interprocedural shape analysis for recursive programs noam rinetzky mooly sagiv
TRANSCRIPT
![Page 1: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/1.jpg)
Interprocedural Shape Analysis for Recursive Programs
Noam Rinetzky Mooly Sagiv
![Page 2: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/2.jpg)
Shape Analysis
• Static program analysis
• Determines information about dynamically allocated storage– A pointer variable is not NULL– Two data structures are disjoint
• The algorithm is Conservative
![Page 3: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/3.jpg)
Applications of Shape Analysis
• Cleanness – Dor, Rodeh, Sagiv [SAS2000]
• Parallelization –Assmann, Weinhardt [PMMPC93] –Hendren, Nicolau [TPDS90]–Larus, Hilfinger [PLDI88]
![Page 4: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/4.jpg)
Current State
• Good Intraprocedural analyses
• Sagiv, Reps, Wilhelm [TOPLAS 1998] – Analyze body of list manipulation procedures:
• reverse , insert, delete
– Expensive, imprecise interprocedural analyses of recursive procedures
![Page 5: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/5.jpg)
Main Results
• Interprocedural shape analysis algorithm for programs manipulating linked lists– Handles recursive procedures
• Prototype implementation – Successfully analyzed several list manipulating
procedures• insert, delete, reverse, reverse_append
– Properties verified• An a-cyclic list remains a-cyclic
• No memory leaks
• No NULL dereference
![Page 6: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/6.jpg)
Running Exampletypedef struct List {
int data ; struct List* n ;
} *L ;
L create(int s) {L t=NULL;if (s <= 0)
return NULL;
t = (L) malloc(sizeof(*L));t data = s ;
l2: t n = create(s-1);return t;
}
void main() { L r = NULL; int k; …
l1: r = create(k);}
![Page 7: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/7.jpg)
Selected Memory States
exit k=3 r = NULL
void main() { L r = NULL; int k; …
l1: r = create(k);}
![Page 8: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/8.jpg)
L create(int s) {
L t=NULL;
if (s <= 0)
return NULL;
t = (L) malloc(sizeof(*L)); td = s ;
l2: t n = create(s-1);
return t;
}
l1 s=3
t
Selected Memory States
l2 s=0
t = NULL
l2 s=1
t
l2 s=2
t
exit k=3
r = NULL
3 NULL 2 NULL 1 NULL
![Page 9: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/9.jpg)
L create(int s) {
L t=NULL;
if (s <= 0)
return NULL;
t = (L) malloc(sizeof(*L)); td = s ;
l2: t n = create(s-1);
return t;
}
l1 s=3
t
Selected Memory States
l2 s=1
t
l2 s=2
t
exit k=3
r = NULL
3 NULL 2 NULL 1 NULL
![Page 10: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/10.jpg)
L create(int s) {
L t=NULL;
if (s <= 0)
return NULL;
t = (L) malloc(sizeof(*L)); td = s ;
l2: t n = create(s-1);
return t;
}
l1 s=3
t
Selected Memory States
l2 s=2
t
exit k=3
r = NULL
3 NULL 2 1 NULL
![Page 11: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/11.jpg)
L create(int s) {
L t=NULL;
if (s <= 0)
return NULL;
t = (L) malloc(sizeof(*L)); td = s ;
l2: t n = create(s-1);
return t;
}
l1 s=3
t
Selected Memory States
exit k=3
r = NULL
3 2 1 NULL
![Page 12: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/12.jpg)
Selected Memory States
exit k=3
r
3 2 1 NULLvoid main() { L r = NULL; int k; …
l1: r = create(k);}
![Page 13: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/13.jpg)
Where is the Challenge ?
• Dynamic allocation– Unbounded number of objects
• Recursion– Unbounded number of
activation records
• Properties of:– Invisible instances of local
variables
– Dynamically allocated objects
l1 s=3
l2 s=0
l2 s=1
l2 s=2
exit k=3
3 NULL 2 NULL 1 NULL
r = NULL
t
t
t
t = NULL
![Page 14: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/14.jpg)
Our Approach Reduce the interprocedural problem shape
analysis problem to an intraprocedural problem
Program with
procedures
Program without
proceduresRepresent the activation record stack as a linked list:• Control Information
• Invisible instances of local variables
Explicit manipulation of the stack
![Page 15: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/15.jpg)
Our Algorithm
• Abstract Interpretation– Concrete Semantics:
• Concrete representation of memory states
• Effect of program statements
– Abstract Semantics:• Abstract representation of memory states
• Transfer functions
• Finds abstract representation of memory states at every program point
![Page 16: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/16.jpg)
Concrete Memory Descriptors
csexit
csl1
csl2
csl2
top csl2
pr
pr
pr
pr
t
t
tl1 s=3
t
l2 s=0
t = NULL
l2 s1
t
l2 s=2
t
exit k=3
r = NULL
3 NULL 2 NULL 1 NULL
![Page 17: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/17.jpg)
Concrete Memory Descriptors
Relationships between memory elements:
• value of local variables: t, r
• n-successor: n
• invoked by: pr
csexit
csl1
csl2
csl2
top csl2
pr
pr
pr
pr
t
t
t
Properties of memory elements:
• “type”: stack, heap
• “visibility”: top
• “call-site”: exit, csl1 , csl2
![Page 18: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/18.jpg)
Bounding the Representation
• Concrete Memory Descriptors represent memory states – Every object is represented uniquely
• Abstract Memory Descriptors– Conservatively represent Concrete Memory
Descriptors– A bounded representation
![Page 19: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/19.jpg)
3-Valued Properties
True False
top
t
Don’t Know
top=1/2
t
![Page 20: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/20.jpg)
Abstraction
csexit
csl1
csl2
csl2
csl2 , toppr
pr
pr
prt
t
tt
tcsexit
csl1
csl2 , top
pr
csl2pr
pr
pr
![Page 21: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/21.jpg)
Bounding the Representation
• Summarize nodes according to their unary properties
• Join values of relationships
• Convert a Concrete Memory Descriptor of arbitrary size into an Abstract Memory Descriptor of bounded size
• Does the Abstract Memory Descriptor contain enough information?
![Page 22: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/22.jpg)
Problem
csl2 , top
csl2
exit
pr
pr
prt
csl1
pr
texit
csl1
csl2
csl2
csl2 , toppr
pr
pr
prt
t
t
![Page 23: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/23.jpg)
Observing Properties of Invisible Variables
• Explicitly track universal properties of invisible-variables – Different invisible instances of t cannot point to
the same heap cell
• Instrumentation properties– Track derived properties of memory elements
![Page 24: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/24.jpg)
Some Instrumentation Properties
• Pointed-to by an invisible instance of t
• Pointed by more than one invisible instance of t
• t is not NULL
![Page 25: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/25.jpg)
Memory Descriptors with Instrumentation
exit
csl1
csl2
csl2
csl2 , toppr
pr
pr
pr
t
t
t
csl2 , top
csl2
exit
pr
pr
pr
csl1
pr
t
t
![Page 26: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/26.jpg)
Problem - solved
csl2 , top
csl2
exit
pr
pr
pr
csl1
pr
t
t
exit
csl1
csl2
csl2
csl2 , toppr
pr
pr
prt
t
csl2 , top
t
![Page 27: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/27.jpg)
Why Does It Work
• Shape analysis handles linked list quite precisely (Sagiv, Reps, Wilhelm [TOPLAS98])
• Utilize the (intraprocedural) 3-valued logic framework of Sagiv, Reps and Wilhelm [POPL99] to analyze the resulting intraprocedural problem
![Page 28: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/28.jpg)
Prototype Implementation
• Implemented in TVLA [Lev-Ami, Sagiv SAS 2000]
• Analyzed some recursive list manipulating programs
• Verified cleanness properties:– No memory leaks– No NULL dereferences
![Page 29: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/29.jpg)
Prototype ImplementationProcedure
create
delAll
insert
delete
search
append
reverse
reverse_append
reverse_append _r
Running example
Time (sec)
7.31
12.74
34.61
38.29
8.07
40.64
47.56
95.35
1204.13
16.50
Number of (3VL) Structures
219
139
344
423
303
326
414
797
2285
208
![Page 30: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/30.jpg)
Conclusion
• Need to know more than potential values of invisible variables
• Tracking properties of invisible variables helps to overcome the (necessary) imprecision summarization of their values
• Instrumentation – Generic
• Sharing by different instances of a local variable
– List specific
![Page 31: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/31.jpg)
Conclusion
• Storing the call-site enable to improve information propagation to return-sites
• Shows how the intraprocedural framework of Sagiv, Reps and Wilhelm can be used for interprocedural analyses
• Analysis of a complex data structure
![Page 32: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/32.jpg)
Limitations
• Small programs
• No mutual recursion (Implementation)
• Predefined instrumentation library Easy to use, no need for user intervention – Might not be good for all programs
![Page 33: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/33.jpg)
Further Work
• Scaling the algorithm – Distinguishing between “relevant context” and
“irrelevant” context– Analysis of programs manipulating Abstract
Data Types
![Page 34: Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv](https://reader035.vdocuments.site/reader035/viewer/2022062313/56649c785503460f9492da6f/html5/thumbnails/34.jpg)
The End
Interprocedural shape analysis for recursive programsNoam rinetzky and Mooly Sagiv
Compiler Construction 2001
www.cs.tau.ac.il/~maon