Reachability Analysis of Program Variables c 1 , 2 and Fausto Spoto 1 Ðurica Nikoli´ 1. - Dipartimento di Informatica, University of Verona (Italy) 2. - Microsoft Research - University of Trento Centre for Computational and Systems Biology June 29th, 2012 Julia June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 1 / 15
Introduction I ntuitive definition of R eachability y x o 1 o 2 A A f f null null g g 0 0 h null h null June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 2 / 15
Introduction I ntuitive definition of R eachability y x o 3 B o 1 o 2 m A A n null f f o 4 g g 10 45 B h h null m null n I s there a sequence of fields f 1 , . . . , f k such that x . f 1 .. . . . f k = y ? June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 2 / 15
Introduction I ntuitive definition of R eachability y x o 3 B o 1 o 2 m A A n null f f o 4 g g 10 45 B h h null m null n I s there a sequence of fields f 1 , . . . , f k such that x . f 1 .. . . . f k = y ? x . f . m . n = y June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 2 / 15
Introduction I ntuitive definition of R eachability y x o 3 B o 1 o 2 m A A n null f f o 4 g g 10 45 B h h null m null n I s there a sequence of fields f 1 , . . . , f k such that x . f 1 .. . . . f k = y ? x . f . m . n = y x reaches y ⇒ June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 2 / 15
Introduction H aven ’ t we solved this problem yet ? T here is a lot of pointer analyses : [H ind 01] surveys more than 75 papers June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 3 / 15
Introduction H aven ’ t we solved this problem yet ? T here is a lot of pointer analyses : [H ind 01] surveys more than 75 papers y x o 3 B o 1 o 2 m A A n null f f o 4 g 10 g 45 B h h null S haring A nalysis m null n June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 3 / 15
Introduction H aven ’ t we solved this problem yet ? T here is a lot of pointer analyses : [H ind 01] surveys more than 75 papers y x o 3 B o 1 o 2 m A A n null f f o 4 g 10 g 45 B h h null S haring A nalysis m null n June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 3 / 15
Introduction H aven ’ t we solved this problem yet ? T here is a lot of pointer analyses : [H ind 01] surveys more than 75 papers y x o 3 B o 1 o 2 m A A n null f f o 4 g 10 g 45 B h h null S haring A nalysis m null n REACHABILITY entails SHARING SHARING entails REACHABILITY June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 3 / 15
Introduction H aven ’ t we solved this problem yet ? T here is a lot of pointer analyses : [H ind 01] surveys more than 75 papers y x o 3 B o 1 o 2 m A A n null f f o 4 g 10 g 45 B h h null S haring A nalysis m null n A liasing A nalysis ALIASING entails REACHABILITY REACHABILITY entails ALIASING June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 3 / 15
Introduction H aven ’ t we solved this problem yet ? T here is a lot of pointer analyses : [H ind 01] surveys more than 75 papers S haring A nalysis A liasing A nalysis S hape A nalysis June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 3 / 15
Introduction W here can it be useful ? C yclicity A nalysis : A n assignment y . h = x might make y cyclical ? y x o 3 B o 1 o 2 m A A n null might happen f f o 4 if x and y share g g 10 45 B h h null m null n y x o 3 B o 1 o 2 m A A n null f f null o 4 g g 10 45 B h h null m null n June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 4 / 15
Introduction W here can it be useful ? C yclicity A nalysis : A n assignment y . h = x might make y cyclical ? y x o 3 B o 1 o 2 m A A n null might happen f f o 4 if x and y share g g 10 45 B h h null m null n y x o 3 B o 1 o 2 m A A n YES null f f null o 4 if x reaches y g g 10 45 B h h null m null n June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 4 / 15
Introduction J ulia static analyzer - www.juliasoft.com J ulia - a static analyzer for J ava and A ndroid R eachability A nalysis has been implemented inside J ulia as a supporting analysis for � C yclicity A nalysis � S ide -E ffects A nalysis supporting analyses of � F ield I nitialization A nalysis N ullness and T ermination � P ath - length A nalysis June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 5 / 15
Syntax and Semantics of Java Bytecode T arget language : J ava bytecode ... load 4 ListStudent tmp . tail = list ; load 1 ListStudent ... putfield ListStudent . tail : ListStudent tmp ←→ l 4 l 1 list ←→ June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 6 / 15
Syntax and Semantics of Java Bytecode S tate local stack variables elements Environment ϕ l 1 l 2 l 3 l 4 s 0 s 1 Memory µ @ ℓ 2 2 @ ℓ 3 @ ℓ 4 @ ℓ 4 @ ℓ 2 @ ℓ 1 @ ℓ 2 @ ℓ 3 @ ℓ 4 Student ListStudent Student ListStudent name name head tail head tail st 1 null st 2 null σ = � � [@ ℓ 2 , 2 , @ ℓ 3 , @ ℓ 4 ] � @ ℓ 2 :: @ ℓ 4 � , µ � � ������ �� ������ � � ��������������� �� ��������������� � S L June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 7 / 15
Definition of Reachability R eachable locations and variables R eachable locations L σ ( a ) G iven a state σ = � ϕ, µ � and a location @ ℓ , locations reachable from @ ℓ in σ are L σ (@ ℓ ) = lfp i ≥ 0 L i σ (@ ℓ ) , where L i σ (@ ℓ ) represents the set of locations reachable from @ ℓ in i steps , i . e ., { @ ℓ } if i = 0 L i σ (@ ℓ ) = � ( rng ( µ (@ ℓ 1 ) .φ ) ∩ L ) ∪ L i − 1 σ (@ ℓ ) otherwise . @ ℓ 1 ∈ L i − 1 σ (@ ℓ ) June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 8 / 15
Definition of Reachability R eachable locations and variables R eachable locations L σ ( a ) G iven a state σ = � ϕ, µ � and a location @ ℓ , locations reachable from @ ℓ in σ are L σ (@ ℓ ) = lfp i ≥ 0 L i σ (@ ℓ ) , where L i σ (@ ℓ ) represents the set of locations reachable from @ ℓ in i steps , i . e ., { @ ℓ } if i = 0 L i σ (@ ℓ ) = � ( rng ( µ (@ ℓ 1 ) .φ ) ∩ L ) ∪ L i − 1 σ (@ ℓ ) otherwise . @ ℓ 1 ∈ L i − 1 σ (@ ℓ ) R eachability of variables a � σ b W e say that a variable b is reachable from a variable a in σ , and we denote it a � σ b iff ϕ ( a ) , ϕ ( b ) ∈ L and ϕ ( b ) ∈ L σ ( a ) . June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 8 / 15
Definition of Reachability R eachable locations and variables local stack variables elements Environment ϕ l 1 l 2 l 3 l 4 Memory µ @ ℓ 2 2 @ ℓ 3 @ ℓ 4 @ ℓ 1 @ ℓ 2 @ ℓ 3 @ ℓ 4 Student ListStudent Student ListStudent name head tail name head tail st 1 null st 2 which locations are reachable from @ ℓ 4 ? June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 8 / 15
Definition of Reachability R eachable locations and variables local stack variables elements Environment ϕ l 1 l 2 l 3 l 4 Memory µ @ ℓ 2 2 @ ℓ 3 @ ℓ 4 @ ℓ 1 @ ℓ 2 @ ℓ 3 @ ℓ 4 Student ListStudent Student ListStudent name head tail name head tail st 1 null st 2 which locations are reachable from @ ℓ 4 ? L 0 σ (@ ℓ 4 ) = { @ ℓ 4 } June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 8 / 15
Definition of Reachability R eachable locations and variables local stack variables elements Environment ϕ l 1 l 2 l 3 l 4 Memory µ @ ℓ 2 2 @ ℓ 3 @ ℓ 4 @ ℓ 1 @ ℓ 2 @ ℓ 3 @ ℓ 4 Student ListStudent Student ListStudent name head tail name head tail st 1 null st 2 which locations are reachable from @ ℓ 4 ? L 0 σ (@ ℓ 4 ) = { @ ℓ 4 } L 1 σ (@ ℓ 4 ) = { @ ℓ 2 , @ ℓ 3 , @ ℓ 4 } June 29th, 2012 Ð. Nikoli´ c, F. Spoto (IJCAR 2012) Reachability Analysis of Program Variables 8 / 15
Recommend
More recommend
