System dependence graphs in sequential Erlang

The system dependence graph (SDG) is a data structure used in the imperative paradigm for different static analysis, and particularly, for program slicing. Program slicing allows us to determine the part of a program (called slice) that influences a given variable of interest. Thanks to the SDG, we can produce precise slices for interprocedural programs. Unfortunately, the SDG cannot be used in the functional paradigm due to important features that are not considered in this formalism (e.g., pattern matching, higher-order, composite expressions, etc.). In this work we propose the first adaptation of the SDG to a functional language facing these problems. We take Erlang as the host language and we adapt the algorithms used to slice the SDG to produce precise slices of Erlang interprocedural programs. As a proof-of-concept, we have implemented a program slicer for Erlang based on our SDGs.This work has been partially supported by the Spanish Ministerio de Ciencia e Innovaci´on under grant TIN2008-06622-C03-02 and by the Generalitat Valenciana under grant PROMETEO/2011/052. Salvador Tamarit was partially supported by the Spanish MICINN under FPI grant BES-2009-015019Silva Galiana, JF.; Tamarit Muñoz, S.; Tomás Franco, C. (2012). System dependence graphs in sequential Erlang. En Fundamental Approaches to Software Engineering. Springer Verlag (Germany). 486-500. https://doi.org/10.1007/978-3-642-28872-2_33S486500Agrawal, H., Horgan, J.R.: Dynamic program slicing. In: Programming Language Design and Implementation (PLDI), pp. 246–256 (1990)Brown, C.: Tool Support for Refactoring Haskell Programs. PhD thesis, School of Computing, University of Kent, Canterbury, Kent, UK (2008)Cheda, D., Silva, J., Vidal, G.: Static slicing of rewrite systems. Electron. Notes Theor. Comput. Sci. 177, 123–136 (2007)Ferrante, J., Ottenstein, K.J., Warren, J.D.: The Program Dependence Graph and Its Use in Optimization. ACM Transactions on Programming Languages and Systems 9(3), 319–349 (1987)Field, J., Ramalingam, G., Tip, F.: Parametric program slicing. In: Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1995, pp. 379–392. ACM, New York (1995)Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Transactions Programming Languages and Systems 12(1), 26–60 (1990)Korel, B., Laski, J.: Dynamic Program Slicing. Information Processing Letters 29(3), 155–163 (1988)Larsen, L., Harrold, M.J.: Slicing object-oriented software. In: Proceedings of the 18th International Conference on Software Engineering, ICSE 1996, pp. 495–505. IEEE Computer Society, Washington, DC (1996)Liang, D., Harrold, M.J.: Slicing objects using system dependence graphs. In: Proceedings of the International Conference on Software Maintenance, ICSM 1998, pp. 358–367. IEEE Computer Society, Washington, DC (1998)Lindahl, T., Sagonas, K.F.: Typer: a type annotator of erlang code. In: Sagonas, K.F., Armstrong, J. (eds.) Erlang Workshop, pp. 17–25. ACM (2005)Lindahl, T., Sagonas, K.F.: Practical type inference based on success typings. In: Bossi, A., Maher, M.J. (eds.) PPDP, pp. 167–178. ACM (2006)Ochoa, C., Silva, J., Vidal, G.: Dynamic slicing based on redex trails. In: Proceedings of the 2004 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation, PEPM 2004, pp. 123–134. ACM, New York (2004)Reps, T., Turnidge, T.: Program Specialization via Program Slicing. In: Danvy, O., Thiemann, P., Glück, R. (eds.) Dagstuhl Seminar 1996. LNCS, vol. 1110, pp. 409–429. Springer, Heidelberg (1996)Rodrigues, N.F., Barbosa, L.S.: Component identification through program slicing. In: Proc. of Formal Aspects of Component Software (FACS 2005). Elsevier ENTCS, pp. 291–304. Elsevier (2005)Tip, F.: A survey of program slicing techniques. Journal of Programming Languages 3(3), 121–189 (1995)Tóth, M., Bozó, I., Horváth, Z., Lövei, L., Tejfel, M., Kozsik, T.: Impact Analysis of Erlang Programs Using Behaviour Dependency Graphs. In: Horváth, Z., Plasmeijer, R., Zsók, V. (eds.) CEFP 2009. LNCS, vol. 6299, pp. 372–390. Springer, Heidelberg (2010)Walkinshaw, N., Roper, M., Wood, M., Roper, N.W.M.: The java system dependence graph. In: Third IEEE International Workshop on Source Code Analysis and Manipulation, p. 5 (2003)Weiser, M.: Program Slicing. In: Proceedings of the 5th International Conference on Software Engineering, pp. 439–449. IEEE Press (1981)Widera, M.: Flow graphs for testing sequential erlang programs. In: Proceedings of the 2004 ACM SIGPLAN Workshop on Erlang, ERLANG 2004, pp. 48–53. ACM, New York (2004)Widera, M., Informatik, F.: Concurrent erlang flow graphs. In: Proceedings of the Erlang/OTP User Conference (2005)Zhao, J.: Slicing aspect-oriented software. In: Proceedings of the 10th International Workshop on Program Comprehension, IWPC 2002, pp. 251–260. IEEE Computer Society, Washington, DC (2002

Efficient and Reasonable Object-Oriented Concurrency

Making threaded programs safe and easy to reason about is one of the chief difficulties in modern programming. This work provides an efficient execution model for SCOOP, a concurrency approach that provides not only data race freedom but also pre/postcondition reasoning guarantees between threads. The extensions we propose influence both the underlying semantics to increase the amount of concurrent execution that is possible, exclude certain classes of deadlocks, and enable greater performance. These extensions are used as the basis an efficient runtime and optimization pass that improve performance 15x over a baseline implementation. This new implementation of SCOOP is also 2x faster than other well-known safe concurrent languages. The measurements are based on both coordination-intensive and data-manipulation-intensive benchmarks designed to offer a mixture of workloads.Comment: Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE '15). ACM, 201

Modular, higher order cardinality analysis in theory and practice

Since the mid '80s, compiler writers for functional languages (especially lazy ones) have been writing papers about identifying and exploiting thunks and lambdas that are used only once. However, it has proved difficult to achieve both power and simplicity in practice. In this paper, we describe a new, modular analysis for a higher order language, which is both simple and effective. We prove the analysis sound with respect to a standard call-by-need semantics, and present measurements of its use in a full-scale, state-of-the-art optimising compiler. The analysis finds many single-entry thunks and one-shot lambdas and enables a number of program optimisations. This paper extends our preceding conference publication (Sergey et al. 2014 Proceedings of the 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2014). ACM, pp. 335–348) with proofs, expanded report on evaluation and a detailed examination of the factors causing the loss of precision in the analysis

EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++

Low-level programming languages with weak/static type systems, such as C and C++, are vulnerable to errors relating to the misuse of memory at runtime, such as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such errors account for many security and other undefined behavior bugs for programs written in these languages. In this paper, we introduce the notion of dynamically typed C/C++, which aims to detect such errors by dynamically checking the "effective type" of each object before use at runtime. We also present an implementation of dynamically typed C/C++ in the form of the Effective Type Sanitizer (EffectiveSan). EffectiveSan enforces type and memory safety using a combination of low-fat pointers, type meta data and type/bounds check instrumentation. We evaluate EffectiveSan against the SPEC2006 benchmark suite and the Firefox web browser, and detect several new type and memory errors. We also show that EffectiveSan achieves high compatibility and reasonable overheads for the given error coverage. Finally, we highlight that EffectiveSan is one of only a few tools that can detect sub-object bounds errors, and uses a novel approach (dynamic type checking) to do so.Comment: To appear in the Proceedings of 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI2018

Pushdown Control-Flow Analysis for Free

Traditional control-flow analysis (CFA) for higher-order languages, whether implemented by constraint-solving or abstract interpretation, introduces spurious connections between callers and callees. Two distinct invocations of a function will necessarily pollute one another's return-flow. Recently, three distinct approaches have been published which provide perfect call-stack precision in a computable manner: CFA2, PDCFA, and AAC. Unfortunately, CFA2 and PDCFA are difficult to implement and require significant engineering effort. Furthermore, all three are computationally expensive; for a monovariant analysis, CFA2 is in $O(2^n)$, PDCFA is in $O(n^6)$, and AAC is in $O(n^9 log n)$. In this paper, we describe a new technique that builds on these but is both straightforward to implement and computationally inexpensive. The crucial insight is an unusual state-dependent allocation strategy for the addresses of continuation. Our technique imposes only a constant-factor overhead on the underlying analysis and, with monovariance, costs only O(n3) in the worst case. This paper presents the intuitions behind this development, a proof of the precision of this analysis, and benchmarks demonstrating its efficacy.Comment: in Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 201

FunTAL: Reasonably Mixing a Functional Language with Assembly

We present FunTAL, the first multi-language system to formalize safe interoperability between a high-level functional language and low-level assembly code while supporting compositional reasoning about the mix. A central challenge in developing such a multi-language is bridging the gap between assembly, which is staged into jumps to continuations, and high-level code, where subterms return a result. We present a compositional stack-based typed assembly language that supports components, comprised of one or more basic blocks, that may be embedded in high-level contexts. We also present a logical relation for FunTAL that supports reasoning about equivalence of high-level components and their assembly replacements, mixed-language programs with callbacks between languages, and assembly components comprised of different numbers of basic blocks.Comment: 15 pages; implementation at https://dbp.io/artifacts/funtal/; published in PLDI '17, Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, June 18 - 23, 2017, Barcelona, Spai

Concolic Testing in Logic programming

Software testing is one of the most popular validation techniques in the software industry. Surprisingly, we can only find a few approaches to testing in the context of logic programming. In this paper, we introduce a systematic approach for dynamic testing that combines both concrete and symbolic execution. Our approach is fully automatic and guarantees full path coverage when it terminates. We prove some basic properties of our technique and illustrate its practical usefulness through a prototype implementation.This work has been partially supported by the EU (FEDER) and the Spanish Ministerio de Economia y Competitividad under grant TIN2013-44742-C4-1-R and by the Generalitat Valenciana under grant PROMETEOII/2015/013. Part of this research was done while the third author was visiting the University of Reunion; G. Vidal gratefully acknowledges their hospitality.Mesnard, F.; Payet, E.; Vidal Oriola, GF. (2015). Concolic Testing in Logic programming. Theory and Practice of Logic Programming. 15(4):711-725. https://doi.org/10.1017/S1471068415000332S711725154SCHIMPF, J., & SHEN, K. (2011). ECLiPSe – From LP to CLP. Theory and Practice of Logic Programming, 12(1-2), 127-156. doi:10.1017/s1471068411000469Martelli, A., & Montanari, U. (1982). An Efficient Unification Algorithm. ACM Transactions on Programming Languages and Systems, 4(2), 258-282. doi:10.1145/357162.357169Godefroid, P., Klarlund, N., & Sen, K. (2005). DART. Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation - PLDI ’05. doi:10.1145/1065010.1065036Mera E. , López-García P. , and Hermenegildo M. V. 2009. Integrating software testing and run-time checking in an assertion verification framework. In 25th International Conference on Logic Programming, ICLP 2009, Pasadena. 281–295.Godefroid, P., Levin, M. Y., & Molnar, D. (2012). SAGE. Communications of the ACM, 55(3), 40. doi:10.1145/2093548.2093564WIELEMAKER, J., SCHRIJVERS, T., TRISKA, M., & LAGER, T. (2011). SWI-Prolog. Theory and Practice of Logic Programming, 12(1-2), 67-96. doi:10.1017/s1471068411000494CARLSSON, M., & MILDNER, P. (2011). SICStus Prolog—The first 25 years. Theory and Practice of Logic Programming, 12(1-2), 35-66. doi:10.1017/s1471068411000482Degrave F. , Schrijvers T. , and Vanhoof W. 2008. Automatic generation of test inputs for Mercury. In Logic-Based Program Synthesis and Transformation, 18th International Symposium, LOPSTR 2008. 71–86.Somogyi, Z., Henderson, F., & Conway, T. (1996). The execution algorithm of mercury, an efficient purely declarative logic programming language. The Journal of Logic Programming, 29(1-3), 17-64. doi:10.1016/s0743-1066(96)00068-4Vidal, G. (2015). Concolic Execution and Test Case Generation in Prolog. Lecture Notes in Computer Science, 167-181. doi:10.1007/978-3-319-17822-6_10Belli F. and Jack O. 1993. Implementation-based analysis and testing of Prolog programs. In ISSTA. 70–80.King, J. C. (1976). Symbolic execution and program testing. Communications of the ACM, 19(7), 385-394. doi:10.1145/360248.360252Lloyd, J. W. (1987). Foundations of Logic Programming. doi:10.1007/978-3-642-83189-8Clarke L. 1976. A program testing system. In Proceedings of the 1976 Annual Conference (ACM'76). 488–491

A program analysis framework for tccp based on abstract interpretation

[EN] The timed concurrent constraint language (tccp) is a timed extension of the concurrent constraint paradigm. tccp was defined to model reactive systems, where infinite behaviors arise naturally. In previous works, a semantic framework and abstract diagnosis method for the language have been defined. On the basis of that semantic framework, this paper proposes an abstract semantics that, together with a widening operator, is suitable for the definition of different analyses for tccp programs. The abstract semantics is correct and can be represented as a finite graph where each node represents a hypothetical (abstract) computational step of the program. The widening operator allows us to guarantee the convergence of the abstract fixpoint computation.This author has been supported by the Andalusian Excellence Project P11-TIC-7659. This work has been partially supported by the EU (FEDER) and the Spanish MINECO under grants TIN 2015-69175-C4-1-R and TIN 2013-45732-C4-1-P and by Generalitat Valenciana PROMETEOII/2015/013Comini, M.; Gallardo, M.; Titolo, L.; Villanueva, A. (2017). A program analysis framework for tccp based on abstract interpretation. Formal Aspects of Computing. 29(3):531-557. https://doi.org/10.1007/s00165-016-0409-8S531557293Alpuente M, Gallardo MM, Pimentel E, Villanueva A (2006) A semantic framework for the abstract model checking of tccp programs. Theor Comput Scie 346(1): 58–95Bagnara R, Hill PM., Ricci E, Zaffanella E (2005) Precise widening operators for convex polyhedra. Sci Comput Program 58(1–2):28–56Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on principles of programming languages, Los Angeles, California, January 17–19. ACM Press, New York, pp 238–252Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: CAV, Lecture Notes in Computer Science, vol 1855. Springer, pp 154–169Comini M, Gallardo MM, Titolo L, Villanueva A (2015) Abstract Analysis of Universal Properties for tccp. In: Falaschi M (ed) Logic-based Program Synthesis and Transformation, 25th International Symposium, LOPSTR 2015. Revised Selected Papers, Lecture Notes in Computer Science, vol 9527. Springer, pp 163–178Comini M, Titolo L, Villanueva A (2011) Abstract diagnosis for timed concurrent constraint programs. Theory Pract Logic Programm 11(4-5):487–502Comini M, Titolo L, Villanueva A (2013) A condensed goal-independent bottom-up fixpoint modeling the behavior of tccp. Technical report, DSIC, Universitat Politècnica de València. http://riunet.upv.es/handle/10251/34328de Boer FS, Gabbrielli M, Meo MC (2000) A timed concurrent constraint language. Inf Comput 161(1): 45–83Falaschi M, Gabbrielli M, Marriott K, Palamidessi C (1993) Compositional analysis for concurrent constraint programming. In: Proceedings of the eighth annual IEEE symposium on logic in computer science, Los Alamitos, CA, USA, IEEE Computer Society Press, pp 210–221Falaschi M, Olarte C, Palamidessi C (2015) Abstract interpretation of temporal concurrent constraint programs. Theory and Pract Logic Program (TPLP) 15(3): 312–357Falaschi M, Villanueva A (2006) Automatic verification of timed concurrent constraint programs. Theory Pract Logic Program 6(3): 265–300Gallardo MM, Merino P, Pimentel E (2002) Refinement of LTL formulas for abstract model checking. In: Static analysis, 9th international symposium, SAS 2002, Madrid, Spain, September 17–20, 2002, Proceedings, pp 395–410Saraswat VA (1993) Concurrent constraint programming. The MIT Press, CambridgeSaraswat VA, Rinard M, Panangaden P (1991) The semantic foundations of concurrent constraint programming. In: Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 333–352Zaffanella E, Giacobazzi R, Levi G (1997) Abstracting synchronization in concurrent constraint programming. J Funct Logic Program (6