4,616 research outputs found
Soundly Handling Static Fields: Issues, Semantics and Analysis
Although in most cases class initialization works as expected, some static
fields may be read before being initialized, despite being initialized in their
corresponding class initializer. We propose an analysis which compute, for each
program point, the set of static fields that must have been initialized and
discuss its soundness. We show that such an analysis can be directly applied to
identify the static fields that may be read before being initialized and to
improve the precision while preserving the soundness of a null-pointer
analysis.Comment: Proceedings of the Fourth Workshop on Bytecode Semantics,
Verification, Analysis and Transformation (BYTECODE 2009
Towards a General Framework for Formal Reasoning about Java Bytecode Transformation
Program transformation has gained a wide interest since it is used for
several purposes: altering semantics of a program, adding features to a program
or performing optimizations. In this paper we focus on program transformations
at the bytecode level. Because these transformations may introduce errors, our
goal is to provide a formal way to verify the update and establish its
correctness. The formal framework presented includes a definition of a formal
semantics of updates which is the base of a static verification and a scheme
based on Hoare triples and weakest precondition calculus to reason about
behavioral aspects in bytecode transformationComment: In Proceedings SCSS 2012, arXiv:1307.802
Verification of Java Bytecode using Analysis and Transformation of Logic Programs
State of the art analyzers in the Logic Programming (LP) paradigm are
nowadays mature and sophisticated. They allow inferring a wide variety of
global properties including termination, bounds on resource consumption, etc.
The aim of this work is to automatically transfer the power of such analysis
tools for LP to the analysis and verification of Java bytecode (JVML). In order
to achieve our goal, we rely on well-known techniques for meta-programming and
program specialization. More precisely, we propose to partially evaluate a JVML
interpreter implemented in LP together with (an LP representation of) a JVML
program and then analyze the residual program. Interestingly, at least for the
examples we have studied, our approach produces very simple LP representations
of the original JVML programs. This can be seen as a decompilation from JVML to
high-level LP source. By reasoning about such residual programs, we can
automatically prove in the CiaoPP system some non-trivial properties of JVML
programs such as termination, run-time error freeness and infer bounds on its
resource consumption. We are not aware of any other system which is able to
verify such advanced properties of Java bytecode
A Model-Derivation Framework for Software Analysis
Model-based verification allows to express behavioral correctness conditions
like the validity of execution states, boundaries of variables or timing at a
high level of abstraction and affirm that they are satisfied by a software
system. However, this requires expressive models which are difficult and
cumbersome to create and maintain by hand. This paper presents a framework that
automatically derives behavioral models from real-sized Java programs. Our
framework builds on the EMF/ECore technology and provides a tool that creates
an initial model from Java bytecode, as well as a series of transformations
that simplify the model and eventually output a timed-automata model that can
be processed by a model checker such as UPPAAL. The framework has the following
properties: (1) consistency of models with software, (2) extensibility of the
model derivation process, (3) scalability and (4) expressiveness of models. We
report several case studies to validate how our framework satisfies these
properties.Comment: In Proceedings MARS 2017, arXiv:1703.0581
Provably Correct Control-Flow Graphs from Java Programs with Exceptions
We present an algorithm to extract flow graphs from Java bytecode, focusing on exceptional control flows. We prove its correctness, meaning that the behaviour of the extracted control-flow graph is an over-approximation of the behaviour of the original program. Thus any safety property that holds for the extracted control-flow graph also holds for the original program. This makes control-flow graphs suitable for performing different static analyses. For precision and efficiency, the extraction is performed in two phases. In the first phase the program is transformed into a BIR program, where BIR is a stack-less intermediate representation of Java bytecode; in the second phase the control-flow graph is extracted from the BIR representation. To prove the correctness of the two-phase extraction, we also define a direct extraction algorithm, whose correctness can be proven immediately. Then we show that the behaviour of the control-flow graph extracted via the intermediate representation is an over-approximation of the behaviour of the directly extracted graphs, and thus of the original program
Sawja: Static Analysis Workshop for Java
Static analysis is a powerful technique for automatic verification of
programs but raises major engineering challenges when developing a full-fledged
analyzer for a realistic language such as Java. This paper describes the Sawja
library: a static analysis framework fully compliant with Java 6 which provides
OCaml modules for efficiently manipulating Java bytecode programs. We present
the main features of the library, including (i) efficient functional
data-structures for representing program with implicit sharing and lazy
parsing, (ii) an intermediate stack-less representation, and (iii) fast
computation and manipulation of complete programs
Integrated Java Bytecode Verification
AbstractExisting Java verifiers perform an iterative data-flow analysis to discover the unambiguous type of values stored on the stack or in registers. Our novel verification algorithm uses abstract interpretation to obtain definition/use information for each register and stack location in the program, which in turn is used to transform the program into Static Single Assignment form. In SSA, verification is reduced to simple type compatibility checking between the definition type of each SSA variable and the type of each of its uses. Inter-adjacent transitions of a value through stack and registers are no longer verified explicitly. This integrated approach is more efficient than traditional bytecode verification but still as safe as strict verification, as overall program correctness can be induced once the data flow from each definition to all associated uses is known to be type-safe
A Model-Derivation Framework for Software Analysis
Model-based verification allows to express behavioral correctness conditions
like the validity of execution states, boundaries of variables or timing at a
high level of abstraction and affirm that they are satisfied by a software
system. However, this requires expressive models which are difficult and
cumbersome to create and maintain by hand. This paper presents a framework that
automatically derives behavioral models from real-sized Java programs. Our
framework builds on the EMF/ECore technology and provides a tool that creates
an initial model from Java bytecode, as well as a series of transformations
that simplify the model and eventually output a timed-automata model that can
be processed by a model checker such as UPPAAL. The framework has the following
properties: (1) consistency of models with software, (2) extensibility of the
model derivation process, (3) scalability and (4) expressiveness of models. We
report several case studies to validate how our framework satisfies these
properties.Comment: In Proceedings MARS 2017, arXiv:1703.0581
- …