59,558 research outputs found
Heap Abstractions for Static Analysis
Heap data is potentially unbounded and seemingly arbitrary. As a consequence,
unlike stack and static memory, heap memory cannot be abstracted directly in
terms of a fixed set of source variable names appearing in the program being
analysed. This makes it an interesting topic of study and there is an abundance
of literature employing heap abstractions. Although most studies have addressed
similar concerns, their formulations and formalisms often seem dissimilar and
some times even unrelated. Thus, the insights gained in one description of heap
abstraction may not directly carry over to some other description. This survey
is a result of our quest for a unifying theme in the existing descriptions of
heap abstractions. In particular, our interest lies in the abstractions and not
in the algorithms that construct them.
In our search of a unified theme, we view a heap abstraction as consisting of
two features: a heap model to represent the heap memory and a summarization
technique for bounding the heap representation. We classify the models as
storeless, store based, and hybrid. We describe various summarization
techniques based on k-limiting, allocation sites, patterns, variables, other
generic instrumentation predicates, and higher-order logics. This approach
allows us to compare the insights of a large number of seemingly dissimilar
heap abstractions and also paves way for creating new abstractions by
mix-and-match of models and summarization techniques.Comment: 49 pages, 20 figure
Static Analysis of Deterministic Negotiations
Negotiation diagrams are a model of concurrent computation akin to workflow
Petri nets. Deterministic negotiation diagrams, equivalent to the much studied
and used free-choice workflow Petri nets, are surprisingly amenable to
verification. Soundness (a property close to deadlock-freedom) can be decided
in PTIME. Further, other fundamental questions like computing summaries or the
expected cost, can also be solved in PTIME for sound deterministic negotiation
diagrams, while they are PSPACE-complete in the general case.
In this paper we generalize and explain these results. We extend the
classical "meet-over-all-paths" (MOP) formulation of static analysis problems
to our concurrent setting, and introduce Mazurkiewicz-invariant analysis
problems, which encompass the questions above and new ones. We show that any
Mazurkiewicz-invariant analysis problem can be solved in PTIME for sound
deterministic negotiations whenever it is in PTIME for sequential
flow-graphs---even though the flow-graph of a deterministic negotiation diagram
can be exponentially larger than the diagram itself. This gives a common
explanation to the low-complexity of all the analysis questions studied so far.
Finally, we show that classical gen/kill analyses are also an instance of our
framework, and obtain a PTIME algorithm for detecting anti-patterns in
free-choice workflow Petri nets.
Our result is based on a novel decomposition theorem, of independent
interest, showing that sound deterministic negotiation diagrams can be
hierarchically decomposed into (possibly overlapping) smaller sound diagrams.Comment: To appear in the Proceedings of LICS 2017, IEEE Computer Societ
Static Analysis of Functional Programs
In this paper, the static analysis of programs in the functional programming language Miranda* is described based on two graph models. A new control-flow graph model of Miranda definitions is presented, and a model with four classes of callgraphs. Standard software metrics are applicable to these models. A Miranda front end for Prometrix, Âż, a tool for the automated analysis of flowgraphs and callgraphs, has been developed. This front end produces the flowgraph and callgraph representations of Miranda programs. Some features of the metric analyser are illustrated with an example program. The tool provides a promising access to standard metrics on functional programs
Static Analysis for Systems Biology
This paper shows how static analysis techniques can help understanding biological systems. Based on a simple example will illustrate the outcome of performing three different analyses extracting information of increasing precision. We conclude by reporting on the potential impact and exploitation of these techniques in systems biology
Recommended from our members
Integrity static analysis of COTS/SOUP
This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme
Sawja: Static Analysis Workshop for Java
Static analysis is a powerful technique for automatic verification of
programs but raises major engineering challenges when developing a full-fledged
analyzer for a realistic language such as Java. This paper describes the Sawja
library: a static analysis framework fully compliant with Java 6 which provides
OCaml modules for efficiently manipulating Java bytecode programs. We present
the main features of the library, including (i) efficient functional
data-structures for representing program with implicit sharing and lazy
parsing, (ii) an intermediate stack-less representation, and (iii) fast
computation and manipulation of complete programs
Stratified Static Analysis Based on Variable Dependencies
In static analysis by abstract interpretation, one often uses widening
operators in order to enforce convergence within finite time to an inductive
invariant. Certain widening operators, including the classical one over finite
polyhedra, exhibit an unintuitive behavior: analyzing the program over a subset
of its variables may lead a more precise result than analyzing the original
program! In this article, we present simple workarounds for such behavior
Towards Energy Consumption Verification via Static Analysis
In this paper we leverage an existing general framework for resource usage
verification and specialize it for verifying energy consumption specifications
of embedded programs. Such specifications can include both lower and upper
bounds on energy usage, and they can express intervals within which energy
usage is to be certified to be within such bounds. The bounds of the intervals
can be given in general as functions on input data sizes. Our verification
system can prove whether such energy usage specifications are met or not. It
can also infer the particular conditions under which the specifications hold.
To this end, these conditions are also expressed as intervals of functions of
input data sizes, such that a given specification can be proved for some
intervals but disproved for others. The specifications themselves can also
include preconditions expressing intervals for input data sizes. We report on a
prototype implementation of our approach within the CiaoPP system for the XC
language and XS1-L architecture, and illustrate with an example how embedded
software developers can use this tool, and in particular for determining values
for program parameters that ensure meeting a given energy budget while
minimizing the loss in quality of service.Comment: Presented at HIP3ES, 2015 (arXiv: 1501.03064
- …