View
216
Download
0
Tags:
Embed Size (px)
Citation preview
A Semantics for Procedure Local Heapsand its Abstractions
Noam Rinetzky Tel Aviv UniversityJörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes
Motivation
• Interprocedural shape analysis• Conservative static pointer analysis• Heap intensive programs
• Imperative programs with procedures• Recursive data structures
• Challenge• Destructive update• Localized effect of procedures
Main Results
• Concrete operational semantics• Large step
• Functional analysis• Storeless
• Shape abstractions• Local heap• Observationally equivalent to “standard” semantics
• Java and “clean” C
• Abstractions• Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02]• May-alias [Deutsch, PLDI ‘94]• …
Outline
• Motivating example• Local heaps• Cutpoints
• Why semantics• Local heap storeless semantics • Shape abstraction
static List reverse(List t) {
}
static void main() {
}
Example
p nn
t rn nn
List x = reverse(p);
return r;
nnt
List y = reverse(q);List z = reverse(x);
…
n nn
t rn nn
p x
nn
q nn
q
static List reverse(List t) {
}
static void main() {
}
Example
List y = reverse(q);
return r;List z = reverse(x);
List x = reverse(p);n
nt
t rn nnt rn nn
n nn
p x
q y
nn
nnt
q nn
n nn
p x
n nn
static List reverse(List t) {
}
static void main() {
}
Example
return r;
nnt
t rn nnt rn nn
n nn
p x
x z
n nn
p x
List z = reverse(x);
List x = reverse(p);List y = reverse(q);
q yn nn
n nn t
n nn t
q yn nn
pn n
n
• Separating objects • Not pointed-to by a parameter
xn n
nn n
n
n y
Cutpoints
p x nn n
nn n
n
proc(x)
Stack sharing Heap sharing
proc(x)
• Separating objects • Not pointed-to by a parameter
• Capture external sharing patterns
xn n
nn n
n
n y
Cutpoints
p x nn n
nn n
n
proc(x)
Stack sharing Heap sharing
proc(x)
static List reverse(List t) {
}
static void main() {
}
Example
return r;
r tn nnr tn nn
n nn
p x
z x
n nn
p x
List z = reverse(x);
List x = reverse(p);List y = reverse(q);
q yn nn
n nn t
q yn nn
pn n
n
Introducing local heap semantics
Operational semantics
Abstract transformer
Local heap Operational semantics
~’ ’
Programming model
• Single threaded• Procedures
Value parametersRecursion
• Heap Recursive data structuresDestructive update No explicit addressing (&) No pointer arithmetic
Storeless semantics
• No addresses• Memory state:
• Object: 2Access paths
• Heap: 2Object
• Alias analysis
y=x
xn n
x x.n x.n.n
x=null
x n nxy
x.ny.n
x.n.ny.n.ny
yn ny y.n y.n.n
static void main() {
}
static List reverse(List t) {
return r;}
Example
x
List z = reverse(x);
p x.n.nn nx.n.n.n
pxx.n
n
y.n.nq
nyy.n
n yq y.n.nq
nyy.n
n yq
t.n.nt.n.n.n tt.n
t.n.nn n
t.n.n.n tt.nn t
tn n nList x = reverse(p);List y = reverse(q);
r.nn n
rt
r.n.n.nr.n.n
n t
rr.n
n nr
tr.n.n.n
r.n.nn t
r
z.nn n
zx
z.n.n.nz.n.n
nz x
p?
static void main() {
}
static List reverse(List t) {
return r;}
Example
x
List z = reverse(x);
p x.n.nn nx.n.n.n
pxx.n
n
y.n.nq
nyy.n
n yq y.n.nq
nyy.n
n yq
t.n.nt.n.n.n
L t t.n
t.n.nn nt.n.n.n
Ltt.n
nL t
L tn n nList x = reverse(p);List y = reverse(q);
L.nr.n
n nLr
t L.n.n.nr.n.n.n
L.n.nr.n.n
nL t
r
L.nr.n
n nLr
t L.n.n.nr.n.n.n
L.n.nr.n.n
n tL
r
p.nz.n
n npz
x p.n.n.nz.n.n.n
p.n.nz.n.n
nz xp p.np p.n.n p.n.n.n
Cutpoint labels
• Relate pre-state with post-state• Additional roots • Mark cutpoints at and throughout an
invocation
Cutpoint labels
• Cutpoint label: the set of access paths that point to a cutpoint • when the invoked procedure starts
L t.n.nt.n.n.n
L t t.n t
L {t.n.n.n}
Sharing patterns
• Cutpoint labels encode sharing patterns
L tt.n.nn nt.n.n.n
L tt.n
n L tt.n.nn nt.n.n.n
L tt.n
n
p wn
ww.nn
L {t.n.n.n}
Stack sharing Heap sharing
Observational equivalence
L L (Local-heap Storeless Semantics)
G G (Global-heap Store-based Semantics)
L and G observationally equivalent
when for every access paths AP1, AP2
AP1 = AP2 (L) AP1 = AP2 (G)
Main theorem: semantic equivalence
L L (Local-heap Storeless Semantics)
G G (Global-heap Store-based Semantics)
L and G observationally equivalent
st, L ’L st, G ’G’L and ’G are observationally equivalent
LSL GSB
Applications
• Develop new static analyses • Shape analysis
• Justify soundness of existing analyses• May-alias analysis [TAU-TR-26/04]
Shape abstraction
• Shape descriptors represent unbounded memory states• Conservatively• In a bounded way
• Two dimensions• Local heap (objects)• Sharing pattern (cutpoint labels)
A Shape abstraction
LrL
t, r.nL.n
r.nL.n
t
L=*
r n n
n
Lr.nL.n
rL
t, r.n.n.nL.n.n.n
r.n.nL.n.n
t
L={t.n.n.n}
r n n n
A Shape abstraction
rL
t, r.nL.n
r.nL.n
t
L=*
rn n
n
L1
r.nL1.n
rL1
t, r.n.n.nL1.n.n.n
r.n.nL1.n.n
t
L1={t.n.n.n}
r n n n
L2={g.n.n.n}
L2
d.nL2.n
dL2
g, d.n.n.nL2.n.n.n
d.n.nL2.n.n
gd n n n
L
dL
t, d.nL.n
d.nL.n
td n nn
Application (joint work with Eran Yahav)
• A framework for shape analysis using local heaps
• Parametric abstraction• Local heap (lists, trees, …)• Sharing patterns
Application
• Properties proved• Absence of null dereferences• Listness preservation• API conformance
• Recursive Iterative• Procedural abstraction
Related work
• Interprocedural shape analysis• Rinetzky and Sagiv, CC ’01
• Global heap
• Jeannet et al., SAS ’04 • Local heap, relational
• Chong and Rugina, SAS ’03• Local heap
• Hackett and Rugina, POPL ’05• Next talk …
Summary
• Operational semantics • Storeless • Local heap• Cutpoints • Equivalence theorem
• Applications • Shape analysis• May-alias analysis
End
www.cs.tau.ac.il/~maon
A Semantics for procedure local heaps and its abstraction
Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm
AVACS Technical Report 1
Interprocedural functional shape analysis using local heaps
Noam Rinetzky, Mooly Sagiv, and Eran Yahav
School of Computer Science, Tel Aviv University, Technical Report 26/04