Interprocedural shape analysis for cutpoint free programs
Download
1 / 57

Interprocedural shape analysis for cutpoint-free programs - PowerPoint PPT Presentation


  • 62 Views
  • Uploaded on

Interprocedural shape analysis for cutpoint-free programs. ניתוח צורני בין-שגרתי לתוכניות נטולות נקודות-חתוך. Noam Rinetzky Tel Aviv University. Joint work with Mooly Sagiv Tel Aviv University Eran Yahav IBM Watson. Motivation. Conservative static program analysis

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Interprocedural shape analysis for cutpoint-free programs' - leane


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Interprocedural shape analysis for cutpoint free programs
Interprocedural shape analysisfor cutpoint-free programs

ניתוח צורני בין-שגרתי

לתוכניות נטולות נקודות-חתוך

Noam Rinetzky Tel Aviv University

Joint work with

Mooly Sagiv Tel Aviv University

Eran Yahav IBM Watson


Motivation
Motivation

  • Conservative static program analysis

    • (Recursive) procedures

    • Dynamically allocated data structures

  • Applications

    • Cleanness

    • Verify data structure invariants

    • Compile-time garbage collection


A crash course in abstract interpretation
A crash course in abstract interpretation

  • Static analysis: Automatic derivation of properties which hold on every execution leading to a program point

main() {

int w=0,x=0,y=0,z=0;

w = 2 + y - 1;

x = 2 + z - 1;

assert: w+x is even

}


How to handle procedures
How to handle procedures?

  • Pure functions

    • Procedure  input/output relation

    • No side-effects

main() {

int w=0,x=0,y=0,z=0;

w = inc(y);

x = inc(z);

assert: w+x is even

}

int inc(int p) {

return 2 + p - 1;

}


How to handle procedures1
How to handle procedures?

  • Pure functions

    • Procedure  input/output relation

    • No side-effects

main() {

int w=0,x=0,y=0,z=0;

w = inc(y);

x = inc(z);

assert: w+x is even

}

int inc(int p) {

return 2 + p - 1;

}


What about global variables

int g = 0;

g = p;

What about global variables?

  • Procedures have side-effects

  • Easy fix

int g = 0;

main() {

int w=0,x=0,y=0,z=0;

w = inc(y);

x = inc(z);

assert: w+x+g is even

}

int inc(int p) {

g = p;

return 2 + p - 1;

}


But what about pointers and heap

Pointers

Aliasing

Destructive update

Heap

Global resource

Anonymous objects

n

y.n=z

append(y,z)

z

But what about pointers and heap?

x.n.n ~ y

n

n

x

y

x.n.n.n ~ z

How to tabulate append?


How to tabulate procedures

q

q

q

p

p

p

n

n

n

n

x

x

t

t

n

n

y

z

How to tabulate procedures?

  • Procedure  input/output relation

    • Not reachable  Not effected

    • proc: local (reachable) heap  local heap

main() {

append(y,z);

}

append(List p, List q) {

}

n

y

z


How to handle sharing

q

q

p

p

n

n

n

n

t

t

n

n

n

y

q

p

x

z

n

n

n

n

How to handle sharing?

  • External sharing may break the functional view

main() {

append(y,z);

}

append(List p, List q) {

}

n

n

y

x

z


What s the difference

n

x

t

t

What’s the difference?

1st Example

2nd Example

append(y,z);

append(y,z);

n

n

n

y

y

x

z

z


Cutpoints
Cutpoints

  • An object is a cutpoint for an invocation

    • Reachable from actual parameters

    • Not pointed to by an actual parameter

    • Reachable without going through a parameter

append(y,z)

append(y,z)

n

n

n

n

y

y

n

n

t

t

x

z

z


Cutpoint freedom
Cutpoint freedom

  • Cutpoint-free

    • Invocation: has no cutpoints

    • Execution: every invocation is cutpoint-free

    • Program: every execution is cutpoint-free

append(y,z)

append(y,z)

n

n

n

n

x

y

t

y

t

z

x

z


Main results
Main results

  • Cutpoint freedom

  • Non-standard concrete semantics

    • Verifies that an execution is cutpoint-free

    • Local heaps

  • Interprocedural shape analysis

    • Conservatively verifies

      • program is cutpoint free

      • Desired properties

        • Partial correctness of quicksort

    • Procedure summaries

  • Prototype implementation


Plan

  • Cutpoint freedom

  • Non-standard concrete semantics

  • Interprocedural shape analysis

  • Prototype implementation


Programming model
Programming model

  • Single threaded

  • Procedures

    • Value parameters

      • Formal parameters not modified

    • Recursion

  • Heap

    • Recursive data structures

    • Destructive update

    • No explicit addressing (&)

    • No pointer arithmetic


Memory states
Memory states

  • A memory state encodes a local heap

    • Local variables of the current procedure invocation

    • Relevant part of the heap

      • Relevant  Reachable

main

append

q

p

n

n

x

t

y

z


Memory states1
Memory states

  • Represented by first-order logical structures


Memory states2
Memory states

  • Represented by first-order logical structures

q

p

n

u1

u2


Operational semantics
Operational semantics

  • Statements modify values of predicates

  • Specified by predicate-update formulae

    • Formulae in FO-TC


Procedure calls

z

x

y

q

p

n

append(y,z)

q

p

n

z

x

y

n

n

Procedure calls

append(p,q)

1. Verify cutpoint

freedom

2 Compute input

… Execute callee …

3 Combine output

append body


Procedure call 1 verifying cutpoint freedom
Procedure call: 1. Verifying cutpoint-freedom

  • An object is a cutpoint for an invocation

    • Reachable from actual parameters

    • Not pointed to by an actual parameter

    • Reachable without going through a parameter

append(y,z)

append(y,z)

n

n

n

n

y

y

n

x

x

z

z

n

t

t

Not Cutpoint free

Cutpoint free


Procedure call 1 verifying cutpoint freedom1
Procedure call: 1. Verifying cutpoint-freedom

  • Invoking append(y,z) in main

    • R{y,z}(v)=v1:y(v1)n*(v1,v)  v1:z(v1)n*(v1,v)

    • isCPmain,{y,z}(v)= R{y,z}(v)  (y(v)z(v1)) 

      ( x(v)  t(v)  v1: R{y,z}(v1)n(v1,v))

(main’s locals: x,y,z,t)

n

n

n

n

y

y

n

x

x

z

z

n

t

t

Not Cutpoint free

Cutpoint free


Procedure call 2 computing the input local heap

Input state

n

n

p

q

Procedure call: 2. Computing the input local heap

  • Retain only reachable objects

  • Bind formal parameters

Call state

n

n

y

x

z

n

t


Procedure body append p q

n

Output state

n

n

p

q

Procedure body: append(p,q)

Input state

n

n

p

q


Procedure call 3 combine output

n

n

p

q

Procedure call:3. Combine output

Output state

Call state

n

n

n

y

x

z

n

t


Procedure call 3 combine output1

n

n

y

n

z

x

n

t

Procedure call:3. Combine output

Output state

Call state

n

n

n

n

n

y

p

x

z

q

n

t

Auxiliary predicates

inUc(v)

inUx(v)


Observational equivalence
Observational equivalence

  • CPF  CPF (Cutpoint free semantics)

  • GSB  GSB (Standard semantics)

    CPF and GSBobservationally equivalent

    when for every access paths AP1, AP2

 AP1 = AP2 (CPF)  AP1 = AP2 (GSB)


Observational equivalence1
Observational equivalence

  • For cutpoint free programs:

    • CPF  CPF (Cutpoint free semantics)

    • GSB  GSB (Standard semantics)

    • CPF and GSB observationally equivalent

  • It holds that

    • st, CPF  ’CPF st, GSB  ’GSB

    • ’CPF and ’GSB are observationally equivalent


Introducing local heap semantics

Operational semantics

Abstract transformer

’

’

Introducing local heap semantics

~

Local heap Operational semantics


Plan

  • Cutpoint freedom

  • Non-standard concrete semantics

  • Interprocedural shape analysis

  • Prototype implementation


Shape abstraction
Shape abstraction

  • Abstract memory states represent unbounded concrete memory states

    • Conservatively

    • In a bounded way

    • Using 3-valued logical structures


3 valued logic
3-Valued logic

  • 1 = true

  • 0 = false

  • 1/2 = unknown

  • A join semi-lattice, 0  1 = 1/2


Canonical abstraction

z

y

n

x

n

n

n

n

t

Canonical abstraction

y

z

n

n

n

n

n

x

n

n

t


Instrumentation predicates
Instrumentation predicates

  • Record derived properties

  • Refine the abstraction

    • Instrumentation principle [SRW, TOPLAS’02]

  • Reachability is central!


Abstract memory states with reachability

z

y

n

n

n

n

n

rx

rx,ry

rz

rz

rx

x

n

n

rt

rt

t

Abstract memory states (with reachability)

z

y

n

n

n

n

n

rz

rx

rx

rx

rx,ry

rz

rz

rz

rx

rx

rx

rx,ry

rz

rz

x

n

n

rt

rt

rt

rt

rt

rt

t


The importance of reachability call append y z

z

y

n

x

n

n

n

n

t

The importance of reachability:Call append(y,z)

z

y

n

n

n

n

n

rz

rx

rx

rx

rx,ry

rz

rz

x

n

n

rt

rt

rt

t

y

z

n

n

n

n

n

x

rx

rx,ry

rz

rz

rx

n

n

rt

rt

t


Abstract semantics
Abstract semantics

  • Conservatively apply statements on abstract memory states

    • Same formulae as in concrete semantics

    • Soundness guaranteed [SRW, TOPLAS’02]


Procedure calls1

z

x

y

q

p

n

append(y,z)

q

p

n

z

x

y

n

n

Procedure calls

append(p,q)

1. Verify cutpoint

freedom

2 Compute input

… Execute callee …

3 Combine output

append body


Conservative verification of cutpoint freedom
Conservative verification of cutpoint-freedom

  • Invoking append(y,z) in main

    • R{y,z}(v)=v1:y(v1)n*(v1,v)  v1:z(v1)n*(v1,v)

    • isCPmain,{y,z}(v)= R{y,z}(v)  (y(v)z(v1)) 

      ( x(v)  t(v)  v1: R{y,z}(v1)n(v1,v))

n

n

n

n

n

ry

ry

ry

ry

rx

ry

rz

y

y

rz

n

n

n

n

z

z

x

rt

rt

rt

rt

t

t

Not Cutpoint free

Cutpoint free


Interprocedural shape analysis
Interprocedural shape analysis

p

p

x

x

y

Tabulation exits

call f(x)

y


Interprocedural shape analysis1
Interprocedural shape analysis

p

p

p

x

p

x

y

Analyze f

Tabulation exits

call f(x)

y


Interprocedural shape analysis2
Interprocedural shape analysis

  • Procedure  input/output relation

Output

Input

q

q

rq

rq

q

q

p

p

n

rq

rp

rp

rp

rq

n

q

n

p

p

q

n

n

n

rp

rp

rp

rq

rq

rp

rp


Interprocedural shape analysis3

rh

ri

rk

rg

q

q

p

p

n

rq

rp

rp

rp

rq

y

z

z

y

x

x

append(y,z)

n

ry

rx

rx

ry

ry

rz

x

x

y

y

z

z

n

n

append(y,z)

n

n

n

n

n

ry

rx

rz

rz

ry

rx

rx

rx

ry

rx

rx

rx

g

g

i

i

k

k

h

h

append(h,i)

n

n

n

rk

ri

rg

rh

rg

rh

rg

Interprocedural shape analysis

  • Reusable procedure summaries

    • Heap modularity


Plan

  • Cutpoint freedom

  • Non-standard concrete semantics

  • Interprocedural shape analysis

  • Prototype implementation


Prototype implementation
Prototype implementation

  • TVLA based analyzer

  • Soot-based Java front-end

  • Parametric abstraction



Inline vs procedural abstraction
Inline vs. Procedural abstraction

// Allocates a list of

// length 3

List create3(){

}

main() {

List x1 = create3();

List x2 = create3();

List x3 = create3();

List x4 = create3();

}


Call string vs relational vs cpf rinetzky and sagiv cc 01 jeannet et al sas 04
Call string vs. Relational vs. CPF[Rinetzky and Sagiv, CC’01] [Jeannet et al., SAS’04]


Related work
Related Work

  • Interprocedural shape analysis

    • Rinetzky and Sagiv, CC ’01

    • Chong and Rugina, SAS ’03

    • Jeannet et al., SAS ’04

    • Hackett and Rugina, POPL ’05

    • Rinetzky et al., POPL ‘05

  • Local Reasoning

    • Ishtiaq and O’Hearn, POPL ‘01

    • Reynolds, LICS ’02

  • Encapsulation

    • Noble et al. IWACO ’03

    • ...


Future work

n

n

n

ry

ry

append(y,z);

x = null;

rx

ry

y

rz

n

n

z

x

rt

rt

t

Future work

  • Bounded number of cutpoints

  • False cutpoints

    • Liveness analysis


Summary
Summary

  • Cutpoint freedom

  • Non-standard operational semantics

  • Interprocedural shape analysis

    • Partial correctness of quicksort

  • Prototype implementation


End

A Semantics for procedure local heaps and its abstraction

Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm

POPL, 2005

Interprocedural shape analysis for cutpoint-free programs

Noam Rinetzky, Mooly Sagiv, and Eran Yahav

To appear in SAS, 2005

www.cs.tau.ac.il/~maon


Quicksort list p list q

p

2

2

3

1

7

7

6

8

4

3

4

4

3

4

3

7

1

5

5

5

8

8

6

8

2

7

6

6

1

5

1

2

tl

hd

p

p

high

hd

low

tl

p

high

hd

low

tl

quickSort(List p, List q)


Quicksort

List quickSort(List p, List q) {

If(p==q || q == null)

return p;

List h = partition(p,q);

List x = p.n;

p.n = null;

List low = quickSort(h, p);

List high = quickSort(x,null);

p.n = high;

Return low;

}

p

tl

hd

8

3

5

7

6

2

1

4

hd

p

tl

Quicksort


Quicksort1

List quickSort(List p, List q) {

If(p==q || q == null)

return p;

List h = partition(p,q);

List x = p.n;

p.n = null;

List low = quickSort(h, p);

List high = quickSort(x,null);

p.n = high;

Return low;

}

p

tl

hd

8

3

5

7

6

2

1

4

hd

p

tl

p

tl

low

hd

3

5

7

6

8

2

1

4

hd

low

p

tl

Quicksort


Quicksort2

hd

p

tl

p

tl

low

hd

3

5

7

6

8

2

1

4

Quicksort

p

tl

hd

8

6

3

5

7

6

8

2

1

4

9

8

9

hd

low

p

tl

Lev Ami et. al. ISSTA’00


ad