Local Heap Semantics and its Applications - PowerPoint PPT Presentation

1 / 54
About This Presentation
Title:

Local Heap Semantics and its Applications

Description:

reverse: reverses. terminates. arbitrary k. What is the problem? ... Objects that separate the part of the heap a procedure can access from the rest of the heap ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 55
Provided by: NoamRi9
Category:

less

Transcript and Presenter's Notes

Title: Local Heap Semantics and its Applications


1
Local Heap Semanticsand its Applications
Noam Rinetzky Tel Aviv University
Joint work with Jörg Bauer Universität des
Saarlandes Thomas Reps University of
Wisconsin Mooly Sagiv Tel Aviv University
Reinhard Wilhelm Universität des
Saarlandes Eran Yahav IBM Watson
2
Motivation
  • Verify heap intensive programs
  • Imperative programs with procedures
  • Recursive data structures
  • Lists
  • Trees

3
Motivation
  • class List
  • List n
  • main()
  • List xnull, ynull
  • int k getLen()
  • x create(k)
  • y reverse(x)

arbitrary k
4
What is the problem?
  • Recursive procedures
  • Unbounded number of activation records
  • Dynamic allocation
  • Unbounded number of objects

5
Our approach
  • Use abstractions
  • Over-approximation algorithms
  • Effective (termination)
  • Every verified property holds (sound)
  • May not prove all properties (incomplete)

6
Main idea
  • Procedures as heap transformers

X
y
g
t
7
Main idea
  • Procedures as local heap transformers

8
Main idea
  • Procedures as local heap transformers

call p(x)
y
g
t
9
Abstract InterpretationCousot and Cousot
10
Introducing local heap semantics

Local heap Operational semantics
11
Main Results
POPL05
SAS05
  • Non standard concrete operational semantics
  • Sequential programs
  • Local heap
  • Storeless
  • Good for heap abstractions
  • Observational equivalent with standard global
    store-based heap semantics
  • E.g., Java
  • Arbitrary programs
  • Complicated
  • Restriction on aliasing
  • Simple
  • Abstractions
  • Shape Analysis singly-linked lists
  • May-alias Deutsch, PLDI 04
  • Abstractions
  • Shape Analysis singly-linked lists an trees
  • Sorting quickSort

12
Outline
  • Motivation
  • Crash course in shape analysis
  • Local heap semantics
  • Local heap abstractions

13
Collecting semantics
class List List n
x null
?
F
T
t new List()
t.nx
x t
14
Canonical abstraction
n
n
n
x
15
Shape analysis in action
class List List n
x null
?
F
T
t new List()
t.nx
x t
16
Outline
  • Motivation
  • Crash course in shape analysis
  • Local heap semantics
  • Local heap abstractions

17
Programming Model
  • Single threaded
  • Procedures
  • Value parameters
  • Recursion
  • No explicit addressing (, cast)
  • Heap
  • Recursive data structures
  • Destructive update

18
Local heaps
call f(x)
y
g
t
19
Cutpoints
?
x
call f(x)
y
g
t
20
Cutpoints
  • Objects that separate the part of the heap a
    procedure can access from the rest of the heap
  • Excluding objects pointed to by a parameter

n
n
n
x
q
n
n
y
n
n
g
zf(x)
21
Store-based semantics
  • Memory state
  • Val Addresses ? Atoms
  • Env Var ?Val
  • Heap FieldId ?Address?Val
  • Natural
  • Easy to identify cutpoint objects
  • Addresses do not affect shape


22
Storeless semantics Jonkers81
  • No addresses
  • Memory state
  • Object 2Access paths
  • Heap 2Object
  • Alias Analysis

yx
xnull
23
Storeless semantics Jonkers81
0x07
  • No addresses
  • Memory state
  • Object 2Access paths
  • Heap 2Object
  • Alias Analysis

n
n
x
x.n
x.n.n
x
yx
0x07
y.n.n
x
n
n
x y
x.n y.n
x.n.n
y
xnull
0x07
n
n
y
y.n
y.n.n
y
24
Cutpoint labels
  • Relate pre-state with post-state
  • Mark cutpoints at and throughout an invocation

25
Cutpoint labels
  • Cutpoint label the set of access paths that
    point to a cutpoint
  • when the invoked procedure starts

p.n
p
p.n.n, ?p.n.n?
p.n.n.n, ?p.n.n?.n
n
n
n
x
n
n
main
y
n
n
g
zf(x)
26
Sharing patterns
  • Cutpoint labels encode sharing patterns

p.n
p
p.n.n, ?p.n.n?
p.n.n.n, ?p.n.n?.n
n
n
n
n
n
n
x
x
n
n
y
y
n
n
n
g
g
main
main
27
Memory states
  • ?L ?CPL,A?

28
Formal semantics Ordinary statements
29
Procedure call semantics
30
Local-heap storeless semantics
p.n.n, ?p.n.n?
p.n.n.n, ?p.n.n?
x.n.n.n, y.n.n
x
call f(x)
y
g
t
31
Observational Equivalence
  • Programs cannot distinguish between global heap
    store-based semantics and local-heap storeless
    semantics
  • Same executions
  • Same observed equalities

32
Observational Equivalence
  • A local store-less state ?L and a global
    store-based ?G are observationally equivalent
    when for every access paths ?, ?
  • ? ? ?L(?L) ? ? ? ? ? G(?G)

33
Main theorem semantic equivalence
  • ?L ? ?L (Local-heap Storeless Semantics)
  • ?G ? ?G (Global-heap Store-based Semantics)
  • ?L and ?G observationally equivalent

?st, ?L? ? ?L ??st, ?G? ? ?G
LSL
GSB
?L and ?G are observationally equivalent
34
Corollaries
  • Preservation of invariants
  • Assertions ? ?
  • Detection of memory leaks

35
Outline
  • Motivation
  • Crash course in shape analysis
  • Local heap semantics
  • Local heap abstractions

36
Applications
  • Justify soundness of static analysis
  • May-alias analysis
  • Shape Analysis
  • Compile-time garbage collection

37
Shape abstraction
  • Abstract memory states represent unbounded
    concrete memory states
  • Conservatively
  • In a bounded way

38
Canonical abstraction
y
z
n
n
n
n
n
x
n
n
t
39
Canonical abstraction
y
z
n
n
n
n
n
x
n
n
n
t
40
Abstract memory states (with reachability)
y
z
n
n
n
n
n
rz
rx
rx,ry
rx
rz
rz
rx
rx
rx,ry
rx
rz
rz
rx
rz
x
n
n
rt
rt
rt
rt
rt
rt
t
41
The importance of reachabilityCall append(y,z)
z
y
n
n
n
n
n
rx
rx,ry
rx
rz
rz
rx
rz
x
n
n
rt
rt
rt
t
y
z
n
n
n
n
n
x
rx,ry
rz
rz
rx
rx
n
n
rt
rt
t
42
Cutpoints and abstraction
y1
y2
n
n
n
n
call f(x)
x
  • Unbounded state
  • Objects
  • Cutpoint labels
  • Canonical abstraction
  • Summarizes objects
  • Summarizes labels

43
Cutpoint abstraction ramifications
call f(x)
y
g
t
44
Cutpoint freedom
POPL 05
SAS 05
call p(x)
y
g
t
45
Interprocedural shape analysis
Tabulation exits
POPL05 marking cutpoint SAS05 verifying
cutpoint freedom
call f(x)
y
46
Interprocedural shape analysis
Analyze f
No tabulation
call f(x)
y
47
Prototype implementation
48
Iterative vs. Recursive (SLL)
585
49
Inline vs. Procedural abstraction
// Allocates a list of // length 3 List
create3() main() List x1
create3() List x2 create3() List x3
create3() List x4 create3()
50
Related Work
  • Interprocedural shape analysis
  • Rinetzky and Sagiv, CC 01
  • Chong and Rugina, SAS 03
  • Jeannet et al., SAS 04
  • Hackett and Rugina, POPL 05
  • Local Reasoning
  • Ishtiaq and OHearn, POPL 01
  • Reynolds, LICS 02
  • Encapsulation
  • Noble et al. IWACO 03
  • ...

51
Cutpoint-freedom as dynamic ownership
h
n
n
n
x
n
n
y
n
g
zf(x, y)
52
Cutpoint-freedom as dynamic ownership
h
n
n
n
x
n
n
y
n
g
zf(x, y)
53
Conclusions
  • Local heap operational semantics
  • Deterministic
  • Storeless
  • Observationally equivalent to standard semantics
  • Fully abstract
  • Abstractions
  • Cutpoint free programs
  • Type base abstractions for cutpoints
  • Cutpoint-profiler Shachar Rubinstein , MSc.

54
End
A Semantics for procedure local heaps and its
abstraction Noam Rinetzky, Jörg Bauer, Thomas
Reps, Mooly Sagiv, and Reinhard Wilhelm POPL,
2005
Interprocedural shape analysis for cutpoint-free
programs Noam Rinetzky, Mooly Sagiv, and Eran
Yahav SAS, 2005
www.cs.tau.ac.il/maon
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Local Heap Semantics and its Applications" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!