alias calculus for a simple imperative language with decidable pointer arithmetic

Alias Calculus for Simple Imperative Language

with Decidable Pointer Arithmetic

Aleksandr Vorontsov1,

Aizhan Satekbayeva2,

Nikolay Shilov3,4

М1Novosibirsk State University, Novosibirsk, Russia, 2 L.N. Gumilyov Eurasian National University, Astana, Kazakhstan,

3Nazarbayev University, Astana, Kazakhstan, 4A.P. Ershov Institute of Informatics Systems, Novosibirsk, Russia

What is “Alias Calculus”?

• Alias calculus was proposed by Bertrand Meyer in 2011 for a toy programming language with single data type for abstract pointers.

• it is a set of syntax-driven rules to compute an upper approximation aft(S, P) for aliasing after execution of a program P for a given initial aliasing S.

14.11.2014 2 TMPA-2014: Alias Calculus

What about this Research

• Our current purpose is to present a variant of alias calculus for more realistic programming language with automatic and dynamic memory, with types for regular data as well as for decidable pointer arithmetic.


Why a new Research?

• Aliasing problem is to predict, detect and/or trace pointers to the same addresses in dynamic memory.

• Importance of the problem is due to mistakes and errors that may happen in program run-time due to improper alias handling.


Errors?

• Below are two simple examples of errors (?) inC-like pseudo-code:

• x = malloc(sizeof(int));

x = malloc(sizeof(int));

//memory leak;

• y = x; free(x); free(y);

// invalid access.


Alias Calculus for a Trivial Language

• Bertrand Meyer: Steps Towards a Theory and Calculus of Aliasing. Int. J. of Software and Informatics (Festschrift in honor of Manfred Broy), 2011., p.77-115.


Sample Rules: memory dynamics

• Memory deallocation and allocation operators have the same effect on alias relation because after these operations variable isn’t alias to any other variable:


Sample Rules: assignment

• After assignment address variable forgets all its former aliases and becomes an alias to all aliases of the variable:


Sample Rules: assignment


x, y

y, u

x, z

x, y

x, y, u x:=y

Sample Rules: compound programs

• Sequential composition means sequential application:

• Nondeterministic choice of any branch:

14.11.2014 TMPA-2014: Alias Calculus 10

Towards More Realistic Language

• Acronym MoRe stays for More Realistic programming language.

• It has two data types that are called addresses and integers with implicit type casting in2ad from integers to addresses.


Addresses in MoRe

• Address data type is any (finite or infinite) set of values ADR with constants denoted “0” and “1”, operations denoted “+” and “–” such that (ADR, 0, 1, +, –) is a commutative additive semi-group with decidable first-order theory TADR.


Examples of Legal Address Types

• Zm, the ring of residuals modulo any particular fixed positive m,

• Presburger arithmetic, etc.


Integers in MoRe

• Integer data type in MoRe is any (finite or infinite) set of (mathematical) integers INT with standard constants 0 and 1, standard operations “+”, “–”, “*”, “/” and implicit computable surjective homomorphical type-casting function

in2ad : (INT, 0, 1, +, –) (ADR, 0, 1, +, –) .


MoRe Syntax


Structural Operational Semantics

• MoRe SOS uses (memory) model consisting of two disjoint parts: a static memory (conventionally) called stack and dynamic memory (conventionally) called heap.



• State is a pair of mappings s=(st, hp) where

• state of the stack st: V INT is a partial mapping (with finite domain) from variables V to integers INT (understood as their values),

• state of the heap hp: ADR INT i.e. a partial mapping with finite domain from addresses ADR to integers INT (understood as referenced values).



• MoRe SOS is axiomatic system for triples

s s

where s is a state, s is a state or an exception abort, and is a program.

• Intuition behind this triple follows: program converts input state into output state (that may be exception).



• SOS inference rules are syntax-driven and have the following form:


Sample SOS Rule: static array in dynamic memory

• If

– xdom(st),

– addresses in2ad(l), … in2ad(l+k) are disjoint,

– in2ad(l), … in2ad(l+k)dom(hp)

then


Alias Calculus for MoRe

• A configuration is a quadruple Cnf=(I, A, S) consisting of

– a sets of address variables,

– a set of address expressions ,

– a finite set S of pairs of synonyms and antonyms (with variables in I) that has a solution as a system of equalities and inequalities in (ADR, 0, 1, +, –), i.e. that is consistent with theory TADR.


Alias Calculus for MoRe

• Informally speaking in Cnf=(I, A, S)

– the set I is for initialized address variables,

– the set A is for address expressions that points onto allocated memory,

– the set S is a system of equations and inequalities to specify what expressions may be aliases and what can’t be.


Sample Rule of Alias Calculus: assignment

• Let Cnfx:=t be (Ix:=t , Ax:=t , Sx:=t) where


Main Result

• The alias calculus for programming language MoRe is safe in the following sense:

• Theorem: Let D be any alias distribution, be any MoRe-program and s=(st, hp) be any state such that st╞D; if s=(st,hp) is a state such that s<>s then st╞aft(D,).


Conclusion

• Equation based alias calculus for a model programming language with dynamic memory and decidable address arithmetic was developed.

• The calculus can be used for control-flow insensitive safe alias analysis of MoRe programs but for practical applications the language must be much more realistic.



Thank You For Your Attention! Questions?

alias calculus for a simple imperative language with decidable pointer arithmetic

Science