Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Slides:



Advertisements
Similar presentations
Chapter 22 Implementing lists: linked implementations.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Techniques for proving programs with pointers A. Tikhomirov.
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Automatic Memory Management Noam Rinetzky Schreiber 123A /seminar/seminar1415a.html.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Bounding Space Usage of Conservative Garbage Collectors Ohad Shacham December 2002 Based on work by Hans-J. Boehm.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
1 Lecture 08(a) – Shape Analysis – continued Lecture 08(b) – Typestate Verification Lecture 08(c) – Predicate Abstraction Eran Yahav.
Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.
Program analysis Mooly Sagiv html://
Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.
1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.
Program analysis Mooly Sagiv html://
1 Eran Yahav and Mooly Sagiv School of Computer Science Tel-Aviv University Verifying Safety Properties.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Compile-Time Deallocation of Individual Objects Sigmund Cherem and Radu Rugina International Symposium on Memory Management June, 2006.
From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.
Java Alias Analysis for Online Environments Manu Sridharan 2004 OSQ Retreat Joint work with Rastislav Bodik, Denis Gopan, Jong-Deok Choi.
Overview of program analysis Mooly Sagiv html://
Detecting Memory Errors using Compile Time Techniques Nurit Dor Mooly Sagiv Tel-Aviv University.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Reference Types. 2 Objectives Introduce reference types –class –array Discuss details of use –declaration –allocation –assignment –null –parameter –aggregation.
Pointer and Shape Analysis Seminar Mooly Sagiv Schriber 317 Office Hours Thursday
1 Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University Shape analysis with applications Chapter 4.6
Names and Bindings Introduction Names Variables The concept of binding Chapter 5-a.
A Semantics for Procedure Local Heaps and its Abstractions Noam Rinetzky Tel Aviv University Jörg Bauer Universität des Saarlandes Thomas Reps University.
Overview of program analysis Mooly Sagiv html://
Static Program Analysis via Three-Valued Logic Thomas Reps University of Wisconsin Joint work with M. Sagiv (Tel Aviv) and R. Wilhelm (U. Saarlandes)
1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.
11 Values and References Chapter Objectives You will be able to: Describe and compare value types and reference types. Write programs that use variables.
Dagstuhl Seminar "Applied Deductive Verification" November Symbolically Computing Most-Precise Abstract Operations for Shape.
CS3012: Formal Languages and Compilers The Runtime Environment After the analysis phases are complete, the compiler must generate executable code. The.
Implications of Inheritance COMP204, Bernhard Pfahringer.
Shape Analysis Overview presented by Greta Yorsh.
The basics of the array data structure. Storing information Computer programs (and humans) cannot operate without information. Example: The array data.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
Free-Me: A Static Analysis for Automatic Individual Object Reclamation Samuel Z. Guyer, Kathryn McKinley, Daniel Frampton Presented by: Dimitris Prountzos.
1 Records Record aggregate of data elements –Possibly heterogeneous –Elements/slots are identified by names –Elements in same fixed order in all records.
A Certifying Compiler and Pointer Logic Zhaopeng Li Software Security Lab. Department of Computer Science and Technology, University of Science and Technology.
Symbolically Computing Most-Precise Abstract Operations for Shape Analysis Greta Yorsh Thomas Reps Mooly Sagiv Tel Aviv University University of Wisconsin.
Model construction and verification for dynamic programming languages Radu Iosif
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra.
Data Flow Analysis for Software Prefetching Linked Data Structures in Java Brendon Cahoon Dept. of Computer Science University of Massachusetts Amherst,
Heap liveness and its usage in automatic memory management Ran Shaham Elliot Kolodner Mooly Sagiv ISMM’02 Unpublished TVLA.
Roman Manevich Ben-Gurion University Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 16: Shape Analysis.
Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky Tel Aviv University Joint work with Mooly Sagiv Tel Aviv University Eran Yahav.
Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.
Sections Basic Data Structures. 1.5 Data Structures The way you view and structure the data that your programs manipulate greatly influences your.
C11, Implications of Inheritance
Object Lifetime and Pointers
Interprocedural shape analysis for cutpoint-free programs
Partially Disjunctive Heap Abstraction
Seminar in automatic tools for analyzing programs with dynamic memory
Dynamic Memory Allocation
Strategies for automatic memory management
Created By: Asst. Prof. Ashish Shah, J.M.Patel College, Goregoan West
Dynamic Memory.
A Semantics for Procedure Local Heaps and its Abstractions
Data Structures and Algorithms Memory allocation and Dynamic Array
IS 135 Business Programming
CMPE 152: Compiler Design May 2 Class Meeting
Presentation transcript:

Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv

Memory deallocation in a timely manner is a hard problem Premature deallocation  Program errors Late deallocation  Memory leaks Inefficient use of memory

(Old) Idea: Compile-Time GC The compiler can issue free when objects are no longer needed –Object may still be reachable –Potentially collects objects earlier than run-time garbage collection Low cost Candidate for memory/cpu constrained environments Difficult for imperative heap-manipulating programs –No static names for objects –Destructive updates (mutations) x.field=null

Results A framework for developing static algorithms for memory management –Compile-Time GC Free an unneeded object Handle destructive updates –GC assistance Assign null to heap references Reduces reachability heap graph GC exploits information

Plan A motivating example program The heap safety automaton Concrete semantics for deallocating space Abstract semantics for deallocating space Assign Null Summary

A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; }

A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5

A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } t x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5

A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } t x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5

A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } y t x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5

A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } y t x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5

Free Unneeded Objects class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; “free y;” [11] y = t; } y t x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5

When can we free an object? a = malloc(…) ; b = a; // free (a); ? c = malloc (…); if (b == c) printf(“unexpected equality”); Cannot free an object if it has a reference with a future use!

When can free x be inserted after p? p cannot free x x references an object l some reference to l is used On all execution paths after p there are no uses of references to the object referenced by x  inserting free x after p is valid

Computing Free Information Forward (history) information –Heap paths –For free x after p Aliases of x after p Backward (future) information –Use of references –For free x after p Future use of aliases of x after p Integration of forward and backward heap information –Alternatives Integration of an operational semantics and a backward collecting semantics Automaton-based solution –Automaton states record “future” information

The Heap Safety Automaton Describes a local temporal heap safety property (a typestate property) –Holds on an execution path for an object –Independent of other objects –In an accepting state on an execution path for an object Used for property verification –Automaton does not reach the “err” state –For all execution paths for all objects

free x after p automaton p cannot free x x references an object l some reference to l is used err initial ref p,x use 0 ref p,x 1 Automaton for an object l

A Concrete Semantics for Deallocating Space Program state –“Usual heap information” Variable values, Field Values –Free x after p automaton state For every object l Program statement effect –“Usual semantics” –Trigger automaton events

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5 S[0]

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; (use x) [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5 S[0]

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[1] S[0]

class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[1] S[0] S[1]

Abstract Semantics for Deallocating Space – Challenges Infinite states –Number of objects is unbounded Precise heap path information –Precise Association of an event corresponding automaton state of a program object Our framework –Allows a rather precise heap abstraction –Abstraction refinement automaton state of each program object

Abstract Semantics for Deallocating Space Program state –Heap Abstraction Parametric Shape Analysis [SRW02] Based on 3-valued logical structures –Automaton States Unary predicates s[q] q ranges over automaton states Program statement effect –Shape analysis abstract transformers –Events associated with every statement update s[q] Property Verification –s[err] does not hold

Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y n n n n t S[0] n n

Assign Null Allows GC to collect more space –Reduces heap reachability Assign-Null automaton –Contains “back-edges”

When can x.f = null be inserted after p? p p’ x.f cannot be assigned null On all execution paths after p, x.f is not used before redefinition  inserting x.f = null after p is valid field f of object l is not assigned field f of object l is used x references an object l

p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

Prototype Implementation Analysis of Java/JavaCard programs Precise –Points-to is not enough Even when it is flow-sensitive, field-sensitive with unbounded context [Emami et al. – PLDI 94] Scalability issues –Interprocedural shape analysis

Related Work Memory Management –Compile-Time GC Mostly for functional languages –Escape Analysis Limited to objects not escaping their allocating method –Region-based memory management Usually requires programmer awareness Software verification of safety properties –Bandera, ESP, SLAM Precision Application domain

Summary Statically identify a subset of unneeded objects Free –Free an unneeded object –Similar to compile-time GC studied for functional languages We need to handle destructive updates Assign null –Assign null to heap references –Reduces reachability heap graph –GC exploits information Identify potential errors –Issue a warning when a potentially needed object is reclaimed False alarms may arise A framework –Formulate compile-time memory management as a verification problem

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.