An Extended Behavioral Type System for Memory-Leak Freedom. Qi Tan, Kohei Suenaga, and Atsushi Igarashi Kyoto University
|
|
- Rolf Stafford
- 5 years ago
- Views:
Transcription
1 An Extended Behavioral Type System for Memory-Leak Freedom Qi Tan, Kohei Suenaga, and Atsushi Igarashi Kyoto University
2 Introduction n Memory leak, forgetting to deallocate an allocated memory cell, is a serious problem Ø Decreasing the performance of computer Ø Unexpected termination of an application Ø System crash n Verification of memory-leak freedom is important 2
3 Partial memory-leak freedom n All the allocated memory cells are eventually deallocated if a program terminates Consumes unbounded number of memory cells f() = let x = malloc() in /* do something */ free(x) f () = let x = malloc() in f (); free(x) 3
4 Total memory-leak freedom n A program consumes bounded number of memory cells even when it does not terminate h() = let x = malloc() in let y = malloc() in free(x); free(y); h() h () = let x = malloc() in let y = malloc() in h ();free(x);free(y) Both are partially memory-leak free. h() is totally memory-leak free, but h () is not. 4
5 Goal n Verification of total memory-leak freedom n Important for nonterminating software such as Web servers and OS h() = h () = let x = malloc() in let x = malloc() in let y = malloc() in let y = malloc() in free(x);free(y);h() h (); free(x); free(y) 5
6 Previous work [Tan&Suenaga&Igarashi PPL2015] n Behavioral type system Ø Type system for abstracting the behavior of a program Ø Sequential processes are used as types Ø Types describe the number and the order of allocations, deallocations, and recursive calls n Estimating an upper bound of memory cells consumed by a program based on an inferred type 6
7 Overview of previous work Input programs h () = let x = malloc() in let y = malloc() in free(x); free(y); h (); Behavioral type system Encode types with n as C program Success Totally memoryleak free µα.malloc;malloc;free;free;α Behavioral types Model Checker n Fail Unknown Check whether the number of memory consumption exceeds n or not 7
8 Problem in previous work Imprecise abstraction due to branches ifnull (*x) then s 1 else s 2 : Executes s 1 if *x is null, s 2 otherwise h1(x) = let y = malloc() in ifnull(*x) then let x1 = malloc() in *y çx1 else skip; ifnull(*x) then free(*y) else skip; free(y); previous behavioral type system malloc;(malloc+0);(free+0); free malloc+0: Executing malloc at most once 8
9 Problem in previous work Although function h1 is a memory-leak free program, we cannot conclude it from this type malloc;malloc;0;free malloc;(malloc+0);(free+0); free This type loses information about if-guard part 9
10 Our solution Introducing path-sensitive behavioral types to deal with branch statements Ø (*x)(p 1, P 2 ) means execution of P 1 or P 2 depending on *x is null or not h1(x) = let y = malloc() in ifnull(*x) then let x1 = malloc() in *y çx1 else skip; ifnull(*x) then free(*y) else skip; free(y); path-sensitive behavioral type system malloc;(*x)(malloc, 0);(*x)(free, 0);free 10
11 Our solution We can conclude h1 is a memory-leak free program from this type if *x is a null pointer, behaves like malloc;malloc;free;free otherwise like malloc;0;0;free malloc;(*x)(malloc, 0);(*x)(free, 0);free Requires *x not to change between two branches 11
12 Overview of current work Current work Input programs Type soundness proof and type inference algorithm are left for future work Extended behavioral type system malloc;(*x)(malloc, 0);(*x)(free, 0);free Path-sensitive behavioral types n h1(x) = let y = malloc() in ifnull(*x) then let x1 = malloc() in *y çx1 else skip ; ifnull(*x) then free(*y) else skip; free(y); Future work Encode types with n as C program Success Totally memoryleak free Model Checker Fail Unknown 12
13 Outline n Language n Extended behavioral type system n Overview of verification n Related work n Conclusion n Future work 13
14 Language x,y, z,... (variables) Var s (statements) ::= skip s 1 ;s 2 *x y f(x) let x = y in s let x = *y in s let x = null in s let x = malloc() in s free(x) const(*x)s ifnull(*x) then s 1 else s 2 d (proc. defs.) ::= { f (x 1,..., x n )s} D (definitions) ::= d 1... d n P (programs) ::= D, s 14
15 Outline n Language n Extended behavioral type system Ø Syntax of types Ø Type judgment Ø Typing rule for a program Ø OK n (P) n Overview of verification n Related Work n Conclusion n Future Work 15
16 Syntax of extended behavioral types n P (behavioral types) ::= 0 do-nothing P 1 ;P 2 malloc free (*x)(p 1, P 2 ) const(*x)p α µα.p sequential execution of P 1 and P 2 allocation of one memory cell deallocation execution of P 1 or P 2 depends on *x execution of P under constantness (*x) type variable recursion 16
17 Type judgment Θ; Γ s : P n Under Θ and Γ, the extracted behavior of s is P Ø Θ (function type environment) ::= {f 1 :ψ 1,...,f n :ψ n } Ø Γ (variable type environment) ::= {x 1,x 2,...,x n } Ø ψ (dependent function type) ::= (x)p 17
18 Example Θ; Γ, x s : P Θ; Γ let x = malloc() in s : malloc;p (T-Malloc) Θ; Γ, x let x1 = malloc() in *x ß x1 : malloc;0 Θ; Γ skip : 0 Θ; Γ, x, y ifnull(*y) then let x1 = malloc() in *x ß x1 else skip: (*y)(malloc,0) Θ; Γ, x s 1 : P 1 Θ; Γ, x s 2 : P 2 Θ; Γ, x ifnull(*x) then s 1 else s 2 : (*x)(p 1, P 2 ) (T-IfNull) 18
19 Typing rule for a program D : Θ Θ; D, s : P s : P Ø P represents the behavioral type of main statement s Ø In order to guarantee D, s, is totally memory-leak free, we use the predicate OK n (P) 19
20 OK n (P) n Definition: σ represents a sequence of actions such as malloc, free and other actions σ relation means P can perform actions σ and turn into P OK n (P) holds, if P P implies # malloc (σ) - # free (σ) n where # ρ (σ) is the number of ρ in σ. n Intuitively, at every running step, the number of memory cells a program consumes cannot exceed the number of cells it requires. 20
21 Outline n Language n Extended behavioral type system n Overview of verification n Related work n Conclusion n Future work 21
22 Overview of current work Insert constantness annotation Input programs Type soundness proof and type inference algorithm are left for future work Extended behavioral type system Future work Encode types with n as C program Success Totally memoryleak free Path-sensitive behavioral types Model Checker Current work n Fail Unknown 22
23 overview of verification let x = malloc() in let y = malloc() in ifnull(*y) then let x1 = malloc() in *x ß x1 else skip; /* do-something but not change the value of *y */ ifnull(*y) then free(*x) else skip free(x); free(y) let x = malloc() in let y = malloc() in const(*y) /* inserted by a programer */ ( ifnull(*y) then let x1 = malloc() in *x ß x1 else skip; /* do-something but not change the value of *y */ ifnull(*y) then free(*x) else skip ); free(x); free(y) Manually inserted by a programmer Future work: automated insertion 23
24 Overview of verification let x = malloc() in let y = malloc() in const(*y) ( ifnull(*y) then let x1 = malloc() in *x ß x1 else skip; /* do-something but not change the value of *y */ ifnull(*y) then free(*x) else skip ); free(x); free(y) Type inference of our type system P = malloc; malloc; const(*y)((*y)(malloc, 0); (*y)(free, 0)); free; free automatically abstracted by our current type system 24
25 Overview of verification P = malloc; malloc; const(*y)((*y)(malloc, 0); (*y)(free, 0)); free; free with n Encoding by C Future work int y; M(); M(); y = randv(); if(y) { M(); } else { ; } if(y) { F(); } else{ ; } F(); F(); int M() { n = n - 1; assert(n >= 0); } int randv() { srand((unsigned)time(null)); return rand()%2; } Sucess Model Checker Fail void F() { n = n + 1 ; } OK n (P) holds Unknown 25
26 Outline n Language n Extended behavioral type system n Overview of verification n Related work n Conclusion n Future work 26
27 Related work n Behavioral type system are widely used for Ø Static verification of resource-usage [Igarashi&Kobayashi ACMTPLS 05],etc Ø Static verification of deadlock-freedom [Kobayashi Acta inf 05] n Static memory-leak freedom verification [Heine&Lam PLDI 03], [Suenaga&Kobayashi APLAS 09], etc Ø Partial memory-leak freedom Ø Lack of illegal accesses n Our previous behavioral type system[tan&suenaga&igarashi PPL2015] Ø Total memory-leak freedom 27
28 Conclusion n Path-sensitive behavioral type: describes more information of the behavior of a program 28
29 Future work n Type inference algorithm for our extended type system n Experiments n Automated insertion of constantness annotation 29
A Behavioral Type System for Memory-Leak Freedom. Qi Tan, Kohei Suenaga, and Atsushi Igarashi Kyoto University
A Behavioral Type System for Memory-Leak Freedom Qi Tan, Kohei Suenaga, and Atsushi Igarashi Kyoto University Introduction n Memory leaks are very serious problems Ø Applications stop working Ø System
More informationA Behavioral Type System for Memory-Leak Freedom
A Behavioral Type System for Memory-Leak Freedom Qi Tan, Kohei Suenaga, and Atsushi Igarashi Department of Communications and Computer Engineering Graduate School of Informatics Kyoto University {tanki,ksuenaga,igarashi}@fos.kuis.kyoto-u.ac.jp
More informationHoare logic. A proof system for separation logic. Introduction. Separation logic
Introduction Hoare logic Lecture 6: Examples in separation logic In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing separation logic.
More informationProcesses as Types: A Generic Framework of Behavioral Type Systems for Concurrent Processes
Processes as Types: A Generic Framework of Behavioral Type Systems for Concurrent Processes Atsushi Igarashi (Kyoto Univ.) based on joint work [POPL2001, TCS2003] with Naoki Kobayashi (Tohoku Univ.) Programming
More information1 Introduction. 3 Syntax
CS 6110 S18 Lecture 19 Typed λ-calculus 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic semantics,
More informationStatic Program Analysis CS701
Static Program Analysis CS701 Thomas Reps [Based on notes taken by Aditya Venkataraman on Oct 6th, 2015] Abstract This lecture introduces the area of static program analysis. We introduce the topics to
More informationBinghamton University. CS-211 Fall Dynamic Memory
Dynamic Memory Static Memory Define variables when we write code When we write the code we decide What the type of the variable is How big array sizes will be etc. These cannot change when we run the code!
More informationCS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011
CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic
More informationIntegrating Arrays into the Heap-Hop program prover
Integrating Arrays into the Heap-Hop program prover Ioana Cristescu under the supervision of Jules Villard Queen Mary University of London 7 September 2011 1 / 29 Program verification using Heap-Hop Program
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More information1 Dynamic Memory continued: Memory Leaks
CS104: Data Structures and Object-Oriented Design (Fall 2013) September 3, 2013: Dynamic Memory, continued; A Refresher on Recursion Scribes: CS 104 Teaching Team Lecture Summary In this lecture, we continue
More informationA Certified Non-Interference Java Bytecode Verifier
1 A Certified Non-Interference Java Bytecode Verifier G. Barthe, D. Pichardie and T. Rezk, A Certified ightweight Non-Interference Java Bytecode Verifier, ESOP'07 2 Motivations 1: bytecode verification
More informationProgramming Languages Assignment #7
Programming Languages Assignment #7 December 2, 2007 1 Introduction This assignment has 20 points total. In this assignment, you will write a type-checker for the PolyMinML language (a language that is
More informationType Systems for Concurrent Programs
Type Systems for Concurrent Programs Naoki Kobayashi Tokyo Institute of Technology Type Systems for Programming Languages Guarantee partial correctness of programs fun fact (n) = if n=0 then 1 else n fact(n-1);
More informationMidterm 2 Solutions Many acceptable answers; one was the following: (defparameter g1
Midterm 2 Solutions 1. [20 points] Consider the language that consist of possibly empty lists of the identifier x enclosed by parentheses and separated by commas. The language includes { () (x) (x,x) (x,x,x)
More informationLast week. Data on the stack is allocated automatically when we do a function call, and removed when we return
Last week Data can be allocated on the stack or on the heap (aka dynamic memory) Data on the stack is allocated automatically when we do a function call, and removed when we return f() {... int table[len];...
More informationC Review. MaxMSP Developers Workshop Summer 2009 CNMAT
C Review MaxMSP Developers Workshop Summer 2009 CNMAT C Syntax Program control (loops, branches): Function calls Math: +, -, *, /, ++, -- Variables, types, structures, assignment Pointers and memory (***
More informationStatic Semantics. Lecture 15. (Notes by P. N. Hilfinger and R. Bodik) 2/29/08 Prof. Hilfinger, CS164 Lecture 15 1
Static Semantics Lecture 15 (Notes by P. N. Hilfinger and R. Bodik) 2/29/08 Prof. Hilfinger, CS164 Lecture 15 1 Current Status Lexical analysis Produces tokens Detects & eliminates illegal tokens Parsing
More informationA Context-Sensitive Memory Model for Verification of C/C++ Programs
A Context-Sensitive Memory Model for Verification of C/C++ Programs Arie Gurfinkel and Jorge A. Navas University of Waterloo and SRI International SAS 17, August 30th, 2017 Gurfinkel and Navas (UWaterloo/SRI)
More informationMore on Operational Semantics
More on Operational Semantics (Slides modified from those created by Xinyu Feng) 1 / 23 Outline Various formulations Extensions Going wrong Local variable declaration Heap Big-step operational semantics
More informationINITIALISING POINTER VARIABLES; DYNAMIC VARIABLES; OPERATIONS ON POINTERS
INITIALISING POINTER VARIABLES; DYNAMIC VARIABLES; OPERATIONS ON POINTERS Pages 792 to 800 Anna Rakitianskaia, University of Pretoria INITIALISING POINTER VARIABLES Pointer variables are declared by putting
More informationAn Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C
An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C Robbert Krebbers Radboud University Nijmegen January 22, 2014 @ POPL, San Diego, USA 1 / 16 What is this program supposed
More informationCompositional Software Model Checking
Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory October 18, 2002 Outline of talk program verification issues the semantic challenge programming languages the logical
More informationCOMP 507: Computer-Aided Program Design
Fall 2014 April 7, 2015 Goal: Correctness proofs Prove that an algorithm written in an imperative language is correct Induction for algorithmic correctness Induction for functional programs: The program
More informationCSC 1600 Memory Layout for Unix Processes"
CSC 16 Memory Layout for Unix Processes" 1 Lecture Goals" Behind the scenes of running a program" Code, executable, and process" Memory layout for UNIX processes, and relationship to C" : code and constant
More informationCS 11 C track: lecture 5
CS 11 C track: lecture 5 Last week: pointers This week: Pointer arithmetic Arrays and pointers Dynamic memory allocation The stack and the heap Pointers (from last week) Address: location where data stored
More informationStatic Error Detection using Semantic Inconsistency Inference
Static Error Detection using Semantic Inconsistency Inference Isil Dillig Thomas Dillig Alex Aiken Computer Science Department Stanford University {isil, tdillig, aiken}@cs.stanford.edu Abstract Inconsistency
More informationDynamic Allocation of Memory
Dynamic Allocation of Memory Lecture 4 Sections 10.9-10.10 Robb T. Koether Hampden-Sydney College Fri, Jan 25, 2013 Robb T. Koether (Hampden-Sydney College) Dynamic Allocation of Memory Fri, Jan 25, 2013
More informationAn Introduction to Heap Analysis. Pietro Ferrara. Chair of Programming Methodology ETH Zurich, Switzerland
An Introduction to Heap Analysis Pietro Ferrara Chair of Programming Methodology ETH Zurich, Switzerland Analisi e Verifica di Programmi Universita Ca Foscari, Venice, Italy Outline 1. Recall of numerical
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 4a Andrew Tolmach Portland State University 1994-2017 Semantics and Erroneous Programs Important part of language specification is distinguishing valid from
More informationIntroduction to Model Checking
Introduction to Model Checking René Thiemann Institute of Computer Science University of Innsbruck WS 2007/2008 RT (ICS @ UIBK) week 4 1/23 Outline Promela - Syntax and Intuitive Meaning Promela - Formal
More informationMutual Summaries: Unifying Program Comparison Techniques
Mutual Summaries: Unifying Program Comparison Techniques Chris Hawblitzel 1, Ming Kawaguchi 2, Shuvendu K. Lahiri 1, and Henrique Rebêlo 3 1 Microsoft Research, Redmond, WA, USA 2 University of California,
More informationStephen McLaughlin. From Uncertainty to Belief: Inferring the Specification Within
From Uncertainty to Belief: Inferring the Specification Within Overview Area: Program analysis and error checking / program specification Problem: Tools lack adequate specification. Good specifications
More informationhttps://lambda.mines.edu A pointer is a value that indicates location in memory. When we change the location the pointer points to, we say we assign the pointer a value. When we look at the data the pointer
More informationVariables. Substitution
Variables Elements of Programming Languages Lecture 4: Variables, binding and substitution James Cheney University of Edinburgh October 6, 2015 A variable is a symbol that can stand for another expression.
More informationCMSC 330: Organization of Programming Languages
CMSC 330: Organization of Programming Languages Memory Management and Garbage Collection CMSC 330 Spring 2017 1 Memory Attributes Memory to store data in programming languages has the following lifecycle
More informationFinding heap-bounds for hardware synthesis
Finding heap-bounds for hardware synthesis B. Cook + A. Gupta # S. Magill* A. Rybalchenko # J. Simsa* S. Singh + V. Vafeiadis + *CMU # MPI-SWS + MSR Coding hardware in advanced languages Use of advanced
More informationUndefinedness and Non-determinism in C
1 Undefinedness and Non-determinism in C Nabil M. Al-Rousan Nov. 21, 2018 @ UBC Based on slides from Robbert Krebbers Aarhus University, Denmark 2 What is this program supposed to do? The C quiz, question
More informationInterprocStack analyzer for recursive programs with finite-type and numerical variables
InterprocStack analyzer for recursive programs with finite-type and numerical variables Bertrand Jeannet Contents 1 Invoking InterprocStack 1 2 The Simple language 2 2.1 Syntax and informal semantics.........................
More informationOperational Semantics. One-Slide Summary. Lecture Outline
Operational Semantics #1 One-Slide Summary Operational semantics are a precise way of specifying how to evaluate a program. A formal semantics tells you what each expression means. Meaning depends on context:
More informationLecture 14. No in-class files today. Homework 7 (due on Wednesday) and Project 3 (due in 10 days) posted. Questions?
Lecture 14 No in-class files today. Homework 7 (due on Wednesday) and Project 3 (due in 10 days) posted. Questions? Friday, February 11 CS 215 Fundamentals of Programming II - Lecture 14 1 Outline Static
More informationProgramming Languages Lecture 15: Recursive Types & Subtyping
CSE 230: Winter 2008 Principles of Programming Languages Lecture 15: Recursive Types & Subtyping Ranjit Jhala UC San Diego News? Formalize first-order type systems Simple types (integers and booleans)
More informationTypes and Type Inference
CS 242 2012 Types and Type Inference Notes modified from John Mitchell and Kathleen Fisher Reading: Concepts in Programming Languages, Revised Chapter 6 - handout on Web!! Outline General discussion of
More informationFormal Systems II: Applications
Formal Systems II: Applications Functional Verification of Java Programs: Java Dynamic Logic Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State
More informationPointers, Dynamic Data, and Reference Types
Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation The new operator The delete operator Dynamic Memory Allocation for Arrays 1 C++ Data Types simple
More informationType-Based Analysis of Deadlock for a Concurrent Calculus with Interrupts
Type-Based Analysis of Deadlock for a Concurrent Calculus with Interrupts Kohei Suenaga 1 and Naoki Kobayashi 2 1 University of Tokyo 2 Tohoku University Abstract. The goal of our research project is to
More informationSample Problems for Quiz # 3
EE 1301 UMN Introduction to Computing Sstems Spring 2013 Sample Problems for Quiz # 3 1. Implementing XOR with AND gates Recall that the Eclusive-OR (XOR) function is 1 if an odd number of the inputs are
More informationQualifying Exam in Programming Languages and Compilers
Qualifying Exam in Programming Languages and Compilers University of Wisconsin Fall 1991 Instructions This exam contains nine questions, divided into two parts. All students taking the exam should answer
More informationWriting an Operating System with a Strictly Typed Assembly Language. Toshiyuki Maeda
Writing an Operating System with a Strictly Typed Assembly Language Toshiyuki Maeda Submitted to Department of Computer Science, Graduate School of Information Science and Technology, The University of
More informationData Structure Series
Data Structure Series This series is actually something I started back when I was part of the Sweet.Oblivion staff, but then some things happened and I was no longer able to complete it. So now, after
More informationCS1622. Semantic Analysis. The Compiler So Far. Lecture 15 Semantic Analysis. How to build symbol tables How to use them to find
CS1622 Lecture 15 Semantic Analysis CS 1622 Lecture 15 1 Semantic Analysis How to build symbol tables How to use them to find multiply-declared and undeclared variables. How to perform type checking CS
More informationSémantique des Langages de Programmation (SemLP) DM : Region Types
Sémantique des Langages de Programmation (SemLP) DM : Region Types I) Submission Submission Date : 21/05/2017 Submission Format : Submit a virtual machine (.ova) 1 with 1. an executable of the interpreter,
More informationSoftware Security: Vulnerability Analysis
Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants
More informationInduction and Semantics in Dafny
15-414 Lecture 11 1 Instructor: Matt Fredrikson Induction and Semantics in Dafny TA: Ryan Wagner Encoding the syntax of Imp Recall the abstract syntax of Imp: a AExp ::= n Z x Var a 1 + a 2 b BExp ::=
More information1. For every evaluation of a variable var, the variable is bound.
7 Types We ve seen how we can use interpreters to model the run-time behavior of programs. Now we d like to use the same technology to analyze or predict the behavior of programs without running them.
More informationRun-time Environments
Run-time Environments Status We have so far covered the front-end phases Lexical analysis Parsing Semantic analysis Next come the back-end phases Code generation Optimization Register allocation Instruction
More informationCS558 Programming Languages
CS558 Programming Languages Fall 2017 Lecture 3a Andrew Tolmach Portland State University 1994-2017 Binding, Scope, Storage Part of being a high-level language is letting the programmer name things: variables
More informationRun-time Environments
Run-time Environments Status We have so far covered the front-end phases Lexical analysis Parsing Semantic analysis Next come the back-end phases Code generation Optimization Register allocation Instruction
More informationCMSC 330: Organization of Programming Languages. Memory Management and Garbage Collection
CMSC 330: Organization of Programming Languages Memory Management and Garbage Collection CMSC330 Fall 2018 1 Memory Attributes Memory to store data in programming languages has the following lifecycle
More informationCMSC 330: Organization of Programming Languages
CMSC 330: Organization of Programming Languages Memory Management and Garbage Collection CMSC 330 - Spring 2013 1 Memory Attributes! Memory to store data in programming languages has the following lifecycle
More informationDynamic Allocation in C
Dynamic Allocation in C C Pointers and Arrays 1 The previous examples involved only targets that were declared as local variables. For serious development, we must also be able to create variables dynamically,
More informationMutable References. Chapter 1
Chapter 1 Mutable References In the (typed or untyped) λ-calculus, or in pure functional languages, a variable is immutable in that once bound to a value as the result of a substitution, its contents never
More informationLecture Note: Types. 1 Introduction 2. 2 Simple Types 3. 3 Type Soundness 6. 4 Recursive Types Subtyping 17
Jens Palsberg Sep 24, 1999 Contents Lecture Note: Types 1 Introduction 2 2 Simple Types 3 3 Type Soundness 6 4 Recursive Types 12 5 Subtyping 17 6 Decision Procedure for Subtyping 19 7 First-Order Unification
More informationTowards a Safe Partial Evaluation of Lazy Functional Logic Programs
WFLP 2007 Towards a Safe Partial Evaluation of Lazy Functional Logic Programs Sebastian Fischer 1 Department of Computer Science, University of Kiel Olshausenstr. 40, D-24098, Kiel, Germany Josep Silva
More informationWeek 9 Part 1. Kyle Dewey. Tuesday, August 28, 12
Week 9 Part 1 Kyle Dewey Overview Dynamic allocation continued Heap versus stack Memory-related bugs Exam #2 Dynamic Allocation Recall... Dynamic memory allocation allows us to request memory on the fly
More informationLecture Notes on Memory Management
Lecture Notes on Memory Management 15-122: Principles of Imperative Computation Frank Pfenning Lecture 21 April 5, 2011 1 Introduction Unlike C0 and other modern languages like Java, C#, or ML, C requires
More informationLecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference
Lecture #13: Type Inference and Unification Typing In the Language ML Examples from the language ML: fun map f [] = [] map f (a :: y) = (f a) :: (map f y) fun reduce f init [] = init reduce f init (a ::
More informationCOMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein
COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion
More informationMEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING Herbert Rocha, Raimundo Barreto,
More informationCS 330 Lecture 18. Symbol table. C scope rules. Declarations. Chapter 5 Louden Outline
CS 0 Lecture 8 Chapter 5 Louden Outline The symbol table Static scoping vs dynamic scoping Symbol table Dictionary associates names to attributes In general: hash tables, tree and lists (assignment ) can
More informationCSci 4061 Introduction to Operating Systems. Programs in C/Unix
CSci 4061 Introduction to Operating Systems Programs in C/Unix Today Basic C programming Follow on to recitation Structure of a C program A C program consists of a collection of C functions, structs, arrays,
More informationDynamic Data Structures. CSCI 112: Programming in C
Dynamic Data Structures CSCI 112: Programming in C 1 It s all about flexibility In the programs we ve made so far, the compiler knows at compile time exactly how much memory to allocate for each variable
More informationCS558 Programming Languages
CS558 Programming Languages Fall 2016 Lecture 3a Andrew Tolmach Portland State University 1994-2016 Formal Semantics Goal: rigorous and unambiguous definition in terms of a wellunderstood formalism (e.g.
More informationResource Usage Analysis
Resource Usage Analysis Atsushi Igarashi Department of Graphics and Computer Science Graduate School of Arts and Sciences University of Tokyo igarashi@graco.c.u-tokyo.ac.jp Naoki Kobayashi Department of
More informationLecture Outline. COOL operational semantics. Operational Semantics of Cool. Motivation. Lecture 13. Notation. The rules. Evaluation Rules So Far
Lecture Outline Operational Semantics of Cool Lecture 13 COOL operational semantics Motivation Notation The rules Prof. Aiken CS 143 Lecture 13 1 Prof. Aiken CS 143 Lecture 13 2 Motivation We must specify
More informationCommon Misunderstandings from Exam 1 Material
Common Misunderstandings from Exam 1 Material Kyle Dewey Stack and Heap Allocation with Pointers char c = c ; char* p1 = malloc(sizeof(char)); char** p2 = &p1; Where is c allocated? Where is p1 itself
More informationMemory and Addresses. Pointers in C. Memory is just a sequence of byte-sized storage devices.
Memory and Addresses Memory is just a sequence of byte-sized storage devices. 1 The bytes are assigned numeric addresses, starting with zero, just like the indexing of the cells of an array. It is the
More informationProgramming Languages
CSE 230: Winter 2008 Principles of Programming Languages Ocaml/HW #3 Q-A Session Push deadline = Mar 10 Session Mon 3pm? Lecture 15: Type Systems Ranjit Jhala UC San Diego Why Typed Languages? Development
More informationModular Heap Abstraction-Based Memory Leak Detection for Heap-Manipulating Programs
Modular Heap Abstraction-Based Memory Leak Detection for Heap-Manipulating Programs Longming Dong Ji Wang Liqian Chen National University of Defense Technology, Changsha, China 05/12/2012 APSEC 2012 L
More informationShared Variables and Interference
Illinois Institute of Technology Lecture 24 Shared Variables and Interference CS 536: Science of Programming, Spring 2018 A. Why Parallel programs can coordinate their work using shared variables, but
More informationHeap Arrays and Linked Lists. Steven R. Bagley
Heap Arrays and Linked Lists Steven R. Bagley Recap Data is stored in variables Can be accessed by the variable name Or in an array, accessed by name and index Variables and arrays have a type Create our
More informationTypes. Type checking. Why Do We Need Type Systems? Types and Operations. What is a type? Consensus
Types Type checking What is a type? The notion varies from language to language Consensus A set of values A set of operations on those values Classes are one instantiation of the modern notion of type
More informationSemantics and Verification of Software
Semantics and Verification of Software Thomas Noll Software Modeling and Verification Group RWTH Aachen University http://moves.rwth-aachen.de/teaching/ws-1718/sv-sw/ Recap: Operational Semantics of Blocks
More informationStatic Analysis. Xiangyu Zhang
Static Analysis Xiangyu Zhang Intuition Instead of concretely executing the program, let s statically execute/traverse it Instead of producing concrete execution states, let s have abstract state related
More informationλ calculus is inconsistent
Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles
More informationPrinciples of Programming Languages
Principles of Programming Languages Lesson 14 Type Checking Collaboration and Management Dana Fisman www.cs.bgu.ac.il/~ppl172 1 Type Checking We return to the issue of type safety we discussed informally,
More informationLecture 07 Debugging Programs with GDB
Lecture 07 Debugging Programs with GDB In this lecture What is debugging Most Common Type of errors Process of debugging Examples Further readings Exercises What is Debugging Debugging is the process of
More informationLimitations of the stack
The heap hic 1 Limitations of the stack int *table_of(int num, int len) { int table[len+1]; for (int i=0; i
More informationDynamic Allocation of Memory
Dynamic Allocation of Memory Lecture 5 Section 9.8 Robb T. Koether Hampden-Sydney College Wed, Jan 24, 2018 Robb T. Koether (Hampden-Sydney College) Dynamic Allocation of Memory Wed, Jan 24, 2018 1 / 34
More informationRegion-Based Memory Management in Cyclone
Region-Based Memory Management in Cyclone Dan Grossman Cornell University June 2002 Joint work with: Greg Morrisett, Trevor Jim (AT&T), Michael Hicks, James Cheney, Yanling Wang Cyclone A safe C-level
More informationIntermediate Programming, Spring 2017*
600.120 Intermediate Programming, Spring 2017* Misha Kazhdan *Much of the code in these examples is not commented because it would otherwise not fit on the slides. This is bad coding practice in general
More informationLecture #23: Conversion and Type Inference
Lecture #23: Conversion and Type Inference Administrivia. Due date for Project #2 moved to midnight tonight. Midterm mean 20, median 21 (my expectation: 17.5). Last modified: Fri Oct 20 10:46:40 2006 CS164:
More informationCS4120/4121/5120/5121 Spring 2018 Xi Type System Specification Cornell University Version of February 18, 2018
CS4120/4121/5120/5121 Spring 2018 Xi Type System Specification Cornell University Version of February 18, 2018 0 Changes 2/16: Added typing rule for empty blocks 1 Types The Xi type system uses a somewhat
More informationStatic Analysis of List-Manipulating Programs via Bit-Vectors and Numerical Abstractions
Static Analysis of List-Manipulating Programs via Bit-Vectors and Numerical Abstractions Liqian Chen 1,2 Renjian Li 1 Xueguang Wu 1 Ji Wang 1 1 National University of Defense Technology, Changsha, China
More informationBounded Model Checking Of C Programs: CBMC Tool Overview
Workshop on Formal Verification and Analysis Tools, CFDVS, IIT-Bombay - Feb 21,2017 Bounded Model Checking Of C Programs: CBMC Tool Overview Prateek Saxena CBMC Developed and Maintained by Dr Daniel Kröning
More informationthe gamedesigninitiative at cornell university Lecture 9 Memory Management
Lecture 9 Gaming Memory Constraints Redux Wii-U Playstation 4 2GB of RAM 1GB dedicated to OS Shared with GPGPU 8GB of RAM Shared GPU, 8-core CPU OS footprint unknown 2 Two Main Concerns with Memory Getting
More informationCompilation 2012 Static Type Checking
Compilation 2012 Jan Midtgaard Michael I. Schwartzbach Aarhus University The Type Checker The type checker has several tasks: determine the types of all expressions check that values and variables are
More informationIn Java we have the keyword null, which is the value of an uninitialized reference type
+ More on Pointers + Null pointers In Java we have the keyword null, which is the value of an uninitialized reference type In C we sometimes use NULL, but its just a macro for the integer 0 Pointers are
More informationConversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";
Lecture #23: Conversion and Type Inference Administrivia. Due date for Project #2 moved to midnight tonight. Midterm mean 20, median 21 (my expectation: 17.5). In Java, this is legal: Object x = "Hello";
More informationHoare logic. WHILE p, a language with pointers. Introduction. Syntax of WHILE p. Lecture 5: Introduction to separation logic
Introduction Hoare logic Lecture 5: Introduction to separation logic In the previous lectures, we have considered a language, WHILE, where mutability only concerned program variables. Jean Pichon-Pharabod
More information