alias calculus for a simple imperative language with decidable pointer arithmetic
Post on 02-Jul-2015
1.014 Views
Preview:
DESCRIPTION
TRANSCRIPT
Alias Calculus for Simple Imperative Language
with Decidable Pointer Arithmetic
Aleksandr Vorontsov1,
Aizhan Satekbayeva2,
Nikolay Shilov3,4
М1Novosibirsk State University, Novosibirsk, Russia, 2 L.N. Gumilyov Eurasian National University, Astana, Kazakhstan,
3Nazarbayev University, Astana, Kazakhstan, 4A.P. Ershov Institute of Informatics Systems, Novosibirsk, Russia
What is “Alias Calculus”?
• Alias calculus was proposed by Bertrand Meyer in 2011 for a toy programming language with single data type for abstract pointers.
• it is a set of syntax-driven rules to compute an upper approximation aft(S, P) for aliasing after execution of a program P for a given initial aliasing S.
14.11.2014 2 TMPA-2014: Alias Calculus
What about this Research
• Our current purpose is to present a variant of alias calculus for more realistic programming language with automatic and dynamic memory, with types for regular data as well as for decidable pointer arithmetic.
14.11.2014 3 TMPA-2014: Alias Calculus
Why a new Research?
• Aliasing problem is to predict, detect and/or trace pointers to the same addresses in dynamic memory.
• Importance of the problem is due to mistakes and errors that may happen in program run-time due to improper alias handling.
14.11.2014 4 TMPA-2014: Alias Calculus
Errors?
• Below are two simple examples of errors (?) inC-like pseudo-code:
• x = malloc(sizeof(int));
x = malloc(sizeof(int));
//memory leak;
• y = x; free(x); free(y);
// invalid access.
14.11.2014 5 TMPA-2014: Alias Calculus
Alias Calculus for a Trivial Language
• Bertrand Meyer: Steps Towards a Theory and Calculus of Aliasing. Int. J. of Software and Informatics (Festschrift in honor of Manfred Broy), 2011., p.77-115.
14.11.2014 6 TMPA-2014: Alias Calculus
Sample Rules: memory dynamics
• Memory deallocation and allocation operators have the same effect on alias relation because after these operations variable isn’t alias to any other variable:
14.11.2014 7 TMPA-2014: Alias Calculus
Sample Rules: assignment
• After assignment address variable forgets all its former aliases and becomes an alias to all aliases of the variable:
14.11.2014 8 TMPA-2014: Alias Calculus
Sample Rules: assignment
14.11.2014 9 TMPA-2014: Alias Calculus
x, y
y, u
x, z
x, y
x, y, u x:=y
Sample Rules: compound programs
• Sequential composition means sequential application:
• Nondeterministic choice of any branch:
14.11.2014 TMPA-2014: Alias Calculus 10
Towards More Realistic Language
• Acronym MoRe stays for More Realistic programming language.
• It has two data types that are called addresses and integers with implicit type casting in2ad from integers to addresses.
14.11.2014 TMPA-2014: Alias Calculus 11
Addresses in MoRe
• Address data type is any (finite or infinite) set of values ADR with constants denoted “0” and “1”, operations denoted “+” and “–” such that (ADR, 0, 1, +, –) is a commutative additive semi-group with decidable first-order theory TADR.
14.11.2014 TMPA-2014: Alias Calculus 12
Examples of Legal Address Types
• Zm, the ring of residuals modulo any particular fixed positive m,
• Presburger arithmetic, etc.
14.11.2014 TMPA-2014: Alias Calculus 13
Integers in MoRe
• Integer data type in MoRe is any (finite or infinite) set of (mathematical) integers INT with standard constants 0 and 1, standard operations “+”, “–”, “*”, “/” and implicit computable surjective homomorphical type-casting function
in2ad : (INT, 0, 1, +, –) (ADR, 0, 1, +, –) .
14.11.2014 TMPA-2014: Alias Calculus 14
MoRe Syntax
14.11.2014 TMPA-2014: Alias Calculus 15
Structural Operational Semantics
• MoRe SOS uses (memory) model consisting of two disjoint parts: a static memory (conventionally) called stack and dynamic memory (conventionally) called heap.
14.11.2014 TMPA-2014: Alias Calculus 16
Structural Operational Semantics
• State is a pair of mappings s=(st, hp) where
• state of the stack st: V INT is a partial mapping (with finite domain) from variables V to integers INT (understood as their values),
• state of the heap hp: ADR INT i.e. a partial mapping with finite domain from addresses ADR to integers INT (understood as referenced values).
14.11.2014 TMPA-2014: Alias Calculus 17
Structural Operational Semantics
• MoRe SOS is axiomatic system for triples
s s
where s is a state, s is a state or an exception abort, and is a program.
• Intuition behind this triple follows: program converts input state into output state (that may be exception).
14.11.2014 TMPA-2014: Alias Calculus 18
Structural Operational Semantics
• SOS inference rules are syntax-driven and have the following form:
14.11.2014 TMPA-2014: Alias Calculus 19
Sample SOS Rule: static array in dynamic memory
• If
– xdom(st),
– addresses in2ad(l), … in2ad(l+k) are disjoint,
– in2ad(l), … in2ad(l+k)dom(hp)
then
14.11.2014 TMPA-2014: Alias Calculus 20
Alias Calculus for MoRe
• A configuration is a quadruple Cnf=(I, A, S) consisting of
– a sets of address variables,
– a set of address expressions ,
– a finite set S of pairs of synonyms and antonyms (with variables in I) that has a solution as a system of equalities and inequalities in (ADR, 0, 1, +, –), i.e. that is consistent with theory TADR.
14.11.2014 TMPA-2014: Alias Calculus 21
Alias Calculus for MoRe
• Informally speaking in Cnf=(I, A, S)
– the set I is for initialized address variables,
– the set A is for address expressions that points onto allocated memory,
– the set S is a system of equations and inequalities to specify what expressions may be aliases and what can’t be.
14.11.2014 TMPA-2014: Alias Calculus 22
Sample Rule of Alias Calculus: assignment
• Let Cnfx:=t be (Ix:=t , Ax:=t , Sx:=t) where
14.11.2014 TMPA-2014: Alias Calculus 23
Main Result
• The alias calculus for programming language MoRe is safe in the following sense:
• Theorem: Let D be any alias distribution, be any MoRe-program and s=(st, hp) be any state such that st╞D; if s=(st,hp) is a state such that s<>s then st╞aft(D,).
14.11.2014 TMPA-2014: Alias Calculus 24
Conclusion
• Equation based alias calculus for a model programming language with dynamic memory and decidable address arithmetic was developed.
• The calculus can be used for control-flow insensitive safe alias analysis of MoRe programs but for practical applications the language must be much more realistic.
14.11.2014 TMPA-2014: Alias Calculus 25
14.11.2014 TMPA-2014: Alias Calculus 26
Thank You For Your Attention! Questions?
top related