Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2001 | Buch

Analysis of Multithreaded Programs Kapitel lesen Erstes Kapitel lesen

Static Analysis

8th International Symposium, SAS 2001 Paris, France, July 16–18, 2001 Proceedings

herausgegeben von: Patrick Cousot

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Professional Book Archive

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Inhaltsverzeichnis

Frontmatter

Invited Paper

Analysis of Multithreaded Programs
Abstract
The field of program analysis has focused primarily on sequential programming languages. But multithreading is becoming increasingly important, both as a program structuring mechanism and to support efficient parallel computations. This paper surveys research in analysis for multithreaded programs, focusing on ways to improve the efficiency of analyzing interactions between threads, to detect data races, and to ameliorate the impact of weak memory consistency models. We identify two distinct classes of multithreaded programs, activity management programs and parallel computing programs, and discuss how the structure of these kinds of programs leads to different solutions to these problems. Specifically, we conclude that augmented type systems are the most promising approach for activity management programs, while targeted program analyses are the most promising approach for parallel computing programs.
Martin Rinard

Program Transformation

Communication and Parallelism Introduction and Elimination in Imperative Concurrent Programs
Abstract
Transformation rules of imperative concurrent programs, based on congruence and refinement relations between statements, are presented. They introduce and/or eliminate synchronous communication statements and parallelism in these programs. The development is made within a subset of SPL, a good representative of imperative notations for concurrent and reactive programs introduced by Manna and Pnueli. The paper shows that no finite set of transformation rules suffices to eliminate synchronous communication statements from programs involving the concatenation and parallelism operators only. An infinite set is given to suit this purpose, which can be applied recursively. As an important complement for the applications, a collection of tactics, for the acceleration of broader transformations, is described. Tactics apply a sequence of rules to a program with a specific transformation objective. The transformation rules and the tactics could be used in formal design to derive new programs from verified ones, preserving their properties, and avoiding the repetition of verifications for the transformed programs. As an example, the formal parallelization of a non-trivial distributed fast Fourier transform algorithm is outlined.
Miquel Bertran, Francesc Babot, August Climent, Miquel Nicolau
Using Slicing to Identify Duplication in Source Code
Abstract
Programs often have a lot of duplicated code, which makes both understanding and maintenance more difficult. This problem can be alleviated by detecting duplicated code, extracting it into a separate new procedure, and replacing all the clones (the instances of the duplicated code) by calls to the new procedure. This paper describes the design and initial implementation of a tool that finds clones and displays them to the programmer. The novel aspect of our approach is the use of program dependence graphs (PDGs) and program slicing to find isomorphic PDG subgraphs that represent clones. The key benefits of this approach are that our tool can find non-contiguous clones (clones whose components do not occur as contiguous text in the program), clones in which matching statements have been reordered, and clones that are intertwined with each other. Furthermore, the clones that are found are likely to be meaningful computations, and thus good candidates for extraction.
Raghavan Komondoor, Susan Horwitz
Soft Scheduling for Hardware
Abstract
Hardware designs typically combine parallelism and resource-sharing; a circuit’s correctness relies on shared resources being accessed mutually exclusively. Conventional high-level synthesis systems guarantee mutual exclusion by statically serialising access to shared resources during a compile-time process called scheduling. This approach suffers from two problems: (i) there is a large class of practical designs which cannot be scheduled statically; and (ii) a statically fixed schedule removes some opportunities for parallelism leading to less efficient circuits.
This paper surveys the expressivity of current scheduling methods and presents a new approach which alleviates the above problems: first scheduling logic is automatically generated to resolve contention for shared resources dynamically; then static analysis techniques remove redundant scheduling logic.
We call our method Soft Scheduling to highlight the analogy with Soft Typing: the aim is to retain the flexibility of dynamic scheduling whilst using static analysis to remove as many dynamic checks as possible.
Richard Sharp, Alan Mycroft

Strictness and Termination

Effective Strictness Analysis with HORN Constraints
Abstract
We introduce a constraint-based framework for strictness analysis applicable to ML style languages supporting higher-order functions, let-style polymorphism and algebraic data types. The analysis produces strictness types for expressions in a program. A strictness type is defined using Boolean constraints. Perhaps surprisingly, the Boolean constraints that arise during analysis are in HORN, which makes the operations on them amenable to efficient implementation. We have implemented the approach within a highly optimising Haskell compiler (GHC) and give a comparison with the current strictness analyser of GHC.
Kevin Glynn, Peter J. Stuckey, Martin Sulzmann
Applying Static Analysis Techniques for Inferring Termination Conditions of Logic Programs
Abstract
We present the implementation of cTI, a system for universal left-termination inference of logic programs.
Termination inference generalizes termination analysis/checking. Traditionally, a termination analyzer tries to prove that a given class of queries terminates. This class must be provided to the system, requiring user annotations. With termination inference such annotations are no longer necessary. Instead, all provably terminating classes to all related predicates are inferred at once.
The architecture of cTI is described1 and some optimizations are discussed. Running times for classical examples from the termination literature in LP and for some middle-sized logic programs are given.
Fred Mesnard, Ulrich Neumerkel
An Abstract Analysis of the Probabilistic Termination of Programs
Abstract
It is often useful to introduce probabilistic behavior in programs, either because of the use of internal random generators (probabilistic algorithms), either because of some external devices (networks, physical sensors) with known statistics of behavior. Previous works on probabilistic abstract interpretation have addressed safety properties, but somehow neglected probabilistic termination. In this paper, we propose a method to automatically prove the probabilistic termination of programs using exponential bounds on the tail of the distribution. We apply this method to an example and give some directions as to how to implement it. We also show that this method can also be applied to make unsound statistical methods on average running times sound.
David Monniaux

Semantics Abstraction

Watchpoint Semantics: A Tool for Compositional and Focussed Static Analyses
Abstract
We abstract a denotational trace semantics for an imperative language into a compositional and focussed watchpoint semantics. Every abstraction of its computational domain induces an abstract, still compositional and focussed watchpoint semantics. We describe its implementation and instantiation with a domain of signs. It shows that its space and time costs are proportional to the number of watchpoints and that abstract compilation reduces those costs significantly.
Fausto Spoto

Logic and Constraint Programming

Parameterizing a Groundness Analysis of Logic Programs
Abstract
We present a parametric groundness analysis whose input and output are parameterized by a set of groundness parameters. The result of the analysis can be instantiated for different uses of the program. It can also be used to derive sufficient conditions for safely removing groundness checks for built-in calls in the program. The parametric groundness analysis is obtained by generalizing a non-parametric groundness analysis that uses the abstract domain Con. It is shown to be as precise as the non-parametric groundness analysis for any possible values for the groundness parameters. Experimental results of a prototype implementation of the parametric groundness analysis are given.
Lunjin Lu
Finite-Tree Analysis for Constraint Logic-Based Languages
Abstract
Logic languages based on the theory of rational, possibly infinite, trees have much appeal in that rational trees allow for faster unification (due to the omission of the occurs-check) and increased expressivity. Note that cyclic terms can provide a very efficient representation of grammars and other useful objects. Unfortunately, the use of infinite rational trees has problems. For instance, many of the built-in and library predicates are ill-defined for such trees and need to be supplemented by run-time checks whose cost may be significant. Moreover, some widely-used program analysis and manipulation techniques are only correct for those parts of programs working over finite trees. It is thus important to obtain, automatically, a knowledge of those program variables (the finite variables) that, at the program points of interest, will always be bound to finite terms. For these reasons, we propose here a new data-flow analysis that captures such information. We present a parametric domain where a simple component for recording finite variables is coupled with a generic domain (the parameter of the construction) providing sharing information. The sharing domain is abstractly specified so as to guarantee the correctness of the combined domain and the generality of the approach.
Roberto Bagnara, Roberta Gori, Patricia M. Hill, Enea Zaffanella

Invited Paper

Applications of Extended Static Checking
Abstract
Extended static checking is a powerful program analysis technique. It translates into a logical formula the hypothesis that a given program has some particular desirable properties. The logical formula, called a verification condition, is then checked with an automatic theorem prover. The extended static checking technique has been built into a couple of program checkers. This paper discusses other possible applications of the technique to the problem of producing quality software more quickly.
K. Rustan, M. Leino

Data Structures

Cleanness Checking of String Manipulations in C Programs via Integer Analysis
Abstract
All practical C programs use structures, arrays, and/or strings. At runtime, such objects are mapped into consecutive memory locations, hereafter referred to as buffers. Many software defects are caused by buffer overflow — unintentional access to memory outside the intended object. String manipulation is a major source of such defects. According to the FUZZ study, they are the cause of most UNIX failures.
We present a new algorithm for statically detecting buffer overflow defects caused by string manipulations in C programs. In many programs, our algorithm is capable of precisely handling destructive memory updates, even in the presence of overlapping pointer variables which reference the same buffer at different offsets. Thus, our algorithm can uncover defects which go undetected by previous works. We reduce the problem of checking string manipulation to that of analyzing integer variables.
A prototype of the algorithm has been implemented and applied to statically uncover defects in real C applications, i.e., errors which occur on some inputs to the program. The applications were selected without a priori knowledge of the number of string manipulation errors. A significant number of string manipulation errors were found in every application, further indicating the extensiveness of such errors. We are encouraged by the fact that our algorithm reports very few false alarms, i.e., warnings on errors that never occur at runtime.
Nurit Dor, Michael Rodeh, Mooly Sagiv
Solving Regular Tree Grammar Based Constraints
Abstract
This paper describes the precise specification, design, analysis, implementation, and measurements of an efficient algorithm for solving regular tree grammar based constraints. The particular constraints are for dead-code elimination on recursive data, but the method used for the algorithm design and complexity analysis is general and applies to other program analysis problems as well. The method is centered around Paige’s finite differencing, i.e., computing expensive set expressions incrementally, and allows the algorithm to be derived and analyzed formally and implemented easily. We propose higher-level transformations that make the derived algorithm concise and allow its complexity to be analyzed accurately. Although a rough analysis shows that the worst-case time complexity is cubic in program size, an accurate analysis shows that it is linear in the number of live program points and in other parameters, including mainly the arity of data constructors and the number of selector applications into whose arguments the value constructed at a program point might flow. These parameters explain the performance of the analysis in practice. Our implementation also runs two to ten times as fast as a previous implementation of an informally designed algorithm.
Yanhong A. Liu, Ning Li, Scott D. Stoller
Static Analyses of the Precision of Floating-Point Operations
Abstract
Computers manipulate approximations of real numbers, called floating-point numbers. The calculations they make are accurate enough for most applications. Unfortunately, in some (catastrophic) situations, the floating-point operations lose so much precision that they quickly become irrelevant. In this article, we review some of the problems one can encounter, focussing on the IEEE754-1985 norm. We give a (sketch of a) semantics of its basic operations then abstract them (in the sense of abstract interpretation) to extract information about the possible loss of precision. The expected application is abstract debugging of software ranging from simple on-board systems (which use more and more on-the-shelf micro-processors with floating-point units) to scientific codes. The abstract analysis is demonstrated on simple examples and compared with related work.
Eric Goubault

Pointer Analysis

Estimating the Impact of Scalable Pointer Analysis on Optimization
Abstract
This paper addresses the following question: Do scalable control-flow-insensitive pointer analyses provide the level of precision required to make them useful in compiler optimizations?
We first describe alias frequency, a metric that measures the ability of a pointer analysis to determine that pairs of memory accesses in C programs cannot be aliases. We believe that this kind of information is useful for a variety of optimizations, while remaining independent of a particular optimization. We show that control-flow and context insensitive analyses provide the same answer as the best possible pointer analysis on at least 95% of all statically generated alias queries. In order to understand the potential run-time impact of the remaining 5% queries, we weight the alias queries by dynamic execution counts obtained from profile data. Flow-insensitive pointer analyses are accurate on at least 95% of the weighted alias queries as well.
We then examine whether scalable pointer analyses are inaccurate on the remaining 5% alias queries because they are context-insensitive. To this end, we have developed a new context-sensitive pointer analysis that also serves as a general engine for tracing the flow of values in C programs. To our knowledge, it is the first technique for performing context-sensitive analysis with subtyping that scales to millions of lines of code. We find that the new algorithm does not identify fewer aliases than the context-insensitive analysis.
Manuvir Das, Ben Liblit, Manuel Fähndrich, Jakob Rehof
Efficient Computation of Parameterized Pointer Information for Interprocedural Analyses
Abstract
This paper presents a modular algorithm that efficiently computes parameterized pointer information, in which symbolic names are introduced to identify memory locations whose addresses may be passed into a procedure. Parameterized pointer information can be used by a client program analysis to compute parameterized summary information for a procedure. The client can then instantiate such information at each specific callsite by binding the symbolic names. Compared to non-parameterized pointer information, in which memory locations are identified using the same name throughout a program, parameterized pointer information lets the client reduce the spurious information that is propagated across procedure boundaries. Such reduction will improve not only the precision, but also the efficiency of the client. The paper also presents a set of empirical studies. The studies show that (1) the algorithm is efficient; and (2) using parameterized pointer information may significantly improve the precision and efficiency of program analyses.
Donglin Liang, Mary Jean Harrold

Model Checking

Parametric Optimization of Open Real-Time Systems
Abstract
For controllable timed automata, a general parametric optimization framework based on automata-theory is proposed. The framework is general enough to incorporate both the parametric analysis problem and the controller synthesis problem of computer systems. We propose an algorithm for the construction of the characterization of the parameter constraints and controller synthesis, which in turn yields a linear programming solution to parametric optimization.
Farn Wang, Hsu-Chun Yen
Embedding Chaos
Abstract
Model checking would answer all finite-state verification problems, if it were not for the notorious state-space explosion problem. A problem of practical importance, which attracted less attention, is to close open systems. Standard model checkers cannot handle open systems directly and closing is commonly done by adding an environment process, which in the simplest case behaves chaotically. However, for model checking, the way of closing should be well-considered to alleviate the state-space explosion problem. This is especially true in the context of model checking SDL with its asynchronous message-passing communication, since chaotically sending and receiving messages immediately leads to a combinatorial explosion caused by all combinations of messages in the input queues.
In this paper we develop an automatic transformation yielding a closed system. By embedding the outside chaos into the system’s processes, we avoid the state-space penalty in the input queues mentioned above. To capture the chaotic timing behaviour of the environment, we introduce a non-standard 3-valued timer abstraction. We use data-flow analysis to detect instances of chaotic variables and timers and prove the soundness of the transformation, which is based on the result of the analysis.
Natalia Sidorova, Martin Steffen

Abstract Model Checking

Analyzing Fair Parametric Extended Automata
Abstract
We address the problem of verifying safety and liveness properties for infinite-state systems, using symbolic reachability analysis. The models we consider are fair parametric extended automata, i.e., counter automata with parametric guards, supplied with fairness conditions on their transitions. In previous work, we shown that symbolic reachability analysis using acceleration techniques can be used to generate finite abstractions (symbolic graphs) of the original infinite-state model. In this paper, we show that this analysis can be also used to introduce fairness conditions on the generated abstract model allowing to model-check liveness properties. We show first how to translate faithfully the fairness conditions of the infinite-state original model to conditions on the generated finite symbolic graph. Then, we show that we can also synthesize automatically new fairness conditions allowing to eliminate infinite paths in the symbolic graph which do not correspond to valid behaviours in the original model. These infinite paths correspond to abstractions of boundedly iterable (nested) loops. We show techniques allowing to decide this bounded iterability for a class of components in the symbolic graph. We illustrate the application of these techniques to nontrivial examples.
Ahmed Bouajjani, Aurore Collomb-Annichini, Yassine Lakhnech, Mihaela Sighireanu
Incompleteness, Counterexamples, and Refinements in Abstract Model-Checking
Abstract
In this paper we study the relation between the lack of completeness in abstract interpretation of model-checking and the structure of the counterexamples produced by a model-checker. We consider two dual forms of completeness of an abstract interpretation: Forward and backward completeness. They correspond respectively to the standard γ/α completeness of an abstract interpretation and can be related with each other by adjunction. We give a constructive characterization of Clarke et al.’s spurious counterexamples in terms of both forward and backward completeness of the underlying abstract interpretation. This result allows us to understand the structure of the counterexamples that can be removed by systematically refining abstract domains to achieve completeness with respect to a given operation. We apply our result to improve static program analysis by refining the model-checking of an abstract interpretation.
Roberto Giacobazzi, Elisa Quintarelli

Invited Talk

Language-Based Security: What’s Needed and Why
Abstract
Language-based security leverages program analysis and program rewriting in enforcing security policies. The approach promises efficient enforcement of fine-grained access-control policies, and it seems to require a trusted computing base of only modest size. This talk discusses progress and prospects for the area. Traditional security problems viewed through the lens of programming language research invites novel uses of various well understood results from the area. It also provides reason to revisit assumptions and research directions that have been driving forces in languages research.
Fred Schneider

Mobility

A Behavioral Module System for the Pi-Calculus
Abstract
Distributed message-passing based asynchronous systems are becoming increasingly important. Such systems are notoriously hard to design and test. A promising approach to help programmers design such programs is to provide a behavioral type system that checks for behavioral properties such as deadlock freedom using a combination of type inference and model checking. The fundamental challenge in making a behavioral type system work for realistic concurrent programs is state explosion. This paper develops the theory to design a behavioral module system that permits decomposing the type checking problem, saving exponential cost in the analysis. Unlike module systems for sequential programming languages, a behavioral specification for a module typically assumes that the module operates in an appropriate concurrent context. We identify assume-guarantee reasoning as a fundamental principle in designing such a module system.
Concretely, we propose a behavioral module system for π-calculus programs. Types are CCS processes that correctly approximate the behavior of programs, and by applying model checking techniques to process types one can check many interesting program properties, including deadlock-freedom and communication progress. We show that modularity can be achieved in our type system by applying circular assume-guarantee reasoning principles whose soundness requires an induction over time. We state and prove an assume-guarantee rule for CCS. Our module system integrates this assume-guarantee rule into our behavioral type system.
Sriram K. Rajamani, Jakob Rehof
An Abstract Interpretation Framework for Analysing Mobile Ambients
Abstract
We introduce an abstract interpretation framework for Mobile Ambients, based on a new fixed-point semantics. Then, we derive within this setting two analyses computing a safe approximation of a property about the run-time topological structure of processes which is relevant to security.
Francesca Levi, Sergio Maffeis
Abstract Interpretation-Based Static Analysis of Mobile Ambients
Abstract
We use Abstract Interpretation to automatically prove safety properties of mobile ambients with name communications. We introduce a non-standard semantics in order to distinguish different recursive instances of agents. This allows us to specify explicitly both the link between agents and the ambient names they have declared, and the link between agents and the ambients they have activated.
Then we derive from this non-standard semantics an abstract semantics which focuses on interactions between agents. This abstract semantics describes non uniformly which agents can be launched in which ambients and which ambient names can be communicated to which agents. Such a description is required to prove security properties such as non-interference or confinement for instance.
Jérôme Feret

Invited Session on Security

Static Analysis and Software Assurance
Abstract
In the past decade, explosive growth in computer networks has brought security issues to the forefront. One of the greatest challenges in computer security today is the software assurance problem: How do we deal with the fact that our most trusted software, even our security software itself, is often buggy?
In this talk, I will discuss how static analysis can help with the software assurance problem. I will describe some recent experience with static analysis tools for vulnerability detection. I will also survey a number of open problems in the field and suggest a few promising directions for future research.
David Wagner
A Type and Effect Analysis of Security Protocols
Abstract
We propose a new method to check authenticity properties of cryptographic protocols. First, code up the protocol in the spi-calculus of Abadi and Gordon. Second, specify authenticity properties by annotating the code with correspondence assertions in the style of Woo and Lam. Third, figure out types for the keys, nonces, and messages of the protocol. Fourth, check that the spi-calculus code is well-typed according to a novel type and effect system. Our main theorem guarantees that any well-typed protocol is robustly safe, that is, its correspondence assertions are true in the presence of any opponent expressible in spi. It is feasible to apply this method by hand to several well-known cryptographic protocols. It requires little human effort per protocol, puts no bound on the size of the opponent, and requires no state space enumeration. Moreover, the types for protocol data provide some intuitive explanation of how the protocol works. Our method has led us to the independent rediscovery of flaws in existing protocols and to the design of improved protocols. My talk will describe our method and give some simple examples. Papers describing the method in detail appear elsewhere [1,2].
Andrew D. Gordon, Alan Jeffrey
Abstracting Cryptographic Protocols by Prolog Rules
Abstract
Most current cryptographic protocol verifiers meet the state space explosion problem, and have to limit the number of executions of the considered protocol during the verification. To solve these problems, we introduce an abstract representation of cryptographic protocols, based on Prolog rules, and use it to verify secrecy properties of protocols.
Bruno Blanchet
Security-Typed Languages and Distributed Computation
Abstract
Recently there has been considerable interest in programming languages that encode security policies in type declarations. Type-checking is used to determine whether a program enforces these policies. This approach enjoys many of the benefits of static type-checking, but is particularly of interest because it can enforce information flow properties such as noninterference, for which purely dynamic mechanisms are ineffective.
Enforcing information flow properties for distributed systems adds a new challenges: mutual distrust among the principals, and untrusted hosts. Our new approach, secure program partitioning, automatically rewrites a program into communicating subprograms that run securely on the set of available hosts yet collectively implement the original program. This fine-grained rewriting is based on the security types in the original program and the trust relationships among principals and hosts in the system. Computation in the original program is written in a single-host style, yet the resulting distributed system can satisfy the strong confidentiality and integrity properties specified by the program.
Andrew Myers
Backmatter
Metadaten
Titel
Static Analysis
herausgegeben von
Patrick Cousot
Copyright-Jahr
2001
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-540-47764-8
Print ISBN
978-3-540-42314-0
DOI
https://doi.org/10.1007/3-540-47764-0