Download presentation
Presentation is loading. Please wait.
1
Footprint Analysis: A Shape Analysis that Discovers Preconditions Hongseok Yang (Queen Mary, University of London) (Joint work with Cristiano Calcagno, Dino Distefano, and Peter O’Hearn)
2
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PRESET_IRP ResetIrp,temp,tempnext; PDEVICE_EXTENSION de; ……… KeAcquireSpinLock(&de->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)ResetIrp->Flink2; } KeReleaseSpinLock(&de->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); } void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp ) KeReleaseSpinLock(&de->ResetSpinLock, Irql); KeAcquireSpinLock(&de->ResetSpinLock, &Irql); IoCompleteRequest(Irp, IO_NO_INCREMENT);
3
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PRESET_IRP ResetIrp,temp,tempnext; PDEVICE_EXTENSION de; ……… KeAcquireSpinLock(&de->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)ResetIrp->Flink2; } KeReleaseSpinLock(&de->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); } Footprint Analysis Discovers safe preconditions of a piece of code. Only the memory footprint of the code.
4
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PRESET_IRP ResetIrp,temp,tempnext; PDEVICE_EXTENSION de; ……… KeAcquireSpinLock(&de->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)ResetIrp->Flink2; } KeReleaseSpinLock(&de->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); }
5
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PXXX_RESET_IRP XXXResetIrp,temp,tempnext; PDEVICE_EXTENSION deviceExtension; ……… KeAcquireSpinLock(&deviceExtension->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)ResetIrp->Flink2; } KeReleaseSpinLock(&deviceExtension->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); } (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de) typedef struct { RESET_IRP* Flink2; IRP* Irp; … } RESET_IRP, *PRESET_IRP; typedef struct { RESET_IRP* Flink2; … } DEVICE_EXTENSION; (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,x 1 ) * (x 1 R Irp:Irp) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,0) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de)(de D Flink2: de) (de D Flink2:0)
6
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PXXX_RESET_IRP XXXResetIrp,temp,tempnext; PDEVICE_EXTENSION deviceExtension; ……… KeAcquireSpinLock(&deviceExtension->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)BusResetIrp->Flink2; } KeReleaseSpinLock(&deviceExtension->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); } typedef struct { RESET_IRP* Flink2; IRP* Irp; … } RESET_IRP, *PRESET_IRP; typedef struct { RESET_IRP* Flink2; … } DEVICE_EXTENSION; de D Flink2: de (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,x 1 ) * (x 1 R Irp:Irp) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,0) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de)(de D Flink2: de) (de D Flink2:0)
7
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PXXX_RESET_IRP XXXResetIrp,temp,tempnext; PDEVICE_EXTENSION deviceExtension; ……… KeAcquireSpinLock(&deviceExtension->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)BusResetIrp->Flink2; } KeReleaseSpinLock(&deviceExtension->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); } typedef struct { RESET_IRP* Flink2; IRP* Irp; … } RESET_IRP, *PRESET_IRP; typedef struct { RESET_IRP* Flink2; … } DEVICE_EXTENSION; de D Flink2: de Æ de = ResetIrp (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,x 1 ) * (x 1 R Irp:Irp) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,0) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de)(de D Flink2: de) (de D Flink2:0)
8
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PXXX_RESET_IRP XXXResetIrp,temp,tempnext; PDEVICE_EXTENSION deviceExtension; ……… KeAcquireSpinLock(&deviceExtension->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)BusResetIrp->Flink2; } KeReleaseSpinLock(&deviceExtension->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); } typedef struct { RESET_IRP* Flink2; IRP* Irp; … } RESET_IRP, *PRESET_IRP; typedef struct { RESET_IRP* Flink2; … } DEVICE_EXTENSION; de D Flink2: de Æ de = ResetIrp (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,x 1 ) * (x 1 R Irp:Irp) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,0) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de)(de D Flink2: de) (de D Flink2:0)
9
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp) { ……… PXXX_RESET_IRP XXXResetIrp,temp,tempnext; PDEVICE_EXTENSION deviceExtension; ……… KeAcquireSpinLock(&deviceExtension->ResetSpinLock, &Irql); ResetIrp = (PRESET_IRP)de->Flink2; while (ResetIrp !=NULL) { if (ResetIrp->Irp == Irp) { temp = (PRESET_IRP)de; tempnext = temp->Flink2; while (tempnext != ResetIrp) { temp = tempnext; tempnext = temp->Flink2; } temp->Flink2 = ResetIrp->Flink2; free(ResetIrp); break; } else if (ResetIrp->Flink2 == (PRESET_IRP)de) break; else ResetIrp = (PRESET_IRP)BusResetIrp->Flink2; } KeReleaseSpinLock(&deviceExtension->ResetSpinLock, Irql); …… IoCompleteRequest(Irp, IO_NO_INCREMENT); } typedef struct { RESET_IRP* Flink2; IRP* Irp; … } RESET_IRP, *PRESET_IRP; typedef struct { RESET_IRP* Flink2; … } DEVICE_EXTENSION; de D Flink2: de Æ de = ResetIrp ERROR: No IRP Field in DEVICE_EXTENSION (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,x 1 ) * (x 1 R Irp:Irp) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,0) (de D Flink2: x 0 ) * ls (RESET_IRP,Flink2) (x 0,de)(de D Flink2: de) (de D Flink2:0)
10
Footprint Analysis Seeding Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } x=a Æ emp
11
Footprint Analysis Seeding Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } x=a Æ emp
12
Footprint Analysis Seeding Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } x=a Æ emp P2P2 P3P3 P1P1
13
Footprint Analysis Seeding Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } x=a Æ emp SpaceInvader {P 1 } {Q 1,Q 2 } {I 1,I 2,I 3 } {P 1 }C{Q 1 Ç Q 2 } P2P2 P3P3 P1P1
14
Footprint Analysis Seeding Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } x=a Æ emp SpaceInvader {P 2 } {Q 10,Q 11,Q 12 } {I 10,I 11,I 12 } {P 1 }C{Q 1 Ç Q 2 } P2P2 P3P3 P1P1 {P 2 }C{Q 10 Ç Q 11 Ç Q 12 }
15
Footprint Analysis Seeding Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } x=a Æ emp SpaceInvader {P 3 } {P 1 }C{Q 1 Ç Q 2 } P2P2 P3P3 P1P1 {P 2 }C{Q 10 Ç Q 11 Ç Q 12 } > >
16
Footprint Analysis Seeding Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } x=a Æ emp SpaceInvader {P 1 }C{Q 1 Ç Q 2 } P2P2 P3P3 P1P1 {P 2 }C{Q 10 Ç Q 11 Ç Q 12 }
17
Footprint Analysis Safe precondition Footprint only Seeding Footprint Computation SpaceInvader
18
Separation Logic x y, ls (y,z) x y * ls (y,z), emp 9 y’. z!=0 Æ v=a Æ x y’ * ls (y’,z) x y yz yz x
19
Variable Convention Program variables: x,y,z,t,v,w Ghost (or auxiliary) variables: a,b,c,d,…. Primed variables: x’,y’,z’,t’,v’,w’ 9 w’,w’ 1. x!=0 Æ z=a Æ w’!=w’ 1 Æ x w’ * ls (w’,w’ 1 ) * y w’ 1
20
Symbolic Heaps Separation logic formulas of the form: (x!=0 Æ z=a Æ w’!=w’ 1 ) Æ (x w’ * ls (w’,w’ 1 ) * y w’ 1 ) SH = Set of all symbolic heaps GhoSH = Set of sym. heaps with ghost vars only
21
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } { (x=a Æ emp, x=a Æ emp) } { (x=a Æ ls (a,0), x=0 Æ emp), (x=0 Æ emp, x=0 Æ emp), … } Fixpoint Computation 2 P fin (GhoSH, SH)
22
Footprint Computation « x=x->next ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) rearr(x) : GhoSH x SH ! P fin (GhoSH x SH) exec(x=x->next) : GhoSH x SH ! GhoSH x SH abs : GhoSH x SH ! CanGhoSH x CanSH { (x=a Æ ls a b, x=a Æ ls a b), (x=a Æ ls a b, x=b Æ ls a b) } { (x=a Æ ls a b, x=a Æ a b), (x=a Æ ls a b, x=a Æ a v’*ls v’ b), (x=a Æ ls a b*b c, x=b Æ ls a b*b c) } rearr(x)(F,P) = { (F,P 1 ), …, (F,P n ) } if SpInvRearr(x)(P) = {P 1, …, P n } = { (F*a b, P*a b) } else if P ` x=a = { (false,false) } otherwise
23
Footprint Computation « x=x->next ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) rearr(x) : GhoSH x SH ! P fin (GhoSH x SH) exec(x=x->next) : GhoSH x SH ! GhoSH x SH abs : GhoSH x SH ! CanGhoSH x CanSH { (x=a Æ ls a b, x=a Æ ls a b), (x=a Æ ls a b, x=b Æ ls a b) } { (x=a Æ ls a b, x=a Æ a b), (x=a Æ ls a b, x=a Æ a v’*ls v’ b), (x=a Æ ls a b*b c, x=b Æ ls a b*b c) } { ………………………………., (x=a Æ ls a b*b c, x=c Æ ls a b*b c) }
24
Footprint Computation « x=x->next ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) rearr(x) : GhoSH x SH ! P fin (GhoSH x SH) exec(x=x->next) : GhoSH x SH ! GhoSH x SH abs : GhoSH x SH ! CanGhoSH x CanSH { (x=a Æ ls a b, x=a Æ ls a b), (x=a Æ ls a b, x=b Æ ls a b) } { (x=a Æ ls a b, x=a Æ a b), (x=a Æ ls a b, x=a Æ a v’*ls v’ b), (x=a Æ ls a b*b c, x=b Æ ls a b*b c) } { ………………………………., (x=a Æ ls a b*b c, x=c Æ ls a b*b c) }{ ………………………………., (x=a Æ ls a b*b c, x=c Æ ls a c) }{ ………………………………., (x=a Æ ls a c*b c, x=c Æ ls a c) }
25
Footprint Computation « x=x->next ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) rearr(x) : GhoSH x SH ! P fin (GhoSH x SH) exec(x=x->next) : GhoSH x SH ! GhoSH x SH abs : GhoSH x SH ! CanGhoSH x CanSH { (x=a Æ ls a b, x=a Æ ls a b), (x=a Æ ls a b, x=b Æ ls a b) } { (x=a Æ ls a b, x=a Æ a b), (x=a Æ ls a b, x=a Æ a v’*ls v’ b), (x=a Æ ls a b*b c, x=b Æ ls a b*b c) } { ………………………………., (x=a Æ ls a b*b c, x=c Æ ls a b*b c) }{ ………………………………., (x=a Æ ls a b*b c, x=c Æ ls a c) }{ ………………………………., (x=a Æ ls a c*b c, x=c Æ ls a c) }
26
List Disposal list t*; while (x!=0) { t = x; x = x->next; free(t); } x 0
27
List Disposal list t*; while (x!=0) { t = x; x = x->next; free(t); } x 0
28
List Disposal list t*; while (x!=0) { t = x; x = x->next; free(t); } x 0 t
29
List Disposal list t*; while (x!=0) { t = x; x = x->next; free(t); } x 0 t
30
List Disposal list t*; while (x!=0) { t = x; x = x->next; free(t); } x 0 t
31
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); }
32
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ emp x=a Æ emp Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
33
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ emp x=a Æ emp x=a Æ a!=0 Æ emp Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
34
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
35
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ emp * a b x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
36
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ emp * a b x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
37
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ emp * a b x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
38
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * a b x=b Æ a!=0 Æ t=a Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b x=b Æ a!=0 Æ t=a Æ b!=0 Æ emp Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
39
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * a b x=b Æ a!=0 Æ t=a Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b x=b Æ a!=0 Æ t=a Æ b!=0 Æ emp x=b Æ a!=0 Æ t=b Æ b!=0 Æ emp Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp) x=b Æ t=b Æ b!=0 Æ emp
40
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * a b * b c x=b Æ a!=0 Æ t=a Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b x=b Æ a!=0 Æ t=a Æ b!=0 Æ emp x=b Æ t=b Æ b!=0 Æ emp x=c Æ t=b Æ b!=0 Æ emp * b c Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * ls a c Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * ls a c Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
41
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * a b * b c x=b Æ a!=0 Æ t=a Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b x=b Æ a!=0 Æ t=a Æ b!=0 Æ emp x=b Æ t=b Æ b!=0 Æ emp x=c Æ t=b Æ b!=0 Æ emp * b c x=c Æ t=b Æ b!=0 Æ emp Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * ls a c Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
42
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * a b * b c x=b Æ a!=0 Æ t=a Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b x=b Æ a!=0 Æ t=a Æ b!=0 Æ emp x=b Æ t=b Æ b!=0 Æ emp x=c Æ t=b Æ b!=0 Æ emp * b c x=c Æ t=b Æ b!=0 Æ emp Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * ls a c Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
43
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * a b * b c x=b Æ a!=0 Æ t=a Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b x=b Æ a!=0 Æ t=a Æ b!=0 Æ emp x=b Æ t=b Æ b!=0 Æ emp x=c Æ t=b Æ b!=0 Æ emp * b c x=c Æ t=b Æ b!=0 Æ emp Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * ls a c Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp)
44
Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * a b * b c x=b Æ a!=0 Æ t=a Æ emp x=a Æ emp x=a Æ a!=0 Æ emp x=a Æ a!=0 Æ t=a Æ emp x=b Æ a!=0 Æ t=a Æ emp * a b x=b Æ a!=0 Æ t=a Æ b!=0 Æ emp x=b Æ t=b Æ b!=0 Æ emp x=c Æ t=b Æ b!=0 Æ emp * b c x=c Æ t=b Æ b!=0 Æ emp Discovered Precondition: x=a Æ a!=0 Æ b!=0 Æ emp * ls a c Loop: (x=a Æ emp, x=a Æ emp) (x=a Æ a!=0 Æ a b, x=b Æ a!=0 Æ t=a Æ emp) (x=a Æ a!=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ emp) Result: (x=a Æ a=0 Æ emp, x=a Æ a=0 Æ emp) (x=a Æ a!=0 Æ b=0 Æ a b, x=b Æ a!=0 Æ t=a Æ b=0 Æ emp) (x=a Æ a!=0 Æ c=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ c=0 Æ emp)
45
Shape Analysis with SpaceInvader list t*; while (x!=0) { t = x; x = x->next; free(t); } (x=a Æ a=0 Æ emp, x=a Æ a=0 Æ emp) (x=a Æ a!=0 Æ b=0 Æ a b, x=b Æ a!=0 Æ t=a Æ b=0 Æ emp) (x=a Æ a!=0 Æ c=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ c=0 Æ emp) (x=a Æ a=0 Æ emp, x=a Æ a=0 Æ emp) (x=a Æ a!=0 Æ b=0 Æ a b, x=b Æ a!=0 Æ t=a Æ b=0 Æ emp) (x=a Æ a!=0 Æ c=0 Æ ls a c, x=c Æ t=b Æ b!=0 Æ c=0 Æ emp) {x=a’ Æ a’=0 Æ em p} {x=a’ Æ a’!=0 Æ ls a’ 0} {x=a’ Æ a’!=0 Æ a’ 0 } { x=0 Æ emp }
46
Footprint Computation, Ideally F F0F0 D P C « C ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) Supp. « C ¬ { (F,P) } = { (G 1,Q 1 ), (G 2,Q 2 ) }. Goal: 8 D, if ` SL {F}D{P}, then 9 F i. G=F*F i and ` SL {F*F i }D;C{Q i }. Q G
47
Footprint Computation, Ideally « C ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) Supp. « C ¬ { (F,P) } = { (G 1,Q 1 ), (G 2,Q 2 ) }. Goal: 8 D, if ` SL {F}D{P}, then 9 F i. G=F*F i and ` SL {F*F i }D;C{Q i }. « x=x->next ¬ { (t=a Æ x=b Æ a b, t=b Æ x=b Æ emp) } = { (t=a Æ x=b Æ a b*b c, t=b Æ x=c Æ b c) } « x=x->next ¬ { (t=a Æ x=b Æ a b, t=b Æ x=b Æ emp) } = { (t=a Æ x=b Æ ls a c, t=b Æ x=c Æ b c) } {t=a Æ x=b Æ a b*b c} …….;x=x- >next{t=b Æ x=c Æ b c} {t=a Æ x=b Æ a b} free(t);t=x {t=b Æ x=b Æ emp} {t=a Æ x=b Æ ls a c } …….;x=x- >next{t=b Æ x=c Æ b c}
48
Footprint Computation, Actually « C ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) Supp. « C ¬ { (F,P) } = { (G 1,Q 1 ), (G 2,Q 2 ) }. Goal: 8 D, if ` SL {F}D{P}, then 9 F i. G=F*F i and ` SL {F*F i }D;C{Q i }. Actually: for all D, if ` SL {F}D{P}, then 9 P i,F i. G i ¶ F*F i, ` SL {F*F i }D;C{P i }, P i µ Q i. F FiFi D P C PiPi GiGi QiQi Abstraction abs Rearrangement rearr(E)
49
Footprint Computation, Actually « C ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) Supp. « C ¬ { (F,P) } = { (G 1,Q 1 ), (G 2,Q 2 ) }. Goal: 8 D, if ` SL {F}D{P}, then 9 F i. G=F*F i and ` SL {F*F i }D;C{Q i }. Actually: for all D, if ` SL {F}D{P}, then 9 P i,F i. G i ¶ F*F i, ` SL {F*F i }D;C{P i }, P i µ Q i. F FiFi D P C PiPi GiGi QiQi Abstraction abs Rearrangement rearr(E) But, only abs and rearr(E)!
50
Footprint Computation, Actually « C ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) Supp. « C ¬ { (F,P) } = { (G 1,Q 1 ), (G 2,Q 2 ) }. Goal: 8 D, if ` SL {F}D{P}, then 9 F i. G=F*F i and ` SL {F*F i }D;C{Q i }. Actually: for all D, if ` SL {F}D{P}, then 9 P i,F i. G i ¶ F*F i, ` SL {F*F i }D;C{P i }, P i µ Q i. F D P free(t) But, only abs and rearr(E)! FiFi PiPi proof rule for free(t) in sep. logic
51
Footprint Computation, Actually « C ¬ : P fin (GhoSH x SH) ! P fin (GhoSH x SH) Supp. « C ¬ { (F,P) } = { (G 1,Q 1 ), (G 2,Q 2 ) }. Goal: 8 D, if ` SL {F}D{P}, then 9 F i. G=F*F i and ` SL {F*F i }D;C{Q i }. Actually: for all D, if ` SL {F}D{P}, then 9 P i,F i. G i ¶ F*F i, ` SL {F*F i }D;C{P i }, P i µ Q i. F D P free(t) But, only abs and rearr(E)! FiFi PiPi FiFi Sound because of Frame Rule in sep. log. {F}D{P} {F*F i }D{P*F i } {P*F i }free(t){P i } {P*F i }D;free(t){P i } proof rule for free(t) in sep. logic
52
Backward Footprint Computation list t*; while (x!=0) { t = x; x = x->next; free(t); } Backward: assert(x!=0); t = x; x = x->next; free(t); assert(x=0); Forward: assert(x!=0); t = x; x = x->next; free(t); assert(x=0);
53
Experiments with List Programs MacBook, 2GH Intel Core 2 Duo. 2GB Mem. … x=a Æ y=b Æ ls a 0 … append.c merge.c … x=a Æ y=c Æ ls a b * ls c d …
54
Experiments with Firewire MacBook, 2GH Intel Core 2 Duo. 2GB Mem. t1394_SetAddressData t1394Diag_CancelIrp t1394_GetAddressData t1394_SetAddressDataFix t1394Diag_CancelIrpFix t1394_GetAddressDataFix
Similar presentations
