Alias Calculus for Simple Imperative Language with Decidable Pointer Arithmetic Aleksandr Vorontsov1, Aizhan Satekbayeva2, Nikolay Shilov3,4 М1Novosibirsk State University, Novosibirsk, Russia, 2 L.N. Gumilyov Eurasian National University, Astana, Kazakhstan, 3Nazarbayev University, Astana, Kazakhstan, 4A.P. Ershov Institute of Informatics Systems, Novosibirsk, Russia

What is “Alias Calculus”? • Alias calculus was proposed by Bertrand Meyer in 2011 for a toy programming language with single data type for abstract pointers. • it is a set of syntax-driven rules to compute an upper approximation aft(S, P) for aliasing after execution of a program P for a given initial aliasing S. 14.11.2014 2 TMPA-2014: Alias Calculus

What about this Research • Our current purpose is to present a variant of alias calculus for more realistic programming language with automatic and dynamic memory, with types for regular data as well as for decidable pointer arithmetic. 14.11.2014 3 TMPA-2014: Alias Calculus

Why a new Research? • Aliasing problem is to predict, detect and/or trace pointers to the same addresses in dynamic memory. • Importance of the problem is due to mistakes and errors that may happen in program run- time due to improper alias handling. 14.11.2014 4 TMPA-2014: Alias Calculus

Errors? • Below are two simple examples of errors (?) inC-like pseudo-code: • x = malloc(sizeof(int)); x = malloc(sizeof(int)); //memory leak; • y = x; free(x); free(y); // invalid access. 14.11.2014 5 TMPA-2014: Alias Calculus

Alias Calculus for a Trivial Language • Bertrand Meyer: Steps Towards a Theory and Calculus of Aliasing. Int. J. of Software and Informatics (Festschrift in honor of Manfred Broy), 2011., p.77-115. 14.11.2014 6 TMPA-2014: Alias Calculus

Sample Rules: memory dynamics • Memory deallocation and allocation operators have the same effect on alias relation because after these operations variable isn’t alias to any other variable: 14.11.2014 7 TMPA-2014: Alias Calculus

Sample Rules: assignment • After assignment address variable forgets all its former aliases and becomes an alias to all aliases of the variable: 14.11.2014 8 TMPA-2014: Alias Calculus

Sample Rules: assignment 14.11.2014 9 TMPA-2014: Alias Calculus x, y y, u x, z x, y x, y, u x:=y

Sample Rules: compound programs • Sequential composition means sequential application: • Nondeterministic choice of any branch: 14.11.2014 TMPA-2014: Alias Calculus 10

Towards More Realistic Language • Acronym MoRe stays for More Realistic programming language. • It has two data types that are called addresses and integers with implicit type casting in2ad from integers to addresses. 14.11.2014 TMPA-2014: Alias Calculus 11

Addresses in MoRe • Address data type is any (finite or infinite) set of values ADR with constants denoted “0” and “1”, operations denoted “+” and “–” such that (ADR, 0, 1, +, –) is a commutative additive semi-group with decidable first-order theory TADR. 14.11.2014 TMPA-2014: Alias Calculus 12

Examples of Legal Address Types • Zm , the ring of residuals modulo any particular fixed positive m, • Presburger arithmetic, etc. 14.11.2014 TMPA-2014: Alias Calculus 13

Integers in MoRe • Integer data type in MoRe is any (finite or infinite) set of (mathematical) integers INT with standard constants 0 and 1, standard operations “+”, “–”, “*”, “/” and implicit computable surjective homomorphical type- casting function in2ad : (INT, 0, 1, +, –)  (ADR, 0, 1, +, –) . 14.11.2014 TMPA-2014: Alias Calculus 14

MoRe Syntax 14.11.2014 TMPA-2014: Alias Calculus 15

Structural Operational Semantics • MoRe SOS uses (memory) model consisting of two disjoint parts: a static memory (conventionally) called stack and dynamic memory (conventionally) called heap. 14.11.2014 TMPA-2014: Alias Calculus 16

Structural Operational Semantics • State is a pair of mappings s=(st, hp) where • state of the stack st: V  INT is a partial mapping (with finite domain) from variables V to integers INT (understood as their values), • state of the heap hp: ADR  INT i.e. a partial mapping with finite domain from addresses ADR to integers INT (understood as referenced values). 14.11.2014 TMPA-2014: Alias Calculus 17

Structural Operational Semantics • MoRe SOS is axiomatic system for triples s s where s is a state, s is a state or an exception abort, and  is a program. • Intuition behind this triple follows: program converts input state into output state (that may be exception). 14.11.2014 TMPA-2014: Alias Calculus 18

Structural Operational Semantics • SOS inference rules are syntax-driven and have the following form: 14.11.2014 TMPA-2014: Alias Calculus 19

Sample SOS Rule: static array in dynamic memory • If –xdom(st), –addresses in2ad(l), … in2ad(l+k) are disjoint, –in2ad(l), … in2ad(l+k)dom(hp) then 14.11.2014 TMPA-2014: Alias Calculus 20

Alias Calculus for MoRe • A configuration is a quadruple Cnf=(I, A, S) consisting of –a sets of address variables, –a set of address expressions , –a finite set S of pairs of synonyms and antonyms (with variables in I) that has a solution as a system of equalities and inequalities in (ADR, 0, 1, +, –), i.e. that is consistent with theory TADR . 14.11.2014 TMPA-2014: Alias Calculus 21

Alias Calculus for MoRe • Informally speaking in Cnf=(I, A, S) –the set I is for initialized address variables, –the set A is for address expressions that points onto allocated memory, –the set S is a system of equations and inequalities to specify what expressions may be aliases and what can’t be. 14.11.2014 TMPA-2014: Alias Calculus 22

Sample Rule of Alias Calculus: assignment • Let Cnfx:=t be (Ix:=t , Ax:=t , Sx:=t ) where 14.11.2014 TMPA-2014: Alias Calculus 23

Main Result • The alias calculus for programming language MoRe is safe in the following sense: • Theorem: Let D be any alias distribution,  be any MoRe-program and s=(st, hp) be any state such that st╞D; if s=(st,hp) is a state such that s<>s then st╞aft(D,). 14.11.2014 TMPA-2014: Alias Calculus 24

Conclusion • Equation based alias calculus for a model programming language with dynamic memory and decidable address arithmetic was developed. • The calculus can be used for control-flow insensitive safe alias analysis of MoRe programs but for practical applications the language must be much more realistic. 14.11.2014 TMPA-2014: Alias Calculus 25

14.11.2014 TMPA-2014: Alias Calculus 26 Thank You For Your Attention! Questions?