A Semantics for Procedure Local Heaps and its Abstractions

A Semantics for Procedure Local Heapsand its Abstractions Noam Rinetzky Tel Aviv University Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes

Motivation • Interprocedural shape analysis • Conservative static pointer analysis • Heap intensive programs • Imperative programs with procedures • Recursive data structures • Challenge • Destructive update • Localized effect of procedures

x x x x y g t Main idea • Local heaps call p(x); y g t

x x x x y g t Main idea • Local heaps • Cutpoints call p(x); y g t

Main Results • Concrete operational semantics • Large step • Functional analysis • Storeless • Shape abstractions • Local heap • Observationally equivalent to “standard” semantics • Java and “clean” C • Abstractions • Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02] • May-alias [Deutsch, PLDI ‘94] • …

Outline • Motivating example • Local heaps • Cutpoints • Why semantics • Local heap storeless semantics • Shape abstraction

n n t n n q q n n n n p x n n n t t r r n n n n n n Example static List reverse(List t) { } static void main() { } … p List x = reverse(p); List y = reverse(q); List z = reverse(x); return r;

n n n n t t n n n n p p x x n n n n n q y t t r r n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); q List y = reverse(q); List z = reverse(x); return r;

n t t n n p n t n p p x x n n n n n n n n q x q y y z t t r r n n n n n n n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); List y = reverse(q); List z = reverse(x); return r;

Cutpoints • Separatingobjects • Not pointed-to by a parameter

n n n n n Cutpoints • Separatingobjects • Not pointed-to by a parameter proc(x) n p x Stack sharing

n n n n n n n Cutpoints • Separatingobjects • Not pointed-to by a parameter proc(x) proc(x) n n n n n x p x n n y Stack sharing Heap sharing

n n n n n n n Cutpoints • Separatingobjects • Not pointed-to by a parameter • Capture external sharing patterns proc(x) proc(x) n n n n n x p x n n y Stack sharing Heap sharing

t p n n n p x n n n n n n q z q x y y r r t t n n n n n n n n n n n n Example static List reverse(List t) { } static void main() { } List x = reverse(p); List y = reverse(q); n n n p x List z = reverse(x); return r;

Outline • Motivating example • Why semantics • Local heap storeless semantics • Shape abstraction

Operational semantics   Abstract transformer Abstract Interpretation[Cousot and Cousot, POPL ’77]

Operational semantics Abstract transformer ’ ’ Introducing local heap semantics ~ Local heap Operational semantics

Outline • Motivating example • Why semantics • Local heap storeless semantics • Shape abstraction

Programming model • Single threaded • Procedures • Value parameters • Recursion • Heap • Recursive data structures • Destructive update • No explicit addressing (&) • No pointer arithmetic

Simplifying assumptions • No primitive values (only references) • No globals • Formals not modified

y.n.n x.n.n y x x.n y.n n n n n y x x n n y x.n.n y.n.n x y x.n y.n Storeless semantics • No addresses • Memory state: • Object: 2Access paths • Heap: 2Object • Alias analysis y=x x=null

n n n t n n n t z z.n z.n.n x z.n.n.n x t.n.n.n t.n.n t.n t z n n n n n n n q q y.n.n q y.n.n q y.n y.n y y y y t n n n r r.n r.n.n t r.n.n.n t n n n r r.n r.n.n t r.n.n.n r r Example static void main() { } static List reverse(List t) { return r; } List x = reverse(p); List y = reverse(q); t.n.n.n t.n.n t.n t n n n x.n.n.n p x.n.n x.n x p x List z = reverse(x); p?

n n n p L L t t n p z p.n z.n p.n.n z.n.n x p.n.n.n z.n.n.n n n x t.n.n.n L t.n.n t.n t z n n n n n n n q q y.n.n q y.n.n q y.n y.n y y y y p.n.n.n p p.n.n p.n L t n n n L r L.n r.n L.n.n r.n.n t L.n.n.n r.n.n.n L t n n n L r L.n r.n L.n.n r.n.n t L.n.n.n r.n.n.n r r Example static void main() { } static List reverse(List t) { return r; } List x = reverse(p); List y = reverse(q); t.n.n.n L t.n.n t.n t n n n x.n.n.n p x.n.n x.n x p x List z = reverse(x);

Cutpoint labels • Relate pre-state with post-state • Additional roots • Mark cutpoints at and throughoutan invocation

Cutpoint labels • Cutpoint label: the set of access paths that point to a cutpoint • when the invoked procedure starts t.n.n.n L t.n.n t.n t t L L  {t.n.n.n}

L L t t n n n n n n t.n.n.n L t.n.n.n L t.n.n t.n.n t.n t.n t t Sharing patterns • Cutpoint labels encode sharing patterns n n w.n w w p Stack sharing Heap sharing L  {t.n.n.n}

Observational equivalence • L  L (Local-heap Storeless Semantics) • G  G (Global-heap Store-based Semantics) L and Gobservationally equivalent when for every access paths AP1, AP2  AP1 = AP2 (L)  AP1 = AP2 (G)

Main theorem: semantic equivalence • L  L (Local-heap Storeless Semantics) • G  G (Global-heap Store-based Semantics) • L and G observationally equivalent st,L  ’Lst,G  ’G LSL GSB ’L and ’G areobservationally equivalent

Corollaries • Preservation of invariants • Assertions: AP1 = AP2 • Detection of memory leaks

Applications • Develop new static analyses • Shape analysis • Justify soundness of existing analyses • May-alias analysis [TAU-TR-26/04]

Outline • Motivating example • Why semantics • Local heap storeless • Shape abstraction

Shape abstraction • Shape descriptorsrepresent unbounded memory states • Conservatively • In a bounded way • Two dimensions • Local heap (objects) • Sharing pattern (cutpoint labels)

AShape abstraction L={t.n.n.n} r n n n r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L

AShape abstraction L=* r n n n r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L

L=* n r n n n r L r.n L.n t, r.n L.n t L AShape abstraction L=* r n n r L r.n L.n r.n L.n t, r.n L.n t L

L=* n r n n r L r.n L.n t, r.n L.n t L AShape abstraction

L=* n r n n r L r.n L.n t, r.n L.n t L AShape abstraction L={t.n.n.n} r n n n r L r.n L.n r.n.n L.n.n t, r.n.n.n L.n.n.n t L

AShape abstraction L2={g.n.n.n} L1={t.n.n.n} n d n n d L2 d.n L2.n d.n.n L2.n.n g, d.n.n.n L2.n.n.n g L2 r n n n r L1 r.n L1.n r.n.n L1.n.n t, r.n.n.n L1.n.n.n t L1 L=* n d n n d L d.n L.n t, d.n L.n t n L n n r L r.n L.n t, r.n L.n t r

Application (joint work with Eran Yahav) • A framework for shape analysis using local heaps • Parametric abstraction • Local heap (lists, trees, …) • Sharing patterns

Application • Properties proved • Absence of null dereferences • Listness preservation • API conformance • Recursive  Iterative • Procedural abstraction

Outline • Motivating example • Why semantics • Local heap storeless • Shape abstraction

Related work • Storeless semantics • Jonkers, Algorithmic Languages ‘81 • Deutsch, ICCL ‘92

Related work • Interprocedural shape analysis • Rinetzky and Sagiv, CC ’01 • Global heap • Jeannet et al., SAS ’04 • Local heap, relational • Chong and Rugina, SAS ’03 • Local heap • Hackett and Rugina, POPL ’05 • Next talk …

Related work • Local reasoning • Ishtiaq and O’Hearn, POPL ‘01 • Reynolds, LICS ’02

Summary • Operational semantics • Storeless • Local heap • Cutpoints • Equivalence theorem • Applications • Shape analysis • May-alias analysis

End A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm AVACS Technical Report 1 Interprocedural functional shape analysis using local heaps Noam Rinetzky, Mooly Sagiv, and Eran Yahav School of Computer Science, Tel Aviv University, Technical Report 26/04 www.cs.tau.ac.il/~maon

A Semantics for Procedure Local Heaps and its Abstractions