1 / 57

# Interprocedural shape analysis for cutpoint-free programs - PowerPoint PPT Presentation

Interprocedural shape analysis for cutpoint-free programs. ניתוח צורני בין-שגרתי לתוכניות נטולות נקודות-חתוך. Noam Rinetzky Tel Aviv University. Joint work with Mooly Sagiv Tel Aviv University Eran Yahav IBM Watson. Motivation. Conservative static program analysis

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' Interprocedural shape analysis for cutpoint-free programs' - leane

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Interprocedural shape analysisfor cutpoint-free programs

ניתוח צורני בין-שגרתי

לתוכניות נטולות נקודות-חתוך

Noam Rinetzky Tel Aviv University

Joint work with

Mooly Sagiv Tel Aviv University

Eran Yahav IBM Watson

• Conservative static program analysis

• (Recursive) procedures

• Dynamically allocated data structures

• Applications

• Cleanness

• Verify data structure invariants

• Compile-time garbage collection

• Static analysis: Automatic derivation of properties which hold on every execution leading to a program point

main() {

int w=0,x=0,y=0,z=0;

w = 2 + y - 1;

x = 2 + z - 1;

assert: w+x is even

}

• Pure functions

• Procedure  input/output relation

• No side-effects

main() {

int w=0,x=0,y=0,z=0;

w = inc(y);

x = inc(z);

assert: w+x is even

}

int inc(int p) {

return 2 + p - 1;

}

• Pure functions

• Procedure  input/output relation

• No side-effects

main() {

int w=0,x=0,y=0,z=0;

w = inc(y);

x = inc(z);

assert: w+x is even

}

int inc(int p) {

return 2 + p - 1;

}

g = p;

• Procedures have side-effects

• Easy fix

int g = 0;

main() {

int w=0,x=0,y=0,z=0;

w = inc(y);

x = inc(z);

assert: w+x+g is even

}

int inc(int p) {

g = p;

return 2 + p - 1;

}

Aliasing

Destructive update

Heap

Global resource

Anonymous objects

n

y.n=z

append(y,z)

z

But what about pointers and heap?

x.n.n ~ y

n

n

x

y

x.n.n.n ~ z

How to tabulate append?

q

q

p

p

p

n

n

n

n

x

x

t

t

n

n

y

z

How to tabulate procedures?

• Procedure  input/output relation

• Not reachable  Not effected

• proc: local (reachable) heap  local heap

main() {

append(y,z);

}

append(List p, List q) {

}

n

y

z

q

p

p

n

n

n

n

t

t

n

n

n

y

q

p

x

z

n

n

n

n

How to handle sharing?

• External sharing may break the functional view

main() {

append(y,z);

}

append(List p, List q) {

}

n

n

y

x

z

x

t

t

What’s the difference?

1st Example

2nd Example

append(y,z);

append(y,z);

n

n

n

y

y

x

z

z

• An object is a cutpoint for an invocation

• Reachable from actual parameters

• Not pointed to by an actual parameter

• Reachable without going through a parameter

append(y,z)

append(y,z)

n

n

n

n

y

y

n

n

t

t

x

z

z

• Cutpoint-free

• Invocation: has no cutpoints

• Execution: every invocation is cutpoint-free

• Program: every execution is cutpoint-free

append(y,z)

append(y,z)

n

n

n

n

x

y

t

y

t

z

x

z

• Cutpoint freedom

• Non-standard concrete semantics

• Verifies that an execution is cutpoint-free

• Local heaps

• Interprocedural shape analysis

• Conservatively verifies

• program is cutpoint free

• Desired properties

• Partial correctness of quicksort

• Procedure summaries

• Prototype implementation

• Cutpoint freedom

• Non-standard concrete semantics

• Interprocedural shape analysis

• Prototype implementation

• Procedures

• Value parameters

• Formal parameters not modified

• Recursion

• Heap

• Recursive data structures

• Destructive update

• No pointer arithmetic

• A memory state encodes a local heap

• Local variables of the current procedure invocation

• Relevant part of the heap

• Relevant  Reachable

main

append

q

p

n

n

x

t

y

z

• Represented by first-order logical structures

• Represented by first-order logical structures

q

p

n

u1

u2

• Statements modify values of predicates

• Specified by predicate-update formulae

• Formulae in FO-TC

x

y

q

p

n

append(y,z)

q

p

n

z

x

y

n

n

Procedure calls

append(p,q)

1. Verify cutpoint

freedom

2 Compute input

… Execute callee …

3 Combine output

append body

Procedure call: 1. Verifying cutpoint-freedom

• An object is a cutpoint for an invocation

• Reachable from actual parameters

• Not pointed to by an actual parameter

• Reachable without going through a parameter

append(y,z)

append(y,z)

n

n

n

n

y

y

n

x

x

z

z

n

t

t

Not Cutpoint free

Cutpoint free

Procedure call: 1. Verifying cutpoint-freedom

• Invoking append(y,z) in main

• R{y,z}(v)=v1:y(v1)n*(v1,v)  v1:z(v1)n*(v1,v)

• isCPmain,{y,z}(v)= R{y,z}(v)  (y(v)z(v1)) 

( x(v)  t(v)  v1: R{y,z}(v1)n(v1,v))

(main’s locals: x,y,z,t)

n

n

n

n

y

y

n

x

x

z

z

n

t

t

Not Cutpoint free

Cutpoint free

n

n

p

q

Procedure call: 2. Computing the input local heap

• Retain only reachable objects

• Bind formal parameters

Call state

n

n

y

x

z

n

t

Output state

n

n

p

q

Procedure body: append(p,q)

Input state

n

n

p

q

n

p

q

Procedure call:3. Combine output

Output state

Call state

n

n

n

y

x

z

n

t

n

y

n

z

x

n

t

Procedure call:3. Combine output

Output state

Call state

n

n

n

n

n

y

p

x

z

q

n

t

Auxiliary predicates

inUc(v)

inUx(v)

• CPF  CPF (Cutpoint free semantics)

• GSB  GSB (Standard semantics)

CPF and GSBobservationally equivalent

when for every access paths AP1, AP2

 AP1 = AP2 (CPF)  AP1 = AP2 (GSB)

• For cutpoint free programs:

• CPF  CPF (Cutpoint free semantics)

• GSB  GSB (Standard semantics)

• CPF and GSB observationally equivalent

• It holds that

• st, CPF  ’CPF st, GSB  ’GSB

• ’CPF and ’GSB are observationally equivalent

Abstract transformer

’

’

Introducing local heap semantics

~

Local heap Operational semantics

• Cutpoint freedom

• Non-standard concrete semantics

• Interprocedural shape analysis

• Prototype implementation

• Abstract memory states represent unbounded concrete memory states

• Conservatively

• In a bounded way

• Using 3-valued logical structures

• 1 = true

• 0 = false

• 1/2 = unknown

• A join semi-lattice, 0  1 = 1/2

y

n

x

n

n

n

n

t

Canonical abstraction

y

z

n

n

n

n

n

x

n

n

t

• Record derived properties

• Refine the abstraction

• Instrumentation principle [SRW, TOPLAS’02]

• Reachability is central!

y

n

n

n

n

n

rx

rx,ry

rz

rz

rx

x

n

n

rt

rt

t

Abstract memory states (with reachability)

z

y

n

n

n

n

n

rz

rx

rx

rx

rx,ry

rz

rz

rz

rx

rx

rx

rx,ry

rz

rz

x

n

n

rt

rt

rt

rt

rt

rt

t

y

n

x

n

n

n

n

t

The importance of reachability:Call append(y,z)

z

y

n

n

n

n

n

rz

rx

rx

rx

rx,ry

rz

rz

x

n

n

rt

rt

rt

t

y

z

n

n

n

n

n

x

rx

rx,ry

rz

rz

rx

n

n

rt

rt

t

• Conservatively apply statements on abstract memory states

• Same formulae as in concrete semantics

• Soundness guaranteed [SRW, TOPLAS’02]

x

y

q

p

n

append(y,z)

q

p

n

z

x

y

n

n

Procedure calls

append(p,q)

1. Verify cutpoint

freedom

2 Compute input

… Execute callee …

3 Combine output

append body

• Invoking append(y,z) in main

• R{y,z}(v)=v1:y(v1)n*(v1,v)  v1:z(v1)n*(v1,v)

• isCPmain,{y,z}(v)= R{y,z}(v)  (y(v)z(v1)) 

( x(v)  t(v)  v1: R{y,z}(v1)n(v1,v))

n

n

n

n

n

ry

ry

ry

ry

rx

ry

rz

y

y

rz

n

n

n

n

z

z

x

rt

rt

rt

rt

t

t

Not Cutpoint free

Cutpoint free

p

p

x

x

y

Tabulation exits

call f(x)

y

p

p

p

x

p

x

y

Analyze f

Tabulation exits

call f(x)

y

• Procedure  input/output relation

Output

Input

q

q

rq

rq

q

q

p

p

n

rq

rp

rp

rp

rq

n

q

n

p

p

q

n

n

n

rp

rp

rp

rq

rq

rp

rp

rh

ri

rk

rg

q

q

p

p

n

rq

rp

rp

rp

rq

y

z

z

y

x

x

append(y,z)

n

ry

rx

rx

ry

ry

rz

x

x

y

y

z

z

n

n

append(y,z)

n

n

n

n

n

ry

rx

rz

rz

ry

rx

rx

rx

ry

rx

rx

rx

g

g

i

i

k

k

h

h

append(h,i)

n

n

n

rk

ri

rg

rh

rg

rh

rg

Interprocedural shape analysis

• Reusable procedure summaries

• Heap modularity

• Cutpoint freedom

• Non-standard concrete semantics

• Interprocedural shape analysis

• Prototype implementation

• TVLA based analyzer

• Soot-based Java front-end

• Parametric abstraction

// Allocates a list of

// length 3

List create3(){

}

main() {

List x1 = create3();

List x2 = create3();

List x3 = create3();

List x4 = create3();

}

Call string vs. Relational vs. CPF[Rinetzky and Sagiv, CC’01] [Jeannet et al., SAS’04]

• Interprocedural shape analysis

• Rinetzky and Sagiv, CC ’01

• Chong and Rugina, SAS ’03

• Jeannet et al., SAS ’04

• Hackett and Rugina, POPL ’05

• Rinetzky et al., POPL ‘05

• Local Reasoning

• Ishtiaq and O’Hearn, POPL ‘01

• Reynolds, LICS ’02

• Encapsulation

• Noble et al. IWACO ’03

• ...

n

n

ry

ry

append(y,z);

x = null;

rx

ry

y

rz

n

n

z

x

rt

rt

t

Future work

• Bounded number of cutpoints

• False cutpoints

• Liveness analysis

• Cutpoint freedom

• Non-standard operational semantics

• Interprocedural shape analysis

• Partial correctness of quicksort

• Prototype implementation

A Semantics for procedure local heaps and its abstraction

Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm

POPL, 2005

Interprocedural shape analysis for cutpoint-free programs

Noam Rinetzky, Mooly Sagiv, and Eran Yahav

To appear in SAS, 2005

www.cs.tau.ac.il/~maon

2

2

3

1

7

7

6

8

4

3

4

4

3

4

3

7

1

5

5

5

8

8

6

8

2

7

6

6

1

5

1

2

tl

hd

p

p

high

hd

low

tl

p

high

hd

low

tl

quickSort(List p, List q)

If(p==q || q == null)

return p;

List h = partition(p,q);

List x = p.n;

p.n = null;

List low = quickSort(h, p);

List high = quickSort(x,null);

p.n = high;

Return low;

}

p

tl

hd

8

3

5

7

6

2

1

4

hd

p

tl

Quicksort

If(p==q || q == null)

return p;

List h = partition(p,q);

List x = p.n;

p.n = null;

List low = quickSort(h, p);

List high = quickSort(x,null);

p.n = high;

Return low;

}

p

tl

hd

8

3

5

7

6

2

1

4

hd

p

tl

p

tl

low

hd

3

5

7

6

8

2

1

4

hd

low

p

tl

Quicksort

p

tl

p

tl

low

hd

3

5

7

6

8

2

1

4

Quicksort

p

tl

hd

8

6

3

5

7

6

8

2

1

4

9

8

9

hd

low

p

tl

Lev Ami et. al. ISSTA’00