242,774 research outputs found
Heap Reference Analysis Using Access Graphs
Despite significant progress in the theory and practice of program analysis,
analysing properties of heap data has not reached the same level of maturity as
the analysis of static and stack data. The spatial and temporal structure of
stack and static data is well understood while that of heap data seems
arbitrary and is unbounded. We devise bounded representations which summarize
properties of the heap data. This summarization is based on the structure of
the program which manipulates the heap. The resulting summary representations
are certain kinds of graphs called access graphs. The boundedness of these
representations and the monotonicity of the operations to manipulate them make
it possible to compute them through data flow analysis.
An important application which benefits from heap reference analysis is
garbage collection, where currently liveness is conservatively approximated by
reachability from program variables. As a consequence, current garbage
collectors leave a lot of garbage uncollected, a fact which has been confirmed
by several empirical studies. We propose the first ever end-to-end static
analysis to distinguish live objects from reachable objects. We use this
information to make dead objects unreachable by modifying the program. This
application is interesting because it requires discovering data flow
information representing complex semantics. In particular, we discover four
properties of heap data: liveness, aliasing, availability, and anticipability.
Together, they cover all combinations of directions of analysis (i.e. forward
and backward) and confluence of information (i.e. union and intersection). Our
analysis can also be used for plugging memory leaks in C/C++ languages.Comment: Accepted for printing by ACM TOPLAS. This version incorporates
referees' comment
PRZENIESIENIE KONCEPCJI MIĘDZYNARODOWEGO PRAWA KARNEGO NA JURYSDYKCJE KRAJOWE – PRZYPADEK LUDOBÓJSTWA
This article discusses preliminary findings of a study on the transposition of the legal concept of genocide into 131 national jurisdictions. The specificities of this transposition into national criminal systems, as well as those related to the international legal definition of genocide, are described in the first part. The communicative situations in which the concept of genocide has been transposed are then examined in order to show their scope and breadth, and to which extent they contribute to the transformation of the concept of genocide. Trends related to the object of transformation in the definition and their effect on meaning are subsequently outlined. The findings point to a situation where, despite having been the object of multiple consensus at the international level, the concept of genocide has been transformed by the vast array of domestic legal languages and legal systems into which it has been transposed and thereby reinforce the relation between the configuration of the language and law, and the difficulty of translation.Artykuł przybliża wstępne badania nad przeniesieniem prawnej koncepcji ludobójstwa na 113 jurysdykcji. W pierwszej części uwzględnia się uwarunkowania tego przeniesienia w systemach karnych jak i powiązań z międzynarodową definicją prawną ludobójstwa. Przeanalizowano sytuacje komunikacyjne, w których uwypuklił się koncept ludobójstwa by ukazać ich zakres i rozległość jak i określić, w jakim stopniu przyczyniły się one do przeformułowania koncepcji ludobójstwa. Ustalenia wskazują na sytuację, w której pomimo ludobójstwa na szczeblu międzynarodowym koncepcja ludobójstwa została przekształcona przez wachlarz krajowych języków prawnych i systemów prawnych, do których została transponowana, a tym samym wzmocniła relację między konfiguracją języka i prawa a trudnością tłumaczenia
Towards rule-based visual programming of generic visual systems
This paper illustrates how the diagram programming language DiaPlan can be
used to program visual systems. DiaPlan is a visual rule-based language that is
founded on the computational model of graph transformation. The language
supports object-oriented programming since its graphs are hierarchically
structured. Typing allows the shape of these graphs to be specified recursively
in order to increase program security. Thanks to its genericity, DiaPlan allows
to implement systems that represent and manipulate data in arbitrary diagram
notations. The environment for the language exploits the diagram editor
generator DiaGen for providing genericity, and for implementing its user
interface and type checker.Comment: 15 pages, 16 figures contribution to the First International Workshop
on Rule-Based Programming (RULE'2000), September 19, 2000, Montreal, Canad
Clafer: Lightweight Modeling of Structure, Behaviour, and Variability
Embedded software is growing fast in size and complexity, leading to intimate
mixture of complex architectures and complex control. Consequently, software
specification requires modeling both structures and behaviour of systems.
Unfortunately, existing languages do not integrate these aspects well, usually
prioritizing one of them. It is common to develop a separate language for each
of these facets. In this paper, we contribute Clafer: a small language that
attempts to tackle this challenge. It combines rich structural modeling with
state of the art behavioural formalisms. We are not aware of any other modeling
language that seamlessly combines these facets common to system and software
modeling. We show how Clafer, in a single unified syntax and semantics, allows
capturing feature models (variability), component models, discrete control
models (automata) and variability encompassing all these aspects. The language
is built on top of first order logic with quantifiers over basic entities (for
modeling structures) combined with linear temporal logic (for modeling
behaviour). On top of this semantic foundation we build a simple but expressive
syntax, enriched with carefully selected syntactic expansions that cover
hierarchical modeling, associations, automata, scenarios, and Dwyer's property
patterns. We evaluate Clafer using a power window case study, and comparing it
against other notations that substantially overlap with its scope (SysML, AADL,
Temporal OCL and Live Sequence Charts), discussing benefits and perils of using
a single notation for the purpose
Program transformations using temporal logic side conditions
This paper describes an approach to program optimisation based on transformations, where temporal logic is used to specify side conditions, and strategies are created which expand the repertoire of transformations and provide a suitable level of abstraction. We demonstrate the power of this approach by developing a set of optimisations using our transformation language and showing how the transformations can be converted into a form which makes it easier to apply them, while maintaining trust in the resulting optimising steps. The approach is illustrated through a transformational case study where we apply several optimisations to a small program
Data-flow Analysis of Programs with Associative Arrays
Dynamic programming languages, such as PHP, JavaScript, and Python, provide
built-in data structures including associative arrays and objects with similar
semantics-object properties can be created at run-time and accessed via
arbitrary expressions. While a high level of security and safety of
applications written in these languages can be of a particular importance
(consider a web application storing sensitive data and providing its
functionality worldwide), dynamic data structures pose significant challenges
for data-flow analysis making traditional static verification methods both
unsound and imprecise. In this paper, we propose a sound and precise approach
for value and points-to analysis of programs with associative arrays-like data
structures, upon which data-flow analyses can be built. We implemented our
approach in a web-application domain-in an analyzer of PHP code.Comment: In Proceedings ESSS 2014, arXiv:1405.055
UML-F: A Modeling Language for Object-Oriented Frameworks
The paper presents the essential features of a new member of the UML language
family that supports working with object-oriented frameworks. This UML
extension, called UML-F, allows the explicit representation of framework
variation points. The paper discusses some of the relevant aspects of UML-F,
which is based on standard UML extension mechanisms. A case study shows how it
can be used to assist framework development. A discussion of additional tools
for automating framework implementation and instantiation rounds out the paper.Comment: 22 pages, 10 figure
Deriving Specifications of Dependable Systems: toward a Method
This paper proposes a method for deriving formal specifications of systems.
To accomplish this task we pass through a non trivial number of steps, concepts
and tools where the first one, the most important, is the concept of method
itself, since we realized that computer science has a proliferation of
languages but very few methods. We also propose the idea of Layered Fault
Tolerant Specification (LFTS) to make the method extensible to dependable
systems. The principle is layering the specification, for the sake of clarity,
in (at least) two different levels, the first one for the normal behavior and
the others (if more than one) for the abnormal. The abnormal behavior is
described in terms of an Error Injector (EI) which represents a model of the
erroneous interference coming from the environment. This structure has been
inspired by the notion of idealized fault tolerant component but the
combination of LFTS and EI using rely guarantee thinking to describe
interference can be considered one of the main contributions of this work. The
progress toward this method and the way to layer specifications has been made
experimenting on the Transportation and the Automotive Case Studies of the
DEPLOY project.Comment: Published in "12th European Workshop on Dependable Computing, EWDC
2009, Toulouse : France (2009)
Learning a Static Analyzer from Data
To be practically useful, modern static analyzers must precisely model the
effect of both, statements in the programming language as well as frameworks
used by the program under analysis. While important, manually addressing these
challenges is difficult for at least two reasons: (i) the effects on the
overall analysis can be non-trivial, and (ii) as the size and complexity of
modern libraries increase, so is the number of cases the analysis must handle.
In this paper we present a new, automated approach for creating static
analyzers: instead of manually providing the various inference rules of the
analyzer, the key idea is to learn these rules from a dataset of programs. Our
method consists of two ingredients: (i) a synthesis algorithm capable of
learning a candidate analyzer from a given dataset, and (ii) a counter-example
guided learning procedure which generates new programs beyond those in the
initial dataset, critical for discovering corner cases and ensuring the learned
analysis generalizes to unseen programs.
We implemented and instantiated our approach to the task of learning
JavaScript static analysis rules for a subset of points-to analysis and for
allocation sites analysis. These are challenging yet important problems that
have received significant research attention. We show that our approach is
effective: our system automatically discovered practical and useful inference
rules for many cases that are tricky to manually identify and are missed by
state-of-the-art, manually tuned analyzers
- …