273 research outputs found
General Declarative Must-Alias Analysis
Οι περισσότερες δημοσιευμένες αναλύσεις για δείκτες είναι ίσως-αναλύσεις: δηλαδή
υπερεκτιμούν τη σχέση συνωνυμίας δεικτών ή τη σχέση “δείχνει-σε”. Οι αναλύσεις
σίγουρης-συνωνυμίας δεικτών έχουν μελετηθεί λιγότερο αλλά προσφέρουν ελκυστικά
πλεονεκτήματα, για τη βελτιστοποίηση και την κατανόηση των προγραμμάτων. Σε
αυτήν
την εργασία δίνουμε ένα δηλωτικό μοντέλο για μια πλούσια οικογένεια αναλύσεων
σίγουρης-συνωνυμίας δεικτών. Αν και υπάρχουν ήδη στη βιβλιογραφία φορμαλισμοί
ανλύσεων σίγουρης-συνωνυμίας, δίνουμε έμφαση στη μοντελοποίηση και την ανάδειξη
των κύριων σημείων όπου ένας αλγόριθμος μπορεί να προσαρμόσει την ισορροπία
μεταξύ της συλλογής πληροφορίας και της απόδοσης της ανάλυσης. Επιπλέον,
δείχνουμε
ότι το μοντέλο μας μπορεί εύκολα να επεκταθεί για να συμπεριλάβει μια ανάλυση
για
τη σχέση “σίγουρα-δείχνει-σε”. Το μοντέλο μας είναι εκτελέσιμο, στη γλώσσα
Datalog,
και αποτελεί τη βάση για μια ολοκληρωμένη ανάλυση σίγουρης-συνωνυμίας δεικτών
για
κώδικα σε μορφή Java bytecode. Εξετάζουμε σε βάθος πώς μπορεί να
παραμετροποιηθεί
η ανάλυση και ποσοτικοποιούμε την επίδραση των σχεδιαστικών αποφάσεών σε μεγάλα
δοκιμαστικά προγράμματα Java.Most published pointer analysis algorithms are may-analyses: they
over-approximate
aliasing or points-to relations. Must-alias analyses are more rarely studied
but offer at-
tractive benefits, for optimization and program understanding. In this thesis
we give a
declarative model of a rich family of must-alias analyses. Although other
specifications of
must-alias algorithms exist in the literature, our emphasis is on modeling and
exposing
the key points where the algorithm can adjust its inference power vs.
scalability trade-
off. Furthermore, we show that our model can be easily extended to also
incorporate a
must-point-to analysis. Our model is executable, in the Datalog language, and
forms the
basis for a full-fledged must-alias analysis of Java bytecode. We discuss
insights on con-
figuring a must-alias analysis and quantify the impact of design decisions on
large Java
benchmarks
On abstraction refinement for program analyses in Datalog
A central task for a program analysis concerns how to efficiently find a program abstraction that keeps only information relevant for proving properties of interest. We present a new approach for finding such abstractions for program analyses written in Datalog. Our approach is based on counterexample-guided abstraction refinement: when a Datalog analysis run fails using an abstraction, it seeks to generalize the cause of the failure to other abstractions, and pick a new abstraction that avoids a similar failure. Our solution uses a boolean satisfiability formulation that is general, complete, and optimal: it is independent of the Datalog solver, it generalizes the failure of an abstraction to as many other abstractions as possible, and it identifies the cheapest refined abstraction to try next. We show the performance of our approach on a pointer analysis and a typestate analysis, on eight real-world Java benchmark programs
A Context-Oriented Extension of F#
Context-Oriented programming languages provide us with primitive constructs
to adapt program behaviour depending on the evolution of their operational
environment, namely the context. In previous work we proposed ML_CoDa, a
context-oriented language with two-components: a declarative constituent for
programming the context and a functional one for computing. This paper
describes the implementation of ML_CoDa as an extension of F#.Comment: In Proceedings FOCLASA 2015, arXiv:1512.0694
On the Practice and Application of Context-Free Language Reachability
The Context-Free Language Reachability (CFL-R) formalism relates to some of the most important computational problems facing researchers and industry practitioners. CFL-R is a generalisation of graph reachability and language recognition, such that pairs in a labelled graph are reachable if and only if there is a path between them whose labels, joined together in the order they were encountered, spell a word in a given context-free language. The formalism finds particular use as a vehicle for phrasing and reasoning about program analysis, since complex relationships within the data, logic or structure of computer programs are easily expressed and discovered in CFL-R. Unfortunately, The potential of CFL-R can not be met by state of the art solvers. Current algorithms have scalability and expressibility issues that prevent them from being used on large graph instances or complex grammars. This work outlines our efforts in understanding the practical concerns surrounding CFL-R, and applying this knowledge to improve the performance of CFL-R applications. We examine the major difficulties with solving CFL-R-based analyses at-scale, via a case-study of points-to analysis as a CFL-R problem. Points-to analysis is fundamentally important to many modern research and industry efforts, and is relevant to optimisation, bug-checking and security technologies. Our understanding of the scalability challenge motivates work in developing practical CFL-R techniques. We present improved evaluation algorithms and declarative optimisation techniques for CFL-R, capitalising on the simplicity of CFL-R to creating fully automatic methodologies. The culmination of our work is a general-purpose and high-performance tool called Cauliflower, a solver-generator for CFL-R problems. We describe Cauliflower and evaluate its performance experimentally, showing significant improvement over alternative general techniques
Modular Verification of Interrupt-Driven Software
Interrupts have been widely used in safety-critical computer systems to
handle outside stimuli and interact with the hardware, but reasoning about
interrupt-driven software remains a difficult task. Although a number of static
verification techniques have been proposed for interrupt-driven software, they
often rely on constructing a monolithic verification model. Furthermore, they
do not precisely capture the complete execution semantics of interrupts such as
nested invocations of interrupt handlers. To overcome these limitations, we
propose an abstract interpretation framework for static verification of
interrupt-driven software that first analyzes each interrupt handler in
isolation as if it were a sequential program, and then propagates the result to
other interrupt handlers. This iterative process continues until results from
all interrupt handlers reach a fixed point. Since our method never constructs
the global model, it avoids the up-front blowup in model construction that
hampers existing, non-modular, verification techniques. We have evaluated our
method on 35 interrupt-driven applications with a total of 22,541 lines of
code. Our results show the method is able to quickly and more accurately
analyze the behavior of interrupts.Comment: preprint of the ASE 2017 pape
- …