Interprocedural shape analysis for cutpointfree programs Noam Rinetzky
![Call string vs. Relational vs. CPF [Rinetzky and Sagiv, CC’ 01] [Jeannet et al.](https://slidetodoc.com/presentation_image_h2/53cd7defb2f85c2561e23915541c37cc/image-46.jpg "Call string vs. Relational vs. CPF [Rinetzky and Sagiv, CC’ 01] [Jeannet et al.")
- Slides: 62
Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky Tel Aviv University Joint work with Mooly Sagiv Eran Yahav Tel Aviv University IBM Watson
Motivation n Interprocedural shape analysis ¨ Conservative static pointer analysis ¨ Heap intensive programs Imperative programs with (recursive) procedures n Linked data structures n n Challenge ¨ Destructive update ¨ Localized effect of procedures
Main idea n Local heaps x x xx call p(x); x y y g g t t
Main idea Local heaps n Cutpoint freedom n x x POPL ’ 05 SAS ’ 05 xx call p(x); y y g g t t ?
Cutpoints n An object is a cutpoint for an invocation ¨ Reachable from actual parameters ¨ Not pointed to by an actual parameter ¨ Reachable without going through a parameter call p(y, z) y t n call p(y, z) n y x z t n n z
Cutpoint freedom n Cutpoint-free ¨ Invocation: has no cutpoints ¨ Execution: every invocation is cutpoint-free ¨ Program: every execution is cutpoint-free call p(y, z) n y x call p(y, z) n t x z t n n y z
Cutpoint freedom: benefits n Restricted aliasing n Procedure ~ function ¨ Input x t n / output relation n y y call p(y, z); Cutpoint free z n n t x call p(y, z); Not Cutpoint free z
Main results n n Cutpoint freedom Non-standard concrete semantics ¨ Verifies that an execution is cutpoint-free ¨ Local heaps n Interprocedural shape analysis ¨ Conservatively verifies n program is cutpoint free n Desired properties ¨ Partial correctness of quicksort ¨ Procedure n summaries Prototype implementation
Plan Cutpoint freedom n Non-standard concrete semantics n Interprocedural shape analysis n Prototype implementation n Related work ü
Programming model Single threaded n Procedures n ü Value parameters n Formal parameters not modified ü Recursion n Heap ü Recursive data structures ü Destructive update û No explicit addressing (&) û No pointer arithmetic
Memory states n A memory state encodes a local heap ¨ Local variables of the current procedure invocation ¨ Relevant part of the heap n Relevant Reachable main append q p x t n n y z
Memory states n Predicate Represented. Meaning by first-order logical structures x(v) Variable x points to v n(v 1, v 2) Field n of object v 1 points to v 2
Memory states n Predicate Represented. Meaning by first-order logical structures x(v) Variable x points to v n(v 1, v 2) Field n of object v 1 points to v 2 p q u 1 n u 2 p u 1 1 u 2 0 q u 1 0 u 2 1 n u 1 u 2 u 1 0 1 u 2 0 0
Operational semantics Statements modify values of predicates n Specified by predicate-update formulae n ¨ Formulae in FO-TC
Procedure call rule n Large step semantics n Procedure ~ input/output relation
Procedure call rule … Execute callee … n Large step semantics n Procedure ~ input/output relation main() { x n n t p q y z append(y, z); n n y } 1. Verify cutpoint freedom 2 Compute input z 3 Combine output p q append(List p, List q) { … } q p n
Procedure call: 1. Verifying cutpoint-freedom n An object is a cutpoint for an invocation ¨ Reachable from actual parameters ¨ Not pointed to by an actual parameter ¨ Reachable without going through a parameter append(y, z) n y x t n n Cutpoint free y z n n t n x Not Cutpoint free z
Procedure call: 1. Verifying cutpoint-freedom n Invoking append(y, z) in main ¨ R{y, z}(v)= v 1: y(v 1) n*(v 1, v) v 1: z(v 1) n*(v 1, v) ¨ is. CPmain, {y, z}(v)= R{y, z}(v) ( y(v) z(v 1)) ( x(v) t(v) v 1: R{y, z}(v 1) n(v 1, v)) (main’s locals: x, y, z, t) n y x t n n Cutpoint free y z n n t n x Not Cutpoint free z
Procedure call: 2. Computing the input local heap Retain only reachable objects n Bind formal parameters n Call state n y x t n Input state n p z n n q
Procedure body: append(p, q) Input state p n Output state n p q n n n q
Procedure call: 3. Combine output Output state Call state n y x t n n p z n n n q
Procedure call: 3. Combine output Output state Call state n y x t n p z n Auxiliary predicates in. Uc(v) in. Ux(v) n x t n q n y n n z
Observational equivalence CPF (Cutpoint free semantics) n GSB (Standard semantics) n CPF and GSB observationally equivalent when for every access paths AP 1, AP 2 AP 1 = AP 2 ( CPF) AP 1 = AP 2 ( GSB)
Observational equivalence n For cutpoint free programs: ¨ CPF (Cutpoint free semantics) ¨ GSB (Standard semantics) ¨ CPF and GSB observationally equivalent n It holds that st, CPF ’CPF st, GSB ’GSB ¨ ’CPF and ’GSB are observationally equivalent ¨
Introducing local heap semantics Operational semantics ~ Local heap Operational semantics ’ ’ Abstract transformer
Plan Cutpoint freedom ü Non-standard concrete semantics n Interprocedural shape analysis n Prototype implementation n Related work ü
Shape abstraction n Abstract memory states represent unbounded concrete memory states ¨ Conservatively ¨ In a bounded way ¨ Using 3 -valued logical structures
3 -Valued logic 1 = true n 0 = false n 1/2 = unknown n A join semi-lattice, 0 1 = 1/2 n
Canonical abstraction y x t n n z y x n n n t n n n
Canonical abstraction y x t n n z n n n z y x n n n t n n n
Instrumentation predicates n n Record derived properties Refine the abstraction ¨ Instrumentation n principle [SRW, TOPLAS’ 02] Reachability is crucial! Predicate Meaning rx(v) v is reachable from variable x robj(v 1, v 2) v 2 is reachable from v 1 ils(v) v is heap-shared c(v) v resides on a cycle
Abstract memory states (with reachability) y x t rx rt n rx n rt n n rx n x rx n t rt n rt rx, ry rz y z n n rz rt n n z rx, ry rz n n rz rz
The importance of reachability: Call append(y, z) y z n rx x n rt t x t rx rt rx n n n n n rx rx, ry rz n rz rz rt y z rx, ry rz y n n rz x n rt n n n n z n
Abstract semantics n Conservatively apply statements on abstract memory states ¨ Same formulae as in concrete semantics ¨ Soundness guaranteed [SRW, TOPLAS’ 02]
Procedure calls 1. Verify cutpoint freedom 2 Compute input … Analyze callee … 3 Combine output
Conservative verification of cutpoint -freedom n Invoking append(y, z) in main ¨ R{y, z}(v)= v 1: y(v 1) n*(v 1, v) v 1: z(v 1) n*(v 1, v) ¨ is. CPmain, {y, z}(v)= R{y, z}(v) ( y(v) z(v 1)) ( x(v) t(v) v 1: R{y, z}(v 1) n(v 1, v)) y t ry n ry rt n n n rz n rt Cutpoint free z y t ry n ry rx n n x rt rt rz z Not Cutpoint free
Interprocedural shape analysis
Interprocedural shape analysis Tabulation exits p x p y call f(x) x y
Interprocedural shape analysis Analyze f p Tabulation exits p x y call f(x) x y
Interprocedural shape analysis n Procedure input/output relation Input Output q q rq rq q p rp n p rp rq rp n q p rq rp … n nr q q rp n rp q nrr p q
Interprocedural shape analysis n Reusable procedure summaries ¨ Heap modularity q p rp x y z rx ry rz h ik rh rirk x rx n n rq rx n g rg n p rp nr q q rp append(y, z) y rx ry x rx append(h, i) x y n n rx n ry z n rrr x y z x y g rg z h n rgrh ik n r r rr g h i k
Plan Cutpoint freedom ü Non-standard concrete semantics ü Interprocedural shape analysis n Prototype implementation n Related work ü
Prototype implementation n TVLA based analyzer Soot-based Java front-end Parametric abstraction Data structure Singly linked list Sorting (of SLL) Unshared binary trees Verified properties Cleanness, acyclicity + Sortedness Cleaness, tree-ness
Iterative vs. Recursive (SLL) 585
Inline vs. Procedural abstraction // Allocates a list of // length 3 List create 3(){ … } main() { List x 1 = create 3(); List x 2 = create 3(); List x 3 = create 3(); List x 4 = create 3(); … }
Call string vs. Relational vs. CPF [Rinetzky and Sagiv, CC’ 01] [Jeannet et al. , SAS’ 04]
Plan Cutpoint freedom ü Non-standard concrete semantics ü Interprocedural shape analysis ü Prototype implementation n Related work ü
Related work n Interprocedural shape analysis ¨ Rinetzky and Sagiv, CC ‘ 01 ¨ Chong and Rugina, SAS ‘ 03 ¨ Jeannet et al. , SAS ‘ 04 ¨ Hackett and Rugina, POPL ‘ 05 ¨ Rinetzky et al. , POPL ‘ 05 n Local Reasoning ¨ Ishtiaq and O’Hearn, POPL ‘ 01 ¨ Reynolds, LICS ‘ 02 n Encapsulation ¨ Hogg, ¨. . . OOPSLA ‘ 91
Related work SAS’ 05 n Local heaps POPL’ 05 n Local heaps L Cutpoint: forbidden J Simple call rule n Automatically detects cutpoint freedom Cutpoints: allowed L Complicated call rule J n n n New shape analysis J sorting (quicksort) J Prototype n Cutpoints may hurt precision Justify existing analysis New shape analysis Abstract objects L Abstract cutpoints J
Cutpoint freedom vs. Encapsulation(? ) n Restricted local heap sharing n Parameters dominate local heap ¨ Unrestricted intraprocedural sharing Owner(s) dominate heap references ¨ Unrestricted stack sharing ¨ n n Dynamic domination Technique Abstract interpretation ¨ Cutpoint-free programs L Hard to scale J Automatic ¨ Restricted heap sharing ¨ n n Static domination Technique Type systems ¨ Type-correct programs J Scalable L User annotation ¨
Future work n False cutpoints ¨ Liveness analysis append(y, z); x = null; n y t n ry rx n n x rt rt Cutpoint profiler ¨ Guide abstraction design rz z
Summary Cutpoint freedom n Non-standard operational semantics n Interprocedural shape analysis n ¨ Partial n correctness of quicksort Prototype implementation
End Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky, Mooly Sagiv, and Eran Yahav SAS, 2005 (To appear) A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm POPL, 2005 www. cs. tau. ac. il/~maon
quick. Sort(List p, List q) p 5 3 7 4 hd 2 1 low 1 hd 2 4 3 3 3 4 4 8 6 7 6 8 p high 5 6 tl 7 8 1 2 p tl 5
Quicksort hd 2 hd 1 4 3 p tl 5 7 p tl 6 8 List quick. Sort(List p, List q) { If(p==q || q == null) return p; List h = partition(p, q); List x = p. n; p. n = null; List low = quick. Sort(h, p); List high = quick. Sort(x, null); p. n = high; Return low; }
Quicksort hd 2 1 4 3 hd low hd 2 low 1 hd 4 3 p tl 5 7 p tl 6 8 List quick. Sort(List p, List q) { If(p==q || q == null) return p; List h = partition(p, q); List x = p. n; p. n = null; List low = quick. Sort(h, p); List high = quick. Sort(x, null); p. n = high; Return low; }
Quicksort hd 2 1 4 3 hd low hd 2 low 1 hd 4 3 p tl 5 7 p tl 6 6 8 8 6 8 … 9 9 8 … … Lev Ami et. al. ISSTA’ 00
Backup
Intraprocedural statements Specified by predicate-update formulae n Formulae in FO-TC n ¨ Example: p. n=q Assert v: p(v) n n’(v 1, v 2) n(v 1, v 2) p(v 1) q(v 2) n p q p. n=q q p n
POPL’ 05: Procedure call rule
SAS ’ 05: Procedure call rule
Disadvantages of waterfall model in software engineering
Noam brown
Noam chomsky cryptocurrency
Noam goldberg
Noam goldberg
Noam tractinsky
Noam chomsky child development
Chomsky normal form
Context free grammar chomsky normal form
Columbia
Noam čomski
Embodied cognition ap psychology
Noam rathaus
Aerofoil shapes
Shape matching and object recognition using shape contexts
Template matching
Applied behavior analysis programs
Fspos vägledning för kontinuitetshantering
Typiska drag för en novell
Nationell inriktning för artificiell intelligens
Ekologiskt fotavtryck
Shingelfrisyren
En lathund för arbete med kontinuitetshantering
Adressändring ideell förening
Personlig tidbok
A gastrica
Förklara densitet för barn
Datorkunskap för nybörjare
Stig kerman
Mall debattartikel
Autokratiskt ledarskap
Nyckelkompetenser för livslångt lärande
Påbyggnader för flakfordon
Tryck formel
Publik sektor
Kyssande vind analys
Presentera för publik crossboss
Vad är ett minoritetsspråk
Kanaans land
Klassificeringsstruktur för kommunala verksamheter
Luftstrupen för medicinare
Claes martinsson
Cks
Lågenergihus nyproduktion
Bra mat för unga idrottare
Verktyg för automatisering av utbetalningar
Rutin för avvikelsehantering
Smärtskolan kunskap för livet
Ministerstyre för och nackdelar
Tack för att ni har lyssnat
Vad är referatmarkeringar
Redogör för vad psykologi är
Matematisk modellering eksempel
Atmosfr
Borra hål för knoppar
Orubbliga rättigheter
Formel för standardavvikelse
Tack för att ni har lyssnat
Steg för steg rita
Verksamhetsanalys exempel
Tobinskatten för och nackdelar
Blomman för dagen drog
Handledning reflektionsmodellen
