alias calculus for a simple imperative language with decidable pointer arithmetic
DESCRIPTION
Nikolay Shilov, Alexander Vorontso, Aizhan Satekbayeva, Nazarbayev University, KazakhstanTRANSCRIPT
Alias Calculus for Simple Imperative Language
with Decidable Pointer Arithmetic
Aleksandr Vorontsov1,
Aizhan Satekbayeva2,
Nikolay Shilov3,4
М1Novosibirsk State University, Novosibirsk, Russia, 2 L.N. Gumilyov Eurasian National University, Astana, Kazakhstan,
3Nazarbayev University, Astana, Kazakhstan, 4A.P. Ershov Institute of Informatics Systems, Novosibirsk, Russia
What is “Alias Calculus”?
• Alias calculus was proposed by Bertrand Meyer in 2011 for a toy programming language with single data type for abstract pointers.
• it is a set of syntax-driven rules to compute an upper approximation aft(S, P) for aliasing after execution of a program P for a given initial aliasing S.
14.11.2014 2 TMPA-2014: Alias Calculus
What about this Research
• Our current purpose is to present a variant of alias calculus for more realistic programming language with automatic and dynamic memory, with types for regular data as well as for decidable pointer arithmetic.
14.11.2014 3 TMPA-2014: Alias Calculus
Why a new Research?
• Aliasing problem is to predict, detect and/or trace pointers to the same addresses in dynamic memory.
• Importance of the problem is due to mistakes and errors that may happen in program run-time due to improper alias handling.
14.11.2014 4 TMPA-2014: Alias Calculus
Errors?
• Below are two simple examples of errors (?) inC-like pseudo-code:
• x = malloc(sizeof(int));
x = malloc(sizeof(int));
//memory leak;
• y = x; free(x); free(y);
// invalid access.
14.11.2014 5 TMPA-2014: Alias Calculus
Alias Calculus for a Trivial Language
• Bertrand Meyer: Steps Towards a Theory and Calculus of Aliasing. Int. J. of Software and Informatics (Festschrift in honor of Manfred Broy), 2011., p.77-115.
14.11.2014 6 TMPA-2014: Alias Calculus
Sample Rules: memory dynamics
• Memory deallocation and allocation operators have the same effect on alias relation because after these operations variable isn’t alias to any other variable:
14.11.2014 7 TMPA-2014: Alias Calculus
Sample Rules: assignment
• After assignment address variable forgets all its former aliases and becomes an alias to all aliases of the variable:
14.11.2014 8 TMPA-2014: Alias Calculus
Sample Rules: assignment
14.11.2014 9 TMPA-2014: Alias Calculus
x, y
y, u
x, z
x, y
x, y, u x:=y
Sample Rules: compound programs
• Sequential composition means sequential application:
• Nondeterministic choice of any branch:
14.11.2014 TMPA-2014: Alias Calculus 10
Towards More Realistic Language
• Acronym MoRe stays for More Realistic programming language.
• It has two data types that are called addresses and integers with implicit type casting in2ad from integers to addresses.
14.11.2014 TMPA-2014: Alias Calculus 11
Addresses in MoRe
• Address data type is any (finite or infinite) set of values ADR with constants denoted “0” and “1”, operations denoted “+” and “–” such that (ADR, 0, 1, +, –) is a commutative additive semi-group with decidable first-order theory TADR.
14.11.2014 TMPA-2014: Alias Calculus 12
Examples of Legal Address Types
• Zm, the ring of residuals modulo any particular fixed positive m,
• Presburger arithmetic, etc.
14.11.2014 TMPA-2014: Alias Calculus 13
Integers in MoRe
• Integer data type in MoRe is any (finite or infinite) set of (mathematical) integers INT with standard constants 0 and 1, standard operations “+”, “–”, “*”, “/” and implicit computable surjective homomorphical type-casting function
in2ad : (INT, 0, 1, +, –) (ADR, 0, 1, +, –) .
14.11.2014 TMPA-2014: Alias Calculus 14
MoRe Syntax
14.11.2014 TMPA-2014: Alias Calculus 15
Structural Operational Semantics
• MoRe SOS uses (memory) model consisting of two disjoint parts: a static memory (conventionally) called stack and dynamic memory (conventionally) called heap.
14.11.2014 TMPA-2014: Alias Calculus 16
Structural Operational Semantics
• State is a pair of mappings s=(st, hp) where
• state of the stack st: V INT is a partial mapping (with finite domain) from variables V to integers INT (understood as their values),
• state of the heap hp: ADR INT i.e. a partial mapping with finite domain from addresses ADR to integers INT (understood as referenced values).
14.11.2014 TMPA-2014: Alias Calculus 17
Structural Operational Semantics
• MoRe SOS is axiomatic system for triples
s s
where s is a state, s is a state or an exception abort, and is a program.
• Intuition behind this triple follows: program converts input state into output state (that may be exception).
14.11.2014 TMPA-2014: Alias Calculus 18
Structural Operational Semantics
• SOS inference rules are syntax-driven and have the following form:
14.11.2014 TMPA-2014: Alias Calculus 19
Sample SOS Rule: static array in dynamic memory
• If
– xdom(st),
– addresses in2ad(l), … in2ad(l+k) are disjoint,
– in2ad(l), … in2ad(l+k)dom(hp)
then
14.11.2014 TMPA-2014: Alias Calculus 20
Alias Calculus for MoRe
• A configuration is a quadruple Cnf=(I, A, S) consisting of
– a sets of address variables,
– a set of address expressions ,
– a finite set S of pairs of synonyms and antonyms (with variables in I) that has a solution as a system of equalities and inequalities in (ADR, 0, 1, +, –), i.e. that is consistent with theory TADR.
14.11.2014 TMPA-2014: Alias Calculus 21
Alias Calculus for MoRe
• Informally speaking in Cnf=(I, A, S)
– the set I is for initialized address variables,
– the set A is for address expressions that points onto allocated memory,
– the set S is a system of equations and inequalities to specify what expressions may be aliases and what can’t be.
14.11.2014 TMPA-2014: Alias Calculus 22
Sample Rule of Alias Calculus: assignment
• Let Cnfx:=t be (Ix:=t , Ax:=t , Sx:=t) where
14.11.2014 TMPA-2014: Alias Calculus 23
Main Result
• The alias calculus for programming language MoRe is safe in the following sense:
• Theorem: Let D be any alias distribution, be any MoRe-program and s=(st, hp) be any state such that st╞D; if s=(st,hp) is a state such that s<>s then st╞aft(D,).
14.11.2014 TMPA-2014: Alias Calculus 24
Conclusion
• Equation based alias calculus for a model programming language with dynamic memory and decidable address arithmetic was developed.
• The calculus can be used for control-flow insensitive safe alias analysis of MoRe programs but for practical applications the language must be much more realistic.
14.11.2014 TMPA-2014: Alias Calculus 25
14.11.2014 TMPA-2014: Alias Calculus 26
Thank You For Your Attention! Questions?