Polynomial Size Analysis for an Imperative Language

Transcription

1 Polynomial Size Analysis for an Imperative Language Master Thesis Research Plan Rody Kersten Supervised by Marko van Eekelen February 16, 2009 Abstract Analysis of heap space consumption is a valuable tool when working with limited resources. This document proposes the design and implementation of a size-aware type system for the imperative object-oriented language FJEU (Featherweight Java Extended with Update). It will build upon solutions for functional languages and improve on techniques that simply sum up worst case bounds. Instead, it will allow for polynomial size bounds to be checked for correctness. Soundness of the type system will be proved and a demonstration program will be implemented. 1 Introduction Qualitative analysis of software is an increasingly popular subject among computer scientists. Fields of interest include functional-, complexity-, security- and performance-analysis. An area that is relatively unexplored is the analysis of memory usage. However, the ability to make an accurate memory consumption estimate is very valuable, especially in embedded situations where resources are limited or in other situations when memory exhaustive processes are executed. Besides human analysis, such a methodology also has other uses, for example for code optimization by compilers. Progress has been made in the area, but has focused on either linear solutions or on polynomial methods for functional languages. This research will consider polynomial size analysis, as developed in the AHA project [16], for an imperative language. A size aware imperative and object-oriented language will be developed, based on FJEU (as defined in [6]), which is in turn an extension of Featherweight Java [8]. This SAFE Java (Size-Aware FEatherweight Java) will extend FJEU with JML-like annotations for specifying size relations. 1

2 2 Related Work The Amortized Heap Space Usage Analysis (AHA) project [16] is aimed at developing a methodology for determining bounds on heap space consumption. Amortization is a term which has its origins in the financial world, where it is used to express that multiple smaller payments account for a certain larger amount. The term was applied to a brand of complexity analysis in [15] and to heap space analysis in [6]. Here it means that certain operations that increase the potential of a data structure may cancel out other operations that decrease its potential, resulting in a simpler estimation of the change in potential of the total. In [13], a technique was developed for checking the correctness of user-specified output-on-input size relations on first-order functions. This technique improved on existing methods, because it was able to determine polynomial bounds on sizes rather than monotonic bound. An algorithm for inferring these size annotations was added [13, 17]. Since up to this point a very restricted functional language with only integer and list data types was used, support for algebraic data types was added, proving the systems ability to handle more complex programs [14]. Finally, the approach was adapted to work with both upper and lower bounds on the output-on-input size dependencies [12]. A demonstration program implementing the methodology is available at Amortization techniques have not been developed for this approach yet, since a complete polynomial size analysis system is prerequisite to that. The research proposed in this document aims at transferring the results of the AHA project to an object-oriented imperative language. In the Mobile Resource Guarantees (MRG) project [11] and its follow-ups MO- BIUS 1 and Embounded [5], several different approaches to heap-space consumption analysis have been developed. In [6], Hofmann and Jost describe the FJEU language and the resource aware RAJA language, based on FJEU. Their RAJA type system focuses on linear bounds on heap-space consumption, whereas our approach will be aimed at establishing polynomial bounds. However, our language and implementation will also build upon FJEU. Their approach is further developed in the to-be-published [7]. A different direction is taken in [1] and [2], where a resource aware program logic for Grail is discussed. Grail [3] is an intermediate language in the compilation of Camelot [10] and O Camelot [18] to Java byte code. It can be seen as a functional subset of the Java Virtual Machine Language. A type system for memory usage verification of object-oriented programs is presented by Chin et. al. in [4], which may be used to calculate conservative worst-case bounds

3 3 Motivation Computer systems often have limited resources available, especially when embedded systems or systems with an exceptionally intensive task are considered. To assure quality and reliability of these systems different forms of program analysis have been invented. This helps reason about certain specifics of the program, such as its requirements conformance or its vulnerability to bufferoverflow attacks. In many situations it will also be important to know in advance how much memory a process will consume. For example in Java smart cards an accurate estimate of the memory needed will prevent either unnecessary expenses for the manufacturer or abrupt termination caused by memory shortage. It is also very valuable for larger computers running memory intensive processes, like server grids performing model checking. The AHA project has already shown that polynomial size analysis is feasible for a lazy functional language. However, the usage of functional languages in practice is very small, especially when compared to imperative languages. Java is often the language of choice for embedded systems like mobile phones or smart cards, and memory exhaustive programs will likely be written in C or C++. This project extends the approach to imperative languages, bringing it a step towards its intended application and serving as a stepping stone to a thorough implementation for (Real Time) Java. 4 Problem Statement The main problem is how to transfer polynomial size analysis to an imperative language and how to overcome the challenges this different type of language will undoubtedly yield. To make this transfer, a type system which includes the sizes of types has to be defined and proved to be sound with respect to the semantics of the chosen language. The final problem is how to implement the demonstration program and design some non-trivial examples for it to analyze. 5 Strategy Two parallel tasks will be engaged: the research task and the implementation task. The research task will start off with studying the AHA project and other related research and writing a chapter about the current state of knowledge concerning heap space analysis in general and polynomial size analysis in particular. After this, FJEU will be studied and described. A type system has to be formally defined for SAFE Java. It has to be decided what will be measured (for example the number of objects or the actual number 3

4 of bytes used) and an appropriate type system must be designed. FJEU will have to be extended with a syntax for annotating programs with the size signatures of functions and size dependencies within objects. The Java Modeling Language (JML) already provides some syntax for specifying heap usage [9], which will be extended to suit our needs. After the type system has been defined, its soundness with respect to the FJEU semantics will be proved. Because the language of choice is FJEU, the implementation will build upon the existing parser and interpreter for this language by Martin Hofmann, Steffen Jost and Dulma Rodriguez 2, which is written in O Caml. The parser will be extended to enable the parsing of size annotations and a type-checker will be written for our type-system. Where possible, the program will be designed to be easily portable to other object-languages than FJEU. 6 Time Schedule Research Deliverables Implementation 8 Study related work Study O Caml 9 Describe related research Related work chapter and FJEU code 10 Study and describe FJEU Chapter on FJEU 11 Define annotation syntax Extend parser 12 Determine typing rules Write about type system Type checker Write down examples 17 Soundness proof Finish chapter SAFE Java chapter Absent 22 Describe implementation Implementation chapter Finish up 23 Introduction, future work 24 and conclusions chapters Three chapters 25 Finish up Draft version 26 Write final version 27 Final thesis 28 Presentation Week numbers refer to the weeks of the year A deliverable is a product of the research activities that should be finished by the end of the week. Implementation of the demonstrator will be done in parallel to the other work. 2 Available at: rodrigue/raja.html 4

5 References [1] D. Aspinall, L. Beringer, M. Hofmann, H.-W. Loidl, and A. Momigliano. A program logic for resource verification. In Theorem Proving in Higher Order Logics, 17th International Conference, TPHOLs 2004, Park City, Utah, USA, September 14-17, 2004, volume 3223 of Lecture Notes in Computer Science, pages Springer, [2] D. Aspinall, L. Beringer, M. Hofmann, H.-W. Loidl, and A. Momigliano. A program logic for resources. Theor. Comput. Sci., 389(3): , [3] L. Beringer, K. MacKenzie, and I. Stark. Grail: a functional form for imperative mobile code. Electronic Notes in Theoretical Computer Science, 85(1), [4] W.-N. Chin, H. H. Nguyen, S. Qin, and M. Rinard. Memory usage verification for OO programs. In Static Analysis, volume 3672 of Lecture Notes in Computer Science, pages Springer-Verlag, [5] K. Hammond, R. Dyckhoff, C. Ferdinand, R. Heckmann, M. Hofmann, H.-W. Loidl, G. Michaelson, J. Serot, and A. Wallace. The embounded project (project paper). In Proc. 6th Symposium on Trends in Functional Programming (TFP 2005), Tallinn, Estonia, September Intellect, [6] M. Hofmann and S. Jost. Type-based amortised heap-space analysis. In Programming Languages and Systems, volume 3924 of Lecture Notes in Computer Science, pages Springer-Verlag, [7] M. Hofmann and D. Rodriguez. Efficient type-checking for amortised heapspace analysis. Unpublished, submitted to TLCA 09. [8] A. Igarashi, B. C. Pierce, and P. Wadler. Featherweight Java: a minimal core calculus for Java and GJ. ACM Trans. Program. Lang. Syst., 23(3): , [9] G. T. Leavens, E. Poll, C. Clifton, Y. Cheon, and C. Ruby. JML reference manual. Available from [10] K. MacKenzie and N. Wolverson. Camelot and grail: resource-aware functional programming on the jvm. In Trends in Functional Programing, volume 4, pages Intellect, [11] D. Sannella, M. Hofmann, D. Aspinall, S. Gilmore, I. Stark, L. Beringer, H.-W. Loidl, K. MacKenzie, A. Momigliano, and O. Shkaravska. Mobile Resource Guarantees. In Trends in Functional Programing, volume 6, Tallinn, Estonia, Sep 23 24, Intellect. [12] O. Shkaravska, M. van Eekelen, and A. Tamalet. Size analysis with indexed families of max 0 -polynomials. To appear in [13] O. Shkaravska, R. van Kesteren, and M. C. J. D. van Eekelen. Polynomial size analysis of first-order functions. In TLCA, pages ,

6 [14] A. Tamalet, O. Shkaravska, and M. van Eekelen. Size analysis of algebraic data types. In P. Achten, P. Koopman, and M. T. Morazán, editors, Trends in Functional Programming Volume 9: Selected Papers of the 9 th International Symposium on Trends in Functional Programming (TFP07), New York, USA. Intellect Publishers, UK, To appear [15] R. E. Tarjan. Amortized computational complexity. SIAM Journal on Algebraic and Discrete Methods, 6(2): , [16] M. van Eekelen, O. Shkaravska, R. van Kesteren, B. Jacobs, E. Poll, and S. Smetsers. AHA: Amortized Heap Space Usage Analysis. In M. Morazán, editor, Trends in Functional Programming Volume 8: Selected Papers of the 8 th International Symposium on Trends in Functional Programming (TFP 07), New York, USA, pages Intellect Publishers, UK, [17] R. van Kesteren, O. Shkaravska, and M. van Eekelen. Inferring static nonmonotonically sized types through testing. In R. Echahed, editor, 16 th International Workshop on Functional and (Constraint) Logic Programming (WFLP07), Paris, France, pages CNAM, France, [18] N. Wolverson and K. MacKenzie. O camelot: Adding objects to a resource aware functional language. In Trends in Functional Programing, volume 4, pages Intellect,