Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.

Slides:



Advertisements
Similar presentations
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Advertisements

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Automatic Memory Management Noam Rinetzky Schreiber 123A /seminar/seminar1415a.html.
Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.
Data Structures Using C++1 Chapter 3 Pointers and Array-Based Lists.
Heap Decomposition for Concurrent Shape Analysis R. Manevich T. Lev-Ami M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine MSR Cambridge Dagstuhl.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Module R2 Overview. Process queues As processes enter the system and transition from state to state, they are stored queues. There may be many different.
Automatic Parallelization of Divide and Conquer Algorithms Radu Rugina and Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology.
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.
Specialized Reference Counting Garbage Collection using Data Structure Annotations By Eric Watkins and Dzin Avots for CS 343 Spring 2002.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Finite Differencing of Logical Formulas for Static Analysis Thomas Reps University of Wisconsin Joint work with M. Sagiv and A. Loginov.
1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Chapter 4 Linked Lists. © 2005 Pearson Addison-Wesley. All rights reserved4-2 Preliminaries Options for implementing an ADT List –Array has a fixed size.
Detecting Memory Errors using Compile Time Techniques Nurit Dor Mooly Sagiv Tel-Aviv University.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Computer Science 210 Computer Organization Pointers and Dynamic Storage.
A Semantics for Procedure Local Heaps and its Abstractions Noam Rinetzky Tel Aviv University Jörg Bauer Universität des Saarlandes Thomas Reps University.
Static Program Analysis via Three-Valued Logic Thomas Reps University of Wisconsin Joint work with M. Sagiv (Tel Aviv) and R. Wilhelm (U. Saarlandes)
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
Self Referential Structure. A structure may not contain a member of its own type. struct check { int item; struct check n; // Invalid };
Procedure Optimizations and Interprocedural Analysis Chapter 15, 19 Mooly Sagiv.
Role Analysis Viktor Kuncak Patrick Lam Martin Rinard MIT LCS.
Comp 245 Data Structures Linked Lists. An Array Based List Usually is statically allocated; may not use memory efficiently Direct access to data; faster.
Shape Analysis Overview presented by Greta Yorsh.
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. C H A P T E R F I V E Memory Management.
Lists II. List ADT When using an array-based implementation of the List ADT we encounter two problems; 1. Overflow 2. Wasted Space These limitations are.
Pointers in C++. 7a-2 Pointers "pointer" is a basic type like int or double value of a pointer variable contains the location, or address in memory, of.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
ICOM 4035 – Data Structures Dr. Manuel Rodríguez Martínez Electrical and Computer Engineering Department Lecture 3 – August 28, 2001.
APS105 Lists. Structures Arrays allow a collection of elements –All of the same type How to collect elements of different types? –Structures; in C: struct.
Generic lists Vassilis Athitsos. Problems With Textbook Interface? Suppose that we fix the first problem, and we can have multiple stacks. Can we have.
Pointer Analysis Survey. Rupesh Nasre. Aug 24, 2007.
Review 1 Polish Notation Prefix Infix Postfix Precedence of Operators Converting Infix to Postfix Evaluating Postfix.
Pointer Analysis. Rupesh Nasre. Advisor: Prof R Govindarajan. Apr 05, 2008.
Program Analysis via 3-Valued Logic Thomas Reps University of Wisconsin Joint work with Mooly Sagiv and Reinhard Wilhelm.
Linked list: a list of items (nodes), in which the order of the nodes is determined by the address, called the link, stored in each node C++ Programming:
Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky Tel Aviv University Joint work with Mooly Sagiv Tel Aviv University Eran Yahav.
Linked Lists Chapter Introduction To The Linked List ADT Linked list: set of data structures (nodes) that contain references to other data structures.
Putting Static Analysis to Work for Verification A Case Study Tal Lev-Ami Thomas Reps Mooly Sagiv Reinhard Wilhelm.
CSC 143 P 1 CSC 143 Recursion [Chapter 5]. CSC 143 P 2 Recursion  A recursive definition is one which is defined in terms of itself  Example:  Compound.
Interprocedural shape analysis for cutpoint-free programs
Computer Science 210 Computer Organization
Lectures linked lists Chapter 6 of textbook
UNIT – I Linked Lists.
Linked Lists Chapter 6 Section 6.4 – 6.6
Review Deleting an Element from a Linked List Deletion involves:
Midterm Review.
MEMORY REPRESENTATION OF STACKS
Seminar in automatic tools for analyzing programs with dynamic memory
Data Structures and Algorithms
Chapter 4 Linked Lists.
Interprocedural Analysis Chapter 19
Dynamic Memory CSCE 121 J. Michael Moore.
Sequences 9/18/ :20 PM C201: Linked List.
CSC 253 Lecture 8.
CSC 253 Lecture 8.
Computer Science 210 Computer Organization
Parametric Shape Analysis via 3-Valued Logic
Program Analysis and Verification
Indirection.
Data Structures and Algorithms
Linked Lists Chapter 4.
Chapter 17: Linked Lists.
A Semantics for Procedure Local Heaps and its Abstractions
Dynamic Memory CSCE 121.
Presentation transcript:

Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv

Shape Analysis Static program analysis Determines information about dynamically allocated storage –A pointer variable is not NULL –Two data structures are disjoint The algorithm is Conservative

Applications of Shape Analysis Cleanness –Dor, Rodeh, Sagiv [SAS2000] Parallelization –Assmann, Weinhardt [PMMPC93] –Hendren, Nicolau [TPDS90] –Larus, Hilfinger [PLDI88]

Current State Good Intraprocedural analyses Sagiv, Reps, Wilhelm [TOPLAS 1998] –Analyze body of list manipulation procedures: reverse, insert, delete –Expensive, imprecise interprocedural analyses of recursive procedures

Main Results Interprocedural shape analysis algorithm for programs manipulating linked lists –Handles recursive procedures Prototype implementation –Successfully analyzed several list manipulating procedures insert, delete, reverse, reverse_append –Properties verified An a-cyclic list remains a-cyclic No memory leaks No NULL dereference

Running Example typedef struct List { int data ; struct List* n ; } *L ; L create(int s) { L t=NULL; if (s <= 0) return NULL; t = (L) malloc(sizeof(*L)); t  data = s ; l 2 : t  n = create(s-1); return t; } void main() { L r = NULL; int k; … l 1 : r = create(k); }

Selected Memory States exit k=3 r = NULL void main() { L r = NULL; int k; … l 1 : r = create(k); }

L create(int s) { L t=NULL; if (s <= 0) return NULL; t = (L) malloc(sizeof(*L)); t  d = s ; l 2 : t  n = create(s-1); return t; } l 1 s=3 t Selected Memory States l 2 s=0 t = NULL l 2 s=1 t l 2 s=2 t exit k=3 r = NULL 3 NULL 2 1

L create(int s) { L t=NULL; if (s <= 0) return NULL; t = (L) malloc(sizeof(*L)); t  d = s ; l 2 : t  n = create(s-1); return t; } l 1 s=3 t Selected Memory States l 2 s=1 t l 2 s=2 t exit k=3 r = NULL 3 NULL 2 1

L create(int s) { L t=NULL; if (s <= 0) return NULL; t = (L) malloc(sizeof(*L)); t  d = s ; l 2 : t  n = create(s-1); return t; } l 1 s=3 t Selected Memory States l 2 s=2 t exit k=3 r = NULL 3 NULL 2 1

L create(int s) { L t=NULL; if (s <= 0) return NULL; t = (L) malloc(sizeof(*L)); t  d = s ; l 2 : t  n = create(s-1); return t; } l 1 s=3 t Selected Memory States exit k=3 r = NULL 32 1 NULL

Selected Memory States exit k=3 r 32 1 NULL void main() { L r = NULL; int k; … l 1 : r = create(k); }

Where is the Challenge ? Dynamic allocation –Unbounded number of objects Recursion –Unbounded number of activation records Properties of: –Invisible instances of local variables –Dynamically allocated objects l 1 s=3 l 2 s=0 l 2 s=1 l 2 s=2 exit k=3 3 NULL 2 1 r = NULL t t t t = NULL

Our Approach Reduce the interprocedural problem shape analysis problem to an intraprocedural problem Program with procedures Program without procedures Represent the activation record stack as a linked list: Control Information Invisible instances of local variables Explicit manipulation of the stack

Our Algorithm Abstract Interpretation –Concrete Semantics: Concrete representation of memory states Effect of program statements –Abstract Semantics: Abstract representation of memory states Transfer functions Finds abstract representation of memory states at every program point

Concrete Memory Descriptors cs exit cs l1 cs l2 top cs l2 pr t t t l 1 s=3 t l 2 s=0 t = NULL l 2 s1 t l 2 s=2 t exit k=3 r = NULL 3 NULL 2 1

Concrete Memory Descriptors Relationships between memory elements: value of local variables: t, r n-successor: n invoked by: pr cs exit cs l1 cs l2 top cs l2 pr t t t Properties of memory elements: “type”: stack, heap “visibility”: top “call-site”: exit, cs l 1, cs l 2

Bounding the Representation Concrete Memory Descriptors represent memory states –Every object is represented uniquely Abstract Memory Descriptors –Conservatively represent Concrete Memory Descriptors –A bounded representation

3-Valued Properties TrueFalse top t Don’t Know top=1/2 t

Abstraction cs exit cs l1 cs l2 cs l2, top pr t t t t t cs exit cs l1 cs l2, top pr cs l2 pr

Bounding the Representation Summarize nodes according to their unary properties Join values of relationships Convert a Concrete Memory Descriptor of arbitrary size into an Abstract Memory Descriptor of bounded size Does the Abstract Memory Descriptor contain enough information?

Problem cs l2, top cs l2 exit pr t cs l1 pr t exit cs l1 cs l2 cs l2, top pr t t t

Observing Properties of Invisible Variables Explicitly track universal properties of invisible-variables –Different invisible instances of t cannot point to the same heap cell Instrumentation properties –Track derived properties of memory elements

Some Instrumentation Properties Pointed-to by an invisible instance of t Pointed by more than one invisible instance of t t is not NULL

Memory Descriptors with Instrumentation exit cs l1 cs l2 cs l2, top pr t t t cs l2, top cs l2 exit pr cs l1 pr t t

Problem - solved cs l2, top cs l2 exit pr cs l1 pr t t exit cs l1 cs l2 cs l2, top pr t t cs l2, top t

Why Does It Work Shape analysis handles linked list quite precisely (Sagiv, Reps, Wilhelm [TOPLAS98]) Utilize the (intraprocedural) 3-valued logic framework of Sagiv, Reps and Wilhelm [POPL99] to analyze the resulting intraprocedural problem

Prototype Implementation Implemented in TVLA [Lev-Ami, Sagiv SAS 2000] Analyzed some recursive list manipulating programs Verified cleanness properties: –No memory leaks –No NULL dereferences

Prototype Implementation Procedure create delAll insert delete search append reverse reverse_append reverse_append _r Running example Time (sec) Number of (3VL) Structures

Conclusion Need to know more than potential values of invisible variables Tracking properties of invisible variables helps to overcome the (necessary) imprecision summarization of their values Instrumentation –Generic Sharing by different instances of a local variable –List specific

Conclusion Storing the call-site enable to improve information propagation to return-sites Shows how the intraprocedural framework of Sagiv, Reps and Wilhelm can be used for interprocedural analyses Analysis of a complex data structure

Limitations Small programs No mutual recursion (Implementation) Predefined instrumentation library Easy to use, no need for user intervention –Might not be good for all programs

Further Work Scaling the algorithm –Distinguishing between “relevant context” and “irrelevant” context –Analysis of programs manipulating Abstract Data Types

The End Interprocedural shape analysis for recursive programs Noam rinetzky and Mooly Sagiv Compiler Construction

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.