CSE271

CSE271: Principles of Programming Languages

Null-Pointer Analysis

Jooyong Yi (UNIST)

2024 Fall
CSE271

Question

p = alloc();
q = &p;
n = null;
*q = n; // safe?
*p = n; // safe?
2024 Fall
CSE271
p = alloc();
  • Can p be null?
2024 Fall
CSE271
p = alloc();

  • Can p be null?

    • No.

  • A(p = alloc()) = update(σ, {p ≠ null})

    • σ: the program state when p = alloc() is executed
2024 Fall
CSE271
p = alloc();

  • Can p be null?

    • No.

  • A(p = alloc()) = update(σ, {p ≠ null})

    • ρ(p) = 𝑙, σ(𝑙) ≠ null
2024 Fall
CSE271
p = alloc();

  • Can p be null?

    • No.

  • A(p = alloc()) = update(σ, {p ≠ null})

    • ρ(p) = 𝑙, σ(𝑙) ≠ null

  • A(p = alloc()) = update(σ, {p ↦ NotNull})

2024 Fall
CSE271
p = alloc(); // 𝑙₁ ∈ pts(p)

  • Can p be null?

    • No.

  • A(p = alloc()) = update(σ, {p ≠ null})

    • ρ(p) = 𝑙, σ(𝑙) ≠ null

  • A(p = alloc()) = update(σ, {p ↦ NotNull, 𝑙₁ ↦ ?})

2024 Fall
CSE271
p = alloc(); // 𝑙₁ ∈ pts(p)

  • Can p be null?

    • No.

  • A(p = alloc()) = update(σ, {p ≠ null})

    • ρ(p) = 𝑙, σ(𝑙) ≠ null

  • A(p = alloc()) = update(σ, {p ↦ NotNull, 𝑙₁ ↦ Nullable})

2024 Fall
CSE271
             σ₀ = ∅
p = alloc();  
             σ₁ = update(∅, {p ↦ NotNull, 𝑙₁ ↦ Nullable})
                = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;
n = null;
*q = n; // safe?
*p = n; // safe?
2024 Fall
CSE271
  • A(q = &p) = ?
2024 Fall
CSE271
  • A(q = &p) = update(σ, {q ↦ NotNull})
2024 Fall
CSE271
              σ₀ = ∅
p = alloc();  
              σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;
              σ₂ = update({p ↦ NotNull, 𝑙₁ ↦ Nullable}, {q ↦ NotNull}) 
                 = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
n = null;
*q = n; // safe?
*p = n; // safe?
2024 Fall
CSE271
  • A(n = null) = ?
2024 Fall
CSE271
  • A(n = null) = update(σ, {n ↦ Nullable})
2024 Fall
CSE271
              σ₀ = ∅
p = alloc();  
              σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;
              σ₂ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
n = null;
              σ₃ = update({p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}, {n ↦ Nullable}) 
                 = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
*q = n; // safe?
*p = n; // safe?
2024 Fall
CSE271
  • A(*q = n) = ?
2024 Fall
CSE271
  • Suppose pts(q) = {𝑙}
  • A(*q = n) = ?
2024 Fall
CSE271
  • Suppose pts(q) = {𝑙}
  • A(*q = n) = update(σ, {𝑙 ↦ σ(n)})
2024 Fall
CSE271
  • Suppose pts(q) = {𝑙₁, 𝑙₂}
  • A(*q = n) = update(σ, {𝑙₁ ↦ ?, 𝑙₂ ↦ ?})
2024 Fall
CSE271
  • Suppose pts(q) = {𝑙₁, 𝑙₂}
  • Suppose σ(𝑙₁) = Nullable, σ(𝑙₂) = NotNull, σ(n) = NotNull
  • A(*q = n) = update(σ, {𝑙₁ ↦ ?, 𝑙₂ ↦ ?})
2024 Fall
CSE271
  • Suppose pts(q) = {𝑙₁, 𝑙₂}
  • Suppose σ(𝑙₁) = Nullable, σ(𝑙₂) = NotNull, σ(n) = NotNull
  • A(*q = n) = update(σ, {𝑙₁ ↦ Nullable, 𝑙₂ ↦ NotNull})
2024 Fall
CSE271
  • Suppose pts(q) = {𝑙₁, 𝑙₂}
  • Suppose σ(𝑙₁) = Nullable, σ(𝑙₂) = NotNull, σ(n) = NotNull
  • A(*q = n) = update(σ, {𝑙₁ ↦ σ(𝑙₁) ⊔ σ(n), 𝑙₂ ↦ σ(𝑙₂) ⊔ σ(n)})
    Nullable
       |
    NotNull
2024 Fall
CSE271
  • A(*q = n) = update(σ, {𝑙 ↦ σ(𝑙) ⊔ σ(n)})
2024 Fall
CSE271
              σ₀ = ∅
p = alloc();  
              σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;
              σ₂ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
n = null;
              σ₃ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
*q = n;       σ₄ = update({p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}, {p ↦ NotNull ⊔ Nullable})
                 = {p ↦ Nullable, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
*p = n;
  • Andersen’s points-to analysis results
    • pts(p) = {𝑙₁}
    • pts(q) = {p}
    • pts(n) = ∅
2024 Fall
CSE271
              σ₀ = ∅
p = alloc();  
              σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;
              σ₂ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
n = null;
              σ₃ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
*q = n;       σ₄ = {p ↦ Nullable, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
*p = n;       σ₅ = update({p ↦ Nullable, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}, {𝑙₁ ↦ Nullable ⊔ Nullable})
                 = {p ↦ Nullable, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable, 𝑙₁ ↦ Nullable}
  • Andersen’s points-to analysis results
    • pts(p) = {𝑙₁}
    • pts(q) = {p}
    • pts(n) = ∅
2024 Fall
CSE271
  • A(p = alloc()) = update(σ, {p ↦ NotNull})
  • A(q = &p) = update(σ, {q ↦ NotNull})
  • A(n = null) = update(σ, {n ↦ Nullable})
  • A(*q = n) = update(σ, {𝑙 ↦ σ(𝑙) ⊔ σ(n)})
  • A(p = *q) = update(σ, {p ↦ σ(𝑙)})
2024 Fall
CSE271

Question #2

p = alloc();    // σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;         // σ₂ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
if (x > y) 
  n = null;     // σ₃ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
else
  n = alloc();  // σ₄ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ NotNull, 𝑙₂ ↦ Nullable}
*q = n;         // σ₅(n) = ?  
*p = n;
  • Andersen’s points-to analysis results
    • pts(p) = {𝑙₁}
    • pts(q) = {p}
    • pts(n) = {𝑙₂}
2024 Fall
CSE271

Question #2

p = alloc();    // σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;         // σ₂ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
if (x > y) 
  n = null;     // σ₃ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
else
  n = alloc();  // σ₄ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ NotNull, 𝑙₂ ↦ Nullable}
*q = n;         // σ₅(n) = σ₃(n) ⊔ σ₄(n) = Nullable ⊔ NotNull = Nullable   
*p = n;
2024 Fall
CSE271

Question #2

p = alloc();    // σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;         // σ₂ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
if (x > y) 
  n = null;     // σ₃ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
else
  n = alloc();  // σ₄ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ NotNull, 𝑙₂ ↦ Nullable}
*q = n;         // σ₅ = σ₃ ⊔ σ₄
*p = n;
2024 Fall
CSE271

Question #2

p = alloc();    // σ₁ = {p ↦ NotNull, 𝑙₁ ↦ Nullable}
q = &p;         // σ₂ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull}
if (x > y) 
  n = null;     // σ₃ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ Nullable}
else
  n = alloc();  // σ₄ = {p ↦ NotNull, 𝑙₁ ↦ Nullable, q ↦ NotNull, n ↦ NotNull, 𝑙₂ ↦ Nullable}
*q = n;         // σ₅ = σ₃ ⊔ σ₄
*p = n;
  • A(*q = n) = update(σ, {𝑙 ↦ σ(𝑙) ⊔ σ(n)})
    • σ = σ
2024 Fall
CSE271
  • A(p = alloc()) = update(σ, {p ↦ NotNull})
  • A(q = &p) = update(σ, {q ↦ NotNull})
  • A(n = null) = update(σ, {n ↦ Nullable})
  • A(*q = n) = update(σ, {𝑙 ↦ σ(𝑙) ⊔ σ(n)})
  • A(p = *q) = update(σ, {p ↦ σ(𝑙)})
2024 Fall