1 / 19

A Type-Checked Restrict Qualifier

A Type-Checked Restrict Qualifier. Jeff Foster OSQ Retreat May 9-10, 2001. Introduction. Aliasing: A long-standing problem Pointers are hard to analyze ...*p = 3 ... what is updated? We need to know for compilers (optimization) software analysis tools (OSQ). Alias Analysis.

seda
Download Presentation

A Type-Checked Restrict Qualifier

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Type-CheckedRestrict Qualifier Jeff Foster OSQ Retreat May 9-10, 2001

  2. Introduction • Aliasing: A long-standing problem • Pointers are hard to analyze ...*p = 3 ... what is updated? • We need to know for • compilers (optimization) • software analysis tools (OSQ) Jeff Foster, OSQ Retreat, May 9-10, 2001

  3. Alias Analysis • Research: Fully-automatic alias analysis • Type systems • All aliases have same type • Points-to analysis • e1 = e2 e1 points to whatever e2 points to • Results • Type systems work well • May-alias analysis scales to big programs • Usefulness of results? Jeff Foster, OSQ Retreat, May 9-10, 2001

  4. Too Important for Compiler • C, C++, Java, ML, etc. • The compiler discovers all aliasing • FORTRAN • The compiler can assume non-aliasing • C99 • Have the user help the compiler Jeff Foster, OSQ Retreat, May 9-10, 2001

  5. Restrict • C99 Standard int *restrict p = ...; • Let p point to object o • Within p’s scope, all access to o are through p void f(int n, int *restrict p, int *restrict q) { while (n-- > 0) *p++ = *q++; // no aliasing } [ex. from C99 standard] Jeff Foster, OSQ Retreat, May 9-10, 2001

  6. This Work • C99 does not check restrict • Low-level definition of safe use of restrict • Goals of this work • Semantics for restrict • Type system for safe restrict • Soundness proof Jeff Foster, OSQ Retreat, May 9-10, 2001

  7. Examples { int *restrict p = ...; { int *restrict r = p; ...*r... // valid ...*p... // invalid } } { int *restrict p = q; ...*p... // valid ...*q... // invalid } { int *restrict p = ...; int *r = p; ...*r... // valid } Jeff Foster, OSQ Retreat, May 9-10, 2001

  8. Source Language • Lambda-calculus with restrict e ::= x | n | ref e | *e | e1 := e2 | \x.e | e1 e2 | restrict x = e1 in e2 • restrict x = e1 in e2 • x is in scope only within e2 • x is a pointer • x is initialized to e1 • within e2, only x can be used to access *x Jeff Foster, OSQ Retreat, May 9-10, 2001

  9. loc’ fresh [loc’  S’(loc) ] [x  loc’] S  restrict x = e1 in e2  Big-Step Semantics S  e  loc; S’ locdom(S’) S  *e  S’(loc); S’ S  e1  loc; S’ , loc  error S’  e2  v; S’’ [loc’  error, loc  S’’(loc’)] v; S’’ Jeff Foster, OSQ Retreat, May 9-10, 2001

  10. Type System • Type and Effect system t ::= a base type | refr(t) pointer to abstract loc r | t1Lt2 function with effect L L ::= Ø no effect | r access to location r | L1  L2 effect union | L - r effect difference Jeff Foster, OSQ Retreat, May 9-10, 2001

  11. A  e : refr(t); L A  *e : t; L r A  e1 : t1Lt2; L1 A  e2 : t1; L2 A  e1 e2 : t2; L1  L2  L Type Rules • A  e : t; L • In environment A, expression e has type t • evaluating e has effect L Jeff Foster, OSQ Retreat, May 9-10, 2001

  12. Restrict Rule A  e1 : refr(t); L1 A  restrict x = e1 in e2 : A[x  refr’(t)]  e2 : t2; L2 r L2 r’A, t, t2 rr’ t2; L1  (L2 - r’) r Jeff Foster, OSQ Retreat, May 9-10, 2001

  13. Soundness • Theorem: If Ø  e : t; L, then S  e  r; S’ where r is not error • Proof: Show subject-reduction property Jeff Foster, OSQ Retreat, May 9-10, 2001

  14. Type Inference • Given program, compute types, locs, effects • Naive algorithm obvious • Add effect variables ranging over L • Perform type inference, ignore ,  constraints • Check ,  at end • Polynomial-time algorithm • Efficiency in practice? • Future work: polymorphic recursion • The  constraints make things interesting Jeff Foster, OSQ Retreat, May 9-10, 2001

  15. Applications: Optimization • C99: Restrict used for optimizations • Can treat restricted pointer like stack location (whose address isn’t taken) • Optimizations sound with checked restrict • Type system not complete • C99 standard allows hard-to-check uses of restrict • Dead code that access restricted locations allowed • Strange use of restrict in data structures • Multiple restrict pointers into same array allowed Jeff Foster, OSQ Retreat, May 9-10, 2001

  16. Application: Flow-Sensitive Type Qualifiers • Apply Alias Types, Vault techniques to type qualifiers for flow-sensitivity • Problem: Elements of data structures FILE a[...]; spin_lock(a[i]); ... spin_unlock(a[i]); • Goal: Avoid dependent type systems Jeff Foster, OSQ Retreat, May 9-10, 2001

  17. Applications: Strong-Update • Two rules for assignment foo(x) { ...  *x = e  ...} • If |PTSet(x)| = 1 [[*x]] = [[e]] • If |PTSet(x)| > 1 [[*x]] = [[*x]] [[e]] • Standard Alias Analysis • Points-to sets only grow • Once |PTSet(x)| > 1, lose precision Jeff Foster, OSQ Retreat, May 9-10, 2001

  18. Applications: Strong-Update (2) • Restrict recovers singleton points-to sets foo(int *restrict x) { ... } • Can assume |PTSet(x)| = 1 at beginning of foo • Other aliases of *x cannot be used in foo • Can recover even from complicated aliasing foo(a->b[c].d->f->g[h->i]) Jeff Foster, OSQ Retreat, May 9-10, 2001

  19. Summary • Alias analysis too important to leave to the compiler • Restrict tells compiler where to assume non-aliasing • Use of restrict can be type checked • Type and effect system • Soundness proof uses standard subject-reduction Jeff Foster, OSQ Retreat, May 9-10, 2001

More Related