Validation and Correctness Proofs of Accessibility Information

Transcription

1 Validation and Correctness Proofs of Accessibility Information Joonwon Choi with SPARROWBERRY team ROPAS Show & Tell 09/07/2013 1

2 Contents Recall: The big picture of the validator Accessibility Validation Accessibility Information and Its Usage Relationship between two validations 2

3 Big Picture Old version: from the previous S&T slide Input Program SPARROW Pre-analysis Result Accessed locations Pre-analysis Validator SPARROWBERRY Localized Analysis Result Input Program Main Analysis Validator Validated accessed locations Yes or No 3

4 Big Picture Current version Input Program SPARROW Accessed locations Call Information Pre-analysis Validator SPARROWBERRY Localized Analysis Result Input Program Main Analysis Validator Validated pre-analysis information Yes or No 4

5 Today s Goal Validation of the accessibility information and its usage. What do we validate with given arguments: accessed locations and call information? What are the components of the validated pre-analysis information? Input Program SPARROW Accessed locations Call information Pre-analysis Validator Validated pre-analysis information 5

6 Accessibility Validation Inputs Accessed locations : a finite map from function id to the finite set of abstract locations A :fid fin! 2ˆL Call information : a finite map from function id to the finite set of (fid, bid) s C :fid fin! 2 fid bid 6

7 Accessibility Validation Validation of accessed locations Do accessed locations contain necessary locations for executing each instructions? Syntactic check. f(...) { x := y loc(x), loc(y) 2 A(f)? 7

8 Accessibility Validation Validation of accessed locations Syntactic check...? NO, we need a state to calculate necessary locations. What state? f(...) { x := y loc(x), loc(y) 2 A(f)? 8

9 Accessibility Validation Validation of call information Do call information contain all calls of the program? Syntactic check. f(...) { nth block g(...); (f,n) 2 C(g)? 9

10 Accessibility Information What do we want to get from the validation? From the validated accessed locations Localization! A memory m is localized w.r.t. the function f and the set of locations l if... 8m 0 2 ˆM, f(m t l m 0 ) f(m) t l m 0 where the restrict-join operator below. t l is defined as m t l m 0, m l t m\ l 10

11 Accessibility Information What do we want to get from the validation? From the validated accessed locations For the state s used to validate accessed locations and all program points c, we can prove following property: s(c) is localized w.r.t. the corresponding abstract semantic function and the accessed locations of f. 8c 2 C, 8m 0 2 ˆM, ˆfc (s(c) t A(f) m 0 ) ˆf c (s(c)) t A(f) m 0 11

12 Accessibility Information What do we want to get from the validation? For the call information : we will use it as it is. 12

13 Accessibility Information Summary validation main analysis result want Is the result approximates the concrete execution? pre-analysis result 1) accessed locations 2) call information 1) localized property 2) call information, as it is 13

14 Usage of the Accessibility Big picture of the whole proof, revisited. 4. approximation 3. postfix preservation 2. postfix preservation F ˆF1cfa ˆF1cfa,l ˆFl 1. postfix validation 14

15 Usage of the Accessibility Usage of call information 4. approximation 3. postfix preservation callinfo 2. postfix preservation F ˆF1cfa ˆF1cfa,l ˆFl callinfo Call information is used to define the semantics for exit nodes. 1. postfix validation 15

16 Usage of the Accessibility Usage of accessed locations 4. approximation localized? 3. postfix preservation 2. postfix preservation F ˆF1cfa ˆF1cfa,l ˆFl acclocs Accessed locations are used to define the semantics for call node. localized property is used to prove the postfix preservation. 1. postfix validation 16

17 Two Validation Results Remained question: what state should be substituted for the proof? Used at the validation of accessed locations. Used to represent the localized property. Our claim (not proved yet): we can take the main analysis result as an input for accessibility validation. 17

18 Two Validation Results Why don t you use the pre-analysis result as an input? In this case, we can t prove the postfix preservation since we have no facts about the relationship between the preanalysis result and the main analysis result. 18

19 Two Validation Results Why don t you use the pre-analysis result as an input? unlocalized l3??? x := 1 localized l1... l2??? concrete execution x -> l1 accessed locations of x : {l1, l2} main analysis result : x -> {l1, l3} l1 1 l2??? 19

20 Two Validation Results But it looks a little strange... Accessibility validation takes unvalidated main analysis result as an input. Main validation takes accessibility information validated with unvalidated main analysis result as an input.??? 20

21 Two Validation Results My expectation : because two validations use the same state, we can regard two validations as one merged validation on the state. Main Validation Input : the state the state accessibility validation w.r.t. the state 21

22 Conclusion Accessibility validation and information help us prove the correctness of access-based localization. Various forms of accessibility information are required to prove the correctness. We expect to finish the proof with the structures and the designs mentioned at previous slides. If we finish the proof on this toy version, all we need to do is just extending the syntax. 22