共查询到20条相似文献,搜索用时 0 毫秒
1.
We present two automatic program analyses. The first analysis checks if a given polynomial relation holds among the program variables whenever control reaches a given program point. It fully interprets assignment statements with polynomial expressions on the right-hand side and polynomial disequality guards. Other assignments are treated as non-deterministically assigning any value and guards that are not polynomial disequalities are ignored. The second analysis extends this checking procedure. It computes the set of all polynomial relations of an arbitrary given form that are valid at a given target program point. It is also complete up to the abstraction described above. 相似文献
2.
Escape analysis of object-oriented languages approximates the set of objects which do not escape from a given context. If we take a method as context, the non-escaping objects can be allocated on its activation stack;
if we take a thread, Java synchronisation locks on such objects are not needed. In this paper, we formalise a basic escape
domain
as an abstract interpretation of concrete states, which we then refine into an abstract domain
which is more concrete than
and, hence, leads to a more precise escape analysis than
. We provide optimality results for both
and
, in the form of Galois insertions from the concrete to the abstract domains and of optimal abstract operations. The Galois
insertion property is obtained by restricting the abstract domains to those elements which do not contain garbage, by using an abstract garbage collector. Our implementation of
is hence an implementation of a formally correct escape analyser, able to detect the stack allocatable creation points of
Java (bytecode) applications. 相似文献
3.
We introduce an abstract interpretation framework for Mobile Ambients, based on a new semantics called normal semantics. Then, we derive within this setting two analyses computing a safe approximation of the run-time topological structure of processes. Such a static information can be successfully used to establish interesting security properties. 相似文献
4.
Proof-carrying code (PCC) is a technique for downloading mobile code on a host machine while ensuring that the code adheres to the host's safety policy. We show how certified abstract interpretation can be used to build a PCC architecture where the code producer can produce program certificates automatically. Code consumers use proof checkers derived from certified analysers to check certificates. Proof checkers carry their own correctness proofs and accepting a new proof checker amounts to type checking the checker in Coq. Certificates take the form of strategies for reconstructing a fixpoint and are kept small due to a technique for fixpoint compression. The PCC architecture has been implemented and evaluated experimentally on a byte code language for which we have designed an interval analysis that allows to generate certificates ascertaining that no array-out-of-bounds accesses will occur. 相似文献
5.
The Trapezoid Step Functions (TSF) domain is introduced in order to approximate continuous functions by a finite sequence of trapezoids, adopting linear functions to abstract the upper and the lower bounds of a continuous variable in each time slot. The lattice structure of TSF is studied, showing how to build and compute a sound abstraction of a given continuous function. Experimental results underline the effectiveness of the approach in terms of both precision and efficiency with respect to the domain of Interval Valued Step Functions (IVSF). 相似文献
6.
Nicoletta De Francesco Luca Martini 《International Journal of Information Security》2007,6(2-3):85-106
We present a method based on abstract interpretation to check secure information flow in programs with dynamic structures
where input and output channels are associated with security levels. In the concrete operational semantics each value is annotated
by a security level dynamically taking into account both the explicit and the implicit information flows. We define a collecting
semantics which associates with each program point the set of concrete states of the machine when the point is reached. The
abstract domains are obtained from the concrete ones by keeping the security levels and forgetting the actual values. Using
this framework, we define an abstract semantics, called instruction-level security typing, that allows us to certify a larger
set of programs with respect to the typing approaches to check secure information flow. An efficient implementation is shown,
operating a fixpoint iteration similar to that of the Java bytecode verification.
This work was partially supported by the Italian COFIN 2004 project “AIDA: Abstract Interpretation Design and Application”. 相似文献
7.
A strength of model checking is its ability to automate the detection of subtle system errors and produce traces that exhibit those errors. Given the high-computational cost of model checking most researchers advocate the use of aggressive property-preserving abstractions. Unfortunately, the more aggressively a system is abstracted the more infeasible behavior it will have. Thus, while abstraction enables efficient model checking it also threatens the usefulness of model checking as a defect detection tool, since it may be difficult to determine whether a counter-example is feasible and hence worth developer time to analyze.We have explored several strategies for addressing this problem by extending an explicit-state model checker, Java PathFinder (JPF), to search for and analyze counter-examples in the presence of abstractions. We demonstrate that these techniques effectively preserve the defect detection ability of model checking in the presence of aggressive abstraction by applying them to check properties of several abstracted multi-threaded Java programs. These new capabilities are not specific to JPF and can be easily adapted to other model checking frameworks; we describe how this was done for the Bandera toolset. 相似文献
8.
The octagon abstract domain 总被引:2,自引:0,他引:2
Antoine Miné 《Higher-Order and Symbolic Computation》2006,19(1):31-100
This article presents the octagon abstract domain, a relational numerical abstract domain for static analysis by abstract interpretation. It allows representing conjunctions
of constraints of the form ± X ± Y ≤ c where X and Y range among program variables and c is a constant in ℤ, ℚ, or ℝ automatically inferred. Abstract elements are represented using modified Difference Bound Matrices
and we use a normalization algorithm loosely based on the shortest-path closure to compute canonical representations and construct
best-precision abstract transfer functions. We achieve a quadratic memory cost per abstract element and a cubic worst-case
time cost per abstract operation, with respect to the number of program variables.
In terms of cost and precision, our domain is in between the well-known fast but imprecise interval domain and the costly
polyhedron domain. We show that it is precise enough to treat interesting examples requiring relational invariants, and hence, out of the reach of the interval domain. We also present a packing strategy that allows scaling our domain up to large programs by tuning the amount of relationality. The octagon domain was
incorporated into the ASTRéE industrial-strength static analyzer and was key in proving the absence of run-time errors in large critical embedded flight
control software for Airbus planes.
This paper is the journal version of an earlier conference paper [44] sharing this title. However, the present version, extracted
from the author’s PhD [46] is extended in many ways and enriched with new experimental results.
Partially supported by the exploratory project ASTRéE of the Réseau National de recherche et d’innovation en Technologies Logicielles (RNTL). 相似文献
9.
This paper describes a toolkit that assists in the task of generating abstract approximations of process algebraic specifications
written in the language μCRL. Abstractions are represented by Modal Labelled Transition Systems, which are mixed transition systems with may and must modalities. The approach permits to infer the satisfaction or refutation of safety and liveness properties expressed in the (action-based) μ-calculus. The tool supports the abstraction of states and action labels, which
allows to deal with infinitely branching systems. 相似文献
10.
Acceleration methods are commonly used for computing precisely the effects of loops in the reachability analysis of counter machine models. Applying these methods on synchronous data-flow programs, e.g. Lustre programs, requires to deal with the non-deterministic transformations due to numerical input variables. In this article, we address this problem by extending the concept of abstract acceleration of Gonnord et al. to numerical input variables. Moreover, we describe the dual analysis for co-reachability. We compare our method with some alternative techniques based on abstract interpretation pointing out its advantages and limitations. At last, we give some experimental results. 相似文献
11.
We introduce Pentagons (), a weakly relational numerical abstract domain useful for the validation of array accesses in byte-code and intermediate languages (IL). This abstract domain captures properties of the form of . It is more precise than the well known Interval domain, but it is less precise than the Octagon domain.The goal of is to be a lightweight numerical domain useful for adaptive static analysis, where is used to quickly prove the safety of most array accesses, restricting the use of more precise (but also more expensive) domains to only a small fraction of the code.We implemented the abstract domain in , a generic abstract interpreter for.NET assemblies. Using it, we were able to validate 83% of array accesses in the core runtime library in a little bit more than 3 minutes. 相似文献
12.
We study abstract interpretations of a fixpoint protoderivation semantics defining the maximal derivations of a transitional semantics of context-free grammars akin to pushdown automata. The result is a hierarchy of bottom-up or top-down semantics refining the classical equational and derivational language semantics and including Knuth grammar problems, classical grammar flow analysis algorithms and parsing algorithms. 相似文献
13.
In Gori [An abstract interpretation framework to reason on finite failure and other properties of finite and infinite computations, Theoret. Comput. Sci. 290(1) (2003) 863-936] a new fixpoint semantics which correctly models finite failure has been defined. This semantics is And-compositional, compositional w.r.t. instantiation and is based on a co-continuous operator. Based on this fixpoint semantics a new inductive method able to verify a program w.r.t. the property of finite failure can be defined. In this paper we show how Ferrand's approach, using both a least fixpoint and greatest fixpoint semantics, can be adapted to finite failure. The verification method is not effective. Therefore, we consider an approximation from above and an approximation from below of our semantics, which give two different finite approximations. These approximations are used for effective program verification. 相似文献
14.
Bruno Blanchet 《Information Processing Letters》2005,95(5):473-479
We relate two models of security protocols, namely the linear logic or multiset rewriting model, and the classical logic, Horn clause representation of protocols. More specifically, we show that the latter model is an abstraction of the former, in which the number of repetitions of each fact is forgotten. This result formally characterizes the approximations made by the classical logic model. 相似文献
15.
In this article, we discuss the automatic inference of sufficient preconditions by abstract interpretation and sketch the construction of an under-approximating backward analysis. We focus on numeric properties of variables and revisit three classic numeric abstract domains: intervals, octagons, and polyhedra, with new under-approximating backward transfer functions, including the support for non-deterministic expressions, as well as lower widenings to handle loops. We show that effective under-approximation is possible natively in these domains without necessarily resorting to disjunctive completion nor domain complementation. Applications include the derivation of sufficient conditions for a program to never step outside an envelope of safe states, or dually to force it to eventually fail. We built a proof-of-concept prototype implementation and tried it on simple examples. Our construction and our implementation are very preliminary and mostly untried; our hope is to convince the reader that this constitutes a worthy avenue of research. 相似文献
16.
Vincent Englebert Baudouin Le Charlier Didier Roland Pascal Van Hentenryck 《Software》1993,23(4):419-459
The efficient implementation of generic abstract interpretation algorithms for Prolog is reconsidered after References 1 and 2. Two new optimization techniques are proposed and applied to the original algorithm of Reference 1: dependency on clause prefixes and caching of operations. The first improvement avoids re-evaluating a clause prefix when no abstract value which it depends on has been updated. The second improvement consists of caching all operations on substitutions and reusing the results whenever possible. The algorithm and the two optimization techniques have been implemented in C (about 8000 lines of code each), tested on a large number of Prolog programs, and compared with the original implementation on an abstract domain containing modes, types and sharing. In conjunction with refinements of the domain algorithms, they produce an average reduction of more than 58 per cent is computation time. Extensive experimental results on the programs are given, including computation times, memory consumption, hit ratios for the caches, the number of operations performed, and the time distribution. As a main result, the improved algorithms exhibit the same efficiency as the specific tools of References 3 and 4, despite the fact that our abstract domain is more sophisticated and accurate. The abstract operations also take 90 per cent of the computation time, indicating that the overhead of the control is very limited. Results on a simpler domain are also given and show that even extremely basic domains can benefit from the optimizations. The general-purpose character of the optimizations is also discussed. 相似文献
17.
We bridge the gap between compositional evaluators and abstract machines for the lambda-calculus, using closure conversion, transformation into continuation-passing style, and defunctionalization of continuations. This article is a followup of our article at PPDP 2003, where we consider call by name and call by value. Here, however, we consider call by need.We derive a lazy abstract machine from an ordinary call-by-need evaluator that threads a heap of updatable cells. In this resulting abstract machine, the continuation fragment for updating a heap cell naturally appears as an ‘update marker’, an implementation technique that was invented for the Three Instruction Machine and subsequently used to construct lazy variants of Krivine's abstract machine. Tuning the evaluator leads to other implementation techniques such as unboxed values. The correctness of the resulting abstract machines is a corollary of the correctness of the original evaluators and of the program transformations used in the derivation. 相似文献
18.
Linear relation analysis is a classical abstract interpretation based on an over-approximation of reachable numerical states of a program by convex polyhedra. Since it works with a lattice of infinite height, it makes use of a widening operator to enforce the convergence of fixed point computations. Abstract acceleration is a method that computes the precise abstract effect of loops wherever possible and uses widening in the general case. Thus, it improves both the precision and the efficiency of the analysis. This article gives a comprehensive tutorial on abstract acceleration: its origins in Presburger-based acceleration including new insights w.r.t. the linear accelerability of linear transformations, methods for simple and nested loops, recent extensions, tools and applications, and a detailed discussion of related methods and future perspectives. 相似文献
19.
Thomas Ball Andreas Podelski Sriram K. Rajamani 《International Journal on Software Tools for Technology Transfer (STTT)》2003,5(1):49-58
We show how to attack the problem of model checking a C program with recursive procedures using an abstraction that we formally define as the composition of the Boolean and the Cartesian abstractions. It is implemented through a source-to-source transformation into a Boolean C program; we give an algorithm to compute the transformation with a cost that is exponential in its theoretical worst-case complexity but feasible in practice. 相似文献