A Semantics for Procedure Local Heapsand its Abstractions

Noam Rinetzky Tel Aviv UniversityJörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes

Motivation

• Interprocedural shape analysis• Conservative static pointer analysis• Heap intensive programs

• Imperative programs with procedures• Recursive data structures

• Challenge• Destructive update• Localized effect of procedures

Main idea

• Local heaps

y

t

g

x

y

t

g

call p(x);x

xx

Main idea

• Local heaps • Cutpoints

y

t

g

x

y

t

g

call p(x);x

xx

Main Results

• Concrete operational semantics• Large step

• Functional analysis• Storeless

• Shape abstractions• Local heap• Observationally equivalent to “standard” semantics

• Java and “clean” C

• Abstractions• Shape analysis [Sagiv, Reps, Wilhelm, TOPLAS ‘02]• May-alias [Deutsch, PLDI ‘94]• …

Outline

• Motivating example• Local heaps• Cutpoints

• Why semantics• Local heap storeless semantics • Shape abstraction

static List reverse(List t) {

}

static void main() {

}

Example

p nn

t rn nn

List x = reverse(p);

return r;

nnt

List y = reverse(q);List z = reverse(x);

…

n nn

t rn nn

p x

nn

q nn

q

static List reverse(List t) {

}

static void main() {

}

Example

List y = reverse(q);

return r;List z = reverse(x);

List x = reverse(p);n

nt

t rn nnt rn nn

n nn

p x

q y

nn

nnt

q nn

n nn

p x

n nn

static List reverse(List t) {

}

static void main() {

}

Example

return r;

nnt

t rn nnt rn nn

n nn

p x

x z

n nn

p x

List z = reverse(x);

List x = reverse(p);List y = reverse(q);

q yn nn

n nn t

n nn t

q yn nn

pn n

n

• Separating objects • Not pointed-to by a parameter

Cutpoints

• Separating objects • Not pointed-to by a parameter

Cutpoints

p xn nn

n nn

proc(x)

Stack sharing

• Separating objects • Not pointed-to by a parameter

xn n

nn n

n

n y

Cutpoints

p x nn n

nn n

n

proc(x)

Stack sharing Heap sharing

proc(x)

• Separating objects • Not pointed-to by a parameter

• Capture external sharing patterns

xn n

nn n

n

n y

Cutpoints

p x nn n

nn n

n

proc(x)

Stack sharing Heap sharing

proc(x)

static List reverse(List t) {

}

static void main() {

}

Example

return r;

r tn nnr tn nn

n nn

p x

z x

n nn

p x

List z = reverse(x);

List x = reverse(p);List y = reverse(q);

q yn nn

n nn t

q yn nn

pn n

n

Outline

Motivating example• Why semantics• Local heap storeless semantics • Shape abstraction

Abstract Interpretation[Cousot and Cousot, POPL ’77]

Operational semantics

Abstract transformer

Introducing local heap semantics

Operational semantics

Abstract transformer

Local heap Operational semantics

~’ ’

Outline

Motivating example Why semantics• Local heap storeless semantics • Shape abstraction

Programming model

• Single threaded• Procedures

Value parametersRecursion

• Heap Recursive data structuresDestructive update No explicit addressing (&) No pointer arithmetic

Simplifying assumptions

• No primitive values (only references)• No globals• Formals not modified

Storeless semantics

• No addresses• Memory state:

• Object: 2Access paths

• Heap: 2Object

• Alias analysis

y=x

xn n

x x.n x.n.n

x=null

x n nxy

x.ny.n

x.n.ny.n.ny

yn ny y.n y.n.n

static void main() {

}

static List reverse(List t) {

return r;}

Example

x

List z = reverse(x);

p x.n.nn nx.n.n.n

pxx.n

n

y.n.nq

nyy.n

n yq y.n.nq

nyy.n

n yq

t.n.nt.n.n.n tt.n

t.n.nn n

t.n.n.n tt.nn t

tn n nList x = reverse(p);List y = reverse(q);

r.nn n

rt

r.n.n.nr.n.n

n t

rr.n

n nr

tr.n.n.n

r.n.nn t

r

z.nn n

zx

z.n.n.nz.n.n

nz x

p?

static void main() {

}

static List reverse(List t) {

return r;}

Example

x

List z = reverse(x);

p x.n.nn nx.n.n.n

pxx.n

n

y.n.nq

nyy.n

n yq y.n.nq

nyy.n

n yq

t.n.nt.n.n.n

L t t.n

t.n.nn nt.n.n.n

Ltt.n

nL t

L tn n nList x = reverse(p);List y = reverse(q);

L.nr.n

n nLr

t L.n.n.nr.n.n.n

L.n.nr.n.n

nL t

r

L.nr.n

n nLr

t L.n.n.nr.n.n.n

L.n.nr.n.n

n tL

r

p.nz.n

n npz

x p.n.n.nz.n.n.n

p.n.nz.n.n

nz xp p.np p.n.n p.n.n.n

Cutpoint labels

• Relate pre-state with post-state• Additional roots • Mark cutpoints at and throughout an

invocation

Cutpoint labels

• Cutpoint label: the set of access paths that point to a cutpoint • when the invoked procedure starts

L t.n.nt.n.n.n

L t t.n t

L {t.n.n.n}

Sharing patterns

• Cutpoint labels encode sharing patterns

L tt.n.nn nt.n.n.n

L tt.n

n L tt.n.nn nt.n.n.n

L tt.n

n

p wn

ww.nn

L {t.n.n.n}

Stack sharing Heap sharing

Observational equivalence

L L (Local-heap Storeless Semantics)

G G (Global-heap Store-based Semantics)

L and G observationally equivalent

when for every access paths AP1, AP2

AP1 = AP2 (L) AP1 = AP2 (G)

Main theorem: semantic equivalence

L L (Local-heap Storeless Semantics)

G G (Global-heap Store-based Semantics)

L and G observationally equivalent

st, L ’L st, G ’G’L and ’G are observationally equivalent

LSL GSB

Corollaries

• Preservation of invariants • Assertions: AP1 = AP2

• Detection of memory leaks

Applications

• Develop new static analyses • Shape analysis

• Justify soundness of existing analyses• May-alias analysis [TAU-TR-26/04]

Outline

Motivating example Why semantics Local heap storeless• Shape abstraction

Shape abstraction

• Shape descriptors represent unbounded memory states• Conservatively• In a bounded way

• Two dimensions• Local heap (objects)• Sharing pattern (cutpoint labels)

A Shape abstraction

Lr.nL.n

rL

t, r.n.n.nL.n.n.n

r.n.nL.n.n

t

L={t.n.n.n}

r n n n

A Shape abstraction

Lr.nL.n

rL

t, r.n.n.nL.n.n.n

r.n.nL.n.n

t

L=*

r n n n

LrL

t, r.nL.n

r.nL.n

t

L=*

r n n

n

A Shape abstraction

Lr.nL.n

rL

t, r.nL.n

r.nL.n

t

L=*

r n n n

A Shape abstraction

LrL

t, r.nL.n

r.nL.n

t

L=*

r n n

n

A Shape abstraction

LrL

t, r.nL.n

r.nL.n

t

L=*

r n n

n

Lr.nL.n

rL

t, r.n.n.nL.n.n.n

r.n.nL.n.n

t

L={t.n.n.n}

r n n n

A Shape abstraction

rL

t, r.nL.n

r.nL.n

t

L=*

rn n

n

L1

r.nL1.n

rL1

t, r.n.n.nL1.n.n.n

r.n.nL1.n.n

t

L1={t.n.n.n}

r n n n

L2={g.n.n.n}

L2

d.nL2.n

dL2

g, d.n.n.nL2.n.n.n

d.n.nL2.n.n

gd n n n

L

dL

t, d.nL.n

d.nL.n

td n nn

Application (joint work with Eran Yahav)

• A framework for shape analysis using local heaps

• Parametric abstraction• Local heap (lists, trees, …)• Sharing patterns

Application

• Properties proved• Absence of null dereferences• Listness preservation• API conformance

• Recursive Iterative• Procedural abstraction

Outline

Motivating example Why semantics Local heap storeless Shape abstraction

Related work

• Storeless semantics• Jonkers, Algorithmic Languages ‘81 • Deutsch, ICCL ‘92

Related work

• Interprocedural shape analysis• Rinetzky and Sagiv, CC ’01

• Global heap

• Jeannet et al., SAS ’04 • Local heap, relational

• Chong and Rugina, SAS ’03• Local heap

• Hackett and Rugina, POPL ’05• Next talk …

Related work

• Local reasoning• Ishtiaq and O’Hearn, POPL ‘01• Reynolds, LICS ’02• •

Summary

• Operational semantics • Storeless • Local heap• Cutpoints • Equivalence theorem

• Applications • Shape analysis• May-alias analysis

End

www.cs.tau.ac.il/~maon

A Semantics for procedure local heaps and its abstraction

Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm

AVACS Technical Report 1

Interprocedural functional shape analysis using local heaps

Noam Rinetzky, Mooly Sagiv, and Eran Yahav

School of Computer Science, Tel Aviv University, Technical Report 26/04