Tvla for system code
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

TVLA for System Code PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on
  • Presentation posted in: General

TVLA for System Code. J ö rg Kreiker Helmut Seidl Vesal Vojdani TU Munich Dagstuhl , July 2009. Motivation. i-1. data. data. data. data. active objects. i. l ist. l ist. l ist. l ist. c leanup queue. queue. queue. queue. queue. i+1. struct node { t data;

Download Presentation

TVLA for System Code

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Tvla for system code

TVLA for System Code

JörgKreikerHelmut SeidlVesalVojdani

TU Munich

Dagstuhl, July 2009


Motivation

Motivation

i-1

data

data

data

data

active objects

i

list

list

list

list

cleanup queue

queue

queue

queue

queue

i+1

struct node {

t data;

structhlist_node list;

structlist_head queue;

}

garbage


Motivation1

Motivation

i-1

data

data

data

data

active objects

i

list

list

list

list

cleanup queue

queue

queue

queue

queue

i+1

structhlist_node {

structhlist_node *next;

structhlist_node **pprev;

}

garbage


Motivation2

Motivation

i-1

data

data

data

data

active objects

i

list

list

list

list

cleanup queue

queue

queue

queue

queue

i+1

  • overlapping, embedded records

  • UP (container_of, offset)

  • pointers to pointer

  • &x->s, &x, *x = y, …

garbage


Motivation3

Motivation

i-1

data

data

data

data

active objects

i

list

list

list

list

cleanup queue

queue

queue

queue

queue

i+1

  • inspired by race detecion

  • properties:

    • privatization: make data thread-local

    • cleanup queue needs no lock

    • unless there are two

  • reachability with and without UP

garbage


Fine grained memory model

Fine-grained memory model

  • TVLA

    • node : record

    • edge : dereferenced pointer-valued component

  • Fine-grained model

    • node : record component

    • edge : dereferencing

    • predicates: Var + Sel + *

    • predicate transformers only for *


Example

Example

  • standard list (3 elements)

  • hlist_node

  • node

*

*

*

next

next

x

next

*

*

*

next

next

x

next

pprev

pprev

pprev

*

*

*

list

next

pprev

queue

data

next

prev


Tvla example

TVLA example

  • indirect element deletion

for (lpp = &x; *lpp != NULL; lpp = &(*lpp)->next)

if ((*lpp)->data % 13 == 0) {

*lpp = (*lpp)->next;

break;

}

*

*

*

next

next

x

next


Coarse grained model

Coarse-grained model

  • TVLA

    • node : record

    • edge : dereferenced pointer-valued component

  • Fine-grained model

    • node : record component

    • edge : dereferencing

  • Coarse-grained

    • one node per struct

    • edge : dereference + source + target component

    • predicates : Var[π] + *[π1, π2]


Example1

Example

  • fine:

  • coarse:

data

data

data

list

list

list

queue

queue

queue

*[list.next,list]

*[list.next,list]

*[first,list]

*[list.pprev,list.next]

*[list.pprev,list.next]


Tvla example1

TVLA example

  • delete element from hlist

n = t->next;

p = t->prev;

*p = n;

if (n) n->prev = p;

next

next

pprev

pprev

pprev

*

*

*

next

x


Some r elated work

Some related work

  • Calcagno et al: Beyond Reachability: Shape Abstraction in the Presence of Pointer Arithmetic, SAS 2006

  • Berdine et al: Shape Analysis for Composite Data Structures, CAV 2007

  • Yang et al: Scalable Shape Analysis for Systems Code, CAV 2008

  • Chatterjee et al: A Reachability Predicate for Analyzing Low-Level Software, TACAS 2007

  • Gulwani, Tiwari: An Abstract Domain for Analyzing Heap-Manipulating Low-Level Software, CAV 2007

  • Gulwani et al: A Combination Framework for Tracking Partition Sizes, POPL 2009


Conclusion

Conclusion

  • fine/coarse:

    • reachability with/without UP

    • Case study: one or two lists visible

  • conservative add-on, exploit existing knowledge

  • useful for subtle race detection

  • able to deal with

    • Overlapping, embedded records

    • Deep sharing and update

    • UP

    • &x->s, *x = y, …


  • Login