Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inference and Checking of Object Ownership Wei Huang 1, Werner Dietl 2, Ana Milanova 1, Michael D. Ernst 2 1 Rensselaer Polytechnic Institute 2 University.

Published byJoshua Arron Pearson Modified over 9 years ago

Similar presentations

Presentation on theme: "Inference and Checking of Object Ownership Wei Huang 1, Werner Dietl 2, Ana Milanova 1, Michael D. Ernst 2 1 Rensselaer Polytechnic Institute 2 University."— Presentation transcript:

1 Inference and Checking of Object Ownership Wei Huang 1, Werner Dietl 2, Ana Milanova 1, Michael D. Ernst 2 1 Rensselaer Polytechnic Institute 2 University of Washington 1

2 Ownership Types Owner-as-Modifier (OaM) ◦ Universe Types (UT) Owner-as-Dominator (OaD) ◦ Ownership Types (OT) 2 List Node OaD List Node OaM read access write access ✓ ✓✓✓ ✗ ✗ ✓✓✓✓ ✗✗

3 1class Link { 2 Link next; X data; 3 Link(X inData) { 4 next = null; 5 data = inData; 6 } 7} 8class XStack { 9 Link top; 10 void push(X data) { 11 Link newTop; 12 newTop = new Link(data); 13 newTop.next = top; 14 top = newTop; 15 } 16 X pop() { 17 Link oldTop = top; 18 top = oldTop.next; 19 return oldTop.data; 20 } 21 boolean isEmpty() { 22 return top == null; } 23 public static void main(String[] args) { 24 XStack s; 25 s = new XStack(); 26 X x = new X(); 27 s.push(x); 28 x = s.pop(); 29 } 30} 1class Link { 2 Link next; X data; 3 Link( X inData) { 4 next = null; 5 data = inData; 6 } 7} 8class XStack { 9 Link top; 10 void push( X data) { 11 Link newTop; 12 newTop = new Link(data); 13 newTop.next = top; 14 top = newTop; 15 } 16 X pop() { 17 Link oldTop = top; 18 top = oldTop.next; 19 return oldTop.data; 20 } 21 boolean isEmpty() { 22 return top == null; } 23 public static void main(String[] args) { 24 XStack s; 25 s = new XStack(); 26 X x = new X(); 27 s.push(x); 28 x = s.pop(); 29 } 30} Annotation Burden is High 13 annotations are used in this small program! 3

4 Ownership Type Inference Transforms un-annotated or partially- annotated programs into fully annotated ones ◦ Facilitates practical adoption of ownership types ◦ Reveals how ownership concepts are expressed in existing programs 4

5 Many Valid Typings! Goal: Infer the “best” typing ◦ The typing that gives rise to the deepest tree root List Node Data root List Node Data 5 Flatter treeDeeper tree

6 Contributions Unified typing rules ◦ Universe Types (UT) ◦ Ownership Types (OT) Unified inference approach Notion of “best” typing Implementation and evaluation ◦ Results for UT and OT ◦ Comparison of UT and OT 6

7 Universe Types [Dietl & Müller JOT’05] root List Data1 Node1 Node2 Data2 rep peer any 7 owned by this has same owner as this arbitrary ownership ? ?

8 Ownership Types [ Clark et al. OOPSLA’98 ] root List Data1 Node1 Node2 Data2 8 owned by this has same owner as this owned by ownership parameter owner ownership parameter ? ?

9 Architecture Unifie d Typing Rules Source Code Set-based Solver Extrac t “Best” Typing Preference Ranking over Qualifiers Type Checkin g Set- based Solution Maximal Typing Manual Annotations Instantiate d Rules 9 Fail Succeed “Best” Typing

10 Outline Unified typing rules Unified inference approach Notion of “best” typing Implementation and evaluation 10

11 Typing Rule (TWRITE): x.f = y OT: (TWRITE) 11 UT: (TWRITE) T T T OT: (TWRITE) T Unified: (TWRITE) T UT Adaptations: OT Adaptations:

12 Outline Unified typing rules Unified inference approach Notion of “best” typing Implementation and evaluation 12

13 Set-based Solver Set Mapping S: variable  {possible qualifiers} ◦ e.g. S(x) = {any, rep, peer} Iterates over statements s ◦ Applies the function f s ◦ f s removes infeasible qualifiers for each variable in s according to the instantiated rules Until ◦ Reaches a fixpoint, or ◦ Assigns the empty set to a variable 13

14 Example 1 class XStack { 2 Link top; 3 void push( X d) { 4 Link newTop; 5 newTop = new Link(); 6 newTop.init(d); 7... 8 } 9 } 10 class Link { 11... 12 void init( X inData) { 13... 14 } 15 } {any, rep, peer} 14

15 First Iteration 1 class XStack { 2 Link top; 3 void push( X d) { 4 Link newTop; 5 newTop = new Link(); 6 newTop.init(d); 7... 8 } 9 } 10 class Link { 11... 12 void init( X inData) { 13... 14 } 15 } {any, rep, peer} 15

16 First Iteration 1 class XStack { 2 Link top; 3 void push( X d) { 4 Link newTop; 5 newTop = new Link(); 6 newTop.init(d); 7... 8 } 9 } 10 class Link { 11... 12 void init( X inData) { 13... 14 } 15 } {any, rep, peer} 16

17 Final Result: A Set-based Solution 1 class XStack { 2 Link top; 3 void push( X d) { 4 Link newTop; 5 newTop = new Link(); 6 newTop.init(d); 7... 8 } 9 } 10 class Link { 11... 12 void init( X inData) { 13... 14 } 15 } {any, rep, peer} 17

18 Outline Unified typing rules Unified inference approach Notion of “best” typing Implementation and evaluation 18

19 Set-based Solution Many valid typings can be extracted from the solution Which one is the “best”? ◦ Deeper ownership tree has better encapsulation Flatter treeDeeper tree root List Node Data root List Node Data 19

20 Notion of “Best” Typing Objective functions rank valid typings is a valid typing ranks UT typings; a proxy for deep UT tree ranks OT typings; a proxy for deep OT tree “Best” typing maximizes objective function 20

21 Maximal Typing Maximal typing assigns to each variable x the maximally preferred qualifier from S(x) ◦ Preference ranking over qualifiers  UT:  OT: Theorem: If the maximal typing type-checks, then it maximizes the objective function ◦ UT: the maximal typing always type-checks ◦ OT: it does not always type-check 21

22 UT: Maximal Typing Always Type Checks 1 class XStack { 2 Link top; 3 void push( X d) { 4 Link newTop; 5 newTop = new Link(); 6 newTop.init(d); 7... 8 } 9 } 10 class Link { 11... 12 void init( X inData) { 13... 14 } 15 } {any, rep, peer} 22

23 OT: Maximal Typing Does Not Always Type Check Conflict: picking the maximal qualifiers doesn’t type-check Prompts user for manual annotations 23 class A { C f; } x=new A(); y=new C(); x.f=y; x. f = y

24 Outline Unified typing rules Unified inference approach Notion of “best” typing Implementation and evaluation 24

25 Implementation Built on top of the Checker Framework (CF) [Papi et al. ISSTA’08, Dietl et al. ICSE’11] Extends the CF to specify: ◦ Preference ranking over qualifiers ◦ Viewpoint adaptation function ◦ Additional constraints Publicly available at ◦ http://www.cs.rpi.edu/~huangw5/cf-inference 25

26 Benchmarks 26

27 UT Result 27 rep = encapsulation

28 OT Result 28 = encapsulation

29 Owner-as-Modifier vs Owner-as-Dominator UT gives rise to a deeper tree when access to object e from x is readonly Object Graph OT Tree root x x i i c c e e UT Tree root x x i i c c e e x x i i c c e e 29

30 Owner-as-Modifier vs Owner-as-Dominator OT gives rise to a deeper tree when object j modifies object k from an enclosing context Object Graph root i i k k j j OT Tree root i i k k j j UT Tree root i i k k j j 30

31 Allocation Sites 31 OT: rep 40% UT: rep 14% OT has deeper tree: Modification to objects from enclosing context happens more often UT&OT: rep 9% UT&OT: rep 9% UT and OT give rise to different ownership trees

32 Summary of Results Manual annotations ◦ UT: 0 annotations ◦ OT: 6 annotations per 1 kLOC Programs can be refactored to have better OaM or OaD structure UT requires no manual annotations; annotations are easy to interpret OT requires manual annotations; annotations are hard to interpret 32

33 Related Work Tip et al. [TOPLAS’11] ◦ Similar algorithm: starts with all possible answers and iteratively removes infeasible elements ◦ We also use qualifier preference ranking Dietl et al. [ECOOP’11] ◦ Tunable Inference for Generic Universe Types ◦ Encodes type constraints and solved by Max-SAT solver Sergey & Clark [ESOP’12] ◦ Gradual Ownership Types ◦ Requires both static and dynamic analyses ◦ Analyzes 8,200 lines of code in total 33

34 Conclusions An inference framework for ownership- like type systems Definition of “best” typing Evaluation on 241 kLOC Publicly available at ◦ http://www.cs.rpi.edu/~huangw5/cf-inference 34

35 Conclusions An inference framework for ownership- like type systems Definition of “best” typing Evaluation on 241 kLOC Publicly available at ◦ http://www.cs.rpi.edu/~huangw5/cf-inference 35

36 Typing Rule (TCALL): x = y.m(z) UT: (TCALL)OT: (TWRITE) Unified: (TWRITE) 36

37 UT Result BenchmarkTotalVaranyreppeer#ManualTime(s) JOlden685 22771387 011.3 tinySQL2711 6301041977 018.2 htmlparser3269 4261532690 022.9 ejc10957 18971228938 0119.7 javad249 3111207 04.1 SPECjbb1066 29574697 013.6 jdepend542 9514433 07.2 classycle946 8711848 09.9 Running times range from 4 sec. to 120 sec. Zero manual annotations are required Delelte 37

38 OT Result BenchmarkTotalVar#ManualTime(s) JOlden685 674972497 13(2/KLOC)10.3 tinySQL2711 22453051952 215(7/KLOC)18.4 htmlparser3269 330629362274 200(3/KLOC)33.6 ejc10957 4671768508672 592(5/KLOC)122.4 javad249 442774104 46(10/KLOC)5.5 SPECjbb1066 16614171688 73(6/KLOC)17.1 jdepend542 130156128 26(6/KLOC)13.7 classycle946 15317328592 90(10/KLOC)11.7 Running times range from 4 sec. to 120 sec. 6/KLOC manual annotations on average Delelte 38

39 Allocation Sites in All Benchmarks OT: rep 40% OT: not rep 60% UT: not rep 86% UT: rep 14% Modification of objects from enclosing context happens more often than readonly exposure Modification of objects from enclosing context happens more often than readonly exposure 39

40 Universe Types Owner-as-Modifier encapsulation (OaM) Type qualifiers: ◦ rep: owned by this ◦ peer: has same owner as this ◦ any: arbitrary ownership 40

41 Classical Ownership Types Owner-as-Dominator encapsulation (OaD) Type qualifier ◦ is the owner of the object ◦ is the ownership parameter ◦ rep: owned by this ◦ own: has same owner as this ◦ p: owned by the ownership parameter 41

42 Owner-as-Modifier vs Owner-as-Dominator Goal: compare UT (OaM) to OT (OaD) In certain cases, UT gives rise to a deeper tree than OT In other cases, OT gives rise to a deeper tree Does UT or OT has deeper trees? Do UT and OT give rise to different trees? 42

43 Architecture Unified Typing Rules Source Code Set-based Solver Extract “Best” Typing Preference Ranking over Qualifiers Type Checking Set-based Solution Maximal Typing Manual Annotations Instantiated Rules 43 Fail Succeed “Best” Typing

44 44

45 Summary of Results Many objects are owned (encapsulated) ◦ UT: 14% of allocation sites are rep (upper bound!) ◦ OT: 40% of allocation sites are rep (close to upper bound!) UT requires no manual annotations ◦ Programs can be refactored to have better OaM structure OT requires manual annotations ◦ Annotations are hard to understand 45

46 Allocation Sites 46 OT: rep 40% UT: rep 14% Modification from external context happens more often UT&OT: rep 9% UT&OT: rep 9% UT and OT give rise to different ownership trees

47 Running Time and Manual Annotation 47 Zero manual annotation for UT 6 manual annotations per kLOC on average

48 Notion of “Best” Typing Objective functions rank valid typings is a valid typing ranks UT typings ◦ Maximizes number of allocation sites typed rep ranks OT typings ◦ Maximizes number of object graph edges typed with owner rep 48

49 Outline Unified typing rules Unified inference approach Notion of “best” typing Implementation and evaluation 49

50 Ownership Types Owner-as-Modifier Owner-as-Dominator 50 List Node OaM List Node OaD readwrite ✓ ✓✓✓✓✓✓✓ ✗ ✗✗✗

51 Summary of Results Many objects are owned (encapsulated) ◦ UT: 14% of allocation sites are rep (upper bound!) ◦ OT: 40% of allocation sites are rep (close to upper bound!) UT requires no manual annotations; annotations are easy to interpret OT requires manual annotations; annotations are hard to interpret 51

Download ppt "Inference and Checking of Object Ownership Wei Huang 1, Werner Dietl 2, Ana Milanova 1, Michael D. Ernst 2 1 Rensselaer Polytechnic Institute 2 University."

Similar presentations

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Advanced XSLT. Branching in XSLT XSLT is functional programming –The program evaluates a function –The function transforms one structure into another.

Advanced XSLT. Branching in XSLT XSLT is functional programming –The program evaluates a function –The function transforms one structure into another.
Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.

Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.
P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.

P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.

CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.

1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1.

Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
Coding Standard: General Rules 1.Always be consistent with existing code. 2.Adopt naming conventions consistent with selected framework. 3.Use the same.

Coding Standard: General Rules 1.Always be consistent with existing code. 2.Adopt naming conventions consistent with selected framework. 3.Use the same.
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.

Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Abstract Data Types (ADT) Collection –An object that can hold a list of other objects Homogeneous Collection –Contains elements all of the same type –Example:

Abstract Data Types (ADT) Collection –An object that can hold a list of other objects Homogeneous Collection –Contains elements all of the same type –Example:
1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.

1 Practical Object-sensitive Points-to Analysis for Java Ana Milanova Atanas Rountev Barbara Ryder Rutgers University.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
Names and Scopes CS 351. Program Binding We should be familiar with this notion. A variable is bound to a method or current block e.g in C++: namespace.

Names and Scopes CS 351. Program Binding We should be familiar with this notion. A variable is bound to a method or current block e.g in C++: namespace.
Code Generation for Basic Blocks Introduction Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc03.html Chapter 4.2.5.

Code Generation for Basic Blocks Introduction Mooly Sagiv html:// Chapter
Comparison Under Abstraction for Verifying Linearizability Daphna Amit Noam Rinetzky Mooly Sagiv Tom RepsEran Yahav Tel Aviv UniversityUniversity of Wisconsin.

Comparison Under Abstraction for Verifying Linearizability Daphna Amit Noam Rinetzky Mooly Sagiv Tom RepsEran Yahav Tel Aviv UniversityUniversity of Wisconsin.
16-Aug-15 Air Force Institute of Technology Electrical and Computer Engineering Object-Oriented Programming in Java Topic : Interfaces, Copying/Cloning,

16-Aug-15 Air Force Institute of Technology Electrical and Computer Engineering Object-Oriented Programming in Java Topic : Interfaces, Copying/Cloning,

Similar presentations

Ads by Google