273 research outputs found

    General Declarative Must-Alias Analysis

    Get PDF
    Οι περισσότερες δημοσιευμένες αναλύσεις για δείκτες είναι ίσως-αναλύσεις: δηλαδή υπερεκτιμούν τη σχέση συνωνυμίας δεικτών ή τη σχέση “δείχνει-σε”. Οι αναλύσεις σίγουρης-συνωνυμίας δεικτών έχουν μελετηθεί λιγότερο αλλά προσφέρουν ελκυστικά πλεονεκτήματα, για τη βελτιστοποίηση και την κατανόηση των προγραμμάτων. Σε αυτήν την εργασία δίνουμε ένα δηλωτικό μοντέλο για μια πλούσια οικογένεια αναλύσεων σίγουρης-συνωνυμίας δεικτών. Αν και υπάρχουν ήδη στη βιβλιογραφία φορμαλισμοί ανλύσεων σίγουρης-συνωνυμίας, δίνουμε έμφαση στη μοντελοποίηση και την ανάδειξη των κύριων σημείων όπου ένας αλγόριθμος μπορεί να προσαρμόσει την ισορροπία μεταξύ της συλλογής πληροφορίας και της απόδοσης της ανάλυσης. Επιπλέον, δείχνουμε ότι το μοντέλο μας μπορεί εύκολα να επεκταθεί για να συμπεριλάβει μια ανάλυση για τη σχέση “σίγουρα-δείχνει-σε”. Το μοντέλο μας είναι εκτελέσιμο, στη γλώσσα Datalog, και αποτελεί τη βάση για μια ολοκληρωμένη ανάλυση σίγουρης-συνωνυμίας δεικτών για κώδικα σε μορφή Java bytecode. Εξετάζουμε σε βάθος πώς μπορεί να παραμετροποιηθεί η ανάλυση και ποσοτικοποιούμε την επίδραση των σχεδιαστικών αποφάσεών σε μεγάλα δοκιμαστικά προγράμματα Java.Most published pointer analysis algorithms are may-analyses: they over-approximate aliasing or points-to relations. Must-alias analyses are more rarely studied but offer at- tractive benefits, for optimization and program understanding. In this thesis we give a declarative model of a rich family of must-alias analyses. Although other specifications of must-alias algorithms exist in the literature, our emphasis is on modeling and exposing the key points where the algorithm can adjust its inference power vs. scalability trade- off. Furthermore, we show that our model can be easily extended to also incorporate a must-point-to analysis. Our model is executable, in the Datalog language, and forms the basis for a full-fledged must-alias analysis of Java bytecode. We discuss insights on con- figuring a must-alias analysis and quantify the impact of design decisions on large Java benchmarks

    On abstraction refinement for program analyses in Datalog

    Get PDF
    A central task for a program analysis concerns how to efficiently find a program abstraction that keeps only information relevant for proving properties of interest. We present a new approach for finding such abstractions for program analyses written in Datalog. Our approach is based on counterexample-guided abstraction refinement: when a Datalog analysis run fails using an abstraction, it seeks to generalize the cause of the failure to other abstractions, and pick a new abstraction that avoids a similar failure. Our solution uses a boolean satisfiability formulation that is general, complete, and optimal: it is independent of the Datalog solver, it generalizes the failure of an abstraction to as many other abstractions as possible, and it identifies the cheapest refined abstraction to try next. We show the performance of our approach on a pointer analysis and a typestate analysis, on eight real-world Java benchmark programs

    A Context-Oriented Extension of F#

    Get PDF
    Context-Oriented programming languages provide us with primitive constructs to adapt program behaviour depending on the evolution of their operational environment, namely the context. In previous work we proposed ML_CoDa, a context-oriented language with two-components: a declarative constituent for programming the context and a functional one for computing. This paper describes the implementation of ML_CoDa as an extension of F#.Comment: In Proceedings FOCLASA 2015, arXiv:1512.0694

    On the Practice and Application of Context-Free Language Reachability

    Get PDF
    The Context-Free Language Reachability (CFL-R) formalism relates to some of the most important computational problems facing researchers and industry practitioners. CFL-R is a generalisation of graph reachability and language recognition, such that pairs in a labelled graph are reachable if and only if there is a path between them whose labels, joined together in the order they were encountered, spell a word in a given context-free language. The formalism finds particular use as a vehicle for phrasing and reasoning about program analysis, since complex relationships within the data, logic or structure of computer programs are easily expressed and discovered in CFL-R. Unfortunately, The potential of CFL-R can not be met by state of the art solvers. Current algorithms have scalability and expressibility issues that prevent them from being used on large graph instances or complex grammars. This work outlines our efforts in understanding the practical concerns surrounding CFL-R, and applying this knowledge to improve the performance of CFL-R applications. We examine the major difficulties with solving CFL-R-based analyses at-scale, via a case-study of points-to analysis as a CFL-R problem. Points-to analysis is fundamentally important to many modern research and industry efforts, and is relevant to optimisation, bug-checking and security technologies. Our understanding of the scalability challenge motivates work in developing practical CFL-R techniques. We present improved evaluation algorithms and declarative optimisation techniques for CFL-R, capitalising on the simplicity of CFL-R to creating fully automatic methodologies. The culmination of our work is a general-purpose and high-performance tool called Cauliflower, a solver-generator for CFL-R problems. We describe Cauliflower and evaluate its performance experimentally, showing significant improvement over alternative general techniques

    Modular Verification of Interrupt-Driven Software

    Full text link
    Interrupts have been widely used in safety-critical computer systems to handle outside stimuli and interact with the hardware, but reasoning about interrupt-driven software remains a difficult task. Although a number of static verification techniques have been proposed for interrupt-driven software, they often rely on constructing a monolithic verification model. Furthermore, they do not precisely capture the complete execution semantics of interrupts such as nested invocations of interrupt handlers. To overcome these limitations, we propose an abstract interpretation framework for static verification of interrupt-driven software that first analyzes each interrupt handler in isolation as if it were a sequential program, and then propagates the result to other interrupt handlers. This iterative process continues until results from all interrupt handlers reach a fixed point. Since our method never constructs the global model, it avoids the up-front blowup in model construction that hampers existing, non-modular, verification techniques. We have evaluated our method on 35 interrupt-driven applications with a total of 22,541 lines of code. Our results show the method is able to quickly and more accurately analyze the behavior of interrupts.Comment: preprint of the ASE 2017 pape
    corecore