Presentation is loading. Please wait.

Presentation is loading. Please wait.

Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv."— Presentation transcript:

1 Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv

2 Memory deallocation in a timely manner is a hard problem Premature deallocation  Program errors Late deallocation  Memory leaks Inefficient use of memory

3 (Old) Idea: Compile-Time GC The compiler can issue free when objects are no longer needed –Object may still be reachable –Potentially collects objects earlier than run-time garbage collection Low cost Candidate for memory/cpu constrained environments Difficult for imperative heap-manipulating programs –No static names for objects –Destructive updates (mutations) x.field=null

4 Results A framework for developing static algorithms for memory management –Compile-Time GC Free an unneeded object Handle destructive updates –GC assistance Assign null to heap references Reduces reachability heap graph GC exploits information

5 Plan A motivating example program The heap safety automaton Concrete semantics for deallocating space Abstract semantics for deallocating space Assign Null Summary

6 A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; }

7 A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5

8 A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } t x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5

9 A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } t x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5

10 A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } y t x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5

11 A Linked List Example class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } y t x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5

12 Free Unneeded Objects class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; “free y;” [11] y = t; } y t x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5

13 When can we free an object? a = malloc(…) ; b = a; // free (a); ? c = malloc (…); if (b == c) printf(“unexpected equality”); Cannot free an object if it has a reference with a future use!

14 When can free x be inserted after p? p cannot free x x references an object l some reference to l is used On all execution paths after p there are no uses of references to the object referenced by x  inserting free x after p is valid

15 Computing Free Information Forward (history) information –Heap paths –For free x after p Aliases of x after p Backward (future) information –Use of references –For free x after p Future use of aliases of x after p Integration of forward and backward heap information –Alternatives Integration of an operational semantics and a backward collecting semantics Automaton-based solution –Automaton states record “future” information

16 The Heap Safety Automaton Describes a local temporal heap safety property (a typestate property) –Holds on an execution path for an object –Independent of other objects –In an accepting state on an execution path for an object Used for property verification –Automaton does not reach the “err” state –For all execution paths for all objects

17 free x after p automaton p cannot free x x references an object l some reference to l is used err initial ref p,x use 0 ref p,x 1 Automaton for an object l

18 A Concrete Semantics for Deallocating Space Program state –“Usual heap information” Variable values, Field Values –Free x after p automaton state For every object l Program statement effect –“Usual semantics” –Trigger automaton events

19 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5 S[0]

20 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; (use x) [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 x u1u1 u2u2 u3u3 u7u7 u6u6 y u4u4 n n n n nn n u5u5 S[0]

21 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

22 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

23 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

24 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[0]

25 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[1] S[0]

26 class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } Automaton for an object l Free “y at 10” Automaton err initial ref 10,y use 0 ref 10,y 1 yt x u1u1 u2u2 u3u3 u7u7 u6u6 u4u4 n n n n nn n u5u5 S[1] S[0] S[1]

27 Abstract Semantics for Deallocating Space – Challenges Infinite states –Number of objects is unbounded Precise heap path information –Precise Association of an event corresponding automaton state of a program object Our framework –Allows a rather precise heap abstraction –Abstraction refinement automaton state of each program object

28 Abstract Semantics for Deallocating Space Program state –Heap Abstraction Parametric Shape Analysis [SRW02] Based on 3-valued logical structures –Automaton States Unary predicates s[q] q ranges over automaton states Program statement effect –Shape analysis abstract transformers –Events associated with every statement update s[q] Property Verification –s[err] does not hold

29 Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

30 Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

31 Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

32 Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y S[0] n n n S[1] n t S[0] n n

33 Automaton for an object l Free “y at 10” Automaton class L { // L is a singly linked list public L n; // next field public int val; // data field } class Main { // Creation and traversal of a singly-linked list public static void main(String args[]) { L x, y, t; [1] x = null; [2] while (...) { // list creation [3] y = new L(); [4] y.val =...; [5] y.n = x; [6] x = y; } [7] y = x; [8] while (y != null) { // list traversal [9] System.out.print(y.val); [10] t = y.n; (use y, use y.n, ref 10,y ) [11] y = t; } err initial ref 10,y use 0 ref 10,y 1 x S[1] y n n n n t S[0] n n

34 Assign Null Allows GC to collect more space –Reduces heap reachability Assign-Null automaton –Contains “back-edges”

35 When can x.f = null be inserted after p? p p’ x.f cannot be assigned null On all execution paths after p, x.f is not used before redefinition  inserting x.f = null after p is valid field f of object l is not assigned field f of object l is used x references an object l

36 p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

37 p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

38 p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

39 p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

40 p p’ field f of object l is not assigned field f of object l is used err initial ref p,x use f 0 use f,def f ref p,x 1 def f x.f cannot be assigned null x references an object l When can x.f = null be inserted after p?

41 Prototype Implementation Analysis of Java/JavaCard programs Precise –Points-to is not enough Even when it is flow-sensitive, field-sensitive with unbounded context [Emami et al. – PLDI 94] Scalability issues –Interprocedural shape analysis

42 Related Work Memory Management –Compile-Time GC Mostly for functional languages –Escape Analysis Limited to objects not escaping their allocating method –Region-based memory management Usually requires programmer awareness Software verification of safety properties –Bandera, ESP, SLAM Precision Application domain

43 Summary Statically identify a subset of unneeded objects Free –Free an unneeded object –Similar to compile-time GC studied for functional languages We need to handle destructive updates Assign null –Assign null to heap references –Reduces reachability heap graph –GC exploits information Identify potential errors –Issue a warning when a potentially needed object is reclaimed False alarms may arise A framework –Formulate compile-time memory management as a verification problem

Download ppt "Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv."

Similar presentations

Chapter 22 Implementing lists: linked implementations.

Chapter 22 Implementing lists: linked implementations.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Techniques for proving programs with pointers A. Tikhomirov.

Techniques for proving programs with pointers A. Tikhomirov.
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.

Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Automatic Memory Management Noam Rinetzky Schreiber 123A 2015/seminar/seminar1415a.html.

Automatic Memory Management Noam Rinetzky Schreiber 123A /seminar/seminar1415a.html.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.

Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Bounding Space Usage of Conservative Garbage Collectors Ohad Shacham December 2002 Based on work by Hans-J. Boehm.

Bounding Space Usage of Conservative Garbage Collectors Ohad Shacham December 2002 Based on work by Hans-J. Boehm.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.

Pointer Analysis Lecture 2 G. Ramalingam Microsoft Research, India.
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.

Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
1 Lecture 08(a) – Shape Analysis – continued Lecture 08(b) – Typestate Verification Lecture 08(c) – Predicate Abstraction Eran Yahav.

1 Lecture 08(a) – Shape Analysis – continued Lecture 08(b) – Typestate Verification Lecture 08(c) – Predicate Abstraction Eran Yahav.
Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.

Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.

Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.
1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.

1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.

Similar presentations

Ads by Google