1 / 15

Local Heap Shape Analysis

Local Heap Shape Analysis. Noam Rinetzky Tel Aviv University. Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes Eran Yahav IBM Watson.

monita
Download Presentation

Local Heap Shape Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes Eran Yahav IBM Watson

  2. Motivation • Verify heap intensive programs • Imperative programs with procedures • Recursive data structures • Lists • Trees • …

  3. class List { List n; } main() { List x=null, y=null; int k = getLen(); x = create(k); y = reverse(x); } … reverse: reverses terminates No null dereferences No memory leaks k=4 x y x and y point to the same list k=4 n n n x y y points to an acyclic list k=4 n n n x y Motivation

  4. Checking heap properties is undecidable What is the problem? • Recursive procedures • Unbounded number of activation records • Dynamic allocation • Unbounded number of objects

  5. Our approach • Use abstractions • Over-approximation algorithms • Effective (termination) • Every verified property holds (sound) • May not prove all properties (incomplete)

  6. p p x p p x y g t Local heaps call f(x); y g t

  7. n n x Canonical abstraction n n n x

  8. Interprocedural shape analysis p p x x y Tabulation exits call f(x) y

  9. Interprocedural shape analysis p p p x p x y Analyze f No tabulation call f(x) y

  10. p p p p x y g t Cutpoints ? x call f(x); y g t

  11. n n n n n n n n n p p p Cutpoints and abstraction n n n y d d d d n n n x call f(x) Canonicalabstraction

  12. p p x p p x y g t Abstraction of cutpoints call f(x); y g t

  13. Prototype implementation

  14. Related Work • Interprocedural shape analysis • Rinetzky and Sagiv, CC ’01 • Chong and Rugina, SAS ’03 • Jeannet et al., SAS ’04 • Hackett and Rugina, POPL ’05 • Rinetzky et al., POPL ‘05 • Local Reasoning • Ishtiaq and O’Hearn, POPL ‘01 • Reynolds, LICS ’02 • Encapsulation • Noble et al. IWACO ’03 • ...

  15. End A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm POPL, 2005 Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky, Mooly Sagiv, and Eran Yahav SAS, 2005 www.cs.tau.ac.il/~maon

More Related