Download presentation
Presentation is loading. Please wait.
1
A Semantics for Procedure Local Heaps and its Abstractions Noam Rinetzky Tel Aviv University Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes
2
Motivation Interprocedural shape analysis Conservative static pointer analysis Heap intensive programs Imperative programs with procedures Recursive data structures Challenge Destructive update Localized effect of procedures
3
Main idea Local heaps y t g x y t g call p(x); x x x
4
Main idea Local heaps Cutpoints y t g x y t g call p(x); x x x
5
Main Results Concrete operational semantics Large step Functional analysis Storeless Shape abstractions Local heap Observationally equivalent to “standard” semantics Java and “clean” C Abstractions Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02] May-alias [Deutsch, PLDI ‘94] …
![Main Results Concrete operational semantics Large step Functional analysis Storeless Shape abstractions Local heap Observationally equivalent to standard semantics Java and clean C Abstractions Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02] May-alias [Deutsch, PLDI ‘94] …](http://images.slideplayer.com/17/5335790/slides/slide_5.jpg "Main Results Concrete operational semantics Large step Functional analysis Storeless Shape abstractions Local heap Observationally equivalent to standard semantics Java and clean C Abstractions Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02] May-alias [Deutsch, PLDI ‘94] …")
6
Outline Motivating example Local heaps Cutpoints Why semantics Local heap storeless semantics Shape abstraction
7
static List reverse(List t) { } static void main() { } Example p n n t r n n n List x = reverse(p); return r; n n t List y = reverse(q); List z = reverse(x); … n n n t r n n n p x n n q n n q
8
static List reverse(List t) { } static void main() { } Example List y = reverse(q); return r;List z = reverse(x); List x = reverse(p); n n t t r n n n t r n n n n n n p x q y n n n n t q n n n n n p x n n n
9
static List reverse(List t) { } static void main() { } Example return r; n n t t r n n n t r n n n n n n p x x z n n n p x List z = reverse(x); List x = reverse(p); List y = reverse(q); q y n n n n n n t n n n t q y n n n p n n n
10
Separating objects Not pointed-to by a parameter Cutpoints
11
Separating objects Not pointed-to by a parameter Cutpoints p x n n n n n n proc(x) Stack sharing
12
Separating objects Not pointed-to by a parameter x n n n n n n n y Cutpoints p x n n n n n n n proc(x) Stack sharing Heap sharing proc(x)
13
Separating objects Not pointed-to by a parameter Capture external sharing patterns x n n n n n n n y Cutpoints p x n n n n n n n proc(x) Stack sharing Heap sharing proc(x)
14
static List reverse(List t) { } static void main() { } Example return r; r t n n n r t n n n n n n p x z x n n n p x List z = reverse(x); List x = reverse(p); List y = reverse(q); q y n n n n n n t q y n n n p n n n
15
Outline Motivating example Why semantics Local heap storeless semantics Shape abstraction
16
Abstract Interpretation [Cousot and Cousot, POPL ’77] Operational semantics Abstract transformer
![Abstract Interpretation [Cousot and Cousot, POPL ’77] Operational semantics Abstract transformer ](http://images.slideplayer.com/17/5335790/slides/slide_16.jpg "Abstract Interpretation [Cousot and Cousot, POPL ’77] Operational semantics Abstract transformer ")
17
Introducing local heap semantics Operational semantics Abstract transformer Local heap Operational semantics ~ ’’ ’’
18
Outline Motivating example Why semantics Local heap storeless semantics Shape abstraction
19
Programming model Single threaded Procedures Value parameters Recursion Heap Recursive data structures Destructive update No explicit addressing (&) No pointer arithmetic
20
Simplifying assumptions No primitive values (only references) No globals Formals not modified
21
Storeless semantics No addresses Memory state: Object: 2 Access paths Heap: 2 Object Alias analysis y=x x nn x x.n x.n.n x=null x nn xyxy x.n y.n x.n.n y.n.n y y nn y y.n y.n.n
22
static void main() { } static List reverse(List t) { return r; } Example x List z = reverse(x); p x.n.n n n x.n.n.n p x x.n n y.n.n q n y y.n n y q y.n.n q n y y.n n y q t.n.n t.n.n.n t t.n t.n.n n n t.n.n.n t t.n n t t n n n List x = reverse(p); List y = reverse(q); r.n n n r t r.n.n.n r.n.n n t r r.n n n r t r.n.n.n r.n.n n t r z.n n n z x z.n.n.n z.n.n n z x p?
23
static void main() { } static List reverse(List t) { return r; } Example x List z = reverse(x); p x.n.n n n x.n.n.n p x x.n n y.n.n q n y y.n n y q y.n.n q n y y.n n y q t.n.n t.n.n.n L t t.n t.n.n n n t.n.n.n L t t.n n L t L t n n n List x = reverse(p); List y = reverse(q); L.n r.n n n LrLr t L.n.n.n r.n.n.n L.n.n r.n.n n L t r L.n r.n n n LrLr t L.n.n.n r.n.n.n L.n.n r.n.n n t L r p.n z.n n n pzpz x p.n.n.n z.n.n.n p.n.n z.n.n n z x p p.n pp.n.n p.n.n.n
24
Cutpoint labels Relate pre-state with post-state Additional roots Mark cutpoints at and throughout an invocation
25
Cutpoint labels Cutpoint label : the set of access paths that point to a cutpoint when the invoked procedure starts L t.n.n t.n.n.n L t t.n t L {t.n.n.n}
26
Sharing patterns Cutpoint labels encode sharing patterns L t t.n.n n n t.n.n.n L t t.n n L t t.n.n n n t.n.n.n L t t.n n p w n w w.n n L {t.n.n.n} Stack sharing Heap sharing
27
Observational equivalence L L (Local-heap Storeless Semantics) G G (Global-heap Store-based Semantics) L and G observationally equivalent when for every access paths AP 1, AP 2 AP 1 = AP 2 ( L ) AP 1 = AP 2 ( G )
28
Main theorem: semantic equivalence L L (Local-heap Storeless Semantics) G G (Global-heap Store-based Semantics) L and G observationally equivalent st, L ’ L st, G ’ G ’ L and ’ G are observationally equivalent LSL GSB
29
Corollaries Preservation of invariants Assertions: AP 1 = AP 2 Detection of memory leaks
30
Applications Develop new static analyses Shape analysis Justify soundness of existing analyses May-alias analysis [TAU-TR-26/04]
![Applications Develop new static analyses Shape analysis Justify soundness of existing analyses May-alias analysis [TAU-TR-26/04]](http://images.slideplayer.com/17/5335790/slides/slide_30.jpg "Applications Develop new static analyses Shape analysis Justify soundness of existing analyses May-alias analysis [TAU-TR-26/04]")
31
Outline Motivating example Why semantics Local heap storeless Shape abstraction
32
Shape descriptors represent unbounded memory states Conservatively In a bounded way Two dimensions Local heap (objects) Sharing pattern (cutpoint labels)
33
A Shape abstraction L r.n L.n rLrL t, r.n.n.n L.n.n.n r.n.n L.n.n t L={t.n.n.n} r n n n
34
A Shape abstraction L r.n L.n rLrL t, r.n.n.n L.n.n.n r.n.n L.n.n t L=* r n n n
35
L rLrL t, r.n L.n r.n L.n t L=* r n n n A Shape abstraction L r.n L.n rLrL t, r.n L.n r.n L.n t L=* r n n n
36
A Shape abstraction L rLrL t, r.n L.n r.n L.n t L=* r n n n
37
A Shape abstraction L rLrL t, r.n L.n r.n L.n t L=* r n n n L r.n L.n rLrL t, r.n.n.n L.n.n.n r.n.n L.n.n t L={t.n.n.n} r n n n
38
A Shape abstraction rLrL t, r.n L.n r.n L.n t L=* r n n n L1 r.n L1.n r L1 t, r.n.n.n L1.n.n.n r.n.n L1.n.n t L1={t.n.n.n} r n n n L2={g.n.n.n} L2 d.n L2.n d L2 g, d.n.n.n L2.n.n.n d.n.n L2.n.n g d n n n L dLdL t, d.n L.n d.n L.n t d n n n
39
Application (joint work with Eran Yahav) A framework for shape analysis using local heaps Parametric abstraction Local heap (lists, trees, …) Sharing patterns
40
Application Properties proved Absence of null dereferences Listness preservation API conformance Recursive Iterative Procedural abstraction
41
Outline Motivating example Why semantics Local heap storeless Shape abstraction
42
Related work Storeless semantics Jonkers, Algorithmic Languages ‘81 Deutsch, ICCL ‘92
43
Related work Interprocedural shape analysis Rinetzky and Sagiv, CC ’01 Global heap Jeannet et al., SAS ’04 Local heap, relational Chong and Rugina, SAS ’03 Local heap Hackett and Rugina, POPL ’05 Next talk …
44
Related work Local reasoning Ishtiaq and O’Hearn, POPL ‘01 Reynolds, LICS ’02
45
Summary Operational semantics Storeless Local heap Cutpoints Equivalence theorem Applications Shape analysis May-alias analysis
46
End www.cs.tau.ac.il/~maon A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm AVACS Technical Report 1 Interprocedural functional shape analysis using local heaps Noam Rinetzky, Mooly Sagiv, and Eran Yahav School of Computer Science, Tel Aviv University, Technical Report 26/04
Similar presentations
