Todays Goal See whats inside Airac V Airac V s Design Overview - - PowerPoint PPT Presentation

today s goal
SMART_READER_LITE
LIVE PREVIEW

Todays Goal See whats inside Airac V Airac V s Design Overview - - PowerPoint PPT Presentation

Nov 30, 2022 7 likes •550 views

Airac V s Design 1 Jaeho Shin netj@ropas.snu.ac.kr ROPAS Show&Tell 2005-12-02 1 Many design choices originate from heavy discussions with Jaehwang Kim. Airac V s Design Todays Goal See whats inside Airac V Airac V s

slide-1
SLIDE 1

AiracV’s Design 1

Jaeho Shin netj@ropas.snu.ac.kr

ROPAS Show&Tell

2005-12-02

1Many design choices originate from heavy discussions with Jaehwang Kim.

slide-2
SLIDE 2

AiracV’s Design

Today’s Goal

◮ See what’s inside AiracV

slide-3
SLIDE 3

AiracV’s Design

Overview

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-4
SLIDE 4

AiracV’s Design Program as Graph

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-5
SLIDE 5

AiracV’s Design Program as Graph Control Flow Graph

Control Flow Graph

◮ A directed, connected graph ◮ Node = basic block ◮ Flow edge ◮ Return edge

slide-6
SLIDE 6

AiracV’s Design Program as Graph Control Flow Graph

Why CFG?

◮ Inevitable due to gotos

(need to know the target of them anyway)

◮ Natural to treat programs as graphs

slide-7
SLIDE 7

AiracV’s Design Program as Graph Control Flow Graph

Node

◮ Three types

n : Node n = n | ENTRY | EXIT

◮ Has associated basic block

blkof : Node → Block

slide-8
SLIDE 8

AiracV’s Design Program as Graph Control Flow Graph

Flow Edges

◮ Successors = set of nodes control flow to

succ : Node → 2Node

◮ Predecessors = set of nodes control flow from

pred : Node → 2Node

slide-9
SLIDE 9

AiracV’s Design Program as Graph Control Flow Graph

Basic Block

◮ Two types: call or commands

blk : Block blk ::= CALL | cmd∗

slide-10
SLIDE 10

AiracV’s Design Program as Graph Control Flow Graph

ENTRY and EXIT

◮ One CFG for each procedure ◮ Single ENTRY and single EXIT for a CFG ◮ ENTRY = where procedure begins ◮ EXIT = where procedure ends ◮ C program = set of CFGs

slide-11
SLIDE 11

AiracV’s Design Program as Graph Control Flow Graph

Calls and Returns

◮ Call node = whose basic block is CALL ◮ Two edges for a procedure call

◮ call node to procedure’s ENTRY ◮ procedure’s EXIT to return node

◮ Return edge = return node for a call

rtrn : Node → Node

slide-12
SLIDE 12

AiracV’s Design Program as Graph Commands

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-13
SLIDE 13

AiracV’s Design Program as Graph Commands

Commands

block blk ::= cmd∗ | CALL command cmd ::= SET(lv,e) | ALLOC(lv,a) | ASSERT(r) | ESCAPE(e)

slide-14
SLIDE 14

AiracV’s Design Program as Graph Commands

Expressesions

expression e ::= n | e + e | lv | &lv lvalue lv ::= x | *e | e[e] | e.x allocation a ::= [e] | {x∗} relation r ::= e=e | e<e | !r

slide-15
SLIDE 15

AiracV’s Design Concrete World

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-16
SLIDE 16

AiracV’s Design Concrete World Concrete Domain

State

State = Pos × Mem × Alloc

slide-17
SLIDE 17

AiracV’s Design Concrete World Concrete Domain

Control State

Pos = Ctx × Node Ctx = (ProcId × RtPos × EscAddr)∗ RtPos = Pos EscAddr = Addr

slide-18
SLIDE 18

AiracV’s Design Concrete World Concrete Domain

Data State

Mem = Addr fin → Val Addr = Region × SubAddr + Ctx × Var SubAddr = Index + FieldName Val = Num + Addr + Proc Proc = ProcId × Var∗

slide-19
SLIDE 19

AiracV’s Design Concrete World Concrete Domain

Allocation State

Alloc = Region fin → Info Region = Ctx × History × AllocSite History = Pos∗ AllocSite = Pos Info = Size + FieldName∗ Size = Z

slide-20
SLIDE 20

AiracV’s Design Concrete World Concrete Semantics

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-21
SLIDE 21

AiracV’s Design Concrete World Concrete Semantics

Semantics as Trace

◮ Standard semantics

Trace = State∗

◮ Collecting semantics

2Trace

slide-22
SLIDE 22

AiracV’s Design Concrete World Concrete Semantics

Transition

State after a single transition by τ : Trace σ, σ′ : State τσ

  • σ′

· · ·

◮ Transition depends on the Node of Pos ◮ Node of block is either cmd∗ or CALL

slide-23
SLIDE 23

AiracV’s Design Concrete World Concrete Semantics

Reaction

R cmd∗ : (Mem × Alloc) → (Mem × Alloc) · · ·

slide-24
SLIDE 24

AiracV’s Design Concrete World Concrete Semantics

Values

V e : Mem → Val V n m = n V e1 + e2 m = (V e1 m + V e2 m) V lv m = m (L lv m) V &lv m = L lv m

slide-25
SLIDE 25

AiracV’s Design Concrete World Concrete Semantics

Addresses

L lv : Mem → Addr L x m = (ctx, x) L *e m = V e m L e1[e2] m = (a, i + (V e2 m)) where (a, i) = V e1 m L e.x m = (a, x) where (a, 0) = V e m

slide-26
SLIDE 26

AiracV’s Design Concrete World Concrete Semantics

Relations

P r : Mem → {true, false} · · ·

slide-27
SLIDE 27

AiracV’s Design Abstract World

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-28
SLIDE 28

AiracV’s Design Abstract World Abstract Domain

Control State

ˆ Graph = 2 ˆ

Pos× ˆ Pos

ˆ Pos = ˆ Ctx × Node ˆ Ctx = ProcId αFlow : 2Trace → ˆ Graph pp : Pos → ˆ Pos cp : Ctx → ˆ Ctx

slide-29
SLIDE 29

AiracV’s Design Abstract World Abstract Domain

Data State

ˆ Table = ˆ Pos fin → ˆ Mem ˆ Mem = ˆ Addr fin → ˆ Val αData : 2Trace → ˆ Table αMem : 2Mem → ˆ Mem

slide-30
SLIDE 30

AiracV’s Design Abstract World Abstract Domain

Abstract Values

ˆ Val = ˆ Z × ˆ Addr × ˆ Proc ˆ Addr = 2

ˆ Region× ˆ SubAddr+ ˆ Ctx×Var

ˆ SubAddr = ˆ Index + FieldName ˆ Proc = 2Proc αVal : 2Val → ˆ Val αAddr : 2Addr → ˆ Addr αNum : 2Num → ˆ Z

slide-31
SLIDE 31

AiracV’s Design Abstract World Abstract Domain

Allocation State

ˆ Alloc = ˆ Region fin → ˆ Info ˆ Info = ˆ Size × 2FieldName∗ ˆ Region = ˆ Ctx × AllocSite αAlloc : 2Trace → ˆ Alloc αInfo : 2Info → ˆ Info

slide-32
SLIDE 32

AiracV’s Design Abstract World Abstract Domain

Escape Addresses

ˆ Dump = ˆ Ctx fin → ˆ Addr αDump : 2Trace → ˆ Dump

slide-33
SLIDE 33

AiracV’s Design Abstract World Trace Abstraction

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-34
SLIDE 34

AiracV’s Design Abstract World Trace Abstraction

Trace Abstraction

Four components of abstract semantics ( ˆ Graph × ˆ Table × ˆ Alloc × ˆ Dump) α : 2Trace → ( ˆ Graph × ˆ Table × ˆ Alloc × ˆ Dump) α = αFlow, αData, αAlloc, αDump

slide-35
SLIDE 35

AiracV’s Design Abstract World Trace Abstraction

Control State Abstraction

αFlow : 2Trace → ˆ Graph αFlow T = {((cp c1, n1), (cp c2, n2)) | (· · · , (p1, m1, a1), (p2, m2, a2), · · · ) ∈ T, (c1, n1) = p1, (c2, n2) = p2}

slide-36
SLIDE 36

AiracV’s Design Abstract World Trace Abstraction

Slicing Traces

states : 2Trace → 2Pos×Mem×Alloc 2Trace

states

  • id

2State∗

S ◦{slices}

  • 2Pos×Mem×Alloc

2State

id

slide-37
SLIDE 37

AiracV’s Design Abstract World Trace Abstraction

Allocation State Abstraction

αAlloc : 2Trace → ˆ Alloc 2Trace

αAlloc

  • {π3}◦states 2Alloc

id 2Region→Info merge

  • Region → 2Info

α→(rp,αInfo)

  • ˆ

Alloc ˆ Region → ˆ Info

id

slide-38
SLIDE 38

AiracV’s Design Abstract World Trace Abstraction

Allocation Info Abstraction

αInfo : 2Info → ˆ Alloc 2Info

αInfo

  • id

2Size+FieldName∗

split

  • 2Size × 2FieldName∗
  • αNum,id
  • ˆ

Alloc ˆ Size × 2FieldName∗

id

slide-39
SLIDE 39

AiracV’s Design Abstract World Trace Abstraction

Dump Abstraction

αDump : 2Trace → ˆ Dump 2Trace

αDump

  • {π1}◦states

2Pos

id

2Ctx×Node

{π1}

  • 2Ctx×Ctx

index

  • 2Ctx

{π1,1}

  • Ctx → 2Ctx

α→(cp,αEscAddr◦S)

  • ˆ

Dump ˆ Ctx → ˆ Addr

id

slide-40
SLIDE 40

AiracV’s Design Abstract World Trace Abstraction

Escape Address Abstraction

2Ctx

αEscAddr

  • id 2(ProcId×RtPos×EscAddr)∗

S ◦{slices}

  • 2ProcId×RtPos×EscAddr

{π3}

  • ˆ

Addr 2EscAddr

αAddr

slide-41
SLIDE 41

AiracV’s Design Abstract World Data State Abstraction

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-42
SLIDE 42

AiracV’s Design Abstract World Data State Abstraction

Data State Abstraction

αData : 2Trace → ˆ Table 2Trace

αData

  • {π1,2}◦states 2Pos×Mem

index

  • Pos → 2Mem

α→(pp,αMem◦S)

  • ˆ

Table ˆ Pos → ˆ Mem

id

slide-43
SLIDE 43

AiracV’s Design Abstract World Data State Abstraction

Memory Abstraction

αMem : 2Mem → ˆ Mem 2Mem

αMem

  • id

2Addr→Val

merge

  • Addr → 2Val

α⇒(αAddr,αVal◦S)

  • ˆ

Mem ˆ Addr → ˆ Val

id

slide-44
SLIDE 44

AiracV’s Design Abstract World Data State Abstraction

Value Abstraction

αVal : Val → ˆ Val 2Val

αVal

  • id

2Num+Addr+Proc

split

  • 2Num × 2Addr × 2Proc
  • αNum,αAddr,id
  • ˆ

Val 2ˆ

Z+ ˆ Addr+ ˆ Proc id

slide-45
SLIDE 45

AiracV’s Design Abstract World Data State Abstraction

Numeral Abstraction

Integer interval domain ˆ Z αNum : 2Num → ˆ Z αNum ∅ = ⊥ αNum N = [minN, maxN] min N = n′ if ∃n′ ∈ Num ≤ ∀n ∈ N −∞

  • therwise

max N = n′ if ∃n′ ∈ Num ≥ ∀n ∈ N +∞

  • therwise
slide-46
SLIDE 46

AiracV’s Design Abstract World Data State Abstraction

Address Abstraction

αAddr : 2Addr → ˆ Addr 2Addr

αAddr

  • id 2Region×SubAddr+Ctx×Var

split

  • 2Region×SubAddr × 2Ctx×Var
  • αDynAddr,

cp,id

  • 2

ˆ Region× ˆ SubAddr × 2 ˆ Ctx×Var mix

  • ˆ

Addr 2

ˆ Region× ˆ SubAddr+ ˆ Ctx×Var id

slide-47
SLIDE 47

AiracV’s Design Abstract World Data State Abstraction

Dynamic Address Abstraction

αDynAddr : 2Region×SubAddr → 2

ˆ Region× ˆ SubAddr

2Region×SubAddr

αDynAddr

  • index

Region → 2SubAddr

α→(rp,αSubAddr)

  • 2

ˆ Region× ˆ SubAddr

ˆ Region → 2

ˆ SubAddr couple

slide-48
SLIDE 48

AiracV’s Design Abstract World Data State Abstraction

Sub-Address Abstraction

αSubAddr : 2SubAddr → 2

ˆ SubAddr

2SubAddr

αSubAddr

  • id

2Index+FieldName

split

  • 2Index × 2FieldName
  • {}◦αNum,id
  • 2

ˆ Index × 2FieldName mix

  • 2

ˆ SubAddr

2

ˆ Index+FieldName id

slide-49
SLIDE 49

AiracV’s Design Abstract World Partitioning

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-50
SLIDE 50

AiracV’s Design Abstract World Partitioning

Context Partitioning

cp : Ctx → ˆ Ctx Ctx

cp

  • id

(ProcId × RtPos × EscAddr)∗

π1

  • ProcId × Pos × Addr

π1

  • ˆ

Ctx ProcId

id

slide-51
SLIDE 51

AiracV’s Design Abstract World Partitioning

Position Partitioning

pp : Pos → ˆ Pos Pos

pp

  • id

Ctx × Node

  • cp,id
  • ˆ

Pos ˆ Ctx × Node

id

slide-52
SLIDE 52

AiracV’s Design Abstract World Partitioning

Region Partitioning

rp : Region → ˆ Region Region

rp

  • id Ctx × History × AllocSite

π1,3

  • Ctx × AllocSite
  • cp,id
  • ˆ

Region ˆ Ctx × AllocSite

id

slide-53
SLIDE 53

AiracV’s Design Abstract World Abstract Semantics

Now,

Program as Graph Control Flow Graph Commands Concrete World Concrete Domain Concrete Semantics Abstract World Abstract Domain Trace Abstraction Data State Abstraction Partitioning Abstract Semantics

slide-54
SLIDE 54

AiracV’s Design Abstract World Abstract Semantics

The Equation

Abstract Semantics as fixed point · · ·