54 research outputs found

    Operational and Goal-Independent Denotational Semantics for Prolog with Cut

    Get PDF
    In this paper we propose an operational and a denotational semantics for Prolog. We deal with the control rules of Prolog and the cut operator. Our denotational semantics provides a goal--independent semantics. This means that the behaviour of a goal in a program is defined as the evaluation of the goal in the denotation (semantics) of the program. We show how our denotational semantics can be specialised into a computed answer semantics and into a call pattern semantics. Our work provides a basis for a precise abstract interpretation of Prolog programs

    Inferring Complete Initialization of Arrays

    Get PDF
    We define an automaton-based abstract interpretation of a trace semantics which identifies loops that definitely initialize all elements of an array to values satisfying a given property, a useful piece of information for the static analysis of Java-like languages. This results in a completely automatic and efficient analysis, that does not use manual code annotations. We give a formal proof of correctness that considers aspects such as side-effects of method calls. We show how the identification of those loops can be lifted to global invariants about the contents of elements of fields of array type, that hold everywhere in the code where those elements are accessed. This makes our work more significant and useful for the static analysis of real programs. The implementation of our analysis inside the Julia analyzer is both efficient and precise

    Field-sensitive unreachability and non-cyclicity analysis

    Get PDF
    Field-sensitive static analyses of object-oriented code use approximations of the computational states where fields are taken into account, for better precision. This article presents a novel and sound definite analysis of Java bytecode that approximates two strictly related properties: field-sensitive unreachability between program variables and field-sensitive non-cyclicity of program variables. The latter exploits the former for better precision. We build a data-flow analysis based on constraint graphs, whose nodes are program points and whose arcs propagate information according to the semantics of each bytecode instruction. We follow abstract interpretation both to approximate the concrete semantics and to prove our results formally correct. Our analysis has been designed with the goal of improving client analyses such as termination analysis, asserting the non-cyclicity of variables with respect to specific fields

    Class Analysis of Object-Oriented Programs through Abstract Interpretation

    Get PDF
    We use abstract interpretation to define a uniform formalism for presenting and comparing class analyses for object-oriented languages. We consider three domains for class analysis derived from three techniques present in the literature, viz., rapid type analysis, a simple dataflow analysis and constraint-based 0-CFA analysis. We obtain three static analyses which are provably correct and whose abstract operations are provably optimal. Moreover, we prove that our formalisation of the 0-CFA analysis is more precise than that of the dataflow analysis

    The Julia Static Analyzer for Java

    Get PDF
    The Julia static analyzer applies abstract interpretation to the analysis and verification of Java bytecode. It is the result of 13 years of engineering effort based on theoretical research on denotational and constraint-based static analysis through abstract interpretation. Julia is a library for static analysis, over which many checkers have been built , that verify the absence of a large set of typical errors of software: among them are null-pointer accesses, non-termination, wrong synchronization and injection threats to security. This article recaps the history of Julia, describes the technology under the hood of the tool, reports lessons learned from the market, current limitations and future work

    Nullness Analysis in Boolean Form

    Get PDF
    Attempts to dereference nil result in anexception or a segmentation fault. Hence itis importantto know those program points where this might occur and provethe others (or the entire program) safe.Nullness analysis of computer programs checks or infers non-nil annotationsfor variables and object fields. Most nullnessanalyses currently use run-time checks or are incorrect or only verifymanual annotations. We use here abstract interpretationto build and prove correct a static nullness analysis for Javabytecode which infers non-nil annotations. It isbased on Boolean formulas, implemented with binary decisiondiagrams. Our experiments show it faster and more precise than the correctnullness analysis by Hubert, Jensen and Pichardie.We deal with static fields and exceptions, which isnot the case of most other analyses. We claim that the result istheoretically clean and the implementation strong and scalable

    Information Flow is Linear Refinement of Constancy

    Get PDF
    Detecting information flows inside a program is useful to check non-interference of program variables, an important aspect of software security. Information flows have been computed in the past by using abstract interpretation over an abstract domain IF which expresses sets of flows. In this paper we reconstruct IF as the linear refinement C->C of a basic domain C expressing constancy of program variables. This is important since we also show that C->C, and hence IF, is closed wrt linear refinement, and is hence optimal and condensing. Then a compositional, input-independent static analysis over IF has the same precision of a non-compositional, input-driven analysis. Moreover, we show that C->C has a natural representation in terms of Boolean formulas, efficiently implementable through binary decision diagrams

    Optimality and Condensing of Information Flow through Linear Refinement

    Get PDF
    Detecting information flows inside a program is useful to check non-interference or independence of program variables, an important aspect of software security. In this paper we present a new abstract domain C expressing constancy of program variables. We then apply Giacobazzi and Scozzari's linear refinement to build a domain C->C which contains all input/output dependences between the constancy of program variables. We show that C->C is optimal, in the sense that it cannot be further linearly refined, andcondensing, in the sense that a compositional, input-independent static analysis over C->C has the same precision as a non-compositional, input-driven analysis. Moreover, we show that C->C has a natural representation in terms of Boolean formulas, which is important since it allows one to use the efficient binary decision diagrams in its implementation. We then prove that C-.C coincides with Genaim, Giacobazzi andMastroeni's IF domain for information flows and with Amtoft and Banerjee's Indep domain for independence. This lets us extend to IF and Indep the properties that we proved for C->C: optimality, condensing and representation in terms of Boolean formulas. As a secondary result, it lets us conclude that IF and Indep are actually the same abstract domain, although completely different static analyses have been based on them

    Cybersecurity Impacts of the Covid-19 Pandemic in Italy

    Get PDF
    The Covid-19 pandemic has pushed companies to the extensive use of digital services, to implement home working and provide online services to people in lockdown. As a consequence, it is interesting to study how this has affected the number, kind and distribution of cybersecurity attacks. This paper gives an empirical evaluation of the cybersecurity attacks at the beginning of the Covid-19 pandemic in Italy, based on data collected from the questionnaires of the annual Digital Attacks Observatory. It shows that the overall number of attacks has not increased, but attacks have affected smaller companies than before. This can be explained with the fact that the Italian industrial scenario is mostly populated by small and medium enterprises, that have been obliged to a quick reconversion of their IT systems and typically lack the necessary cybersecurity culture

    Automaton-Based Array Initialization Analysis

    Get PDF
    We define an automaton-based abstract interpretation of atrace semantics which identifies loops that definitely initialize all theelements of an array, a useful piece of information for the static analysis ofimperative languages. This results in a fully automatic and fast analysis, that does not use manual code annotations. Its implementation inside the Julia analyzer is efficient and precise
    • …
    corecore