Checking and inferring local non-aliasing

In prior work [15] we studied a language construct <tt>restrict</tt> that allows programmers to specify that certain pointers are not aliased to other pointers used within a lexical scope. Among other applications, programming with these constructs helps program analysis tools locally recover strong updates, which can improve the tracking of state in flow-sensitive analyses. In this paper we continue the study of <tt>restrict</tt> and introduce the construct <tt>confine</tt>. We present a type and effect system for checking the correctness of these annotations, and we develop efficient constraint-based algorithms implementing these type checking systems. To make it easier to use <tt>restrict</tt> and <tt>confine</tt> in practice, we show how to automatically infer such annotations without programmer assistance. In experiments on locking in 589 Linux device drivers, <tt>confine</tt> inference can automatically recover strong updates to eliminate 95% of the type errors resulting from weak updates.

[1]  John Hogg,et al.  Islands: aliasing protection in object-oriented languages , 1991, OOPSLA '91.

[2]  Mads Tofte,et al.  Implementation of the typed call-by-value λ-calculus using a stack of regions , 1994, POPL '94.

[3]  Olivier Tardieu,et al.  Ultra-fast aliasing analysis using CLA: a million lines of C code in a second , 2001, PLDI '01.

[4]  Jeffrey S. Foster,et al.  Type qualifiers: lightweight specifications to improve software quality , 2002 .

[5]  Cristiano Calcagno Stratified operational semantics for safety and correctness of the region calculus , 2001, POPL '01.

[6]  Jeffrey S. Foster,et al.  Checking Programmer-Specified Non-Aliasing , 2001 .

[7]  Donglin Liang,et al.  Efficient Computation of Parameterized Pointer Information for Interprocedural Analyses , 2001, SAS.

[8]  David Walker,et al.  Alias Types , 2000, ESOP.

[9]  Jan Vitek,et al.  Confined types , 1999, OOPSLA '99.

[10]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[11]  Naftaly H. Minsky Towards Alias-Free Pointers , 1996, ECOOP.

[12]  Andrew W. Appel,et al.  Type-preserving garbage collectors , 2001, POPL '01.

[13]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[14]  John Tang Boyland,et al.  Alias burying: Unique variables without destructive reads , 2001, Softw. Pract. Exp..

[15]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[16]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[17]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[18]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[19]  John Hogg Islands: aliasing protection in object-oriented languages , 1991, OOPSLA 1991.

[20]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[21]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[22]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[23]  Manuvir Das,et al.  Unification-based pointer analysis with directional assignments , 2000, PLDI '00.

[24]  Dawson R. Engler,et al.  A system and language for building system-specific, static analyses , 2002, PLDI '02.

[25]  David K. Gifford,et al.  Polymorphic effect systems , 1988, POPL '88.

[26]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[27]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[28]  Jakob Rehof,et al.  Type-base flow analysis: from polymorphic subtyping to CFL-reachability , 2001, POPL '01.