
Cutpoint labels • Cutpoint label: the set of access paths that point to a cutpoint • when the invoked procedure starts t.n.n.n L t.n.n t.n t t L L {t.n.n.n}
L L t t n n n n n n t.n.n.n L t.n.n.n L t.n.n t.n.n t.n t.n t t Sharing patterns • Cutpoint labels encode sharing patterns n n w.n w w p Stack sharing Heap sharing L {t.n.n.n}
{ r ,{t.n.n.n}}, {r.n, {t.n.n.n}.n}, , {t.n.n.n} {r.n, {t.n.n.n}.n.n}, { t, r.n.n.n, {t.n.n.n}.n.n.n} L={h.n.n.n} r n n n r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L Memory states L = CPL,A
Observational equivalence • L L (Local-heap Storeless Semantics) • G G (Global-heap Store-based Semantics) L and Gobservationally equivalent when for every access paths , = (L) = (G)
Main theorem: semantics equivalence • L L (Local-heap Storeless Semantics) • G G (Global-heap Store-based Semantics) • L and G observationally equivalent st,L Lst,G G LSL GSB L and L areobservationally equivalent
Corollaries • Preservation of invariants • = • Detection of memory leaks
Application • Justify soundness of static analysis • May-alias analysis [TAU-TR-26/04] • Shape Analysis
Outline • Motivating example • Why semantics • LSL: Localized Heap Storeless Semantics • Shape abstraction
Shape Abstraction • Shape descriptorsrepresent unbounded memory states • Conservatively • Bounded way
AShape abstraction L={t.n.n.n} r n n n r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L
r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n AShape abstraction L=* r n n n t L
AShape abstraction L=* n r n n t L
AShape abstraction L={t.n.n.n} n n n r r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L L=* n r n n t L
AShape abstraction L1={h.n} L2={h.n.n} L1 L2 n n n r L1 r.n L2, L1.n, r.n.n t, L2.n, L1.n.n, r.n.n.n t L=* n L r n n t
Application (joint work with Eran Yahav) • A framework shape analysis using local heaps • Parametric abstraction • Local heap (lists, trees, …) • Sharing patterns
Application • Single threaded Java programs • Properties proved • Absence of null derferences • Listness preservation • API conformance • Recursive Iterative • Procedural abstraction
static void main() { List p = create(4); List q = create(3); List x = reverse(p); List y = reverse(q); List z = reverse(x); } class List { int d; List n; static List reverse(List t) { if (t == null || t.n == null) return t; List tn = t.n; t.n = null; List r = reverse(tn); tn.n = t; return r; } Demo
Related work • Storeless semantics • Jonkers, Algorithmic Languages ‘81 • Deutsch, ICCL ‘92
Related work • Interprocedural shape analysis • Rinetzky and Sagiv, CC ’01 • Global heap • Jeannet et al., SAS ’04 • Local heap, relational • Chong and Rugina, SAS ’03 • Local heap • Hackett and Rugina, POPL ’05 • Staged analysis
Related work • Local reasoning • Ishtiaq and O’Hearn, POPL ‘01 • Reynolds, LICS ’02
Summary • Operational semantics • Storeless • Local heap • Cutpoints • Equivalence theorem • Applications • Shape analysis • May-alias analysis
End A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm AVACS Technical Report 1 Interprocedural functional shape analysis using local heaps Noam Rinetzky, Mooly Sagiv, and Eran Yahav School of Computer Science, Tel Aviv University, Technical Report 26/04 www.cs.tau.ac.il/~maon