modular shape analysis for dynamically encapsulated programs
DESCRIPTION
Modular Shape Analysis for Dynamically Encapsulated Programs. Noam Rinetzky Tel Aviv University Arnd Poetzsch-Heffter Universität Kaiserlauten Ganesan Ramalingam Microsoft Research India Mooly Sagiv Tel Aviv University Eran Yahav IBM Watson. modular shape analysis. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/1.jpg)
Modular Shape Analysisfor Dynamically Encapsulated Programs
Noam Rinetzky Tel Aviv University
Arnd Poetzsch-Heffter Universität Kaiserlauten
Ganesan Ramalingam Microsoft Research India
Mooly Sagiv Tel Aviv University
Eran Yahav IBM Watson
![Page 2: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/2.jpg)
modular shape analysis
shape analysis?
...
modular analysis?
![Page 3: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/3.jpg)
modular shape analysis
sound static analysis programs
imperative heap-manipulating
properties no memory errors
no memory leaks no null dereferences
shape invariants lists are acyclic
shape analysis
...
![Page 4: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/4.jpg)
modular shape analysis
analyze a program by analyzing its parts scalability reusability
modular analysis
![Page 5: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/5.jpg)
modular shape analysis
sound static analysis programs
imperative heap-manipulating
properties no memory errors
no memory leaks no null dereferences
shape invariants lists are acyclic
analyze a program by analyzing its parts scalability reusability
shape analysis
...
modular analysis
![Page 6: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/6.jpg)
p
analyze programs by analyzing their parts imperative heap-manipulating
modular shape analysis
qPolygonPolygon List List
PointPoint IntegerInteger
memoryprogram
![Page 7: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/7.jpg)
p
analyze programs by analyzing their partsprogram modular analysisheap modular analysis
modular shape analysis
qPolygonPolygon List List
PointPoint IntegerInteger
program parts memoryprogram memory parts
imperative heap-manipulating
![Page 8: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/8.jpg)
p
q
analyze programs by analyzing their partsprogram modular analysisheap modular analysis
modular shape analysis
PolygonPolygon List List
PointPoint IntegerInteger
program part relevant heap parts
![Page 9: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/9.jpg)
p
q
analyze programs by analyzing their partsprogram modular analysisheap modular analysis
modular shape analysis
PolygonPolygon List List
PointPoint IntegerInteger
program part relevant heap parts
![Page 10: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/10.jpg)
analyze programs by analyzing their partsprogram modular analysisheap modular analysis
modular shape analysis
PolygonPolygon List List
PointPoint IntegerInteger
p
q
program part relevant heap parts
![Page 11: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/11.jpg)
analyze programs by analyzing their partsprogram modular analysisheap modular analysis
modular shape analysis
PolygonPolygon List List
PointPoint IntegerInteger
p
q
program part relevant heap parts
![Page 12: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/12.jpg)
analyze programs by analyzing their partsprogram modular analysisheap modular analysis
modular shape analysis
PolygonPolygon List List
PointPoint IntegerInteger
program
![Page 13: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/13.jpg)
approach
restrict class of programs to “well behaved” programs dynamically encapsulated programs
compute conditional module invariant approximate “well behaved” clients
use dynamic encapsulation to enable modular shape analysis,
use shape analysis to verify dynamic encapsulation
![Page 14: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/14.jpg)
agenda
setting shape abstraction modular shape analysis
![Page 15: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/15.jpg)
modules simple program model
program = collection of modules module = types + procedures
module level access control
......
Listtype List { Node
hd }type Node { Node n, Point
d}
int foo(List s) { Point p = p.d; int x = getX(p);
}
p.x;
...
...
int getX(Point p) { Integer I = p.x; return value(I);}
Pointtype Point {Integer
x,y }
Point point(int x, int y) {
}
types
procedures
![Page 16: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/16.jpg)
p
qPolygonPolygon List List
PointPoint IntegerInteger
PolygonPolygon
PointPoint IntegerInteger
module-local state
module can only access parts of the heap comprised of its objects
![Page 17: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/17.jpg)
module-local state
p
qPolygonPolygon List List
PointPoint IntegerInteger
module can only access parts of the heap comprised of its objects
![Page 18: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/18.jpg)
components
PolygonPolygon List List
PointPoint IntegerInteger
p
q
sub-heaps objects of one module
maximal connected subheap
outgoing references incoming references
p
q
![Page 19: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/19.jpg)
components
PolygonPolygon List List
PointPoint IntegerInteger
sub-heaps objects of one module
maximal connected subheap
outgoing references incoming references
ListList
PointPoint
p
q
![Page 20: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/20.jpg)
component graphs
nodes: components edges: inter-component references
p
qPolygonPolygon List List
PointPoint IntegerInteger
PolygonPolygon
PointPoint IntegerInteger
![Page 21: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/21.jpg)
(un)sealed components
unsealed component mutable sealed component immutable
p
qPolygonPolygon List List
PointPoint IntegerInteger
PolygonPolygon
PointPoint IntegerInteger
![Page 22: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/22.jpg)
trimming abstraction
represents only components of a single module forget other components forget component graph
![Page 23: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/23.jpg)
trimming: abstractiont
z
![Page 24: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/24.jpg)
trimming: concretization
t
z
t
z
t
z
![Page 25: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/25.jpg)
t
z
t
z
trimming: concretization
![Page 26: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/26.jpg)
t
z
t
z
trimming: concretization
![Page 27: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/27.jpg)
t
z
t
z
trimming: impossible concretization
![Page 28: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/28.jpg)
bounding abstraction (standard)
q z
trimming
bounding
q
z ...
![Page 29: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/29.jpg)
parametric shape abstraction
concrete states
trimmed states
bounded trimmed states
trimMtrim
M
boundMbound
M
![Page 30: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/30.jpg)
modular shape analysis
main challenges inferring precondition for inter-module
procedure calls to the moduledetermining effect of inter-module procedure
calls by the module
![Page 31: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/31.jpg)
inter-module procedure calls
sealed component immutable unsealed component mutable
PolygonPolygon List List
PointPoint IntegerInteger
PolygonPolygon
PointPoint IntegerInteger
list_proc(p.list, q)
q
p
![Page 32: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/32.jpg)
sealed components
PolygonPolygon
PointPoint IntegerInteger
PolygonPolygon
s
list_proc(p.list, q)
e
sealed component immutable inputs to inter-module procedure calls
qListListList List
![Page 33: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/33.jpg)
inter-module procedure calls
input: sealed component observation: unmodified since last call
![Page 34: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/34.jpg)
inter-module procedure calls
input: sealed component observation: unmodified since last call
![Page 35: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/35.jpg)
module invariant
set of sealed (stable) components in all programs in all executions
all possible inputs to inter-module procedure calls
![Page 36: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/36.jpg)
modular shape analysis infer module invariant analysis
compute input states to inter-module procedure calls
from discovered sealed components
shape analysis within module
discover new sealed components in output states
shapeanalysis
![Page 37: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/37.jpg)
abstraction + fixpoint
are we done?
![Page 38: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/38.jpg)
sanity check
Listtype List { Node hd }type Node { Node n, Point d}
void push(List s, Node e) { e.n = s.hd; s.hd = e;}
...
![Page 39: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/39.jpg)
sanity check
hd n n
d d d
s
d
en
Listtype List { Node hd }type Node { Node n, Point d}
void push(List s, Node e) { e.n = s.hd; s.hd = e;}
...
![Page 40: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/40.jpg)
sanity check
hd n n
d d d
s
d
en
e
Listtype List { Node hd }type Node { Node n, Point d}
void push(List s, Node e) { e.n = s.hd; s.hd = e;}
...
![Page 41: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/41.jpg)
main difficulty: unknown usage
unknown heap context returned references incoming references
worst case assumption
complicated analysis expensive analysis non-useful analysis
hd n n
d d d
d
n
![Page 42: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/42.jpg)
our approach
limit inter-component aliasingevery sealed component has a single entry point
q p
![Page 43: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/43.jpg)
limit inter-component aliasingevery sealed component has a single entry point tree of inter-component references
p q
our approach
![Page 44: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/44.jpg)
enque(p,q)challenge: reference parameterssolution: ignore unused references
p q
challenge
verify q is never used!
![Page 45: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/45.jpg)
specify deadnessenque(List s, Node e) // {e}
p q
lightweight annotations
![Page 46: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/46.jpg)
limit inter-component aliasingevery component has a single entry point tree of inter-component references ignoring not to be used references
p q
dynamic encapsulation
![Page 47: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/47.jpg)
dynamic encapsulation p
![Page 48: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/48.jpg)
dynamic encapsulation p p
![Page 49: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/49.jpg)
dynamic encapsulation p p
p q
![Page 50: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/50.jpg)
dynamic encapsulation p p
p p q q
![Page 51: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/51.jpg)
sanity check revisited
Listtype List { Node hd }type Node { Node n, Point d}
void push(List s, Node e) // {e}
{ e.n = s.hd; s.hd = e;}
...
hd n n
d d d
s
d
e
![Page 52: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/52.jpg)
sanity check revisited
hd n n
d d d
s
d
en
...
Listtype List { Node hd }type Node { Node n, Point d}
void push(List s, Node e) // {e}
{ e.n = s.hd; s.hd = e;}
![Page 53: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/53.jpg)
sanity check revisited
hd n n
d d d
s
d
en
...
Listtype List { Node hd }type Node { Node n, Point d}
void push(List s, Node e) // {e}
{ e.n = s.hd; s.hd = e;}
![Page 54: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/54.jpg)
our approach
concentrate on well-behaved programs“well behaved” = dynamic encapsulation
modularly checkableprogram P is well behave if all its modules
respect the specification
![Page 55: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/55.jpg)
for every module assume all other modules are well behavedguarantee module is well behaved
verify dynamic encapsulation discover (conditional) module invariants
may not be hold for arbitrary programs
modular analysis
![Page 56: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/56.jpg)
dry run
analysis
Listtype List { Node hd }type Node { Node n, Point d}
List crtList() { ... }
Node crtNode(Point p) // {p }{ ... }
void push(List s, Node e) // { e }
{ ... }
Node pop(List s) { ... }
![Page 57: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/57.jpg)
dry run
analysis
Listtype List { Node hd }type Node { Node n, Point d}
List crtList() { ... }
Node crtNode(Point p) // {p }{ ... }
void push(List s, Node e) // { e }
{ ... }
Node pop(List s) { ... }
p
p
![Page 58: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/58.jpg)
dry run
analysis
Listtype List { Node hd }type Node { Node n, Point d}
List crtList() { ... }
Node crtNode(Point p) // {p }{ ... }
void push(List s, Node e) // { e }
{ ... }
Node pop(List s) { ... }
s e
s e
![Page 59: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/59.jpg)
dry run
analysis
Listtype List { Node hd }type Node { Node n, Point d}
List crtList() { ... }
Node crtNode(Point p) // {p }{ ... }
void push(List s, Node e) // { e }
{ ... }
Node pop(List s) { ... }
s e
s e
...
![Page 60: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/60.jpg)
conditional module invariant program dynamically-encapsulated
module invariant holds
![Page 61: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/61.jpg)
summary
parametric shape abstraction dynamic encapsulation
restriction on programs modular shape analysis
shape analysis dynamic
encapsulation
enable
verify modular
![Page 62: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/62.jpg)
related work
modular analysis modular heap analysis shape analysis interprocedural shape analysis encapsulation local reasoning
![Page 63: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/63.jpg)
Manevich et al., TACAS’07
x x
zy
y z x
y
z
![Page 64: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/64.jpg)
ownership types
p
![Page 65: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/65.jpg)
closely related work
modular heap analysisLogozzo, SAS’03, VMCAI’04
Wies et al., VMCAI’06
encapsulationZaho et al., RTSS’04
Clarke et al., ECOOP’03
modular verificationLeino et al., ESOP’06
![Page 66: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/66.jpg)
future work
relax restrictions richer component-graph structures
implementation
![Page 67: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/67.jpg)
END
use dynamic encapsulation to enable modular shape analysis,
use shape analysis to verify dynamic encapsulation
![Page 68: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/68.jpg)
partitioned module invariant
![Page 69: Modular Shape Analysis for Dynamically Encapsulated Programs](https://reader036.vdocument.in/reader036/viewer/2022062309/5681513a550346895dbf523e/html5/thumbnails/69.jpg)
partitioned module invariant