An Introduction to Heap Analysis. Pietro Ferrara. Chair of Programming Methodology ETH Zurich, Switzerland
|
|
- Aleesha Atkins
- 5 years ago
- Views:
Transcription
1 An Introduction to Heap Analysis Pietro Ferrara Chair of Programming Methodology ETH Zurich, Switzerland Analisi e Verifica di Programmi Universita Ca Foscari, Venice, Italy
2 Outline 1. Recall of numerical domains 2. Extended language with references 3. Concrete semantics 4. Abstract semantics 5. Abstract domains 1. Top domain 2. Program point-bounded references 3. Shape analysis
3 Syntax
4 Concrete and Abstract Domain Concrete domain: Abstract non-relational domain:
5 Non-Relational Domains A non-relational domain has to provide: > Operators on lattices Partial ordering Upper and lower bound Top and bottom elements > Abstraction and concretization functions > > >
6 Summary on Non-Relational Domains Many different domains: > Sign > Parity > Congruences > Integers > Intervals Work directly on values Evaluation of expressions and conditions No relational information!
7 Summary on Relational Domains Generic state > We do not have anymore an environment! A relational domain has to provide: > Operators on lattices Partial ordering Upper and lower bound Top and bottom elements > Abstraction and concretization functions > >
8 Outline 1. Recall of numerical domains 2. Extended language with references 3. Concrete semantics 4. Abstract semantics 5. Abstract domains 1. Top domain 2. Program point-bounded references 3. Shape analysis
9 Extended language We extend the language to support references > Dynamic allocation of memory > Dereferencing pointers We can have > Integer variables > Pointers to integers variables > Pointers to pointers to We do not consider arithmetic of pointers
10 Syntax
11 Syntax
12 Syntax
13 Outline 1. Recall of numerical domains 2. Extended language with references 3. Concrete semantics 4. Abstract semantics 5. Abstract domains 1. Top domain 2. Program point-bounded references 3. Shape analysis
14 Previously Concrete domain > environment that relats variables to values Runtime behaviors described by: > Set of environments > Lattice with set operators:
15 Naïve extension Trivial extension of this domain > Variables can be Integers values Pointers Let s define pointers as variables > [x -> y] means that x points to y Formally
16 Counterexample This approach is not expressive enough! x = allocint; The pointer created by allocint was not previously assigned to a variable > Imagine it as the creation of a new object We do not have a way to represent it We need something more!
17 Environment and Store Common approach in programming languages: > Environment Local variables related to addresses > Heap Addresses related to values
18 More Expressive Languages For our language such domain is enough But what about objects? > State of an object Environment! It relates variables (fields!) to values (integers or pointers to other objects)
19 class A { int node= ; A next=null; } An example Variable Value head #1 Address Value #1 head #2 next null #2 5 A head=new A(5); head.next=new A(4); Variable head #1 Value Address Value #1 head #2 next #3 #2 5 #3 head #4 next null #4 4
20 Our approach It is enough for our simple language For many statements, same semantics > Concatenation, if, while > Arithmetic operations > Evaluation of conditions
21 Statements We have to (re)define the semantics of
22 Old expressions
23 New expressions
24 Statements
25 An example int* it=allocint; *it=1; int sum=0; Variable Value it #1 Variable Value it #1 Variable Value it #1 sum #2 Address Value #1? Address Value #1 1 Address Value #1 1 #2 0 while(sum<2) { } sum=sum+*it; Variable Value it #1 sum #2 Address #1 1 #2 12 Value
26 Summary We distinguish between actions > on pointers > on numerical values Abstract domains on > Numerical information Sign Intervals > Heap structure Todo now!
27 Outline 1. Recall of numerical domains 2. Extended language with references 3. Concrete semantics 4. Abstract semantics 5. Abstract domains 1. Top domain 2. Program point-bounded references 3. Shape analysis
28 Approach The core is how to abstract the heap: > Variables points to something on it Previously we had > In fact, we did not have pointers and store Let us be generic w.r.t. what an identifiers of the heap can be
29 Heap We suppose that an abstraction of the heap is provided, that is, we have For numerical domains, we had > Similar approach! Now we investigate what semantics primitives we need > Like eval_const, eval_arithm, etc
30 Statements
31 Old expressions Values are stored in the heap We do not know what is the abstract heap We need a primitive that defines it!
32 New expressions
33 Statements
34 Summary The heap analysis has to provide: > returns a new abstract heap id > returns the numerical value related to a heap identifier > assigns the evaluation of a numerical expression to an heap identifier Mmm something is wrong here! > We have not to consider numerical values!!!
35 Numerical Relational Domains A relational domain has to provide: > Operators on lattices > Abstraction and concretization functions > >
36 Numerical Values
37 Approach In expressions: > replace variables with (abstract) pointers Relational numerical domain: > track relations on abstract pointers instead of variables! Combination of > Heap analysis symbolically represents references > Numerical domains track numerical information
38 Arithmetic Expressions We replace variables with heap ids > through the environment We pass such expression to We do not need and We simply deals with and
39 Statements
40 New expressions
41 Statements corresponds to replaced with where we
42 Summary The heap analysis provides: > Heap identifiers Lattice structure! > An internal state > Lattice structure A numerical relational domain provides > Lattice structure > and
43 Example int x=0, y=1, z=2; x=&y; z=&y; while(x>0) y--; return z; Environment x y z Heap analysis Numerical domain We return [0..0]
44 Too easy! The situation is more complex: > Rough evaluation of boolean conditions A variable may point to different references? int x=0, y=1; if(random>0.5) x=&y Environment x y Heap analysis Numerical domain
45 Heap identifiers An heap id is no more a single element > Set of elements! Issue: > If we assign a variable pointing to many addresses, what happens? Weak updates: lub between the previous value and the assigned one We preserve the soundness! We introduce approximation!
46 In the concrete 0.6! int x=0, y=1; if(random>0.5) x=&y x++; true Environment x y Heap analysis Numerical domain
47 In the concrete 0.1! int x=0, y=1; if(random>0.5) x=&y x++; false Environment x y Heap analysis Numerical domain
48 In the abstract? int x=0, y=1; if(random>0.5) x=&y x++; Environment x y Heap analysis Numerical domain
49 Final state Concrete x y 1 2 x y Abstract x y
50 Heap analysis Nodes > the state of the heap represented by a graph Environment > Part of the heap analysis More complex data structures like lists > edges between nodes while(head!=null) head=head.next head next 1 2 next 3 next 4
51 Simple language Nodes > No edges between nodes > Only edges from variables to nodes Heap identifiers > Set of nodes > Lattice operators: set operators! Internal states > Set of nodes (references) > Lattice operators: set operators!
52 Are you sure??? The end As always, things are much more complex Let s start with a naïve solution: > Nodes identified by an integer number > Counter incremented each time we allocated a new integer As in the concrete context it should not work
53 Allocation inside while loop x int x= ; while(random>0.5) x=allocint; x Unbounded number of nodes > Lattice using set operators of infinite height > The analysis may not converge!
54 Outline 1. Recall of numerical domains 2. Extended language with references 3. Concrete semantics 4. Abstract semantics 5. Abstract domains 1. Top domain 2. Program point-bounded references 3. Shape analysis
55 Top domain Let s start with a simple domain > The top domain > approximates all the concrete references! > Lattice structure is trivial: Upper bound: Lower bound: Top: Bottom: Partial order: true > Semantics:
56 Abstraction and concretization
57 Abstraction and concretization #77 #12 #43 #03
58 Concretization and abstraction #77 #12 #43 #03
59 Allocation of memory #77 allocint #12 #98 #43
60 A (counter)example int x=0, y=1; if(random>0.5) x=&y x++; Environment x y Heap analysis Numerical domain r r At the end, x and y may be both 1! > Not sound Why? > r represents many concrete references! > We have to perform weak updates!
61 Weak vs. strong updates Concrete semantics of assignments: (Unsound) Abstract semantics: Note: unsound iff x is an heap identifier!
62 (wrong) Assignments with heap id
63 Summary nodes What happens if? > > > Environment: > Initial state: > Result
64 Concrete and Abstract x=0 Not sound!!! x=0
65 Weak vs. Strong updates Weak updates: > assign lub(old value, assigned value) Strong updates: > Assign exactly the assigned value We can perform strong updates iff > The assigned variable points to one heap id > The id represents one concrete reference Otherwise we are unsound!
66 int x=0, y=1; if(random>0.5) x=&y x++; An example Environment x y Heap analysis Numerical domain At the end, x and y may be > both 1 > both 2 > Sound! > but rough (they are never 0!) r r
67 Outline 1. Recall of numerical domains 2. Extended language with references 3. Concrete semantics 4. Abstract semantics 5. Abstract domains 1. Top domain 2. Program point-bounded references 3. Shape analysis
68 Program point-bounded reference Intuition: > Approximate together all the concrete references allocated by the same statement > Abstract reference: the program point of the statement Inside a loop or a recursive procedure: > One abstract -> many concrete > Important to track it for weak updates
69 Approximation: Heap identifiers > Different executions may assign references allocated by different statements To the same variable Heap identifiers > sets of abstract references Lattice operators: > Common set operators
70 Lattice structure. {(l2,c4),(l1,c3),(l3,c2)}... {(l2,c4),(l1,c3)} {(l1,c3),(l3,c2)}. {(l2,c4)} {(l1,c3)} {(l3,c2)}.
71 Abstraction and concretization
72 Abstraction and concretization
73 Abstraction and concretization #77 #12 #43 #03 1: void main(string[] args) { 2: int a=allocint; 3: }
74 Abstraction and concretization #77 1: void main(string[] args) { 2: int a; 3: if(random>0.5) 4: a=allocint; 5: else a=allocint; 6: } #12 #43 #03
75 Abstraction and concretization #77 #12 #43 #03 1: void main(string[] args) { 2: int a; 3: while(random>0.5) 4: a=allocint; 5: }
76 Allocation of memory #77 #12 #43 #03 1: void main(string[] args) { 2: int a=allocint; 3: }
77 Allocation of memory #77 #12 #43 #03 1: void main(string[] args) { 2: int a; 3: while(random>0.5) 4: a=allocint; 5: }
78 An example 1: int x=0, 2: y=1; 3: if(random>0.5) 4: x=&y; 5: x++; Environment x y Environment x y Heap analysis Numerical domain l1 l2 l1 l2 Heap analysis r Numerical domain r
79 Another example 1: while(random>0.5) { 2: x=allocint 3: x=0 4: } 5: x++; Environment Heap analysis x l2 Sound! Numerical domain but rough (x cannot be 0 at the end!) l2
80 Recall: Weak vs. Strong updates > We can perform strong updates iff The assigned variable points to one heap id The heap id represents one concrete reference We require that: > heap id composed by one abstract element > The reference is not allocated inside a loop If we do not have method calls! > Otherwise, different calls to the same method > Track if a method is recursive
81 Refining the analysis Create more abstract references > that represent one concrete reference > Increase the precision > Increase the complexity For instance, > Number of iteration of the while loop (pp, i): i-th iteration of the loop Require a widening operator, infinite references! > Stack of the called method
82 Limits Serious limits with data structures > Complex relations between data > More complex properties Acyclic list Trees Etc.. > Abstract reference bounded to program point Not enough > Need to track relations between heap nodes Something like relational numerical domains
83 An example 1: List list=new List(); 2: List it=list; 3: while(random>0.5) { 4: it.next=new List(); 5: it=it.next; 6: } class List { int node=0; List next=null; } Environment list it Heap analysis l2 next l4
84 An example 1: List list=new List(); 2: List it=list; 3: while(random>0.5) { 4: it.next=new List(); 5: it=it.next; 6: } Environment list it Heap analysis l2 next l4 next class List { int node=0; List next=null; } list may be cyclic it may not point to the last cell
85 An example - Concretization Environment list it Heap analysis l2 next l4 next list it list it list next it #1 next #2 #1 next #2 next #3 #1 next #2 next #3
86 Outline 1. Recall of numerical domains 2. Extended language with references 3. Concrete semantics 4. Abstract semantics 5. Abstract domains 1. Program point-bounded references 2. Shape analysis
87 Shape analysis Main trend in the field of static analysis Developed mostly by Mooly Sagiv & al. > Started in 1995 > Still ongoing research efforts Many case studies and applications Strong practical interest Huge literature on the topic Mooly Sagiv, Thomas W. Reps, Reinhard Wilhelm: Solving Shape- Analysis Problems in Languages with Destructive Updating ACM Trans. Program. Lang. Syst. 20(1): 1-50 (1998)
88 Intuition Describe the shape of the concrete heaps > Concrete heaps: potentially unbounded > Abstract heaps: bounded a-priori One abstract node many concrete references As in the previous approach! More flexible > Materialization > Explicit representation of sharing Focused on lists > But still approximated!
89 Shape graphs Concrete shape graph #1 #2 #3 #4 > Represented by cons-cells > Potentially unbounded n{x} nφ Abstract shape graphs > nφ : summary nodes
90 Approach n{x} nφ list Until here, it is not more refined nor really different > Now: Nodes bounded to variables > Before: Nodes bounded to program points > No difference between cyclic and acyclic lists > Still using summary nodes l2 next l4 next
91 First refinement: Sharing > Track an is-shared predicate on each node > means that all the cells represented by a node n are distinct That is, there is not sharing > The length of the list is abstracted away but in this way the analysis terminates! So we know something more > But how is this used?
92 Materialization without sharing Access the next element > Summary node > Materialize a new single node ad hoc Unsound! Precisely track nodes pointed by variables > Always single nodes! > More precise than the previous approach Sharing information is essential x=x.next n{x,y} nφ n{y} n{x} nφ
93 Materialization with sharing Unshared summary node > x=x.next n{x,y} nφ n{y} n{x} nφ Shared summary node > x=x.next n{x,y} nφ n{y} n{x} nφ
94 Problem > Identifiers of nodes Renaming variables that point to them > What happens if we assign an existing node to an existing variable? Node x=y; n{y} n{x,y} Renaming of the node
95 Another problem: Liquidization > If the assigned variable point to something? n{x} x=y; n{?} n{y} n{x,y} n{y} n{x} nφ x=y; n{x,y} n{?} nφ Garbage collection or liquidization
96 An example 1: List list=new List(); 2: List it=list; 3: while(random>0.5) { 4: it.next=new List(); 5: it=it.next; 6: } class List { int node=0; List next=null; } list it n{list} n{list,it} n{it} n{?}
97 An example 1: List list=new List(); 2: List it=list; 3: while(random>0.5) { 4: it.next=new List(); 5: it=it.next; 6: } class List { int node=0; List next=null; } list n{list} n{it} n{?} nφ n{it} n{?} it
98 An example - Concretization list it list it n{list} nφ n{it} l2 next l4 next list it list it list next it #1 next #2 #1 next #2 next #3 #1 next #2 next #3
99 Conclusion on shape analysis Shape analysis improves the precision > But it is not the final solution > Shape analysis appeared 13 years ago > Many improvements in the meanwhile > New improvements appear each year Not easy to infer information > Automatically > Efficiently > Precisely
100 We have Conclusion > extended the language with references > formalized concrete and abstract semantics > presented several heap analyses Reasoning on heap analysis > without taking into account numerical issues Quite similar to numerical domains > Different levels of precision and efficiency > Non-relational and relational information
101 Conclusion We can reason separately on > Numerical domains > Heap analyses Different plugins of the same analysis > Different levels of complexity efficiency Generic analyzers plugged with different > numerical domains > heap analyses > properties > etc
Static Program Analysis CS701
Static Program Analysis CS701 Thomas Reps [Based on notes taken by Aditya Venkataraman on Oct 6th, 2015] Abstract This lecture introduces the area of static program analysis. We introduce the topics to
More informationPietro Ferrara and Peter Müller
Inference of Fractional, Counting and Chalice Access Permissions via Abstract Interpretation Pietro Ferrara and Peter Müller ETH Zurich Switzerland Universidad Complutense de Madrid, Spain Access permissions
More informationAdvanced Programming Methods. Introduction in program analysis
Advanced Programming Methods Introduction in program analysis What is Program Analysis? Very broad topic, but generally speaking, automated analysis of program behavior Program analysis is about developing
More informationTVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS*
TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS* Tal Lev-Ami, Roman Manevich, and Mooly Sagiv Tel Aviv University {tla@trivnet.com, {rumster,msagiv}@post.tau.ac.il} Abstract TVLA (Three-Valued-Logic
More informationNews and information! Review: Java Programs! Feedback after Lecture 2! Dead-lines for the first two lab assignment have been posted.!
True object-oriented programming: Dynamic Objects Reference Variables D0010E Object-Oriented Programming and Design Lecture 3 Static Object-Oriented Programming UML" knows-about Eckel: 30-31, 41-46, 107-111,
More informationA Gentle Introduction to Program Analysis
A Gentle Introduction to Program Analysis Işıl Dillig University of Texas, Austin January 21, 2014 Programming Languages Mentoring Workshop 1 / 24 What is Program Analysis? Very broad topic, but generally
More informationLecture 3. Lecture
True Object-Oriented programming: Dynamic Objects Static Object-Oriented Programming Reference Variables Eckel: 30-31, 41-46, 107-111, 114-115 Riley: 5.1, 5.2 D0010E Object-Oriented Programming and Design
More informationStatic Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security
Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2014 Outline Overview Syntactic Analysis Abstract
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Recap: Static Data Structures Outline of Lecture 18 Recap:
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-18/spa/ Preliminaries Outline of Lecture 1 Preliminaries Introduction
More informationLecture Notes on Memory Layout
Lecture Notes on Memory Layout 15-122: Principles of Imperative Computation Frank Pfenning André Platzer Lecture 11 1 Introduction In order to understand how programs work, we can consider the functions,
More informationHoare logic. WHILE p, a language with pointers. Introduction. Syntax of WHILE p. Lecture 5: Introduction to separation logic
Introduction Hoare logic Lecture 5: Introduction to separation logic In the previous lectures, we have considered a language, WHILE, where mutability only concerned program variables. Jean Pichon-Pharabod
More informationHoare logic. Lecture 5: Introduction to separation logic. Jean Pichon-Pharabod University of Cambridge. CST Part II 2017/18
Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction In the previous lectures, we have considered a language, WHILE, where
More informationCS 270 Algorithms. Oliver Kullmann. Binary search. Lists. Background: Pointers. Trees. Implementing rooted trees. Tutorial
Week 7 General remarks Arrays, lists, pointers and 1 2 3 We conclude elementary data structures by discussing and implementing arrays, lists, and trees. Background information on pointers is provided (for
More informationOperational Semantics. One-Slide Summary. Lecture Outline
Operational Semantics #1 One-Slide Summary Operational semantics are a precise way of specifying how to evaluate a program. A formal semantics tells you what each expression means. Meaning depends on context:
More informationAnalysis of Pointers and Structures
RETROSPECTIVE: Analysis of Pointers and Structures David Chase, Mark Wegman, and Ken Zadeck chase@naturalbridge.com, zadeck@naturalbridge.com, wegman@us.ibm.com Historically our paper was important because
More informationCA31-1K DIS. Pointers. TA: You Lu
CA31-1K DIS Pointers TA: You Lu Pointers Recall that while we think of variables by their names like: int numbers; Computer likes to think of variables by their memory address: 0012FED4 A pointer is a
More informationG Programming Languages - Fall 2012
G22.2110-003 Programming Languages - Fall 2012 Lecture 4 Thomas Wies New York University Review Last week Control Structures Selection Loops Adding Invariants Outline Subprograms Calling Sequences Parameter
More informationCS 430 Spring Mike Lam, Professor. Data Types and Type Checking
CS 430 Spring 2015 Mike Lam, Professor Data Types and Type Checking Type Systems Type system Rules about valid types, type compatibility, and how data values can be used Benefits of a robust type system
More information[0569] p 0318 garbage
A Pointer is a variable which contains the address of another variable. Declaration syntax: Pointer_type *pointer_name; This declaration will create a pointer of the pointer_name which will point to the
More informationLecture Notes on Garbage Collection
Lecture Notes on Garbage Collection 15-411: Compiler Design André Platzer Lecture 20 1 Introduction In the previous lectures we have considered a programming language C0 with pointers and memory and array
More informationOperational Semantics 1 / 13
Operational Semantics 1 / 13 Outline What is semantics? Operational Semantics What is semantics? 2 / 13 What is the meaning of a program? Recall: aspects of a language syntax: the structure of its programs
More informationSYSC 2006 C Winter 2012
SYSC 2006 C Winter 2012 Pointers and Arrays Copyright D. Bailey, Systems and Computer Engineering, Carleton University updated Sept. 21, 2011, Oct.18, 2011,Oct. 28, 2011, Feb. 25, 2011 Memory Organization
More informationObject-oriented programming. and data-structures CS/ENGRD 2110 SUMMER 2018
Object-oriented programming 1 and data-structures CS/ENGRD 2110 SUMMER 2018 Lecture 1: Types and Control Flow http://courses.cs.cornell.edu/cs2110/2018su Lecture 1 Outline 2 Languages Overview Imperative
More informationFunctional Programming. Pure Functional Programming
Functional Programming Pure Functional Programming Computation is largely performed by applying functions to values. The value of an expression depends only on the values of its sub-expressions (if any).
More informationCONTENTS: Array Usage Multi-Dimensional Arrays Reference Types. COMP-202 Unit 6: Arrays
CONTENTS: Array Usage Multi-Dimensional Arrays Reference Types COMP-202 Unit 6: Arrays Introduction (1) Suppose you want to write a program that asks the user to enter the numeric final grades of 350 COMP-202
More informationCOMP-202. Recursion. COMP Recursion, 2011 Jörg Kienzle and others
COMP-202 Recursion Recursion Recursive Definitions Run-time Stacks Recursive Programming Recursion vs. Iteration Indirect Recursion Lecture Outline 2 Recursive Definitions (1) A recursive definition is
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationAutomatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
More informationLecture Outline. COOL operational semantics. Operational Semantics of Cool. Motivation. Notation. The rules. Evaluation Rules So Far.
Lecture Outline Operational Semantics of Cool COOL operational semantics Motivation Adapted from Lectures by Profs. Alex Aiken and George Necula (UCB) Notation The rules CS781(Prasad) L24CG 1 CS781(Prasad)
More informationProgram Analysis and Verification
Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 12: Interprocedural Analysis + Numerical Analysis Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav 1 Procedural program void main()
More informationNote that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.
CS 6110 S18 Lecture 8 Structural Operational Semantics and IMP Today we introduce a very simple imperative language, IMP, along with two systems of rules for evaluation called small-step and big-step semantics.
More informationLoops. CSE 114, Computer Science 1 Stony Brook University
Loops CSE 114, Computer Science 1 Stony Brook University http://www.cs.stonybrook.edu/~cse114 1 Motivation Suppose that you need to print a string (e.g., "Welcome to Java!") a user-defined times N: N?
More informationOperational Semantics of Cool
Operational Semantics of Cool Key Concepts semantics: the meaning of a program, what does program do? how the code is executed? operational semantics: high level code generation steps of calculating values
More informationCMSC 330: Organization of Programming Languages. OCaml Imperative Programming
CMSC 330: Organization of Programming Languages OCaml Imperative Programming CMSC330 Spring 2018 1 So Far, Only Functional Programming We haven t given you any way so far to change something in memory
More informationProgramming Languages Lecture 15: Recursive Types & Subtyping
CSE 230: Winter 2008 Principles of Programming Languages Lecture 15: Recursive Types & Subtyping Ranjit Jhala UC San Diego News? Formalize first-order type systems Simple types (integers and booleans)
More informationCS 330 Lecture 18. Symbol table. C scope rules. Declarations. Chapter 5 Louden Outline
CS 0 Lecture 8 Chapter 5 Louden Outline The symbol table Static scoping vs dynamic scoping Symbol table Dictionary associates names to attributes In general: hash tables, tree and lists (assignment ) can
More informationCITS3211 FUNCTIONAL PROGRAMMING. 14. Graph reduction
CITS3211 FUNCTIONAL PROGRAMMING 14. Graph reduction Summary: This lecture discusses graph reduction, which is the basis of the most common compilation technique for lazy functional languages. CITS3211
More information2. Reachability in garbage collection is just an approximation of garbage.
symbol tables were on the first exam of this particular year's exam. We did not discuss register allocation in this This exam has questions from previous CISC 471/672. particular year. Not all questions
More informationHierarchical Pointer Analysis for Distributed Programs
Hierarchical Pointer Analysis for Distributed Programs Amir Kamil Computer Science Division, University of California, Berkeley kamil@cs.berkeley.edu April 14, 2006 1 Introduction Many distributed, parallel
More informationLecture Notes on Queues
Lecture Notes on Queues 15-122: Principles of Imperative Computation Frank Pfenning Lecture 9 September 25, 2012 1 Introduction In this lecture we introduce queues as a data structure and linked lists
More informationResearch Collection. Overapproximating the Cost of Loops. Master Thesis. ETH Library. Author(s): Schweizer, Daniel. Publication Date: 2013
Research Collection Master Thesis Overapproximating the Cost of Loops Author(s): Schweizer, Daniel Publication Date: 2013 Permanent Link: https://doi.org/10.3929/ethz-a-009767769 Rights / License: In Copyright
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 7b Andrew Tolmach Portland State University 1994-2017 Values and Types We divide the universe of values according to types A type is a set of values and
More informationCritical Analysis of Computer Science Methodology: Theory
Critical Analysis of Computer Science Methodology: Theory Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ March 3, 2004 Critical
More informationGarbage Collection. Lecture Compilers SS Dr.-Ing. Ina Schaefer. Software Technology Group TU Kaiserslautern. Ina Schaefer Garbage Collection 1
Garbage Collection Lecture Compilers SS 2009 Dr.-Ing. Ina Schaefer Software Technology Group TU Kaiserslautern Ina Schaefer Garbage Collection 1 Content of Lecture 1. Introduction: Overview and Motivation
More informationPutting Static Analysis to Work for Verification
Putting Static Analysis to Work for Verification A Case Study Tomasz Dudziak Based on a paper by T. Lev-Ami, T. Reps, M. Sagiv, and R. Wilhelm 23 June 2010 Topic Goal A very capable shape analysis that
More informationIndex. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309
A Arithmetic operation floating-point arithmetic, 11 12 integer numbers, 9 11 Arrays, 97 copying, 59 60 creation, 48 elements, 48 empty arrays and vectors, 57 58 executable program, 49 expressions, 48
More informationScheme: Data. CS F331 Programming Languages CSCE A331 Programming Language Concepts Lecture Slides Monday, April 3, Glenn G.
Scheme: Data CS F331 Programming Languages CSCE A331 Programming Language Concepts Lecture Slides Monday, April 3, 2017 Glenn G. Chappell Department of Computer Science University of Alaska Fairbanks ggchappell@alaska.edu
More informationCSCI-1200 Data Structures Spring 2018 Lecture 7 Order Notation & Basic Recursion
CSCI-1200 Data Structures Spring 2018 Lecture 7 Order Notation & Basic Recursion Review from Lectures 5 & 6 Arrays and pointers, Pointer arithmetic and dereferencing, Types of memory ( automatic, static,
More informationCompiler Construction
Compiler Construction Lecture 18: Code Generation V (Implementation of Dynamic Data Structures) Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de http://moves.rwth-aachen.de/teaching/ss-14/cc14/
More informationWinter Compiler Construction Who. Mailing list and forum
Winter 2006-2007 Compiler Construction 0368-3133 Mooly Sagiv and Roman Manevich School of Computer Science Tel-Aviv University Who Roman Manevich Schreiber Open-space (basement) Tel: 640-5358 rumster@post.tau.ac.il
More informationRuntime Checking and Test Case Generation for Python
Runtime Checking and Test Case Generation for Python Anna Durrer Master Thesis Chair of Programming Methodology D-INFK ETH Supervisor: Marco Eilers, Prof. Peter Müller 24. Mai 2017 1 Introduction This
More informationJoint Entity Resolution
Joint Entity Resolution Steven Euijong Whang, Hector Garcia-Molina Computer Science Department, Stanford University 353 Serra Mall, Stanford, CA 94305, USA {swhang, hector}@cs.stanford.edu No Institute
More informationCSE 307: Principles of Programming Languages
CSE 307: Principles of Programming Languages Variables and Constants R. Sekar 1 / 22 Topics 2 / 22 Variables and Constants Variables are stored in memory, whereas constants need not be. Value of variables
More informationPoints-to Analysis. Xiaokang Qiu Purdue University. November 16, ECE 468 Adapted from Kulkarni 2012
Points-to Analysis Xiaokang Qiu Purdue University ECE 468 Adapted from Kulkarni 2012 November 16, 2016 Simple example x := 5 ptr := @x *ptr := 9 y := x program S1 S2 S3 S4 dependences What are the dependences
More informationCPSC 427a: Object-Oriented Programming
CPSC 427a: Object-Oriented Programming Michael J. Fischer Lecture 5 September 15, 2011 CPSC 427a, Lecture 5 1/35 Functions and Methods Parameters Choosing Parameter Types The Implicit Argument Simple Variables
More informationMutable References. Chapter 1
Chapter 1 Mutable References In the (typed or untyped) λ-calculus, or in pure functional languages, a variable is immutable in that once bound to a value as the result of a substitution, its contents never
More informationStatic Program Analysis
Static Program Analysis Lecture 1: Introduction to Program Analysis Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de http://moves.rwth-aachen.de/teaching/ws-1415/spa/
More informationFormal Syntax and Semantics of Programming Languages
Formal Syntax and Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html The While
More informationVerasco: a Formally Verified C Static Analyzer
Verasco: a Formally Verified C Static Analyzer Jacques-Henri Jourdan Joint work with: Vincent Laporte, Sandrine Blazy, Xavier Leroy, David Pichardie,... June 13, 2017, Montpellier GdR GPL thesis prize
More information3.7 Denotational Semantics
3.7 Denotational Semantics Denotational semantics, also known as fixed-point semantics, associates to each programming language construct a well-defined and rigorously understood mathematical object. These
More informationLecture Outline. COOL operational semantics. Operational Semantics of Cool. Motivation. Lecture 13. Notation. The rules. Evaluation Rules So Far
Lecture Outline Operational Semantics of Cool Lecture 13 COOL operational semantics Motivation Notation The rules Prof. Aiken CS 143 Lecture 13 1 Prof. Aiken CS 143 Lecture 13 2 Motivation We must specify
More informationCS558 Programming Languages
CS558 Programming Languages Fall 2016 Lecture 7a Andrew Tolmach Portland State University 1994-2016 Values and Types We divide the universe of values according to types A type is a set of values and a
More informationSummer 2017 Discussion 10: July 25, Introduction. 2 Primitives and Define
CS 6A Scheme Summer 207 Discussion 0: July 25, 207 Introduction In the next part of the course, we will be working with the Scheme programming language. In addition to learning how to write Scheme programs,
More informationQualifying Exam in Programming Languages and Compilers
Qualifying Exam in Programming Languages and Compilers University of Wisconsin Fall 1991 Instructions This exam contains nine questions, divided into two parts. All students taking the exam should answer
More informationAlgebraic Program Analysis
Introduction to Algebraic Program Analysis Zachary Kincaid 1 Thomas Reps 2,3 1 Princeton University 2 University of Wisconsin-Madison 3 GrammaTech, Inc. January 8, 2018 1 Program analysis Design algorithms
More information5. Semantic Analysis. Mircea Lungu Oscar Nierstrasz
5. Semantic Analysis Mircea Lungu Oscar Nierstrasz Thanks to Jens Palsberg and Tony Hosking for their kind permission to reuse and adapt the CS132 and CS502 lecture notes. http://www.cs.ucla.edu/~palsberg/
More informationStatic Analysis by A. I. of Embedded Critical Software
Static Analysis by Abstract Interpretation of Embedded Critical Software Julien Bertrane ENS, Julien.bertrane@ens.fr Patrick Cousot ENS & CIMS, Patrick.Cousot@ens.fr Radhia Cousot CNRS & ENS, Radhia.Cousot@ens.fr
More informationChapter 1. Fundamentals of Higher Order Programming
Chapter 1 Fundamentals of Higher Order Programming 1 The Elements of Programming Any powerful language features: so does Scheme primitive data procedures combinations abstraction We will see that Scheme
More informationG Programming Languages Spring 2010 Lecture 4. Robert Grimm, New York University
G22.2110-001 Programming Languages Spring 2010 Lecture 4 Robert Grimm, New York University 1 Review Last week Control Structures Selection Loops 2 Outline Subprograms Calling Sequences Parameter Passing
More informationLast Class. Introduction to arrays Array indices Initializer lists Making an array when you don't know how many values are in it
Last Class Introduction to arrays Array indices Initializer lists Making an array when you don't know how many values are in it public class February4{ public static void main(string[] args) { String[]
More informationMemory and C++ Pointers
Memory and C++ Pointers C++ objects and memory C++ primitive types and memory Note: primitive types = int, long, float, double, char, January 2010 Greg Mori 2 // Java code // in function, f int arr[];
More informationComputer Science Department Carlos III University of Madrid Leganés (Spain) David Griol Barres
Computer Science Department Carlos III University of Madrid Leganés (Spain) David Griol Barres dgriol@inf.uc3m.es Introduction He am a driver might be syntactically correct but semantically wrong. Semantic
More informationLecture 6. Abstract Interpretation
Lecture 6. Abstract Interpretation Wei Le 2014.10 Outline Motivation History What it is: an intuitive understanding An example Steps of abstract interpretation Galois connection Narrowing and Widening
More informationProgram verification. Generalities about software Verification Model Checking. September 20, 2016
Program verification Generalities about software Verification Model Checking Laure Gonnord David Monniaux September 20, 2016 1 / 43 The teaching staff Laure Gonnord, associate professor, LIP laboratory,
More informationSendmail crackaddr - Static Analysis strikes back
Sendmail crackaddr - Static Analysis strikes back Bogdan Mihaila Technical University of Munich, Germany December 6, 2014 Name Lastname < name@mail.org > ()()()()()()()()()... ()()() 1 / 25 Abstract Interpretation
More informationField Analysis. Last time Exploit encapsulation to improve memory system performance
Field Analysis Last time Exploit encapsulation to improve memory system performance This time Exploit encapsulation to simplify analysis Two uses of field analysis Escape analysis Object inlining April
More informationIntro. Scheme Basics. scm> 5 5. scm>
Intro Let s take some time to talk about LISP. It stands for LISt Processing a way of coding using only lists! It sounds pretty radical, and it is. There are lots of cool things to know about LISP; if
More informationHarvard School of Engineering and Applied Sciences CS 152: Programming Languages
Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 24 Thursday, April 19, 2018 1 Error-propagating semantics For the last few weeks, we have been studying type systems.
More informationCS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014
CS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014 1 Introduction to Abstract Interpretation At this point in the course, we have looked at several aspects of programming languages: operational
More informationModern Programming Languages. Lecture LISP Programming Language An Introduction
Modern Programming Languages Lecture 18-21 LISP Programming Language An Introduction 72 Functional Programming Paradigm and LISP Functional programming is a style of programming that emphasizes the evaluation
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-17/cc/ Generation of Intermediate Code Outline of Lecture 15 Generation
More informationNOTE: Answer ANY FOUR of the following 6 sections:
A-PDF MERGER DEMO Philadelphia University Lecturer: Dr. Nadia Y. Yousif Coordinator: Dr. Nadia Y. Yousif Internal Examiner: Dr. Raad Fadhel Examination Paper... Programming Languages Paradigms (750321)
More informationReasoning About Imperative Programs. COS 441 Slides 10
Reasoning About Imperative Programs COS 441 Slides 10 The last few weeks Agenda reasoning about functional programming It s very simple and very uniform: substitution of equal expressions for equal expressions
More informationThe SPL Programming Language Reference Manual
The SPL Programming Language Reference Manual Leonidas Fegaras University of Texas at Arlington Arlington, TX 76019 fegaras@cse.uta.edu February 27, 2018 1 Introduction The SPL language is a Small Programming
More informationTypes and Type Inference
Types and Type Inference Mooly Sagiv Slides by Kathleen Fisher and John Mitchell Reading: Concepts in Programming Languages, Revised Chapter 6 - handout on the course homepage Outline General discussion
More informationLecture Transcript While and Do While Statements in C++
Lecture Transcript While and Do While Statements in C++ Hello and welcome back. In this lecture we are going to look at the while and do...while iteration statements in C++. Here is a quick recap of some
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Seminar Analysis and Verification of Pointer Programs (WS
More informationProgramming Languages and Compilers Qualifying Examination. Answer 4 of 6 questions.1
Programming Languages and Compilers Qualifying Examination Monday, September 19, 2016 Answer 4 of 6 questions.1 GENERAL INSTRUCTIONS 1. Answer each question in a separate book. 2. Indicate on the cover
More informationDenotational Semantics. Domain Theory
Denotational Semantics and Domain Theory 1 / 51 Outline Denotational Semantics Basic Domain Theory Introduction and history Primitive and lifted domains Sum and product domains Function domains Meaning
More informationPointers. Chapter 8. Decision Procedures. An Algorithmic Point of View. Revision 1.0
Pointers Chapter 8 Decision Procedures An Algorithmic Point of View D.Kroening O.Strichman Revision 1.0 Outline 1 Introduction Pointers and Their Applications Dynamic Memory Allocation Analysis of Programs
More informationUNIVERSITY OF TORONTO Faculty of Arts and Science. Midterm Sample Solutions CSC324H1 Duration: 50 minutes Instructor(s): David Liu.
UNIVERSITY OF TORONTO Faculty of Arts and Science Midterm Sample s CSC324H1 Duration: 50 minutes Instructor(s): David Liu. No Aids Allowed Name: Student Number: Please read the following guidelines carefully.
More informationHeap, Variables, References, and Garbage. CS152. Chris Pollett. Oct. 13, 2008.
Heap, Variables, References, and Garbage. CS152. Chris Pollett. Oct. 13, 2008. Outline. Dynamic Allocation. Variables and Constants. Aliases and Problems. Garbage. Introduction. On Wednesday, we were talking
More informationVerifying Concurrent Programs
Verifying Concurrent Programs Daniel Kroening 8 May 1 June 01 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs
More informationReferences and pointers
References and pointers Pointers are variables whose value is a reference, i.e. an address of a store location. Early languages (Fortran, COBOL, Algol 60) had no pointers; added to Fortran 90. In Pascal,
More information1 Lexical Considerations
Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.035, Spring 2013 Handout Decaf Language Thursday, Feb 7 The project for the course is to write a compiler
More informationChapter 13: Reference. Why reference Typing Evaluation Store Typings Safety Notes
Chapter 13: Reference Why reference Typing Evaluation Store Typings Safety Notes References Computational Effects Also known as side effects. A function or expression is said to have a side effect if,
More informationCS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012
CS-XXX: Graduate Programming Languages Lecture 9 Simply Typed Lambda Calculus Dan Grossman 2012 Types Major new topic worthy of several lectures: Type systems Continue to use (CBV) Lambda Caluclus as our
More informationFrama-C Value Analysis
Frama-C Value Analysis Séminaire CAP TRONIC Virgile Prevosto virgile.prevosto@cea.fr June 18 th, 2015 Outline Introduction Abstract domains Arithmetic Memory Methodology Basic commands Parameters Introduction
More informationOutline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring
Java Outline Java Models for variables Types and type checking, type safety Interpretation vs. compilation Reasoning about code CSCI 2600 Spring 2017 2 Java Java is a successor to a number of languages,
More information