Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.

Slides:



Advertisements
Similar presentations
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Advertisements

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Shape Analysis for Fine-Grained Concurrency using Thread Quantification Josh Berdine Microsoft Research Joint work with: Tal Lev-Ami, Roman Manevich, Mooly.
Guy Golan-GuetaTel-Aviv University Nathan Bronson Stanford University Alex Aiken Stanford University G. Ramalingam Microsoft Research Mooly Sagiv Tel-Aviv.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Heap Decomposition for Concurrent Shape Analysis R. Manevich T. Lev-Ami M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine MSR Cambridge Dagstuhl.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
1 A Logic of Reachable Patterns in Linked Data-Structures Greta Yorsh joint work with Alexander Rabinovich, Mooly Sagiv Tel Aviv University Antoine Meyer,
1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
Program analysis Mooly Sagiv html://
Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.
1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.
Program analysis Mooly Sagiv html://
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Interprocedural Analysis Noam Rinetzky Mooly Sagiv Tel Aviv University Textbook Chapter 2.5.
Using data groups to specify and check side effects K. Rustan M. Leino Microsoft Research Arnd Poetzsch-Heffter Universität Kaiserslautern Yunhong Zhou.
Overview of program analysis Mooly Sagiv html://
Detecting Memory Errors using Compile Time Techniques Nurit Dor Mooly Sagiv Tel-Aviv University.
Role Analysis Victor Kunkac, Patric Lam, Martin Rinard Laboratory for Computer Science, MIT Presentation by George Caragea CMSC631,
Comparison Under Abstraction for Verifying Linearizability Daphna Amit Noam Rinetzky Mooly Sagiv Tom RepsEran Yahav Tel Aviv UniversityUniversity of Wisconsin.
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
A Semantics for Procedure Local Heaps and its Abstractions Noam Rinetzky Tel Aviv University Jörg Bauer Universität des Saarlandes Thomas Reps University.
Overview of program analysis Mooly Sagiv html://
A Seminar on Encapsulation Noam Rinetzky Mooly Sagiv Summary.
Memory Management for Real-Time Java Wes Beebee and Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology Supported by: DARPA.
Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.
Dagstuhl Seminar "Applied Deductive Verification" November Symbolically Computing Most-Precise Abstract Operations for Shape.
Program Analysis and Verification Noam Rinetzky Lecture 10: Shape Analysis 1 Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav.
Thread Quantification for Concurrent Shape Analysis Josh BerdineMSR Cambridge Tal Lev-AmiTel Aviv University Roman ManevichTel Aviv University Mooly Sagiv.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
CompSci 105 SS 2005 Principles of Computer Science Lecture 4 Lecturer: Santokh Singh.
A Parametric Segmentation Functor for Fully Automatic and Scalable Array Content Analysis Patrick Cousot, NYU & ENS Radhia Cousot, CNRS & ENS & MSR Francesco.
Inference and Checking of Object Ownership Wei Huang 1, Werner Dietl 2, Ana Milanova 1, Michael D. Ernst 2 1 Rensselaer Polytechnic Institute 2 University.
1 Employing decision procedures for automatic analysis and verification of heap-manipulating programs Greta Yorsh under the supervision of Mooly Sagiv.
Verifying Atomicity via Data Independence Ohad Shacham Yahoo Labs, Israel Eran Yahav Technion, Israel Guy Gueta Yahoo Labs, Israel Alex Aiken Stanford.
Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv University Nathan Bronson Stanford University Alex Aiken Stanford.
1 Testing, Abstraction, Theorem Proving: Better Together! Greta Yorsh joint work with Thomas Ball and Mooly Sagiv.
Shape Analysis Overview presented by Greta Yorsh.
Existential Quantification for Variant Ownership Nicholas Cameron Sophia Drossopoulou Imperial College London (Victoria University of Wellington)‏
Symbolically Computing Most-Precise Abstract Operations for Shape Analysis Greta Yorsh Thomas Reps Mooly Sagiv Tel Aviv University University of Wisconsin.
Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
Lightweight Support for Magic Wands in an Automatic Verifier Malte Schwerhoff and Alexander J. Summers 10 th July 2015, ECOOP, Prague.
Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications Chapter.
Operational Semantics Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky Tel Aviv University Joint work with Mooly Sagiv Tel Aviv University Eran Yahav.
Putting Static Analysis to Work for Verification A Case Study Tal Lev-Ami Thomas Reps Mooly Sagiv Reinhard Wilhelm.
Interprocedural shape analysis for cutpoint-free programs
Shape Analysis Termination Analysis Linear Time
Software Testing.
Compactly Representing First-Order Structures for Static Analysis
Spring 2016 Program Analysis and Verification
Seminar in automatic tools for analyzing programs with dynamic memory
Spring 2016 Program Analysis and Verification
Ravi Mangal Mayur Naik Hongseok Yang
Stateful Manifest Contracts
Symbolic Implementation of the Best Transformer
Dynamic Memory Allocation
Software Testing (Lecture 11-a)
Lecture 4: Data Abstraction CS201j: Engineering Software
A Semantics for Procedure Local Heaps and its Abstractions
Presentation transcript:

Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft Research India Mooly Sagiv Tel Aviv University Eran Yahav IBM Watson

modular shape analysis shape analysis?... modular analysis?

modular shape analysis sound static analysis programs  imperative  heap-manipulating properties  no memory errors no memory leaks no null dereferences  shape invariants lists are acyclic shape analysis...

modular shape analysis analyze a program by analyzing its parts  scalability  reusability modular analysis

modular shape analysis sound static analysis programs  imperative  heap-manipulating properties  no memory errors no memory leaks no null dereferences  shape invariants lists are acyclic analyze a program by analyzing its parts  scalability  reusability shape analysis... modular analysis

p analyze programs by analyzing their parts  imperative  heap-manipulating modular shape analysis q Polygon List Point Integer memory program

p analyze programs by analyzing their parts  program modular analysis  heap modular analysis modular shape analysis q Polygon List Point Integer program parts memory program memory parts  imperative  heap-manipulating

p q analyze programs by analyzing their parts  program modular analysis  heap modular analysis modular shape analysis Polygon List Point Integer program partrelevant heap parts

p q analyze programs by analyzing their parts  program modular analysis  heap modular analysis modular shape analysis Polygon List Point Integer program partrelevant heap parts

analyze programs by analyzing their parts  program modular analysis  heap modular analysis modular shape analysis Polygon List Point Integer p q program partrelevant heap parts

analyze programs by analyzing their parts  program modular analysis  heap modular analysis modular shape analysis Polygon List Point Integer p q program partrelevant heap parts

analyze programs by analyzing their parts  program modular analysis  heap modular analysis modular shape analysis Polygon List Point Integer program

approach restrict class of programs to “well behaved” programs  dynamically encapsulated programs compute conditional module invariant approximate “well behaved” clients use dynamic encapsulation to enable modular shape analysis, use shape analysis to verify dynamic encapsulation

agenda setting shape abstraction modular shape analysis

modules simple program model  program = collection of modules module = types + procedures  module level access control... List type List { Node hd } type Node { Node n, Point d} int foo(List s) { Point p = p.d; int x = getX(p); } p.x;... int getX(Point p) { Integer I = p.x; return value(I); } Point type Point {Integer x,y } Point point(int x, int y) { } types procedures 

p q Polygon List Point Integer Polygon Point Integer module-local state module can only access parts of the heap comprised of its objects

module-local state p q Polygon List Point Integer module can only access parts of the heap comprised of its objects

components Polygon List Point Integer p q sub-heaps  objects of one module maximal connected subheap  outgoing references  incoming references p q

components Polygon List Point Integer sub-heaps  objects of one module maximal connected subheap  outgoing references  incoming references List Point p q

component graphs nodes: components edges: inter-component references p q Polygon List Point Integer Polygon Point Integer

(un)sealed components unsealed component mutable sealed component immutable p q Polygon List Point Integer Polygon Point Integer

trimming abstraction represents only components of a single module  forget other components  forget component graph

trimming: abstraction t z

trimming: concretization  t z t z t z

 t z t z

 t z t z

  t z t z trimming: impossible concretization

bounding abstraction (standard) q z trimming bounding q z...

parametric shape abstraction concrete states trimmed states bounded trimmed states  trim M  trim M  bound M  bound M

modular shape analysis main challenges  inferring precondition for inter-module procedure calls to the module  determining effect of inter-module procedure calls by the module

inter-module procedure calls sealed component immutable unsealed component mutable Polygon List Point Integer Polygon Point Integer list_proc(p.list, q) q p

sealed components Polygon Point Integer Polygon s list_proc(p.list, q) e sealed component immutable inputs to inter-module procedure calls q List

module invariant set of sealed (stable) components  in all programs  in all executions all possible inputs to inter-module procedure calls

modular shape analysis infer module invariant analysis  compute input states to inter-module procedure calls from discovered sealed components  shape analysis within module  discover new sealed components in output states shape analysis

abstraction + fixpoint are we done?

sanity check List type List { Node hd } type Node { Node n, Point d} void push(List s, Node e) { e.n = s.hd; s.hd = e; }...

sanity check hd n n dd d s d e n List type List { Node hd } type Node { Node n, Point d} void push(List s, Node e) { e.n = s.hd; s.hd = e; }...

sanity check hd n n dd d s d e n e List type List { Node hd } type Node { Node n, Point d} void push(List s, Node e) { e.n = s.hd; s.hd = e; }...

main difficulty: unknown usage unknown heap context  returned references  incoming references worst case assumption complicated analysis expensive analysis non-useful analysis hd n n dd d d n

our approach limit inter-component aliasing  every sealed component has a single entry point q p

limit inter-component aliasing  every sealed component has a single entry point  tree of inter-component references p q our approach

enque(p,q)  challenge: reference parameters  solution: ignore unused references p q challenge verify q is never used!

specify deadness  enque(List s, Node e) // {e} p q lightweight annotations

limit inter-component aliasing  every component has a single entry point  tree of inter-component references  ignoring not to be used references p q dynamic encapsulation

p

p p

dynamic encapsulation p p p q

dynamic encapsulation p p p p q q 

sanity check revisited List type List { Node hd } type Node { Node n, Point d} void push(List s, Node e) // {e} { e.n = s.hd; s.hd = e; }... hd n n dd d s d e

sanity check revisited hd n n dd d s d e n... List type List { Node hd } type Node { Node n, Point d} void push(List s, Node e) // {e} { e.n = s.hd; s.hd = e; }

sanity check revisited hd n n dd d s d e n... List type List { Node hd } type Node { Node n, Point d} void push(List s, Node e) // {e} { e.n = s.hd; s.hd = e; }

our approach concentrate on well-behaved programs  “well behaved” = dynamic encapsulation modularly checkable  program P is well behave if all its modules respect the specification

for every module  assume all other modules are well behaved  guarantee module is well behaved verify dynamic encapsulation discover (conditional) module invariants  may not be hold for arbitrary programs modular analysis

summary parametric shape abstraction dynamic encapsulation  restriction on programs modular shape analysis shape analysis dynamic encapsulation enable verify modular

related work modular analysis modular heap analysis shape analysis interprocedural shape analysis encapsulation local reasoning

closely related work modular heap analysis  Logozzo, SAS’03, VMCAI’04  Wies et al., VMCAI’06 encapsulation  Zaho et al., RTSS’04  Clarke et al., ECOOP’03 modular verification  Leino et al., ESOP’06

future work relax restrictions  richer component-graph structures implementation

END use dynamic encapsulation to enable modular shape analysis, use shape analysis to verify dynamic encapsulation

fixpoint

dry run analysis List type List { Node hd } type Node { Node n, Point d} List crtList() {... } Node crtNode(Point p) // {p } {... } void push(List s, Node e) // { e } {... } Node pop(List s) {... }

dry run analysis List type List { Node hd } type Node { Node n, Point d} List crtList() {... } Node crtNode(Point p) // {p } {... } void push(List s, Node e) // { e } {... } Node pop(List s) {... } p p

dry run analysis List type List { Node hd } type Node { Node n, Point d} List crtList() {... } Node crtNode(Point p) // {p } {... } void push(List s, Node e) // { e } {... } Node pop(List s) {... } s e s e

dry run analysis List type List { Node hd } type Node { Node n, Point d} List crtList() {... } Node crtNode(Point p) // {p } {... } void push(List s, Node e) // { e } {... } Node pop(List s) {... } s e s e...

conditional module invariant program dynamically-encapsulated  module invariant holds

partitioned module invariant

related work

Manevich et al., TACAS’07 x x z y y z x y z

ownership types p

trace

inter-module procedure calls input: sealed component observation: unmodified since last call

inter-module procedure calls input: sealed component observation: unmodified since last call

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.