Alias Calculus for a Simple Imperative Language with Decidable Pointer Arithmetic

Alias Calculus for Simple Imperative Language with Decidable Pointer Arithmetic
Aleksandr Vorontsov1,
Aizhan Satekbayeva2,
Nikolay Shilov3,4
М1Novosibirsk State University, Novosibirsk, Russia,
2 L.N. Gumilyov Eurasian National University, Astana, Kazakhstan,
3Nazarbayev University, Astana, Kazakhstan,
4A.P. Ershov Institute of Informatics Systems, Novosibirsk, Russia

What is “Alias Calculus”?
•Alias calculus was proposed by Bertrand Meyer in 2011 for a toy programming language with single data type for abstract pointers.
•it is a set of syntax-driven rules to compute an upper approximation aft(S, P) for aliasing after execution of a program P for a given initial aliasing S.
14.11.2014
2
TMPA-2014: Alias Calculus

What about this Research
•Our current purpose is to present a variant of alias calculus for more realistic programming language with automatic and dynamic memory, with types for regular data as well as for decidable pointer arithmetic.
14.11.2014
3

Why a new Research?
•Aliasing problem is to predict, detect and/or trace pointers to the same addresses in dynamic memory.
•Importance of the problem is due to mistakes and errors that may happen in program run- time due to improper alias handling.
14.11.2014
4

Errors?
•Below are two simple examples of errors (?) inC-like pseudo-code:
•x = malloc(sizeof(int));
x = malloc(sizeof(int));
//memory leak;
•y = x; free(x); free(y);
// invalid access.
14.11.2014
5

Alias Calculus for a Trivial Language
•Bertrand Meyer: Steps Towards a Theory and Calculus of Aliasing. Int. J. of Software and Informatics (Festschrift in honor of Manfred Broy), 2011., p.77-115.
14.11.2014
6

Sample Rules: memory dynamics
•Memory deallocation and allocation operators have the same effect on alias relation because after these operations variable isn’t alias to any other variable:
14.11.2014
7

Sample Rules: assignment
•After assignment address variable forgets all its former aliases and becomes an alias to all aliases of the variable:
14.11.2014
8

Sample Rules: assignment
14.11.2014
9
x, y
y, u
x, z
x, y
x, y, u
x:=y

Sample Rules: compound programs
•Sequential composition means sequential application:
•Nondeterministic choice of any branch:
14.11.2014
10

Towards More Realistic Language
•Acronym MoRe stays for More Realistic programming language.
•It has two data types that are called addresses and integers with implicit type casting in2ad from integers to addresses.
14.11.2014
11

Addresses in MoRe
•Address data type is any (finite or infinite) set of values ADR with constants denoted “0” and “1”, operations denoted “+” and “–” such that (ADR, 0, 1, +, –) is a commutative additive semi-group with decidable first-order theory TADR.
14.11.2014
12

Examples of Legal Address Types
•Zm, the ring of residuals modulo any particular fixed positive m,
•Presburger arithmetic, etc.
14.11.2014
13

Integers in MoRe
•Integer data type in MoRe is any (finite or infinite) set of (mathematical) integers INT with standard constants 0 and 1, standard operations “+”, “–”, “*”, “/” and implicit computable surjective homomorphical type- casting function
in2ad : (INT, 0, 1, +, –)  (ADR, 0, 1, +, –) .
14.11.2014
14

MoRe Syntax
14.11.2014
15

Structural Operational Semantics
•MoRe SOS uses (memory) model consisting of two disjoint parts: a static memory (conventionally) called stack and dynamic memory (conventionally) called heap.
14.11.2014
16

•State is a pair of mappings s=(st, hp) where
•state of the stack st: V  INT is a partial mapping (with finite domain) from variables V to integers INT (understood as their values),
•state of the heap hp: ADR  INT i.e. a partial mapping with finite domain from addresses ADR to integers INT (understood as referenced values).
14.11.2014
17

•MoRe SOS is axiomatic system for triples
s s
where s is a state, s is a state or an exception abort, and  is a program.
•Intuition behind this triple follows: program converts input state into output state (that may be exception).
14.11.2014
18

•SOS inference rules are syntax-driven and have the following form:
14.11.2014
19

Sample SOS Rule: static array in dynamic memory
•If
–xdom(st),
–addresses in2ad(l), … in2ad(l+k) are disjoint,
–in2ad(l), … in2ad(l+k)dom(hp)
then
14.11.2014
20

Alias Calculus for MoRe
•A configuration is a quadruple Cnf=(I, A, S) consisting of
–a sets of address variables,
–a set of address expressions ,
–a finite set S of pairs of synonyms and antonyms (with variables in I) that has a solution as a system of equalities and inequalities in (ADR, 0, 1, +, –), i.e. that is consistent with theory TADR.
14.11.2014
21

Alias Calculus for MoRe
•Informally speaking in Cnf=(I, A, S)
–the set I is for initialized address variables,
–the set A is for address expressions that points onto allocated memory,
–the set S is a system of equations and inequalities to specify what expressions may be aliases and what can’t be.
14.11.2014
22

Sample Rule of Alias Calculus: assignment
•Let Cnfx:=t be (Ix:=t , Ax:=t , Sx:=t) where
14.11.2014
23

Main Result
•The alias calculus for programming language MoRe is safe in the following sense:
•Theorem: Let D be any alias distribution,  be any MoRe-program and s=(st, hp) be any state such that st╞D; if s=(st,hp) is a state such that s<>s then st╞aft(D,).
14.11.2014
24

Conclusion
•Equation based alias calculus for a model programming language with dynamic memory and decidable address arithmetic was developed.
•The calculus can be used for control-flow insensitive safe alias analysis of MoRe programs but for practical applications the language must be much more realistic.
14.11.2014
25

14.11.2014
26
Thank You For Your Attention!
Questions?

Alias Calculus for a Simple Imperative Language with Decidable Pointer Arithmetic

More Related Content

What's hot (20)

Similar to Alias Calculus for a Simple Imperative Language with Decidable Pointer Arithmetic (20)

More from Iosif Itkin (20)

Recently uploaded (20)

Alias Calculus for a Simple Imperative Language with Decidable Pointer Arithmetic