1. No category

Reduction in End-User Shape Analysis

Reduction in
End-User Shape Analysis
Bor-Yuh Evan Chang
Xavier Rival
University of Colorado, Boulder
INRIA and ENS Paris
Dagstuhl - Typing, Analysis, and Verification of Heap-Manipulating Programs – July 24, 2009
Why think about the analyzer’s end-user?
User
Tool
Accessibility
• end-users are not experts in verification and logic
• want adoption of our tools and techniques
Expressivity, Efficiency, and Feasibility
• end-users are not completely incompetent either
• can provide guidance to tools, understand the code best
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
2
Shape analysis is an abstract interpretation
on abstract memory descriptions with …
Splitting of summaries (materialization)
l
“sorted dl list”
l
cur
To reflect
updates
precisely
Main
Design
Decision:
l
cur
l operations
Summaries and their
cur
cur
And summarizing for termination (summarization)
l
l
cur
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
cur
3
The Wild Wild World of Shape Analysis
Choosing the heap abstraction difficult
Some representative approaches:

Parametric in low-level,
analyzer-oriented predicates
TVLA
[Sagiv et al.]
+ Very general and expressive
- Harder for non-expert
Built-in high-level predicates
Space Invader
[Distefano et al.]
Our approach:
- Harder to extend
+ No additional user effort
Parametric in high-level,
developer-oriented predicates
Xisa
+ Extensible
+ Targeted to developers
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
4
Our Approach: Executable Specifications
Utilize “run-time validation code” as specification
for static analysis.
h.dll(p) :=
if =(hnull
= null)
then
h
Æ emp
Ç 9n.
true
h@prev  p ¤
else
h!prev 
=n
p ¤and
h@next
h!next.dll(h)
n.dll(h)
checker
• p specifies where
prev should point
Build the abstraction
for analysis directly
assert(l.purple_dll(null));
out of the developerfor
each node
cur in list l {
supplied
validation
code
make cur red;
Automatically
generalize checkers
for intermediate
states (generalized
segment)
}
l
l
assert(l.red_dll(null));
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
cur
l
5
Xisa is …
An automated shape analysis with a precise memory
abstraction based around invariant checkers.
h.dll(p) =
if (h = null) then
true
else
h!prev = prev and
h!next.dll(h)
checkers
Xisa
• Extensible and targeted for developers
– Parametric in developer-supplied checkers—viewed as
inductive definitions in separation logic
• Precise yet compact abstraction for efficiency
– Data structure-specific based on properties of interest
to the developer
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
6
Problem: Non-Unique Representations
With user-guided abstraction, different summaries
may have the same (or related) concretizations.
checker
summary
concrete
instance
l.dll(p) :=
if (l = null) then true
else
l!prev = p and
l!next.dll(l)
h dll(null)
l.dll_back(n) :=
if (l = null) then true
else
l!next = n and
l!prev.dll_back(l)
dll_back(null) t
h
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
t
7
Need: Convert between related summaries
1. Prove lemmas about related checkers
–
e.g., “dll , dll_back”
Observation: Our widening operator can
derive these facts on an appropriate program
Basic Idea:
l.dll(p) := …
summarization
(widening)
semantics of dll_back
parametric
abstract domain
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
S
8
Need: Convert between related summaries
2. Find out which lemmas are needed and
when to apply them during program
analysis
–
–
work-in-progress
not in this talk
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
9
New “Pre-Program Analysis Analysis”
checker analysis
program analysis
(“pre-program analysis”)
Derives information
about checkers to use
them effectively
dll(h, p) =
if (h = null) then
true
else
h!prev = prev and
dll(h!next, h)
checkers
level-type
inference
for unfolding
splitting and
interpreting update
lemma
proving for
reduction
summarizing
S
abstract interpretation
S
Xisa shape analyzer
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
10
Outline
• Memory abstraction
– graphs
– segments
• A semantics of checker definitions
• Example:
– a segment of a list , a list segment
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
11
Abstract memory as graphs
Make endpoints and segments explicit
°
l
®
“dll segment”
±
¯
dll(±, °)
cur
memory
address
(value)
l
®
memory cell
(points-to:
°!next = ±)
segment summary
dll(null)
dll(¯)
cur
°
checker
summary
(inductive pred)
next
±
dll(°)
prev
¯
Segment generalization
of a checker
(Intuitively, ®.dll(null) up to °.dll(¯).)
(®.dll(null) ¤= °.dll(¯)) ¤ °@prev  ¯
¤ °@next  ± ¤ ±.dll(°)
Some number of
memory cells
(thin edges)
h.dll(p) =
if (h = null) then
true
else
h!prev = p and
h!next.dll(h)
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
12
Segments as
Partial Checker “Runs” (conceptually)
Summary
®
i0
dll(null) dll(¯)
°
®
dll(¯)
i0
c0(°0)
c(°)
¯
Instance
null
prev
next
®
null
¯
prev
next
°
prev
next
prev
±
next
null
Complete Checker “Run”
c(®,°)
®.dll(null)
i
¯.dll(®)
i=0
°.dll(¯)
±.dll(°)
®=°
¯ = null
i
i=0
…
… c0(¯,°0)
null.dll(±)
[POPL’08]
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
…
c = c0
®… = ¯…
° = °0
13
Outline
• Memory abstraction
– graphs
– segments
• A semantics of checker definitions
• Example:
– a segment of a list , a list segment
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
14
Example: User-Defined List Segments
l.ls(e) :=
if (l = e) then true
else
l!next.ls(l)
checker
summary
¯
®
e
l
l.list() :=
if (l = null) then true
else
l!next.list()
®
ls(¯)
l list()
“a list segment”
list()
¯
e
“a segment of a list”
Want a decision procedure for these inclusions:
¯
®
e
l
ls(¯)
v
®
l list()
list()
¯
e
?
Can reuse our parametric abstract domain!
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
15
An Alternative Semantics for Checkers
summary
¯
®
e
l
generator of “concrete” graphs
®=¯
®
ls(¯)
l
®
l
e
next
®0 = ¯
®0
l
next
¯
e
°
®
¯
®0
next
®00
®00 = ¯
¯
e
…
set of concrete stores
l
e
addrof(®)
…
addrof(¯)
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
16
Show
®
l
®
l
¯
®
e
l
Widening
v
ls(¯)
®=¯
®
l list()
list()
¯
e
¯
e
Properties
®
• Soundness: computes an over-approximation
l list()
®0
®0 = ¯ ¯ chain stabilizes
•nextTermination:
ensures
¯
list()
e
e
®
¯
Algorithm
list()
list() e
l
1. Iteratively
split regions by matching nodes (ok by ¤)
®
®0
®00 ®00 = ¯ ¯
next
next
2.
Find
common
abstraction
for matched regions
l
e
(calling on v to check inclusion)
Our widening
• is a non-symmetric
binary
[SAS’07]
Apply abstract interpretation
operator
using only list as a checker
• interleaves region
parameter to the domain
matching and summarizing
X
…
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
17
Inclusion Check
®
l
next
®0 = ¯
®0
e
v
®
l
®
l
®
l
¯
¯
list()
next
next
list()
®0
¯
list()
®0
e
list()
e
®0 = ¯
¯
Inclusion Check
Algorithm
1. Iteratively split
regions by
matching nodes
2. Check inclusion by
unfolding and
matching edges
until obvious
(emp v emp)
e
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
18
Summary: Reuse domain to decide relations
amongst checker definitions
checker analysis
program analysis
(“pre-program analysis”)
dll(h, p) =
if (h = null) then
true
else
h!prev = prev and
dll(h!next, h)
checkers
level-type
inference
for unfolding
splitting and
interpreting update
lemma
proving for
reduction
summarizing
S
abstract interpretation
S
Xisa shape analyzer
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
19
Conclusion and Next Steps
• Non-unique representation problem magnified
with user-supplied checkers
– Need reduction to convert between representations
– Ordering on checkers needed to apply reduction
• Ordering shown by applying Xisa to a checker def
• To put into practice
– Needed lemmas: pre-compute ordering or on-demand?
– When to apply: level types for unfolding may help
– Derive new checkers (e.g., dll_back from dll)?
Bor-Yuh Evan Chang and Xavier Rival - Reduction in End-User Shape Analysis
20
http://xisa.cs.berkeley.edu

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz