Partially Disjunctive Heap Abstraction Roman Manevich Mooly Sagiv
Partially Disjunctive Heap Abstraction Roman Manevich Mooly Sagiv Tel Aviv University G. Ramalingam John Field IBM T. J. Watson
Motivation n Analysis of Object Oriented programs is hard n n Scalable heap analyses exist n n n Recursive data structures Unbounded number of objects Destructive update of references e. g. , flow-insensitive Not precise enough for verification Precise heap analyses exist n n e. g. , SRW shape analysis Scaling is very challenging
Motivating example: verifying mark phase of GC @ //Ensures marked == REACH(root( void mark)Node root, Node. Set marked} ( Node x; if )root != null} ( Node. Set pending = new Node. Set; () pending. add(root; ( marked. clear; () while (!pending. is. Empty} (() x = pending. select. And. Remove; () marked. add(x; ( if (x. left =!null( if (!marked. contains(x. left(( pending. add(x. left; ( if (x. right =!null( if (!marked. contains(x. right( pending. add(x. right; ( { { {
Motivating example: verifying mark phase of GC @ //Ensures marked == REACH(root( void mark)Node root, Node. Set marked} ( Node x; if )root != null} ( Node. Set pending = new Node. Set; () pending. add(root; ( marked. clear; () while (!pending. is. Empty} (() x = pending. select. And. Remove; () marked. add(x; ( if (x. left != null( if (!marked. contains(x. left(( pending. add(x. left; ( if (x. right != null( if (!marked. contains(x. right( pending. add(x. right; ( { { {
Motivating example: verifying mark phase of GC @ //Ensures marked == REACH(root( void mark)Node root, Node. Set marked} ( Node x; if )root != null} ( Node. Set pending =new Node. Set; () pending. add(root; ( marked. clear; () while (!pending. is. Empty} (() x = pending. select. And. Remove; () marked. add(x; ( if (x. left != null( if (!marked. contains(x. left(( pending. add(x. left; ( if (x. right != null( if (!marked. contains(x. right( pending. add(x. right; ( { { {
Motivating example: verifying mark phase of GC x root u 6 left u 5 u 1 left right u 2 right left u 3 right u 4 pending = {root} marked = {}
Motivating example: verifying mark phase of GC x root u 6 left u 5 u 1 left right u 2 right left u 3 right u 4 pending = {u 3, u 2} marked = {u 1}
Motivating example: verifying mark phase of GC root u 6 left u 5 u 1 left right u 2 right left x u 3 right u 4 pending = {u 4, u 2} marked = {u 1, u 3}
Motivating example: verifying mark phase of GC root u 6 left u 5 u 1 left right u 2 right left u 3 x right u 4 pending = {u 2} marked = {u 1, u 3, u 4}
Motivating example: verifying mark phase of GC root u 6 left x u 5 u 1 left right u 2 right left u 3 right u 4 pending = {} marked = {u 1, u 3, u 4, u 2}
Motivating example: verifying mark phase of GC root u 6 left x u 5 u 1 left right u 2 right pending = {} marked = {u 1, u 3, u 4, u 2} left DONE u 3 right u 4
Motivating example: verifying mark phase of GC root u 6 left x garbage u 5 u 1 left right u 2 right left u 3 right u 4 pending = {} marked = {u 1, u 3, u 4, u 2}
Motivating example: verifying mark phase of GC root x u 1 left pending = {} marked = {u 1, u 3, u 4, u 2} u 2 right left u 3 right u 4
Motivating example: verifying mark phase of GC n Powerset heap abstraction n n Partially disjunctive heap abstraction n n 584 seconds, 189, 772 abstract heaps Definitely too expensive Can we verify more efficiently? 3 seconds, 1, 133 abstract heaps TVLA system
Overview and main results n New (parametric) heap abstraction n Robust implementation n Uses a heap similarity criterion Merges “similar” heaps Abstraction of choice among TVLA users Suitable for other shape analysis systems Empirical results n n Significant speedups (2 orders of magnitude) Precise in most cases
Talk outline n Shape analysis background n n n Partially disjunctive heap abstraction n n Representing heaps via logical structures Disjunctive (powerset) heap abstraction Via universe congruence similarity Empirical results Related work Future work Conclusions
Shape analysis via First-Order logic n n SRW 2002 : Parametric shape analysis via 3 -valued logic Concrete heaps represented by 2 -valued structures over predicate symbols P n n A set of individuals (nodes) U Interpretation of predicate symbols in P p 0() {0, 1} p 1(v) {0, 1} p 2(u, v) {0, 1}
![Concrete heap root left r[root] set[marked] left right r[root] set[marked] unary predicates x root](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-18.jpg "Concrete heap root left r[root] set[marked] left right r[root] set[marked] unary predicates x root")
Concrete heap root left r[root] set[marked] left right r[root] set[marked] unary predicates x root set[marked] set[pending] r[root] left r[root] set[marked] x right r[root] set[marked] binary predicates left right
3 -valued structures n n 2 -valued structures abstracted into 3 -valued structures by merging individuals p 0() {0, 1, 1/2} p 1(v) {0, 1, 1/2} p 2(u, v) {0, 1, 1/2} Kleene’s partially ordered set of logical values: 1/2 0 1 = 1/2 0 1
Canonical abstraction n Merge individuals with same values for all unary predicates (canonical name) n n Bounded structure with at most 2|A| individuals A = set of unary predicates
 set[pending](v) r[root](v( r[root] set[marked] left right](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-21.jpg "Canonical abstraction root left A= x(v) root(v) set[marked](v) set[pending](v) r[root](v( r[root] set[marked] left right")
Canonical abstraction root left A= x(v) root(v) set[marked](v) set[pending](v) r[root](v( r[root] set[marked] left right r[root] set[marked] left r[root] set[marked] x right r[root] set[marked]
![Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=1, set[marked]=1,](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-22.jpg "Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=1, set[marked]=1,")
Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=1, set[marked]=1, set[pending]=0 left r[root] set[marked] x right r[root] set[marked]
![Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=1, set[marked]=1,](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-23.jpg "Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=1, set[marked]=1,")
Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=1, set[marked]=1, set[pending]=0 left r[root] set[marked] x right r[root] set[marked]
![Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=0, set[marked]=0,](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-24.jpg "Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=0, set[marked]=0,")
Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=0, set[marked]=0, set[pending]=0 x=0, root=0, r[root]=1, set[marked]=1, set[pending]=0 left r[root] set[marked] x right r[root] set[marked]
![Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=0, set[marked]=0,](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-25.jpg "Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=0, set[marked]=0,")
Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] x=0, root=0, r[root]=0, set[marked]=0, set[pending]=0 x=0, root=0, r[root]=1, set[marked]=1, set[pending]=0 left r[root] set[marked] x right r[root] set[marked]
![Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] left r[root] set[marked] x](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-26.jpg "Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] left r[root] set[marked] x")
Canonical abstraction root left r[root] set[marked] left right r[root] set[marked] left r[root] set[marked] x right r[root] set[marked]
![Abstract heap Bounded number of individuals root left r[root] set[marked] left right r[root] set[marked]](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-27.jpg "Abstract heap Bounded number of individuals root left r[root] set[marked] left right r[root] set[marked]")
Abstract heap Bounded number of individuals root left r[root] set[marked] left right r[root] set[marked] right x
Powerset heap abstraction n n = canonical abstraction pow(X) = { (s) | s X} LUB (join) is set union Worst-case is doubly-exponential in |A| Can make unnecessary distinctions
Partially disjunctive heap abstraction n Use a heap-similarity criterion n We defined similarity by universe congruence Merge similar heaps Avoid merging dissimilar heaps
![Universe congruent heaps root x r[root] set[marked] left right left r[root] set[marked] left right](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-30.jpg "Universe congruent heaps root x r[root] set[marked] left right left r[root] set[marked] left right")
Universe congruent heaps root x r[root] set[marked] left right left r[root] set[marked] left right x right left r[root] set[marked] right
![Result of merge root left x r[root] set[marked] left right left r[root] set[marked] right](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-31.jpg "Result of merge root left x r[root] set[marked] left right left r[root] set[marked] right")
Result of merge root left x r[root] set[marked] left right left r[root] set[marked] right left right r[root] set[marked] right left
![Non-congruent heaps – no merge root x r[root] set[marked] left right left r[root] set[marked]](http://slidetodoc.com/presentation_image/c81cfafafda8184b3923c45a1fbb46c0/image-32.jpg "Non-congruent heaps – no merge root x r[root] set[marked] left right left r[root] set[marked]")
Non-congruent heaps – no merge root x r[root] set[marked] left right left r[root] set[marked] left right x right left r[root] set[marked] right left r[root] set[pending] right
Definition of partially disjunctive heap abstraction n Two heaps are similar iff they are universe congruent (same canonical names) pi. C = merge universe congruent heaps pi(X) = { pi. C | C pow(X)}
Characteristics of the partially disjunctive heap abstraction 3 -valued structures partially-ordered 1. n n 2. 3. No LUB over singleton structure sets if S 1 pi S 2 pi({S 1, S 2}) = pi{S 1, S 2} else pow({S 1, S 2}) = {S 1, S 2} Retain definite values of unary predicates Size of set can be reduced exponentially
Running times
Space consumption
Related work n n Reducing cost of powerset-based analysis Function space domain construction n ESP [PLDI 02] Deutsch [PLDI 94] Widening operators [Bagnara et el. VMCAI 03]
Future work n Experiment with other similarity criteria n n n Structures with different universes Deflating operators Widening operators
Conclusions n A new (parametric) heap abstraction n Significantly more efficient than full powerset n n Partially disjunctive Merges similar abstract heap descriptors Essential for many TVLA analyses Often no loss of precision in practice
The End
Parametric partial isomorphism n n Structures S 1= U 1, I 1 and S 2= U 2, I 2 Isomorphic iff: n n n Exists bijection f : U 1 U 2 Preserves all predicate values Partially-isomorphic relative to R iff: n n n Exists bijection f : U 1 U 2 Preserves values of relational predicates A R P
No LUB over singletons A p=0 q=1 z=0 p=1 q=1 z=1/2 p=1 q=0 z=1 B p=1 q=0 z=0 p=0 q=1 z=1 p=1 q=1 z=1/2 C is an upper bound p=1/2 q=1 z=1/2 p=1 q=0 z=1/2 D is an upper bound incomparable p=1 q=1/2 z=1/2 p=0 q=1 z=1/2
- Slides: 42
