Presentation is loading. Please wait.

Presentation is loading. Please wait.

Role Analysis Viktor Kuncak Patrick Lam Martin Rinard MIT LCS.

Published byChristopher Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "Role Analysis Viktor Kuncak Patrick Lam Martin Rinard MIT LCS."— Presentation transcript:

1 Role Analysis Viktor Kuncak Patrick Lam Martin Rinard MIT LCS

2 2 Process Scheduler Example Running Process RP SP Suspended Process

3 3 Process Scheduler Example Running Process List next RP next prev Running Process SP Suspended Process

4 4 Process Scheduler Example Running Process List next RP next prev R SP left right left right Suspended Process Tree Suspended Process Running Process

5 5 Process Scheduler Example Running Process List next RP SP next prev R SP left right left right Suspended Process Tree Suspended Process Running Process left

6 6 Remarks Desirable to capture distinction between suspended and running processes Standard types unsuitable –Type is fixed for lifetime of object –Scheduler suspends and resumes processes Concept of a role –Statically verifiable property of an object –Capture current conceptual purpose of object –Role changes as object's purpose changes

7 Goal Develop a static type system in which each object is assigned a role Program actions can change object roles

8 8 Challenges Aliasing Ensure that role changes performed using one alias are correctly reflected in roles of other aliases Procedures Compositional interprocedural role system

9 9 Basic Approach Develop a role system in which role of each object depends on its heap aliases –Role provides aliasing information –Enables checker to ensure that role changes are compatible with all aliases Role reflects object’s participation in different data structures Role changes as object moves between data structures

10 10 Role Definition for Running Processes Running Process RP role RP { Sequence of heap referencing constraints }

11 11 Slot Constraints Running Process RP role RP { slots RP.next, RP.prev;... } Slot constraints identify the complete set of heap aliases of the object

12 12 Slot Constraints Running Process RP next prev role RP { slots RP.next, RP.prev;... } Slot constraints identify the complete set of heap aliases of the object

13 13 Field Constraints Running Process RP next prev role RP { slots RP.next, RP.prev; fields next : RP, prev : RP;... } Field constraints identify roles of objects to which fields refer

14 14 Field Constraints Running Process RP next prev role RP { slots RP.next, RP.prev; fields next : RP, prev : RP;... } RP next prev Field constraints identify roles of objects to which fields refer

15 15 Identity Constraints Running Process RP next prev role RP { slots RP.next, RP.prev; fields next : RP, prev : RP; identities next.prev, prev.next; } RP next prev Identities identify cycles of length two.

16 16 Identity Constraints Running Process RP next prev role RP { slots RP.next, RP.prev; fields next : RP, prev : RP; identities next.prev, prev.next; } next prev Identities identify cycles of length two.

17 17 next RP next prev role RP { slots RP.next, RP.prev; fields next : RP, prev : RP; identities next.prev, prev.next; } Role Definition for Running Processes RP

18 18 Roles as Constraints Each constraint C(o) is a predicate on objects Role is a logical conjunction of its defining constraints Constraints can be recursive! role RP { slots RP.next, RP.prev; fields next : RP, prev : RP; identities next.prev, prev.next; }

19 19 Semantics of Role Constraints Constraint is interpreted in the context of a role assignment (mapping from objects to role names) Heap is role consistent iff there exists a role assignment in which every object satisfies its role

20 20 Roles for Suspended Processes R SP left right left right Suspended Process Tree Suspended Process role R { } role SP { slots }

21 21 Roles for Suspended Processes R SP left right left right Suspended Process Tree Suspended Process role R { } role SP { slots R.left }

22 22 Roles for Suspended Processes R SP left right left right Suspended Process Tree Suspended Process SP role R { } role SP { slots R.left R.right }

23 23 Roles for Suspended Processes R SP left right left right Suspended Process Tree Suspended Process SP role R { } role SP { slots R.left R.right SP.left }

24 24 Roles for Suspended Processes R left right left right Suspended Process Tree Suspended Process SP role R { } role SP { slots R.left R.right SP.left SP.right } SP

25 25 Roles for Suspended Processes R left right left right Suspended Process Tree Suspended Process SP role R { } role SP { slots R.left | R.right | SP.left| SP.right; } SP

26 26 Roles for Suspended Processes R left right left right Suspended Process Tree Suspended Process SP role R { } role SP { fields left : SP right: SP slots R.left | R.right | SP.left| SP.right; } SP

27 27 Roles for Suspended Processes R left right left right Suspended Process Tree Suspended Process SP role R { } role SP { fields left : SP|null, right: SP|null; slots R.left | R.right | SP.left| SP.right; } SP

28 28 Roles for Suspended Processes R left right left right Suspended Process Tree Suspended Process SP role R { fields left : SP|null, right: SP|null; } role SP { fields left : SP|null, right: SP|null; slots R.left | R.right | SP.left| SP.right; } SP

29 29 Roles for Suspended Processes SP leftright Suspended Process Tree Suspended Process left role R { fields left : SP|null, right: SP|null; } role SP { fields left : SP|null, right: SP|null; slots R.left | R.right | SP.left| SP.right; acyclic left, right; } No cyclic paths of the form (left+right)*

30 30 Roles for Suspended Processes R SP left right left right Suspended Process Tree Suspended Process role R { fields left : SP|null, right: SP|null; } role SP { fields left : SP|null, right: SP|null; slots R.left | R.right | SP.left| SP.right; acyclic left, right; }

31 Programming with Roles

32 32 Role Changes To suspend a process –Remove from running process list –Insert into suspended process tree RP next prev next RP prev R SP left right next

33 33 Role Changes To suspend a process –Remove from running process list –Insert into suspended process tree RP I next prev RP prev R SP left right next

34 34 Role Changes To suspend a process –Remove from running process list –Insert into suspended process tree RP next prev RP prev R SP left right next role I { } Isolated object: I

35 35 Role Changes To suspend a process –Remove from running process list –Insert into suspended process tree RP SP RP next prev RP prev R SP left right next left next

36 36 Removing a Process from List remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); } RP next prev next RP prev p next

37 37 remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); } Removing a Process from List RP next prev next RP prev p pp pn next

38 38 remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); } RP next prev RP prev next p pp pn Removing a Process from List next

39 39 RP next prev next p pp pn Removing a Process from List remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); }

40 40 RP next prev next p Removing a Process from List remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); } Programming model expects programmer to indicate role changes

41 41 RP I next prev next p Removing a Process from List remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); } Programming model expects programmer to indicate role changes

42 42 Programming Model Based On Instrumented Semantics Role Assignment Part of Program State –Each object has a nominal role –setRole(p : R) updates role assignment Programmer responsibilities –Specify intended role assignment –Write role-consistent program Static role checking ensures –Programs are role-consistent –No dynamic overhead incurred

43 43 RP next prev RP prev next p pp pn Temporary Role Violations Data structure updates often temporarily violate nominal roles of updated objects remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); }

44 44 RP next prev RP prev next p pp pn Temporary Role Violations What do nominal roles mean during these updates? remove(p : RP) { pp = p.prev; pn = p.next; pp.next = pn; pn.prev = pp; p.next = null; p.prev = null; pp = null; pn = null; setRole(p : I); }

45 45 RP next prev RP prev next p pp pn Temporary Role Violations Observation: Objects with temporarily violated roles are referenced by local variables.

46 46 onstage objects = objects referenced by local variables. onstage objects offstage objects RP next prev RP prev next p pp pn Onstage and Offstage Objects

47 47 Onstage objects may have their roles temporarily violated. onstage objects offstage objects RP next prev RP prev next p pp pn Onstage and Offstage Objects onstage objects = objects referenced by local variables.

48 48 Roles of offstage objects must be correct assuming the nominal roles of onstage objects. onstage objects offstage objects RP next prev RP prev next p pp pn Onstage and Offstage Objects onstage objects = objects referenced by local variables.

49 Role Checking

50 50 Each procedure has an interface Precondition Property of heap at start of procedure Specifies initial dataflow fact for analysis Abstraction of actions of procedure –Read Effects (accessed region of heap) –Write Effects Changes to heap references Nominal role changes Procedure Interfaces

51 51 Two Aspects of Role Checking Verifying interface conformance –Assume precondition –Analyze procedure –Verify that procedure respects effects Using interfaces at call sites to separate analysis of caller and callee Each procedure analyzed exactly once

52 52 Role Consistency Across Procedure Calls p c When analyzing a procedure: Assume that accessed objects have consistent roles. d Region R accessed by foo foo(p) reads R {... }

53 53 Role Consistency Across Procedure Calls At Call Site: Use read effects of the procedure to verify that region accessed by the procedure has consistent roles (even for onstage objects) p c d... foo(p);... Region R accessed by foo

54 54 Role Consistency Across Procedure Calls p c When analyzing the procedure: Verify that only objects declared in callee’s read effects are accessed. Assume that accessed objects have correct roles. d Region R accessed by foo foo(p) reads R {... }

55 55 Role Consistency Across Procedure Calls p c d After Call Site: The role checking assumes that region accessed in the procedure is left in a role consistent state.... foo(p);... Region R accessed by foo

56 56 Role Consistency Across Procedure Calls p c After analyzing the procedure: Verify that objects in accessed region are left in role consistent state (implicit postcondition) d foo(p) reads R {... } Region R accessed by foo

57 Verifying Interface Conformance

58 58 RP n p n p p Analysis Abstraction RP n p n p p n p np n p Concrete Heap (objects and references) Analysis Representation: Role Graph (nodes and edges)

59 59 RP n p n p p Role Graph RP n p n p p n p np n p Concrete HeapRole Graph Onstage node (represents a single onstage object)

60 60 RP n p n p p Role Graph RP n p n p p n p np n p Summary Offstage Node (represents any number of objects) Concrete HeapRole Graph

61 61 RP n p n p p Abstraction Relation RP n p n p p n p np n p Each onstage object represented by an onstage node Concrete HeapRole Graph

62 62 RP n p n p p Abstraction Relation RP n p n p p n p np n p Concrete HeapAnalysis Representation: Role Graph Offstage objects are represented by offstage nodes

63 63 RP n p n p p Abstraction Relation RP n p n p p n p np n p The function is a graph homomorphism isomorphism between onstage objects and nodes role preserving: role(h(o)) = role(o)

64 64 Initial roles: p : RP remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Interface for remove RP p Initial Role Graph

65 65 Initial roles: p : RP Read effects: p, RP remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Interface for remove RP p Initial Role Graph

66 66 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Interface for remove RP p Initial Role Graph

67 67 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Interface for remove RP p Initial Role Graph

68 68 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Interface for remove RP p Initial Role Graph

69 69 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p Load statement

70 70 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p Load statement expansion RP pp

71 71 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove Load statement expansion read effect check succeeds: RP in read effects RP p pp

72 72 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp Load statement expansion read effect check succeeds: RP in read effects

73 73 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Load statement expansion read effect check succeeds: RP in read effects

74 74 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement

75 75 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement strong update

76 76 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement strong update verify write effect succeeds: RP.next = RP

77 77 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement

78 78 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement strong update verify write effect succeeds: RP.prev = RP

79 79 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement

80 80 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement strong update verify write effect succeeds: p.next=null

81 81 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pp RP pn Store statement strong update verify write effect succeeds: p.prev=null

82 82 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pn Local variable assignment remove local variable

83 83 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pn Local variable assignment remove local variable (node goes offstage) check role is correct

84 84 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p pn Local variable assignment remove local variable (node goes offstage) check role is correct merge node into offstage

85 85 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove RP p Local variable assignment remove local variable (node goes offstage) check role is correct merge node into offstage

86 86 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove I p RP setRole change the nominal role

87 87 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove I p RP setRole change the nominal role check that the role change is in the interface

88 88 Initial roles: p : RP Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove(p) { pp=p.prev; pn=p.next; pp.next=pn; pn.prev=pp; p.next=null; p.prev=null; pp=null; pn=null; setRole(p : I); } Verifying Interface for remove I p RP Postcondition check: all accessed nodes have referencing relationships consistent with their roles even onstage nodes

89 89 Details of Analysis Dataflow fact is set of role graphs Merge is union of role graph sets Predicative analysis - filters out graphs that do not satisfy the test in conditional Builds on ideas from shape analysis –Expansion and contraction –May reachability (from onstage nodes) prevents excessive merging of nodes

90 Using Interfaces at Call Sites

91 91 Example: remove procedure call... remove(p);... RP p c Role graph before the call: RP p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface:

92 92 Context Matching... remove(p);... RP p c Role graph before the call: RP p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface:

93 93 Role Check in Accessed Region... remove(p);... RP p c Role graph before the call: RP p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface:

94 94 Applying Must Write Effects... remove(p);... RP p c p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface:

95 95 Applying Must Write Effects... remove(p);... RP p c p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface:

96 96 Applying May Write Effects... remove(p);... RP p c p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface:

97 97 Applying Must Role Change... remove(p);... I p RP c p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface:

98 98 Enforcing Role Constraints... remove(p);... p RP c p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface: I

99 99 Enforcing Role Constraints... remove(p);... p RP c p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface: I

100 100 Merge... remove(p);... p RP c p Read effects: p, RP Must write effects: p.next = null, p.prev = null May write effects: RP.next = RP, RP.prev = RP Must role changes: p : I remove interface: Role graph after the call: I

101 101 Key Ideas in Analysis Role of object characterizes its aliases –Enables analysis to find aliases –Verify new role consistent with all aliases Precise effects in procedure interfaces –Full precision for parameters (or even fixed region surrounding parameters) –Role consistency/may effects for rest of heap

102 102 Multiple Simultaneous Roles RP R SP Running ProcessesSuspended Processes

103 103 Multiple Simultaneous Roles RP R SP Running ProcessesSuspended Processes HP High Priority Process List HP Low Priority Process List LP proc

104 104 Complete Slot Constraints This slot constraint specifies ALL aliases Aliases from high or low priority process lists violate role role RP { slots RP.next, RP.prev; fields next : RP, prev : RP; identities next.prev, prev.next; }

105 105 Partial Slot Constraints This slot constraint specifies aliases from next, prev, right, and left fields ONLY Aliases from high or low priority process lists can be used in new role definitions for high and low priority processes role RP { next, prev, right, left: slots RP.next, RP.prev; fields next : RP, prev : RP; identities next.prev, prev.next; }

106 106 role RP { next, prev, right, left : slots RP.next, RP.prev; fields next : RP, prev : RP; identities next.prev, prev.next; } role HighPriority { proc : slots HPL.proc; } role LowPriority { proc : slots LPL.proc; } Multiple Simultaneous Roles Can have a running high priority process, a running low priority process, etc.

107 107 Benefits of Roles Data structure consistency properties Object usage constraints –Procedures specify roles of parameters –Object's interface changes as its role changes Roles crystallize useful perspective –Provide useful information to maintainers –Basis for exploration of the behavior of program via dynamic role discovery –Help programmers conceptualize relationships between objects

108 Related Work

109 109 Typestate Strom, Yemini ’86: Typestate –object initialization, no aliasing DeLine, Fähndrich ’01: High-Level Protocols –linear types for heap references Xu, Miller, Reps ’00: Typestate for machine code

110 110 Dynamically Changing Classes Chambers ‘93: Predicate Classes Ghelli, Palmerini ‘99: Fibonacci Drossopoulou et al. ’01: Fickle Alias Control in OOP Hogg ’91: Islands Almeida ’97: Balloon Types Clarke, Potter, Noble ’98: Ownership Types Banerjee, Naumann ’02: Confinement Boyapati, Rinard ’01: Unique References Boyland: Alias Burying

111 111 Specifying/Verifying Heap Invariants Smith, Walker, Morrisett ’00: Alias Types Møller, Schwartzbach ’01: PALE Fradet, Metayer ’97: Shape Types Larus, Hilfinger ’88: Conflicts in structure accesses Chase, Wegman, Zadeck ’90: SSG Hendren ’90: Interference analysis Hendren, Hummel, Nicolau ’94: APM / ADDS Sagiv, Reps, Wilhelm ’99: TVLA Rinetzky, Sagiv ’01: Noncompositional interprocedural analysis

112 112 Conclusion Statically checked role system –Role changes reflect changes in purpose of object in computation –Full support for role changes and aliasing Key aspects of design –Role characterizes aliases –Procedure abstraction choices Multiple simultaneous roles

Download ppt "Role Analysis Viktor Kuncak Patrick Lam Martin Rinard MIT LCS."

Similar presentations

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.

Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Extensible Shape Analysis by Designing with the User in Mind Bor-Yuh Evan Chang Bor-Yuh Evan Chang, Xavier Rival, and George Necula University of California,

Extensible Shape Analysis by Designing with the User in Mind Bor-Yuh Evan Chang Bor-Yuh Evan Chang, Xavier Rival, and George Necula University of California,
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Architecture-dependent optimizations Functional units, delay slots and dependency analysis.

Architecture-dependent optimizations Functional units, delay slots and dependency analysis.
Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.

Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Advanced Data Structures

Advanced Data Structures
Relational Inductive Shape Analysis Bor-Yuh Evan Chang University of California, Berkeley Xavier Rival INRIA POPL 2008.

Relational Inductive Shape Analysis Bor-Yuh Evan Chang University of California, Berkeley Xavier Rival INRIA POPL 2008.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.

Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.
Role-Based Exploration of Object-Oriented Programs Brian Demsky and Martin Rinard MIT Laboratory for Computer Science.

Role-Based Exploration of Object-Oriented Programs Brian Demsky and Martin Rinard MIT Laboratory for Computer Science.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.

Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.

Similar presentations

Ads by Google