Using Bounded Model Checking to Focus Fixpoint Iterations

Two classical sources of imprecision in static analysis by abstract interpretation are widening and merge operations. Merge operations can be done away by distinguishing paths, as in trace partitioning, at the expense of enumerating an exponential number of paths. In this article, we describe how to avoid such systematic exploration by focusing on a single path at a time, designated by SMT-solving. Our method combines well with acceleration techniques, thus doing away with widenings as well in some cases. We illustrate it over the well-known domain of convex polyhedra

Some considerations on the compile-time analysis of constraint logic programs

This paper discusses some issues which arise in the dataflow analysis of constraint logic programming (CLP) languages. The basic technique applied is that of abstract interpretation. First, some types of optimizations possible in a number of CLP systems (including efficient parallelization) are presented and the information that has to be obtained at compile-time in order to be able to implement such optimizations is considered. Two approaches are then proposed and discussed for obtaining this information for a CLP program: one based on an analysis of a CLP metainterpreter using standard Prolog analysis tools, and a second one based on direct analysis of the CLP program. For the second approach an abstract domain which approximates groundness (also referred to as "definiteness") information (i.e. constraint to a single valué) and the related abstraction functions are presented

Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR

International audienceExclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications , due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR.The TAMARIN prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes TAMARIN the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs

An analysis of factors determining malaria incidence in India with particular reference to Uttar Pradesh

This thesis identies, inter alia, the socio-economic factors that affect malaria incidence at both the household and district levels and investigates how these differ across rural and urban settlement-types. In addition, state level data for India are used to examine the effect of aggregate income relative to that of public health expenditure on malaria incidence. The household and district-level analysis focuses on the state of Uttar Pradesh and exploits the National Family Health Survey, which is the Demographic Health Survey (DHS) for India, for two time periods - 1992-93 and 1998-99 - and combines these data with the district-level census data for 1991 and 2001. A key theme of the micro-level analyses is whether household wealth exerts a negative impact on malaria incidence. Wealth is measured using the DHS data by constructing a consumer durable asset-index by Principal Components Analysis and malaria incidence was modelled using a probability model. The household-level analysis reveals that the relationship between socio-economic status and malaria incidence is not always negative. For example, owning a water pump, indicative of a higher socio-economic status, has a positive impact on malaria incidence and being of a lower caste has a negative impact. Variables that support the negative socio-economic status and health relationship include having an electricity connection in the house, having access to a protected public drinking water supply rather than an open source, and living farther away from open water sources. The aggregate (or panel data) analysis was undertaken using data for 15 states in India covering the time period 1978 to 2000. The aggregate analysis reveals that income has a negative impact on malaria incidence but direct expenditure on health is more effective in bringing about a decline in malaria incidence - an increase of a rupee in aggregate income per person reduces malaria incidence by 0.1 percent whereas an equivalent increase in real health expenditure per capita results in a 0.4 percent decline in malaria incidence. The research undertaken for this thesis is unique in using the DHS to identify the factors aecting malaria incidence and shows that these data are very useful in exploring the relationship between malaria incidence and a host of socio-economic factors in order to identify areas for effective policy intervention. Such a holistic approach is critical in controlling and, eventually, eradicating malaria rather than relying primarily on more direct treatment strategies based on insecticide-treated bed nets and drug therapy. The areas where public spending could be directed to attack malaria identied by the empirical analysis include education, particularly raising awareness on prophylactic measures through adult literacy centres, controlling the breeding of mosquitoes in open water collection sites such as public taps and around water pumps and improving water flow in agricultural fields to prevent stagnant water collection