Partially Disjunctive Heap Abstraction

Slides:



Advertisements
Similar presentations
Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
Advertisements

1 Parametric Heap Usage Analysis for Functional Programs Leena Unnikrishnan Scott D. Stoller.
Partially Disjunctive Shape Analysis Josh Berdine Byron Cook MSR Cambridge Tal Lev-Ami Roman Manevich Mooly Sagiv Ran Shaham Tel Aviv University Ganesan.
Shape Analysis for Fine-Grained Concurrency using Thread Quantification Josh Berdine Microsoft Research Joint work with: Tal Lev-Ami, Roman Manevich, Mooly.
Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.
Abstract Interpretation Part II
Extensible Shape Analysis by Designing with the User in Mind Bor-Yuh Evan Chang Bor-Yuh Evan Chang, Xavier Rival, and George Necula University of California,
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Heap Decomposition for Concurrent Shape Analysis R. Manevich T. Lev-Ami M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine MSR Cambridge Dagstuhl.
Abstract Transformers for Thread Correlation Analysis Michal Segalov, TAU Tal Lev-Ami, TAU Roman Manevich, TAU G. Ramalingam, MSR India Mooly Sagiv, TAU.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research.
Bounding Space Usage of Conservative Garbage Collectors Ohad Shacham December 2002 Based on work by Hans-J. Boehm.
SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
Reduction in End-User Shape Analysis Dagstuhl - Typing, Analysis, and Verification of Heap-Manipulating Programs – July 24, 2009 Xavier Rival INRIA and.
1 E. Yahav School of Computer Science Tel-Aviv University Verifying Safety Properties using Separation and Heterogeneous Abstractions G. Ramalingam IBM.
1 Lecture 07 – Shape Analysis Eran Yahav. Previously  LFP computation and join-over-all-paths  Inter-procedural analysis  call-string approach  functional.
1 Lecture 08(a) – Shape Analysis – continued Lecture 08(b) – Typestate Verification Lecture 08(c) – Predicate Abstraction Eran Yahav.
Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University
Counterexample-Guided Focus TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AA A A Thomas Wies Institute of.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.
Finite Differencing of Logical Formulas for Static Analysis Thomas Reps University of Wisconsin Joint work with M. Sagiv and A. Loginov.
1 Eran Yahav and Mooly Sagiv School of Computer Science Tel-Aviv University Verifying Safety Properties.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
1 Program Analysis Systematic Domain Design Mooly Sagiv Tel Aviv University Textbook: Principles.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.
Comparison Under Abstraction for Verifying Linearizability Daphna Amit Noam Rinetzky Mooly Sagiv Tom RepsEran Yahav Tel Aviv UniversityUniversity of Wisconsin.
A Semantics for Procedure Local Heaps and its Abstractions Noam Rinetzky Tel Aviv University Jörg Bauer Universität des Saarlandes Thomas Reps University.
Static Program Analysis via Three-Valued Logic Thomas Reps University of Wisconsin Joint work with M. Sagiv (Tel Aviv) and R. Wilhelm (U. Saarlandes)
1 Tentative Schedule u Today: Theory of abstract interpretation u May 5 Procedures u May 15, Orna Grumberg u May 12 Yom Hatzamaut u May.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
Dagstuhl Seminar "Applied Deductive Verification" November Symbolically Computing Most-Precise Abstract Operations for Shape.
Program Analysis and Verification Noam Rinetzky Lecture 10: Shape Analysis 1 Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav.
Thread Quantification for Concurrent Shape Analysis Josh BerdineMSR Cambridge Tal Lev-AmiTel Aviv University Roman ManevichTel Aviv University Mooly Sagiv.
June 27, 2002 HornstrupCentret1 Using Compile-time Techniques to Generate and Visualize Invariants for Algorithm Explanation Thursday, 27 June :00-13:30.
T. Lev-Ami, R. Manevich, M. Sagiv TVLA: A System for Generating Abstract Interpreters A. Loginov, G. Ramalingam, E. Yahav.
TVLA: A system for inferring Quantified Invariants Tal Lev-Ami Tom Reps Mooly Sagiv Reinhard Wilhelm Greta Yorsh.
Shape Analysis Overview presented by Greta Yorsh.
Mark Marron 1, Deepak Kapur 2, Manuel Hermenegildo 1 1 Imdea-Software (Spain) 2 University of New Mexico 1.
Symbolically Computing Most-Precise Abstract Operations for Shape Analysis Greta Yorsh Thomas Reps Mooly Sagiv Tel Aviv University University of Wisconsin.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 12: Abstract Interpretation IV Roman Manevich Ben-Gurion University.
1 Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University Shape analysis with applications Chapter 4.6
Pointer Analysis Survey. Rupesh Nasre. Aug 24, 2007.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 13: Abstract Interpretation V Roman Manevich Ben-Gurion University.
Data Structures and Algorithms for Efficient Shape Analysis by Roman Manevich Prepared under the supervision of Dr. Shmuel (Mooly) Sagiv.
1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University
Quantified Data Automata on Skinny Trees: an Abstract Domain for Lists Pranav Garg 1, P. Madhusudan 1 and Gennaro Parlato 2 1 University of Illinois at.
Program Analysis via 3-Valued Logic Thomas Reps University of Wisconsin Joint work with Mooly Sagiv and Reinhard Wilhelm.
Roman Manevich Ben-Gurion University Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 16: Shape Analysis.
Shape & Alias Analyses Jaehwang Kim and Jaeho Shin Programming Research Laboratory Seoul National University
1 Simulating Reachability using First-Order Logic with Applications to Verification of Linked Data Structures Tal Lev-Ami 1, Neil Immerman 2, Tom Reps.
Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky Tel Aviv University Joint work with Mooly Sagiv Tel Aviv University Eran Yahav.
Putting Static Analysis to Work for Verification A Case Study Tal Lev-Ami Thomas Reps Mooly Sagiv Reinhard Wilhelm.
Business System Development
Interprocedural shape analysis for cutpoint-free programs
Compactly Representing First-Order Structures for Static Analysis
Spring 2016 Program Analysis and Verification
Program Analysis and Verification
Compile-Time Verification of Properties of Heap Intensive Programs
Winter LR(0) Parsing Summary
Ravi Mangal Mayur Naik Hongseok Yang
Symbolic Implementation of the Best Transformer
Reduction in End-User Shape Analysis
Pointer analysis.
Symbolic Characterization of Heap Abstractions
A Semantics for Procedure Local Heaps and its Abstractions
Presentation transcript:

Partially Disjunctive Heap Abstraction Roman Manevich Mooly Sagiv Tel Aviv University G. Ramalingam John Field IBM T.J. Watson

Motivation Analysis of Object Oriented programs is hard Recursive data structures Unbounded number of objects Destructive update of references Scalable heap analyses exist e.g., flow-insensitive Not precise enough for verification Precise heap analyses exist e.g., SRW shape analysis Scaling is very challenging

Motivating example: verifying mark phase of GC // @Ensures marked == REACH(root) void mark(Node root, NodeSet marked) { Node x; if (root != null) { NodeSet pending = new NodeSet(); pending.add(root); marked.clear(); while (!pending.isEmpty()) { x = pending.selectAndRemove(); marked.add(x); if (x.left != null) if (!marked.contains(x.left)) pending.add(x.left); if (x.right != null) if (!marked.contains(x.right) pending.add(x.right); } This is a reachability-based algorithm

Motivating example: verifying mark phase of GC // @Ensures marked == REACH(root) void mark(Node root, NodeSet marked) { Node x; if (root != null) { NodeSet pending = new NodeSet(); pending.add(root); marked.clear(); while (!pending.isEmpty()) { x = pending.selectAndRemove(); marked.add(x); if (x.left != null) if (!marked.contains(x.left)) pending.add(x.left); if (x.right != null) if (!marked.contains(x.right) pending.add(x.right); }

Motivating example: verifying mark phase of GC // @Ensures marked == REACH(root) void mark(Node root, NodeSet marked) { Node x; if (root != null) { NodeSet pending = new NodeSet(); pending.add(root); marked.clear(); while (!pending.isEmpty()) { x = pending.selectAndRemove(); marked.add(x); if (x.left != null) if (!marked.contains(x.left)) pending.add(x.left); if (x.right != null) if (!marked.contains(x.right) pending.add(x.right); }

Motivating example: verifying mark phase of GC root u6 x left u1 u5 left left right u2 pending = {root} marked = {} right left u3 right u4

Motivating example: verifying mark phase of GC root u6 x left u1 u5 left left right u2 pending = {u3,u2} marked = {u1} right left u3 right u4

Motivating example: verifying mark phase of GC root u6 left u1 u5 left left right u2 pending = {u4,u2} marked = {u1,u3} right left x u3 right u4

Motivating example: verifying mark phase of GC root u6 left u1 u5 left left right u2 pending = {u2} marked = {u1,u3,u4} right left u3 x right u4

Motivating example: verifying mark phase of GC root u6 left x u1 u5 left left right u2 pending = {} marked = {u1,u3,u4,u2} right left u3 right u4

Motivating example: verifying mark phase of GC root u6 left x u1 u5 left left right u2 pending = {} marked = {u1,u3,u4,u2} right left u3 DONE right u4

Motivating example: verifying mark phase of GC root u6 garbage garbage left x u1 u5 left left right u2 pending = {} marked = {u1,u3,u4,u2} right left u3 right u4

Motivating example: verifying mark phase of GC root x u1 left u2 pending = {} marked = {u1,u3,u4,u2} right left u3 right u4

Motivating example: verifying mark phase of GC Powerset heap abstraction 584 seconds, 189,772 abstract heaps Definitely too expensive Can we verify more efficiently? Partially disjunctive heap abstraction 3 seconds, 1,133 abstract heaps TVLA system The same phenomena also happens for many other examples

Overview and main results New (parametric) heap abstraction Uses a heap similarity criterion Merges “similar” heaps Robust implementation Abstraction of choice among TVLA users Suitable for other shape analysis systems Empirical results Significant speedups (2 orders of magnitude) Precise in most cases

Talk outline Shape analysis background Representing heaps via logical structures Disjunctive (powerset) heap abstraction Partially disjunctive heap abstraction Via universe congruence similarity Empirical results Related work Future work Conclusions

Shape analysis via First-Order logic SRW 2002 : Parametric shape analysis via 3-valued logic Concrete heaps represented by 2-valued structures over predicate symbols P A set of individuals (nodes) U Interpretation of predicate symbols in P p0()  {0,1} p1(v)  {0,1} p2(u,v)  {0,1}

Concrete heap unary predicates x root set[marked] set[pending] r[root] left x root set[marked] set[pending] r[root] r[root] set[marked] left left right r[root] set[marked] right left r[root] set[marked] binary predicates x right left right r[root] set[marked]

3-valued structures 2-valued structures abstracted into 3-valued structures by merging individuals p0()  {0,1,1/2} p1(v)  {0,1,1/2} p2(u,v)  {0,1,1/2} Kleene’s partially ordered set of logical values: 0  1 = 1/2 1/2 1

Canonical abstraction Merge individuals with same values for all unary predicates (canonical name) Bounded structure with at most 2|A| individuals A = set of unary predicates In general A is a subset of the unary predicates.

Canonical abstraction root left A = r[root] set[marked] x(v) root(v) set[marked](v) set[pending](v) r[root](v) left left right r[root] set[marked] right left r[root] set[marked] x right r[root] set[marked]

Canonical abstraction root left r[root] set[marked] left left right r[root] set[marked] right x=0,root=0,r[root]=1, set[marked]=1,set[pending]=0 left r[root] set[marked] x right r[root] set[marked]

Canonical abstraction root left r[root] set[marked] left left right r[root] set[marked] right x=0,root=0,r[root]=1, set[marked]=1,set[pending]=0 x=0,root=0,r[root]=1, set[marked]=1,set[pending]=0 left r[root] set[marked] x right r[root] set[marked]

Canonical abstraction root left r[root] set[marked] x=0,root=0,r[root]=0, set[marked]=0,set[pending]=0 left left right r[root] set[marked] right x=0,root=0,r[root]=1, set[marked]=1,set[pending]=0 x=0,root=0,r[root]=1, set[marked]=1,set[pending]=0 left r[root] set[marked] x right r[root] set[marked]

Canonical abstraction root left r[root] set[marked] x=0,root=0,r[root]=0, set[marked]=0,set[pending]=0 x=0,root=0,r[root]=0, set[marked]=0,set[pending]=0 left left right r[root] set[marked] right x=0,root=0,r[root]=1, set[marked]=1,set[pending]=0 x=0,root=0,r[root]=1, set[marked]=1,set[pending]=0 left r[root] set[marked] x right r[root] set[marked]

Canonical abstraction root left r[root] set[marked] left left right r[root] set[marked] right left r[root] set[marked] x right r[root] set[marked]

Bounded number of individuals Abstract heap Bounded number of individuals root left r[root] set[marked] left left right right r[root] set[marked] Retained definite values of unary predicates x left right r[root] set[marked]

Powerset heap abstraction  = canonical abstraction pow(X) = {(s) | s  X} LUB (join) is set union Worst-case is doubly-exponential in |A| Can make unnecessary distinctions

Partially disjunctive heap abstraction Use a heap-similarity criterion We defined similarity by universe congruence Merge similar heaps Avoid merging dissimilar heaps We define a particular similarity criterion and as a result get a particular kind of a partially disjunctive abstraction.

Universe congruent heaps root root left left r[root] set[marked] r[root] set[marked] x left left left right left r[root] set[marked] right r[root] set[marked] right these structures are not merged by powerset abstraction but they are merged by the partially disjunctive abstraction x right left left right r[root] set[marked] r[root] set[marked] right

Result of merge root left r[root] set[marked] x left left right left right left right left r[root] set[marked] left right

Non-congruent heaps – no merge root root left left r[root] set[marked] r[root] set[marked] x left left left right left r[root] set[marked] right r[root] set[marked] right x right left left right r[root] set[pending] r[root] set[marked] right

Definition of partially disjunctive heap abstraction Two heaps are similar iff they are universe congruent (same canonical names) piC = merge universe congruent heaps pi(X) = {piC | C  pow(X)}

Characteristics of the partially disjunctive heap abstraction 3-valued structures partially-ordered No LUB over singleton structure sets if S1 pi S2 pi({S1,S2}) = pi{S1,S2} else pow({S1,S2}) = {S1,S2} Retain definite values of unary predicates Size of set can be reduced exponentially A “single” LUB exists for partially-isomorphic structures.

Running times

Space consumption

Related work Reducing cost of powerset-based analysis Function space domain construction ESP [PLDI 02] Deutsch [PLDI 94] Widening operators [Bagnara et el. VMCAI03]

Future work Experiment with other similarity criteria Structures with different universes Deflating operators Widening operators

Conclusions A new (parametric) heap abstraction Partially disjunctive Merges similar abstract heap descriptors Significantly more efficient than full powerset Essential for many TVLA analyses Often no loss of precision in practice

The End

Parametric partial isomorphism Structures S1=U1,I1 and S2=U2,I2 Isomorphic iff: Exists bijection f : U1U2 Preserves all predicate values Partially-isomorphic relative to R iff: Preserves values of relational predicates A  R  P

No LUB over singletons p=0 q=1 z=0 p=1 q=1 z=1/2 p=1 q=0 z=1 A p=1 q=0 C is an upper bound D is an upper bound p=1/2 q=1 z=1/2 p=1 q=0 z=1/2 p=1 q=1/2 z=1/2 p=0 q=1 z=1/2 incomparable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.