18 research outputs found
Recommended from our members
A Unified Model for Context-Sensitive Program Analyses: The Blind Men and the Elephant
Context-sensitive methods of program analysis increase the precision
of interprocedural analysis by achieving the effect of call inlining.
These methods have been defined using different formalisms and hence
appear as algorithms that are very different from each other. Some
methods traverse a call graph top-down whereas some others traverse
it bottom-up first and then top-down. Some define contexts explicitly
whereas some do not. Some of them directly compute data flow values
while some first compute summary functions and then use them to compute
data flow values. Further, different methods place different kinds
of restrictions on the data flow frameworks supported by them. As a
consequence, it is difficult to compare the ideas behind these methods
in spite of the fact that they solve essentially the same problem. We
argue that these incomparable views are similar to those of blind men
describing an
elephant called context sensitivity, and make it difficult for a
non-expert reader to form a coherent picture of context-sensitive data
flow analysis.
We bring out this whole-elephant view of context sensitivity in
program analysis by proposing a unified model of context sensitivity
which provides a clean separation between computation of contexts and
computation of data flow values.
Our model captures the essence of context sensitivity and
defines simple soundness
and precision criteria for context-sensitive methods.
It facilitates declarative
specifications of context-sensitive methods,
insightful comparisons between them,
and reasoning about their soundness and precision.
We demonstrate this by instantiating our model to
many known context-sensitive methods
Recommended from our members
Automatic static analysis of software performance
Performance is a critical component of software quality. Software performance can have drastic repercussions on an application, frustrating its users, breaking the functionality of its components, or even rendering it defenseless against hackers. Unfortunately, unlike in the program verification domain, robust analysis techniques for software performance are almost non-existent. In this thesis we formalize important classes of performance-related bugs and security vulnerabilities, and implement novel static analysis techniques for automatically detecting them in widely used open-source applications. Our tools are able to uncover 92 performance bugs and 47 security vulnerabilities, while analyzing hundreds of thousands of lines of code and reporting a modest amount of false positives. Our work opens a new avenue for research: the development of rigorous automatic analyses for effective software performance understanding, inspired by traditional research in functional verification.Computer Science
์ ์ ๋ถ์๊ธฐ ์ฌ์ฉ์ ํธ์์ฑ ์ฆ๋์ ๊ดํ ์ฐ๊ตฌ
ํ์๋
ผ๋ฌธ (๋ฐ์ฌ)-- ์์ธ๋ํ๊ต ๋ํ์ : ์ ๊ธฐยท์ปดํจํฐ๊ณตํ๋ถ, 2016. 2. ์ด๊ด๊ทผ.์ ์ ๋ถ์๊ธฐ์ ์ฌ์ฉ์๋ค์ด ํํ ๊ฒช๋ ์ธ ๊ฐ์ง ๋ฌธ์ ๋ค - ํ์ ๊ฒฝ๋ณด, ์งํ์ ๋ ์์ธก ๋ถ๊ฐ, ๋์ ํ๋ก๊ทธ๋จ์ ์ ์๊ถ ์นจํด ์ฐ๋ ค - ๊ฐ๊ฐ์ ๋ํ ํด๊ฒฐ์ฑ
๋ค์ ์ ์ํ๋ค. ์ฒซ ๋ฒ์งธ๋ก, ๋ถ์๊ธฐ๊ฐ ๋ฐ์์ํฌ ์ ์๋ ๋ค์์ ํ์ ๊ฒฝ๋ณด๋ค์ ๋ณด๋ค ์ฝ๊ฒ ๊ฑธ๋ฌ๋ผ ์ ์๋ ๋ฐฉ๋ฒ์ ์ ์ํ๋ค. ์ด ๊ธฐ์ ์ ๊ฐ์ ๋ฐ์ ์์ธ์ ๊ณต์ ํ๋ ๊ฒฝ๋ณด๋ค์ ๋ฌถ์ด, ๊ทธ ์ค ๋ํ ๊ฒฝ๋ณด๋ง์ ์ฌ์ฉ์์๊ฒ ์ ์ํจ์ผ๋ก์จ ์ฌ์ฉ์๊ฐ ํ์์ฌ๋ถ๋ฅผ ํ๋ณํด์ผ ํ๋ ๊ฒฝ๋ณด ์ซ์๋ฅผ ์ค์ธ๋ค. ๋์งธ๋ก, ๋ณต์กํ ํ๋ก๊ทธ๋จ๋ค์ ๋ํด์ ๋ถ์์ด ์ค๋ ๊ฑธ๋ฆผ์๋ ๋ถ๊ตฌํ๊ณ ์งํ์จ์ ์ ์ ์์๋ ๊ธฐ์กด ๋ฌธ์ ์ ๋ํ ํด๊ฒฐ์ฑ
์ ์ ์ํ๋ค. ๋ง์ง๋ง์ผ ๋ก, ์ํธํ๋ ๋์ ํ๋ก๊ทธ๋จ์ ๋ํด ๋ถ์์ ์ํํ ์ ์๋ ๋ฐฉ๋ฒ์ ์ ์ํจ์ผ๋ก์จ ๋ถ์ ์๋น์ค ์ฌ์ฉ์ ๋ฐ์ํ ์ ์๋ ์ ์๊ถ ์นจํด ๊ฐ๋ฅ์ฑ์ ์ฐจ๋จํ๋ ํด๊ฒฐ์ฑ
์ ์ ์ํ๋ค. ๋ณธ ๋
ผ๋ฌธ์์๋ ์์ ๊ธฐ์ ๋ค์ ์๋ฐํ ์ ์ํ๊ณ ๊ทธ ๊ธฐ์ ๋ค์ด ์ค์ C ํ๋ก ๊ทธ๋จ ๋ถ์์์ ์ฑ๊ณต์ ์ผ๋ก ์ ์ฉ๋ ์ ์์์ ์คํ์ ์ผ๋ก ๋ณด์ธ๋ค.As programs become larger and more complex, users of static analyzers
often encounter three usability issues. Firstly, static analyzers
often produce a large number of both true and false alarms that are
tedious to classify manually. Secondly, users cannot but wait long
time without any progress information during analysis. Lastly,
copy-right concerns over software sources hinder extensive uses of
static analyzers.
In this dissertation, we present our solutions to the three usability
issues. To reduce users' alarm-classification efforts, we propose a
sound method for clustering static analysis alarms. Our method
clusters alarms by discovering sound dependencies between them such
that if the dominant alarms of a cluster turns out to be false, all
the other alarms in the same cluster are guaranteed to be false. Once
clusters are found, users only need to investigate their dominant
alarms. Next, we present a progress indicator of static analyzers.
Our technique first combines a semantic-based pre-analysis and a
statistical method to approximate how a main analysis progresses in
terms of lattice height of the abstract domain. Then, we use this
information during the main analysis and estimate the analysis
current progress. Lastly, we present a static analysis of encrypted
programs to resolve users' copy-right concerns over software sources.
Users have purchased expensive commercial static analyzers or
outsource static analyses on their programs to analysis servers taking
the risk of loss of copy-right. Our method allows program owners to
encrypt and upload their programs to the static analysis service while
the service provider can still analyze the encrypted programs without
decrypting them.
We have implemented all the methods on top of a realistic static
analyzer for C programs and empirically proved that our methods
effectively improve the usability.Chapter 1 Overview 1
1.1 Problems 1
1.2 Solutions 3
1.3 Outline 4
Chapter 2 Preliminaries 6
2.1 Concepts 6
2.2 Static Analyses We Use 9
2.2.1 Interval Analysis 9
2.2.2 Octagon Analysis 12
2.2.3 Pointer Analysis 13
Chapter 3 Method 1. Sound Non-statistical Alarm Clustering 14
3.1 Introduction 14
3.1.1 Problem 14
3.1.2 OurSolution 15
3.1.3 Examples 15
3.1.4 Contributions 18
3.1.5 Outline 19
3.2 AlarmClusteringFramework 19
3.2.1 Static Analysis 19
3.2.2 AlarmClustering 19
3.3 Alarm-Clustering Algorithms 24
3.3.1 Algorithm 1: Finding Minimal Dominant Alarms 26
3.3.2 Algorithm 2: Non-Minimal but Efficient 30
3.4 Instances 32
3.4.1 Setting : Baseline Analyzer 34
3.4.2 Clustering using Interval Domain 34
3.4.3 Clustering using Octagon Domain 36
3.4.4 Clustering using Symbolic Execution 39
3.5 Experiments 41
Chapter 4 Method 2. A Progress Bar for Static Analyzers 47
4.1 Introduction 47
4.2 Overall Approach to Progress Estimation 48
4.2.1 Static Analysis 49
4.2.2 ProgressEstimation 49
4.3 Setting 52
4.4 Details on Our Progress Estimation 53
4.4.1 The Height Function 54
4.4.2 Pre-analysis via Partial Flow-Sensitivity 55
4.4.3 Precise Estimation of the Final Height 57
4.5 Experiments 59
4.5.1 Setting 60
4.5.2 Results 60
4.5.3 Discussion 62
4.6 Application to Relational Analyses 63
Chapter 5 Method 3. Static Analysis with Set-closure in Secrecy 65
5.1 Introduction 65
5.2 Background 67
5.2.1 Homomorphic Encryption 68
5.2.2 TheBGV-type crypto system 70
5.2.3 Security Model 71
5.3 A Basic Construction of a Pointer Analysis in Secrecy 71
5.3.1 A Brief Review of a Pointer Analysis 72
5.3.2 The Pointer Analysis in Secrecy 72
5.4 Improvement of the Pointer Analysis in Secrecy 76
5.4.1 Problems of the Basic Approach 76
5.4.2 Overview of Improvement 77
5.4.3 Level-by-levelAnalysis 77
5.4.4 Ciphertext Packing 80
5.4.5 Randomization of Ciphertexts 83
5.5 Experimental Result 83
5.6 Discussion 84
Chapter 6 Related Works 86
6.1 Sound Non-statistical Alarm Clustering 86
6.2 A Progress Bar for StaticAnalyzers 87
6.3 Static Analysis with Set-closure in Secrecy 88
Chapter 7 Conclusions 89
Chapter 8 Appendix 100
A Proofs of Theorems 100
B Progress Graph 107
C Algorithms for the Pointer Analysis in Secrecy 110
์ด ๋ก 113Docto
Computer Aided Verification
This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications
Late-bound code generation
Each time a function or method is invoked during the execution of a program, a stream of instructions is issued to some underlying hardware platform. But exactly what underlying hardware, and which instructions, is usually left implicit. However in certain situations it becomes important to control these decisions. For example, particular problems can only be solved in real-time when scheduled on specialised accelerators, such as graphics coprocessors or computing clusters.
We introduce a novel operator for hygienically reifying the behaviour of a runtime function instance as a syntactic fragment, in a language which may in general differ from the source function definition. Translation and optimisation are performed by recursively invoked, dynamically dispatched code generators. Side-effecting operations are permitted, and their ordering is preserved.
We compare our operator with other techniques for pragmatic control, observing that: the use of our operator supports lifting arbitrary mutable objects, and neither requires rewriting sections of the source program in a multi-level language, nor interferes with the interface to individual software components. Due to its lack of interference at the abstraction level at which software is composed, we believe that our approach poses a significantly lower barrier to practical adoption than current methods.
The practical efficacy of our operator is demonstrated by using it to offload the user interface rendering of a smartphone application to an FPGA coprocessor, including both statically and procedurally defined user interface components. The generated pipeline is an application-specific, statically scheduled processor-per-primitive rendering pipeline, suitable for place-and-route style optimisation.
To demonstrate the compatibility of our operator with existing languages, we show how it may be defined within the Python programming language. We introduce a transformation for weakening mutable to immutable named bindings, termed let-weakening, to solve the problem of propagating information pertaining to named variables between modular code generating units.Open Acces
Computer Aided Verification
This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications
Computer Aided Verification
This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications