1 / 59

Parametric Shape Analysis via 3-Valued Logic

Parametric Shape Analysis via 3-Valued Logic. Mooly Sagiv Thomas Reps Reinhard Wilhelm. pointer analysis? points-to analysis? shape analysis? alias analysis?. The Shape-Analysis Problem.

mika
Download Presentation

Parametric Shape Analysis via 3-Valued Logic

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Parametric Shape Analysisvia 3-Valued Logic Mooly Sagiv Thomas Reps Reinhard Wilhelm

  2. pointer analysis? points-to analysis? shape analysis? alias analysis?

  3. The Shape-Analysis Problem For every program point, compute a finite characterization of the possible “shapes” of the heap-allocated data structures.

  4. Formal: x y Formalizing “. . .” Informal: x y Summary Information

  5. Why Shape Analysis? • Capture storage invariants • x points to an acyclic list, cyclic list, tree, dag, etc. • May-alias information • Identify (absence of) sharing • x and y point to structures that do not share cells • “Dynamization” of static structure-description formalisms • e.g., ADDS annotations [Hendren 94]

  6. What’s New? • Parametric framework for a class of shape-analysis algorithms • “Rational reconstruction” of a number of previous shape-analysis methods • [Jones & Muchnick 81] • [Chase, Wegman, & Zadeck 90] • [Stransky 93] • [Assmann & Weinhardt 93] • [Pleyvak, Chien, & Karamcheti 93] • [Wang 94] • [Sagiv, Reps, & Wilhelm 96, 98] • New shape-analysis methods • General abstraction principle  Much simpler proofs • Basis for a tool that generates shape-analysis algorithms

  7. Outline • Using logic to describe stores • Using logic to express store transformations • Forming abstractions of stores • Three-valued logic • Using three-valued logic to express transformations of abstract stores

  8. x u u2 u1 u1 u2 u2 u1 Using Logic to Describe Stores • Predicate Symbols • Whether variable x points to location u: • x(u) • Pointer fields: • n(u1, u2) • car(u1, u2) • cdr(u1, u2)

  9. u2 u2 u4 u1 u1 u3 is(u1) = 0 is(u2) = 0 is(u3) = 0 is(u4) = 0 x y u3 is(u1) = 0 is(u2) = 1 is(u3) = 0 Using Logic to Describe Stores is(v)  v1,v2 : n(v1,v)  n(v2,v)  v1  v2 • Formulas: Other Properties of Locations

  10. First-Order Logic (Syntax) • Vocabulary • Predicate symbols: p1, p2, . . ., pn • Constant symbols: c1, c2, . . ., cm • Function symbols: f1, f2, . . ., fk • Formulas • Variables • Equality-predicate symbol: = • Logical-constant symbols: 0, 1 • Connectives: , ,  • Quantifiers: , 

  11. First-Order Logic (Semantics) • Truth values: 0, 1 • Logical structures • Individuals: U = {u1, u2, . . ., un} • Predicates: pi : Uarity(pi)  {0, 1} In Our Application Logical structures = Concrete stores

  12. x x u1 u1 u2 y y u3 u3 u3 An Example u1 u2 u3 Individuals: U = {u1, u2, u3} Predicates:

  13. x u1 u2 y u3 Example (Cont’d) u1 u2 u3 Individuals: U = {u1, u2, u3} Predicates:

  14. First-Order Logic (Semantics) • Assignments • Z: free variables  individuals • Meaning of a formula (Z)

  15. x y Meaning of a Formula u1 u2 u3 (v,v1,v2) n(v1,v)  n(v2,v)  v1  v2 Z = { v u2, v1 u1,v2 u3 } (v,v1,v2)(Z) = ???

  16. Meaning of a Formula (Z) • 0 (Z) = 0 • 1 (Z) = 1 • pi(v1, …, vk)(Z) = pi (Z(v1), …, Z(vk)) • 1 2(Z) = 1(Z)  2(Z) • 1 2(Z) = 1(Z)  2(Z) • Negation, quantification, . . .

  17. x u1 u2 y u3 Meaning of a Formula  (v,v1,v2) n(v1,v)  n(v2,v)  v1  v2 Z = { v u2, v1 u1,v2 u3} (Z) = n(v1,v)  n(v2,v) v1  v2(Z) = n(u1,u2)  n(u3,u2)  u1  u3  1  1 = 1 = 1

  18. Outline • Using logic to describe stores • Using logic to express store transformations • Forming abstractions of stores • Three-valued logic • Using three-valued logic to express transformations of abstract stores

  19. Before: After: x x y y u1 u1 u2 u2 z z u3 u3 0 Using Logic to Change Stores x = null

  20. New: Old: u1 u2 x y u1 u3 u2 z u3 Predicate-Alteration Formulas for x = null x[x = null](v)  0

  21. New: y Old: u1 u2 x y u1 u3 u2 z u3 Predicate-Alteration Formulas for x = null y[x = null](v)  y(v)

  22. New: y Old: u1 u2 x z y u1 u3 u2 z u3 Predicate-Alteration Formulas for x = null z[x = null](v)  z(v)

  23. Old: x y u1 u2 z u3 Predicate-Alteration Formulas for x = null New: y u1 u2 z u3

  24. Old: x y u1 u2 z u3 n n Predicate-Alteration Formulas for x = null New: y u1 u2 z u3 n[x = null](v1,v2)  n(v1,v2)

  25. Old: x y u1 u2 z u3 n n Predicate-Alteration Formulas for x = null New: y u1 u2 z u3

  26. Old: x y u1 u2 z u3 n Predicate-Alteration Formulas for x = null New: y u1 u2 z u3

  27. Outline • Using logic to describe stores • Using logic to express store transformations • Forming abstractions of stores • Three-valued logic • Using three-valued logic to express transformations of abstract stores

  28. x u2 u3 u4 u1 x u234 u1 The Abstraction Principle Summary Information {0,1}

  29. x u2 u3 u4 u1 x u234 u1 The Abstraction Principle

  30. The Abstraction Principle • Select some subset A of the predicate symbols • Partition the individuals US of structure S into equivalence classes based on the values of their A predicates • u [u]A • Form the “union-quotient” of S with respect to {[u]A | u US}

  31. x u2 u3 u4 u1 Quotient w.r.t. {w, x, y, z} x [u1] [u2] Example • A = {v | v is a program variable} • [Chase, Wegman, & Zadeck 90] • [Sagiv, Reps, & Wilhelm 96, 98]

  32. Outline • Using logic to describe stores • Using logic to express store transformations • Forming abstractions of stores • Three-valued logic • Using three-valued logic to express transformations of abstract stores

  33. Two-valued logic Three-valued logic {0,1} 0 1 {0} {1} Two- vs. Three-Valued Logic {0} 3{0,1} {1} 3 {0,1}

  34. 1 {1} 1 0 {0,1}  {0} 0 Two- vs. Three-Valued Logic Two-valued logic Three-valued logic

  35. First-Order Logic (Semantics) • Truth values: 0, 1,  • Logical structures • Individuals: U = {u1, u2, . . ., un} • Predicates: pi : Uarity(pi)  {0, 1, } In Our Application 3-valued logical structures = Abstract stores

  36. The Abstraction Principle • Select some subset A of the predicate symbols • Partition the individuals US of structure S into equivalence classes based on the values of their A predicates • u [u]A • Form the “union-quotient” of S with respect to {[u]A | u US}

  37. Abs(A) S S# = S/[u]A Abstraction Conserves Predicates u [u]A pS (u1, …, uk) 3 pS# ([u1]A, …, [uk]A) “Form the ‘union-quotient’ of S with respect to {[u]A | u US}”

  38. x u2 u3 u4 u1 x [u1] [u2] pS (u1,…,uk) 3 pS#([u1]A,…,[uk]A)

  39. x u2 u3 u4 u1 x [u1] [u2] pS (u1,…,uk) 3 pS#([u1]A,…,[uk]A)

  40. Abs(A) S S# = S/[u]A  S (u1, …, uk) 3  S# ([u1]A, …, [uk]A) Abstraction Conserves Properties u [u]A pS (u1, …, uk) 3 pS# ([u1]A, …, [uk]A) Evaluating a formula extracts information conservatively

  41. x u2 u3 u4 u1   1    = x  [u1] [u2]  S (u1, …, uk) 3  S# ([u1]A, …, [uk]A)  (v)  v1,v2 : n(v1,v)  n(v2,v)  v1  v2 For  S#([u2]), let v1= [u1], and v2= [u2]

  42. x u2 u3 u4 u1 x [u1] [u2] “Tracking Properties” Beats“Inferring Properties”

  43. x u2 u3 u4 u1 x [u1] [u2] “Tracking Properties” Beats“Inferring Properties” pS (u1, …, uk) 3 pS#([u1]A, …, [uk]A) pS (u1, …, uk) 3 pS#([u1]A, …, [uk]A) pS (u1, …, uk) = pS (u1, …, uk) 3 pS#([u1]A, …, [uk]A) 3 pS#([u1]A, …, [uk]A)

  44. Outline • Using logic to describe stores • Using logic to express store transformations • Forming abstractions of stores • Three-valued logic • Using three-valued logic to express transformations of abstract stores

  45. x y x y [u2] [u2] [u1] [u1] Example x = y  n “Rational reconstruction” of [Chase, Wegman, & Zadeck 90]

  46. x y x [u2] [u2] [u1] [u1]   Example (~[CWZ 90]) x = y  n x[x = y  n](v)   v1 : y(v1)  n(v1,v)  1

  47. x y y [u2] [u2] [u1] [u1] Example (~[CWZ 90]) x x = y  n x[x = y  n](v)   v1 : y(v1)  n(v1,v) y[x = y  n](v)  y(v) 1

  48. x y y [u2] [u2] [u1] [u1] Example (~[CWZ 90]) x x = y  n x[x = y  n](v)   v1 : y(v1)  n(v1,v) y[x = y  n](v)  y(v) n[x = y  n](v1,v2)  n(v1,v2) 

  49. x y y [u2] [u2] [u1] [u1] Example (~[CWZ 90]) x x = y  n x[x = y  n](v)   v1 : y(v1)  n(v1,v) y[x = y  n](v)  y(v) n[x = y  n](v1,v2)  n(v1,v2) 

  50. x y [u2] [u2] [u1] [u1] Example (~[CWZ 90]) x x = y  n y x[x = y  n](v)   v1 : y(v1)  n(v1,v) y[x = y  n](v)  y(v) n[x = y  n](v1,v2)  n(v1,v2) is[x = y  n](v)  is(v)

More Related