Presentation is loading. Please wait.

Presentation is loading. Please wait.

Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly."— Presentation transcript:

1 Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes Eran Yahav IBM Watson

2 Motivation Verify heap intensive programs  Imperative programs with procedures  Recursive data structures Lists Trees …

3 Motivation class List { List n; } main() { List x=null, y=null; int k = getLen(); x = create(k); y = reverse(x); } … k=4 x y nnn x y nnn No null dereferences No memory leaks x and y point to the same list y points to an acyclic list k=4 x y reverse: reverses terminates

4 What is the problem? Recursive procedures  Unbounded number of activation records Dynamic allocation  Unbounded number of objects Checking heap properties is undecidable

5 Our approach Use abstractions Over-approximation algorithms Effective (termination) Every verified property holds (sound)  May not prove all properties (incomplete)

6 y t g p Local heaps y t g call f(x); x p p p x

7 Canonical abstraction x n n n x n n

8 Tabulation exits y Interprocedural shape analysis call f(x) p x y x p

9 p y Interprocedural shape analysis call f(x) x y p p No tabulation Analyze f p x

10 y t g p Cutpoints y t g call f(x); x p p p ? x

11 Cutpoints and abstraction x n n n y n n n d d d d call f(x) p n n n Canonical abstraction p n n n p n n n

12 y t g p p Abstraction of cutpoints y t g call f(x); x p p x

13 Prototype implementation Data structureVerified properties Singly linked list Insert delete reverse … No memory errors acyclicity Sorting (of singly linked lists) insertion quickSort + Sortedness Unshared binary trees Insert Delete … No memory errors, tree-ness

14 Related Work Interprocedural shape analysis  Rinetzky and Sagiv, CC ’01  Chong and Rugina, SAS ’03  Jeannet et al., SAS ’04  Hackett and Rugina, POPL ’05  Rinetzky et al., POPL ‘05 Local Reasoning  Ishtiaq and O’Hearn, POPL ‘01  Reynolds, LICS ’02 Encapsulation  Noble et al. IWACO ’03 ...

15 End www.cs.tau.ac.il/~maon Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky, Mooly Sagiv, and Eran Yahav SAS, 2005 A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm POPL, 2005

Download ppt "Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly."

Similar presentations

TVLA for System Code Jörg KreikerHelmut SeidlVesal Vojdani TU Munich Dagstuhl, July 2009.

TVLA for System Code Jörg KreikerHelmut SeidlVesal Vojdani TU Munich Dagstuhl, July 2009.
Guy Golan-GuetaTel-Aviv University Nathan Bronson Stanford University Alex Aiken Stanford University G. Ramalingam Microsoft Research Mooly Sagiv Tel-Aviv.

Guy Golan-GuetaTel-Aviv University Nathan Bronson Stanford University Alex Aiken Stanford University G. Ramalingam Microsoft Research Mooly Sagiv Tel-Aviv.
Techniques for proving programs with pointers A. Tikhomirov.

Techniques for proving programs with pointers A. Tikhomirov.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Program Analysis and Verification 0368-4479

Program Analysis and Verification
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.

Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.

Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.
Heap Decomposition for Concurrent Shape Analysis R. Manevich T. Lev-Ami M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine MSR Cambridge Dagstuhl.

Heap Decomposition for Concurrent Shape Analysis R. Manevich T. Lev-Ami M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine MSR Cambridge Dagstuhl.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Sequential reductions for verifying serializability Hagit Attiya Technion & EPFL G. RamalingamMSR India Noam Rinetzky University of London.

Sequential reductions for verifying serializability Hagit Attiya Technion & EPFL G. RamalingamMSR India Noam Rinetzky University of London.
1 Lecture 07 – Shape Analysis Eran Yahav. Previously  LFP computation and join-over-all-paths  Inter-procedural analysis  call-string approach  functional.

1 Lecture 07 – Shape Analysis Eran Yahav. Previously  LFP computation and join-over-all-paths  Inter-procedural analysis  call-string approach  functional.
Compile-Time Verification of Properties of Heap Intensive Programs Mooly Sagiv Thomas Reps Reinhard Wilhelm

Compile-Time Verification of Properties of Heap Intensive Programs Mooly Sagiv Thomas Reps Reinhard Wilhelm
Static Program Analysis via Three-Valued Logic Thomas Reps University of Wisconsin Joint work with M. Sagiv (Tel Aviv) and R. Wilhelm (U. Saarlandes)

Static Program Analysis via Three-Valued Logic Thomas Reps University of Wisconsin Joint work with M. Sagiv (Tel Aviv) and R. Wilhelm (U. Saarlandes)
Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University

Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University
A Combination Framework for Tracking Partition Sizes Sumit Gulwani, Microsoft Research Tal Lev-Ami, Tel-Aviv University Mooly Sagiv, Tel-Aviv University.

A Combination Framework for Tracking Partition Sizes Sumit Gulwani, Microsoft Research Tal Lev-Ami, Tel-Aviv University Mooly Sagiv, Tel-Aviv University.
Specialized Reference Counting Garbage Collection using Data Structure Annotations By Eric Watkins and Dzin Avots for CS 343 Spring 2002.

Specialized Reference Counting Garbage Collection using Data Structure Annotations By Eric Watkins and Dzin Avots for CS 343 Spring 2002.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.

1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.
Model Checking of Concurrent Software: Current Projects Thomas Reps University of Wisconsin.

Model Checking of Concurrent Software: Current Projects Thomas Reps University of Wisconsin.

Similar presentations

Ads by Google