Footprint Analysis: A Shape Analysis that Discovers Preconditions - PowerPoint PPT Presentation
1 / 54
Title:
Footprint Analysis: A Shape Analysis that Discovers Preconditions
Description:
(Joint work with Cristiano Calcagno, Dino Distefano, and ... Primed variables: x',y',z',t',v',w' 9 w',w'1. x!=0 z=a w'!=w'1 xaw' * ls (w',w'1) * yaw'1 ... – PowerPoint PPT presentation
Number of Views:91
Avg rating:3.0/5.0
Title: Footprint Analysis: A Shape Analysis that Discovers Preconditions
1
Footprint Analysis A Shape Analysis that
Discovers Preconditions
- Hongseok Yang
- (Queen Mary, University of London)
- (Joint work with Cristiano Calcagno, Dino
Distefano, and Peter OHearn)
2
void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp)
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PRESET_IRP ResetIrp,temp,tempnext
- PDEVICE_EXTENSION de
- KeAcquireSpinLock(de-gtResetSpinLock, Irql)
- ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
KeAcquireSpinLock(de-gtResetSpinLock, Irql)
KeReleaseSpinLock(de-gtResetSpinLock, Irql)
IoCompleteRequest(Irp, IO_NO_INCREMENT)
3
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PRESET_IRP ResetIrp,temp,tempnext
- PDEVICE_EXTENSION de
- KeAcquireSpinLock(de-gtResetSpinLock, Irql)
- ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
- Footprint Analysis
- Discovers safe preconditions of a piece of code.
- Only the memory footprint of the code.
4
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PRESET_IRP ResetIrp,temp,tempnext
- PDEVICE_EXTENSION de
- KeAcquireSpinLock(de-gtResetSpinLock, Irql)
- ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
5
(de aD Flink20)
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PXXX_RESET_IRP XXXResetIrp,temp,tempnext
- PDEVICE_EXTENSION deviceExtension
- KeAcquireSpinLock(deviceExtension-gtResetSpinLoc
k, Irql) - ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,0)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2)
(x0,x1) (x1aR IrpIrp)
typedef struct RESET_IRP Flink2 IRP
Irp RESET_IRP, PRESET_IRP
typedef struct RESET_IRP Flink2
DEVICE_EXTENSION
6
(de aD Flink20)
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PXXX_RESET_IRP XXXResetIrp,temp,tempnext
- PDEVICE_EXTENSION deviceExtension
- KeAcquireSpinLock(deviceExtension-gtResetSpinLoc
k, Irql) - ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,0)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2)
(x0,x1) (x1aR IrpIrp)
de aD Flink2 de
typedef struct RESET_IRP Flink2 IRP
Irp RESET_IRP, PRESET_IRP
typedef struct RESET_IRP Flink2
DEVICE_EXTENSION
7
(de aD Flink20)
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PXXX_RESET_IRP XXXResetIrp,temp,tempnext
- PDEVICE_EXTENSION deviceExtension
- KeAcquireSpinLock(deviceExtension-gtResetSpinLoc
k, Irql) - ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,0)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2)
(x0,x1) (x1aR IrpIrp)
de aD Flink2 de Æ de ResetIrp
typedef struct RESET_IRP Flink2 IRP
Irp RESET_IRP, PRESET_IRP
typedef struct RESET_IRP Flink2
DEVICE_EXTENSION
8
(de aD Flink20)
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PXXX_RESET_IRP XXXResetIrp,temp,tempnext
- PDEVICE_EXTENSION deviceExtension
- KeAcquireSpinLock(deviceExtension-gtResetSpinLoc
k, Irql) - ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,0)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2)
(x0,x1) (x1aR IrpIrp)
de aD Flink2 de Æ de ResetIrp
typedef struct RESET_IRP Flink2 IRP
Irp RESET_IRP, PRESET_IRP
typedef struct RESET_IRP Flink2
DEVICE_EXTENSION
9
(de aD Flink20)
- void XXX_CancelIrp(PDEVICE_OBJECT DeviceObject,
PIRP Irp) - PXXX_RESET_IRP XXXResetIrp,temp,tempnext
- PDEVICE_EXTENSION deviceExtension
- KeAcquireSpinLock(deviceExtension-gtResetSpinLoc
k, Irql) - ResetIrp (PRESET_IRP)de-gtFlink2
- while (ResetIrp !NULL)
- if (ResetIrp-gtIrp Irp)
- temp (PRESET_IRP)de
- tempnext temp-gtFlink2
- while (tempnext ! ResetIrp)
- temp tempnext tempnext
temp-gtFlink2 - temp-gtFlink2 ResetIrp-gtFlink2
- free(ResetIrp)
- break
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,0)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2) (x0,de)
(de aD Flink2 de)
(de aD Flink2 x0) ls (RESET_IRP,Flink2)
(x0,x1) (x1aR IrpIrp)
de aD Flink2 de Æ de ResetIrp
ERROR No IRP Field in DEVICE_EXTENSION
typedef struct RESET_IRP Flink2 IRP
Irp RESET_IRP, PRESET_IRP
typedef struct RESET_IRP Flink2
DEVICE_EXTENSION
10
Footprint Analysis
xaÆemp
list t while (x!0) t x x
x-gtnext free(t)
Seeding
Footprint Computation
11
Footprint Analysis
xaÆemp
list t while (x!0) t x x
x-gtnext free(t)
Seeding
Footprint Computation
12
Footprint Analysis
xaÆemp
list t while (x!0) t x x
x-gtnext free(t)
P2
P3
P1
Seeding
Footprint Computation
13
Footprint Analysis
P1
xaÆemp
list t while (x!0) t x x
x-gtnext free(t)
P2
P3
P1
Seeding
I1,I2,I3
Footprint Computation
SpaceInvader
Q1,Q2
P1CQ1ÇQ2
14
Footprint Analysis
P2
xaÆemp
list t while (x!0) t x x
x-gtnext free(t)
P2
P3
P1
Seeding
I10,I11,I12
Footprint Computation
SpaceInvader
Q10,Q11 ,Q12
P1CQ1ÇQ2
P2CQ10ÇQ11ÇQ12
15
Footprint Analysis
P3
xaÆemp
list t while (x!0) t x x
x-gtnext free(t)
P2
P3
P1
Seeding
gt
Footprint Computation
SpaceInvader
gt
P1CQ1ÇQ2
P2CQ10ÇQ11ÇQ12
16
Footprint Analysis
xaÆemp
list t while (x!0) t x x
x-gtnext free(t)
P2
P3
P1
Seeding
Footprint Computation
SpaceInvader
P1CQ1ÇQ2
P2CQ10ÇQ11ÇQ12
17
Footprint Analysis
Seeding
Safe precondition Footprint only
Footprint Computation
SpaceInvader
18
Separation Logic
- xay, ls (y,z)
- xay ls (y,z), emp
- 9y. z!0 Æ va Æ xay ls (y,z)
x
y
z
y
y
z
x
19
Variable Convention
- Program variables x,y,z,t,v,w
- Ghost (or auxiliary) variables a,b,c,d,.
- Primed variables x,y,z,t,v,w
- 9 w,w1.
- x!0 Æ za Æ w!w1 Æ xaw ls (w,w1)
yaw1
20
Symbolic Heaps
- Separation logic formulas of the form
- (x!0 Æ za Æ w!w1) Æ (xaw ls (w,w1)
yaw1) - SH Set of all symbolic heaps
- GhoSH Set of sym. heaps with ghost vars only
21
Footprint Computation
(xaÆemp, xaÆemp)
2 Pfin(GhoSH, SH)
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
Fixpoint Computation
(xaÆls (a,0), x0Æemp), (x0Æemp,
x0Æemp),
2 Pfin (GhoSH, SH)
22
Footprint Computation
rearr(x)(F,P) (F,P1), , (F,Pn) if
SpInvRearr(x)(P) P1, , Pn (Faab, Paab)
else if P xa (false,false)
otherwise
- xx-gtnext Pfin(GhoSH x SH) !
Pfin(GhoSH x SH) - rearr(x) GhoSH x SH ! Pfin(GhoSH
x SH) - exec(xx-gtnext) GhoSH x SH ! GhoSH x SH
- abs GhoSH x SH !
CanGhoSH x CanSH
(xaÆls a b, xaÆls a b), (xaÆls a b,
xbÆls a b)
(xaÆls a b, xaÆaab), (xaÆls a b, xaÆaavls
v b), (xaÆls a bbac, xbÆls a bbac)
23
Footprint Computation
- xx-gtnext Pfin(GhoSH x SH) !
Pfin(GhoSH x SH) - rearr(x) GhoSH x SH ! Pfin(GhoSH
x SH) - exec(xx-gtnext) GhoSH x SH ! GhoSH x SH
- abs GhoSH x SH !
CanGhoSH x CanSH
(xaÆls a b, xaÆls a b), (xaÆls a b,
xbÆls a b)
(xaÆls a b, xaÆaab), (xaÆls a b, xaÆaavls
v b), (xaÆls a bbac, xbÆls a bbac)
., (xaÆls a bbac, xcÆls a
bbac)
24
Footprint Computation
- xx-gtnext Pfin(GhoSH x SH) !
Pfin(GhoSH x SH) - rearr(x) GhoSH x SH ! Pfin(GhoSH
x SH) - exec(xx-gtnext) GhoSH x SH ! GhoSH x SH
- abs GhoSH x SH !
CanGhoSH x CanSH
(xaÆls a b, xaÆls a b), (xaÆls a b,
xbÆls a b)
(xaÆls a b, xaÆaab), (xaÆls a b, xaÆaavls
v b), (xaÆls a bbac, xbÆls a bbac)
., (xaÆls a bbac, xcÆls a
bbac)
., (xaÆls a bbac, xcÆls a c)
., (xaÆls a cbac, xcÆls a c)
25
Footprint Computation
- xx-gtnext Pfin(GhoSH x SH) !
Pfin(GhoSH x SH) - rearr(x) GhoSH x SH ! Pfin(GhoSH
x SH) - exec(xx-gtnext) GhoSH x SH ! GhoSH x SH
- abs GhoSH x SH !
CanGhoSH x CanSH
(xaÆls a b, xaÆls a b), (xaÆls a b,
xbÆls a b)
(xaÆls a b, xaÆaab), (xaÆls a b, xaÆaavls
v b), (xaÆls a bbac, xbÆls a bbac)
., (xaÆls a bbac, xcÆls a
bbac)
., (xaÆls a bbac, xcÆls a c)
., (xaÆls a cbac, xcÆls a c)
26
List Disposal
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
x
0
27
List Disposal
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
x
0
28
List Disposal
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
t
x
0
29
List Disposal
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
t
x
0
30
List Disposal
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
t
x
0
31
Footprint Computation
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
32
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ emp
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
33
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ emp
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
34
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ emp
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xa Æ a!0 Æ ta Æ emp
35
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ emp
aab
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ a!0 Æ ta Æ emp aab
36
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ emp
aab
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ a!0 Æ ta Æ emp aab
xb Æ a!0 Æ ta Æ emp
37
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ emp
aab
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ a!0 Æ ta Æ emp aab
xb Æ a!0 Æ ta Æ emp
38
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp aab
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xb Æ a!0 Æ ta Æ b!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ a!0 Æ ta Æ emp aab
xb Æ a!0 Æ ta Æ emp
39
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp aab
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xb Æ a!0 Æ ta Æ b!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ a!0 Æ tb Æ b!0 Æ emp
xb Æ tb Æ b!0 Æ emp
xb Æ a!0 Æ ta Æ emp aab
xb Æ a!0 Æ ta Æ emp
40
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp aab bac
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp ls a c a
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp ls a c a
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xb Æ a!0 Æ ta Æ b!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ tb Æ b!0 Æ emp
xb Æ a!0 Æ ta Æ emp aab
xc Æ tb Æ b!0 Æ emp bac
xb Æ a!0 Æ ta Æ emp
41
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp aab bac
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp ls a c a
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xb Æ a!0 Æ ta Æ b!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ tb Æ b!0 Æ emp
xb Æ a!0 Æ ta Æ emp aab
xc Æ tb Æ b!0 Æ emp bac
xb Æ a!0 Æ ta Æ emp
xc Æ tb Æ b!0 Æ emp
42
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp aab bac
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp ls a c
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xb Æ a!0 Æ ta Æ b!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ tb Æ b!0 Æ emp
xb Æ a!0 Æ ta Æ emp aab
xc Æ tb Æ b!0 Æ emp bac
xb Æ a!0 Æ ta Æ emp
xc Æ tb Æ b!0 Æ emp
43
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp aab bac
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp ls a c a
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xb Æ a!0 Æ ta Æ b!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ tb Æ b!0 Æ emp
xb Æ a!0 Æ ta Æ emp aab
xc Æ tb Æ b!0 Æ emp bac
xb Æ a!0 Æ ta Æ emp
xc Æ tb Æ b!0 Æ emp
44
Footprint Computation
Loop (xaÆemp, xaÆemp) (xaÆa!0Æaab,
xbÆa!0ÆtaÆemp) (xaÆa!0Æls a c,
xcÆtbÆb!0Æemp)
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp aab bac
Discovered Precondition xa Æ a!0 Æ b!0
Æ emp ls a c a
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xa Æ emp
xa Æ a!0 Æ emp
xb Æ a!0 Æ ta Æ b!0 Æ emp
xa Æ a!0 Æ ta Æ emp
xb Æ tb Æ b!0 Æ emp
xb Æ a!0 Æ ta Æ emp aab
xc Æ tb Æ b!0 Æ emp bac
xb Æ a!0 Æ ta Æ emp
xc Æ tb Æ b!0 Æ emp
Result (xaÆa0Æemp, xaÆa0Æemp)
(xaÆa!0Æb0Æaab, xbÆa!0ÆtaÆb0Æemp)
(xaÆa!0Æc0Æls a c, xcÆtbÆb!0Æc0Æemp)
45
Shape Analysis with SpaceInvader
(xaÆa0Æemp, xaÆa0Æemp) (xaÆa!0Æb0Æaab,
xbÆa!0ÆtaÆb0Æemp) (xaÆa!0Æc0Æls a c,
xcÆtbÆb!0Æc0Æemp)
(xaÆa0Æemp, xaÆa0Æemp) (xaÆa!0Æb0Æaab,
xbÆa!0ÆtaÆb0Æemp) (xaÆa!0Æc0Æls a c,
xcÆtbÆb!0Æc0Æemp)
- list t
- while (x!0)
- t x
- x x-gtnext
- free(t)
xaÆa0Æemp
xaÆa!0Æls a 0
xaÆa!0Æaa0
x0 Æ emp
x0 Æ emp
x0 Æ emp
46
Footprint Computation, Ideally
- C Pfin(GhoSH x SH) ! Pfin(GhoSH x SH)
- Supp. C (F,P) (G1,Q1), (G2,Q2) .
- Goal8D, if SLFDP, then 9Fi. GFFi and
SLFFiDCQi.
Q
G
F0
F
P
D
C
47
Footprint Computation, Ideally
- C Pfin(GhoSH x SH) ! Pfin(GhoSH x SH)
- Supp. C (F,P) (G1,Q1), (G2,Q2) .
- Goal8D, if SLFDP, then 9Fi. GFFi and
SLFFiDCQi.
taÆxbÆaab free(t)tx tbÆxbÆemp
xx-gtnext (taÆxbÆaab, tbÆxbÆemp)
(taÆxbÆaabbac, tbÆxcÆbac)
xx-gtnext (taÆxbÆaab, tbÆxbÆemp)
(taÆxbÆls a c , tbÆxcÆbac)
taÆxbÆaabbac .xx-gtnexttbÆxcÆbac
taÆxbÆls a c .xx-gtnexttbÆxcÆbac
48
Footprint Computation, Actually
- C Pfin(GhoSH x SH) ! Pfin(GhoSH x SH)
- Supp. C (F,P) (G1,Q1), (G2,Q2) .
- Goal8D, if SLFDP, then 9Fi. GFFi and
SLFFiDCQi. - Actually for all D,
- if SL FDP, then 9Pi,Fi. GiFFi,
SLFFiDCPi, PiµQi.
Pi
Gi
Abstraction abs
Fi
F
P
D
C
Qi
Rearrangement rearr(E)
49
Footprint Computation, Actually
- C Pfin(GhoSH x SH) ! Pfin(GhoSH x SH)
- Supp. C (F,P) (G1,Q1), (G2,Q2) .
- Goal8D, if SLFDP, then 9Fi. GFFi and
SLFFiDCQi. - Actually for all D,
- if SL FDP, then 9Pi,Fi. GiFFi,
SLFFiDCPi, PiµQi.
But, only abs and rearr(E)!
Pi
Gi
Abstraction abs
Fi
F
P
D
C
Qi
Rearrangement rearr(E)
50
Footprint Computation, Actually
- C Pfin(GhoSH x SH) ! Pfin(GhoSH x SH)
- Supp. C (F,P) (G1,Q1), (G2,Q2) .
- Goal8D, if SLFDP, then 9Fi. GFFi and
SLFFiDCQi. - Actually for all D,
- if SL FDP, then 9Pi,Fi. GiFFi,
SLFFiDCPi, PiµQi.
But, only abs and rearr(E)!
Pi
Fi
F
P
D
free(t)
proof rule for free(t) in sep. logic
51
Footprint Computation, Actually
Sound because of Frame Rule in sep. log.
FDP FFiDPFi
PFifree(t)Pi
PFiDfree(t)Pi
- C Pfin(GhoSH x SH) ! Pfin(GhoSH x SH)
- Supp. C (F,P) (G1,Q1), (G2,Q2) .
- Goal8D, if SLFDP, then 9Fi. GFFi and
SLFFiDCQi. - Actually for all D,
- if SL FDP, then 9Pi,Fi. GiFFi,
SLFFiDCPi, PiµQi.
But, only abs and rearr(E)!
Pi
Fi
Fi
F
P
D
free(t)
proof rule for free(t) in sep. logic
52
Backward Footprint Computation
list t while (x!0) t x x x-gtnext
free(t)
Backward assert(x!0) t x x
x-gtnext free(t) assert(x0)
Forward assert(x!0) t x x
x-gtnext free(t) assert(x0)
53
Experiments with List Programs
xa Æ yb Æ ls a 0
append.c
xa Æ yc Æ ls a b ls c d
merge.c
- MacBook, 2GH Intel Core 2 Duo. 2GB Mem.
54
Experiments with Firewire
t1394Diag_CancelIrp
t1394Diag_CancelIrpFix
t1394_GetAddressData
t1394_GetAddressDataFix
t1394_SetAddressData
t1394_SetAddressDataFix
- MacBook, 2GH Intel Core 2 Duo. 2GB Mem.
Recommended
CrystalGraphics Presentations
