1 / 48

Joint work with Josh Berdine, Byron Cook, and Mooly Sagiv

caesar
Download Presentation

Joint work with Josh Berdine, Byron Cook, and Mooly Sagiv

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Joint work with Josh Berdine, Byron Cook, and Mooly Sagiv

    2. Heap analysis for multithreaded programs

    3. Enumerate interleavings using a sequential heap analysis Conventional approach [Yahav 2001]:

    4. Idea

    5. Example

    6. Example

    7. Example

    8. Example

    9. Example

    10. Example

    11. Example

    12. Example

    13. Example

    14. Example

    15. Example Lock protects the part of the heap reachable from a set of variables also protected by the lock: entry points Reasonable guess: variables that are accessed only when the lock is held Can be determined by correlation analyses: Locksmith, Eraser, ...

    16. Example

    17. Example

    18. Example

    19. Example

    20. Example

    21. Example

    22. Example

    23. Example

    24. Example

    25. Example

    26. Example

    27. Example

    28. Example

    29. Example

    30. Example

    31. Example

    32. Example

    33. Example

    34. Example

    35. Example

    36. Example

    37. Abstract interpretation

    38. Abstract interpretation with state separation

    39. Local functions [Calcagno+ 2007]

    40. Abstract interpretation with state separation

    41. Soundness

    43. Concurrent separation logic [O’Hearn 2004]

    44. Aren’t we computing proofs in CSL? Resource invariants computed by the analysis aren’t precise Analysis’s underlying logic is different from CSL: has no conjunction rule and no precision restriction We define the logic and the analysis and prove them sound together Can get conjunction rule back if heuristics for heap splitting are semantically robust

    45. What about dynamically-allocated locks? Unbounded numbers of locks – a finite number of invariants Abstract domain extended with elements representing locks with a given invariant Concurrent separation logic extended appropriately Details in [APLAS’07] Joint work with Noam Rinetzky

    46. What about dynamic thread creation?

    47. What about fine-grained concurrency? Thread-modular analysis works well on programs with coarse-grained synchronisation Fine-grained synchronisation: Allow abstract states to describe different views of the same global heap Uses conjunction rule to compute transfer functions Next talk! Apply rely-guarantee reasoning on the shared part of the heap Uses RGSep – combination of rely-guarantee and separation logic Ongoing work by Vafeiadis and Yang

    48. Thread-modular heap analysis Scalable unlike enumerating interleavings Sound and precise in the presence of deep heap update unlike most race-detection analyses Handles ownership transfer unlike ownership type systems Fully automatic unlike systems based on VC generation

More Related