1 / 57

Interprocedural shape analysis for cutpoint-free programs

This research explores conservative static program analysis for procedures's effects, heap management, and cutpoint-free program execution, aiming for partial correctness and program verification. The study includes prototype implementations and non-standard concrete semantics.

michealbell
Download Presentation

Interprocedural shape analysis for cutpoint-free programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Interprocedural shape analysisfor cutpoint-free programs ניתוח צורני בין-שגרתי לתוכניות נטולות נקודות-חתוך Noam Rinetzky Tel Aviv University Joint work with Mooly Sagiv Tel Aviv University Eran Yahav IBM Watson

  2. Motivation • Conservative static program analysis • (Recursive) procedures • Dynamically allocated data structures • Applications • Cleanness • Verify data structure invariants • Compile-time garbage collection • …

  3. A crash course in abstract interpretation • Static analysis: Automatic derivation of properties which hold on every execution leading to a program point main() { int w=0,x=0,y=0,z=0; w = 2 + y - 1; x = 2 + z - 1; assert: w+x is even }

  4. How to handle procedures? • Pure functions • Procedure  input/output relation • No side-effects main() { int w=0,x=0,y=0,z=0; w = inc(y); x = inc(z); assert: w+x is even } int inc(int p) { return 2 + p - 1; }

  5. How to handle procedures? • Pure functions • Procedure  input/output relation • No side-effects main() { int w=0,x=0,y=0,z=0; w = inc(y); x = inc(z); assert: w+x is even } int inc(int p) { return 2 + p - 1; }

  6. int g = 0; g = p; What about global variables? • Procedures have side-effects • Easy fix int g = 0; main() { int w=0,x=0,y=0,z=0; w = inc(y); x = inc(z); assert: w+x+g is even } int inc(int p) { g = p; return 2 + p - 1; }

  7. Pointers Aliasing Destructive update Heap Global resource Anonymous objects n y.n=z append(y,z) z But what about pointers and heap? x.n.n ~ y n n x y x.n.n.n ~ z How to tabulate append?

  8. q q q p p p n n n n x x t t n n y z How to tabulate procedures? • Procedure  input/output relation • Not reachable  Not effected • proc: local (reachable) heap  local heap main() { append(y,z); } append(List p, List q) { … } n y z

  9. q q p p n n n n t t n n n y q p x z n n n n How to handle sharing? • External sharing may break the functional view main() { append(y,z); } append(List p, List q) { … } n n y x z

  10. n x t t What’s the difference? 1st Example 2nd Example append(y,z); append(y,z); n n n y y x z z

  11. Cutpoints • An object is a cutpoint for an invocation • Reachable from actual parameters • Not pointed to by an actual parameter • Reachable without going through a parameter append(y,z) append(y,z) n n n n y y n n t t x z z

  12. Cutpoint freedom • Cutpoint-free • Invocation: has no cutpoints • Execution: every invocation is cutpoint-free • Program: every execution is cutpoint-free append(y,z) append(y,z) n n n n x y t y t z x z

  13. Main results • Cutpoint freedom • Non-standard concrete semantics • Verifies that an execution is cutpoint-free • Local heaps • Interprocedural shape analysis • Conservatively verifies • program is cutpoint free • Desired properties • Partial correctness of quicksort • Procedure summaries • Prototype implementation

  14. Plan • Cutpoint freedom • Non-standard concrete semantics • Interprocedural shape analysis • Prototype implementation

  15. Programming model • Single threaded • Procedures • Value parameters • Formal parameters not modified • Recursion • Heap • Recursive data structures • Destructive update • No explicit addressing (&) • No pointer arithmetic

  16. Memory states • A memory state encodes a local heap • Local variables of the current procedure invocation • Relevant part of the heap • Relevant  Reachable main append q p n n x t y z

  17. Memory states • Represented by first-order logical structures

  18. Memory states • Represented by first-order logical structures q p n u1 u2

  19. Operational semantics • Statements modify values of predicates • Specified by predicate-update formulae • Formulae in FO-TC

  20. z x y q p n append(y,z) q p n z x y n n Procedure calls append(p,q) 1. Verify cutpoint freedom 2 Compute input … Execute callee … 3 Combine output append body

  21. Procedure call: 1. Verifying cutpoint-freedom • An object is a cutpoint for an invocation • Reachable from actual parameters • Not pointed to by an actual parameter • Reachable without going through a parameter append(y,z) append(y,z) n n n n y y n x x z z n t t Not Cutpoint free Cutpoint free

  22. Procedure call: 1. Verifying cutpoint-freedom • Invoking append(y,z) in main • R{y,z}(v)=v1:y(v1)n*(v1,v)  v1:z(v1)n*(v1,v) • isCPmain,{y,z}(v)= R{y,z}(v)  (y(v)z(v1))  ( x(v)  t(v)  v1: R{y,z}(v1)n(v1,v)) (main’s locals: x,y,z,t) n n n n y y n x x z z n t t Not Cutpoint free Cutpoint free

  23. Input state n n p q Procedure call: 2. Computing the input local heap • Retain only reachable objects • Bind formal parameters Call state n n y x z n t

  24. n Output state n n p q Procedure body: append(p,q) Input state n n p q

  25. n n p q Procedure call:3. Combine output Output state Call state n n n y x z n t

  26. n n y n z x n t Procedure call:3. Combine output Output state Call state n n n n n y p x z q n t Auxiliary predicates inUc(v) inUx(v)

  27. Observational equivalence • CPF  CPF (Cutpoint free semantics) • GSB  GSB (Standard semantics) CPF and GSBobservationally equivalent when for every access paths AP1, AP2  AP1 = AP2 (CPF)  AP1 = AP2 (GSB)

  28. Observational equivalence • For cutpoint free programs: • CPF  CPF (Cutpoint free semantics) • GSB  GSB (Standard semantics) • CPF and GSB observationally equivalent • It holds that • st, CPF  ’CPF st, GSB  ’GSB • ’CPF and ’GSB are observationally equivalent

  29. Operational semantics Abstract transformer ’ ’ Introducing local heap semantics ~ Local heap Operational semantics

  30. Plan • Cutpoint freedom • Non-standard concrete semantics • Interprocedural shape analysis • Prototype implementation

  31. Shape abstraction • Abstract memory states represent unbounded concrete memory states • Conservatively • In a bounded way • Using 3-valued logical structures

  32. 3-Valued logic • 1 = true • 0 = false • 1/2 = unknown • A join semi-lattice, 0  1 = 1/2

  33. z y n x n n n n t Canonical abstraction y z n n n n n x n n t

  34. Instrumentation predicates • Record derived properties • Refine the abstraction • Instrumentation principle [SRW, TOPLAS’02] • Reachability is central!

  35. z y n n n n n rx rx,ry rz rz rx x n n rt rt t Abstract memory states (with reachability) z y n n n n n rz rx rx rx rx,ry rz rz rz rx rx rx rx,ry rz rz x n n rt rt rt rt rt rt t

  36. z y n x n n n n t The importance of reachability:Call append(y,z) z y n n n n n rz rx rx rx rx,ry rz rz x n n rt rt rt t y z n n n n n x rx rx,ry rz rz rx n n rt rt t

  37. Abstract semantics • Conservatively apply statements on abstract memory states • Same formulae as in concrete semantics • Soundness guaranteed [SRW, TOPLAS’02]

  38. z x y q p n append(y,z) q p n z x y n n Procedure calls append(p,q) 1. Verify cutpoint freedom 2 Compute input … Execute callee … 3 Combine output append body

  39. Conservative verification of cutpoint-freedom • Invoking append(y,z) in main • R{y,z}(v)=v1:y(v1)n*(v1,v)  v1:z(v1)n*(v1,v) • isCPmain,{y,z}(v)= R{y,z}(v)  (y(v)z(v1))  ( x(v)  t(v)  v1: R{y,z}(v1)n(v1,v)) n n n n n ry ry ry ry rx ry rz y y rz n n n n z z x rt rt rt rt t t Not Cutpoint free Cutpoint free

  40. Interprocedural shape analysis p p x x y Tabulation exits call f(x) y

  41. Interprocedural shape analysis p p p x p x y Analyze f Tabulation exits call f(x) y

  42. Interprocedural shape analysis • Procedure  input/output relation Output Input q q rq rq q q p p n rq rp rp rp rq n q n p p … q n n n rp rp rp rq rq rp rp

  43. rh ri rk rg q q p p n rq rp rp rp rq y z z y x x append(y,z) n ry rx rx ry ry rz x x y y z z n n append(y,z) n n n n n ry rx rz rz ry rx rx rx ry rx rx rx g g i i k k h h append(h,i) n n n rk ri rg rh rg rh rg Interprocedural shape analysis • Reusable procedure summaries • Heap modularity

  44. Plan • Cutpoint freedom • Non-standard concrete semantics • Interprocedural shape analysis • Prototype implementation

  45. Prototype implementation • TVLA based analyzer • Soot-based Java front-end • Parametric abstraction

  46. Iterative vs. Recursive (SLL) 585

  47. Inline vs. Procedural abstraction // Allocates a list of // length 3 List create3(){ … } main() { List x1 = create3(); List x2 = create3(); List x3 = create3(); List x4 = create3(); … }

  48. Call string vs. Relational vs. CPF[Rinetzky and Sagiv, CC’01] [Jeannet et al., SAS’04]

  49. Related Work • Interprocedural shape analysis • Rinetzky and Sagiv, CC ’01 • Chong and Rugina, SAS ’03 • Jeannet et al., SAS ’04 • Hackett and Rugina, POPL ’05 • Rinetzky et al., POPL ‘05 • Local Reasoning • Ishtiaq and O’Hearn, POPL ‘01 • Reynolds, LICS ’02 • Encapsulation • Noble et al. IWACO ’03 • ...

  50. n n n ry ry append(y,z); x = null; rx ry y rz n n z x rt rt t Future work • Bounded number of cutpoints • False cutpoints • Liveness analysis

More Related