1 / 24

Analyzing Memory Resource Bounds for Low-Level Programs

Analyzing Memory Resource Bounds for Low-Level Programs. Wei-Ngan Chin 1 Huu Hai Nguyen 1 Corneliu Popeea 1 Shengchao Qin 2 1 National Univ. of Singapore 2 Durham University, UK. Motivation: Memory Bounds Analysis.

jalena
Download Presentation

Analyzing Memory Resource Bounds for Low-Level Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analyzing Memory Resource Bounds for Low-Level Programs Wei-Ngan Chin1 Huu Hai Nguyen1 Corneliu Popeea1 Shengchao Qin2 1National Univ. of Singapore 2Durham University, UK ISMM 2008

  2. Motivation: Memory Bounds Analysis • Given a piece of program code, how much memory will it require for safe execution? • Can we know the answer before execution? • Applications: • Resource constrained embedded devices (limited memory footprint) • Safety critical systems ISMM 2008

  3. Simple Example • Given a method: int foo (int n) { if (n <= 0) { return 1; } else { c x = new c(); c y = new c(); int v = 2+foo(n-1); dispose(x); return v; } } • Derive an upper-bound for the use of: • stack memory • heap memory ISMM 2008

  4. What Programs to Analzye? • Three design decisions: • low level programs: more accurate bounds analysis. • structured control flow: recovered if not available. • how to model heap recovery? (next slide) P ::= M1, … , Mn M ::= t m(t1, ... , tn) { E } E ::= Cmd | E1; E2 | if E1 E2 | while E Cmd ::= load<t> i | store<t> i | invoke m | const<t> k | new c | dispose c method definition method invocation ISMM 2008 object deallocation

  5. Heap Recovery • Possible solutions for analyzing heap recovery: • use explicit memory disposal. • use region-based memory management. • Both solutions over-approximate the recovery that can be achieved via GC. • Rely on an analysis that inserts dispose commands (Chin-et-al:SAS05) • alias annotations for object fields and methods • not for cyclic data structures • May achieve finer-grained heap recovery. ISMM 2008

  6. Highlights of Our Work • Derive both stack and heap bounds with similar apparatus. • Automatic and sound analysis of recursion. • Precision and efficiency: • relational analysis for low-level code. • disjunctive invariants for “bounds analysis”. ISMM 2008

  7. Overview of Our Solution • A multi-pass analysis • automatically infers memory bounds in a modular way 2.abstract state 4. heap usage + heap bound t m(t1, .. , tn) F; Á; S; H; M {..} 1.frame bound 3.stack bound ISMM 2008

  8. 1. Frame Bound Inference • Stack Frames • Simple analysis: l, ¡`F E Ã A, ¡1, p • Embed the current top frame pointer p at each program point: ISMM 2008

  9. 2. Abstract State Inference • The abstract states expressed as Presburger formula over values on the stack [p,..,1] : • The inference rule: • Abstract states inserted at each program point: Presburger formula Boolean expression arithmetic expression State before State after ISMM 2008

  10. Abstract State Inference: Some Rules make use of top frame pointer p ½ - substitution from formals to actual arguments Ápo - postcondition of callee m derive state after call ISMM 2008

  11. 3. Stack Bound Inference • Problem: infer stack bound for each method. each elem. denotes a bounds when g is true S - stack bound from method body F - minimum stack bound fixpoint computation ISMM 2008

  12. Stack Bound Inference: Some Rules retrieve stack bound of callee m1 the position where new frame is built incorporate guarded formula w/ current state tail call optimization ISMM 2008

  13. 4. Heap Inference • H and M are guarded form: • H / H1 heap usage before/after execution of B • M heap bound heap effect heap effect ISMM 2008

  14. Example: Fixpoint Analysis • Simple example: int foo (int n) { if (n <= 0) { return 1; } else { c x = new c(); c y = new c(); int v = 2+foo(n-1); dispose(x); return v; } } • First step: build a constraint abstraction rec(n,r) = (n·0 Æ r=1) Ç (9r1¢ n>0 Æ rec(n-1,r1) Æ r=2+r1) • Next step: derive approximation for its fixpoint. ISMM 2008

  15. Fixpoint Analysis for Abstract State • Use disjunctive polyhedron abstract domain: • selective hulling: combines related disjuncts. • widening: ensures termination of fixpoint analysis. rec1(n,r) = (n·0 Æ r=1) Ç (9r1¢ n>0 Æ rec0(n-1,r1) Æ r=2+r1) = (n·0 Æ r=1) rec2(n,r) = (n·0 Æ r=1) Ç (9r1¢ n>0 Æ rec1(n-1,r1) Æ r=2+r1) = (n·0 Æ r=1) Ç (0 < n · 1 Æ r=2+1) rec3(n,r) = (n·0 Æ r=1) Ç (n=1 Æ r=3) Ç (n=2 Æ r=5) =h (n·0 Æ r=1) Ç (0 < n · 2 Æ r=2n+1) =w (n·0 Æ r=1) Ç (0 < n Æ r=2n+1) false ISMM 2008

  16. Fixpoint Analysis: Memory Bounds • Constraint abstraction: recM(n) = {n·0  {(c,0)}} [ ({n>0  {(c,2)}} + recM(n-1)) • Derive fixpoint: recM(n) = {n·0  {(c,0)}} [ {n>0  {(c,2n)}} • A similar analysis derives the stack bound. ISMM 2008

  17. Soundness • Safety theorem: • given memory resources equal to (or more than) its inferred bounds, each method always executes without error due to insufficient memory. ISMM 2008

  18. Experiments • A prototype system built in Haskell language. • Omega library + disjunctive fixpoint analyzer. • Small numerical programs (upto 2kloc). ISMM 2008

  19. Related Work • Hughes-Pareto:ICFP99, Hofmann-Jost:POPL03 • for first-order functional languages. • Cachera-et-al:FM05 - for Java bytecode • certifies that memory is bounded (but not what bound) • Albert-et-al:ESOP07 - for Java bytecode: • derives (only) heap bounds. • heap recovery via escape analysis. • Braberman-et-al:ISMM08 - Java-like programs: • expressive heap bounds (polynomial expressions). • heap recovery via region-based memory management. • loop invariants inferred dynamically + user annotations. ISMM 2008

  20. Conclusion • A sound inference system to predict the amount of memory space needed: • Can infer upper bounds for stack and heap spaces. • Uses guarded formulae to track both usage and upper bounds in a path sensitive manner. • Uses fixpoint analysis in the polyhedron domain to handle both recursion and loops. • Prototype system used to infer memory bounds for a set of benchmark programs. ISMM 2008

  21. Thank you! ISMM 2008

  22. References • J. Hughes and L. Pareto. Recursion and Dynamic Data-Structures in Bounded Space: Towards Embedded ML Programming [ICFP99] • M. Hofmann and S. Jost. Static prediction of heap space usage for first order functional programs [POPL03] • D. Cachera, T. Jensen, D. Pichardie, and G. Schneider. Certified Memory Usage Analysis [FM05] • W.N. Chin, H.H. Nguyen, S.C. Qin, and M. Rinard. Memory Usage Verification for OO Programs [SAS05] • C. Popeea and W.N. Chin. Inferring disjunctive postconditions [ASIAN06] • E. Albert, P. Arenas, S. Genaim, G. Puebla, and D. Zanardini. Cost Analysis of Java Bytecode [ESOP07] • V. Braberman, F. Fernandez, D. Garbervetsky, and S. Yovine. Parametric Prediction of Heap Memory Requirements [ISMM08] ISMM 2008

  23. Discussion: Abstract States for Objects • Inference of abstract states for heap allocated objects not included in the paper • Challenge: objects that are mutable & shareable • We provided an alias type system which can identify two groups of trackable objects: • Unique references whose abstract states may change • Immutable references whose abstract states are immutable (but can be freely shared) • In current work, abstract states are mainly size-related properties. ISMM 2008

  24. Abstract States for Objects: An Example Height of tree No. of nodes Analysis result for method height Analysis result for mehtod sum ISMM 2008

More Related