Bertrand Meyer

DOI: https://doi.org/10.48550/arXiv.1001.1610

2011-04-10

Abstract:A theory, graphical notation, mathematical calculus and implementation for finding whether two given expressions can, at execution time, denote references attached to the same object. Intended as the basis for a comprehensive solution to the "frame problem" and as a complement to, or even a replacement for, separation logic, shape analysis, ownership types and dynamic frames.

Software Engineering,Programming Languages

Victor Rivera,Bertrand Meyer

2019-04-19

Abstract:The aliasing question (can two reference expressions point, during an execution, to the same object?) is both one of the most critical in practice, for applications ranging from compiler optimization to programmer verification, and one of the most heavily researched, with many hundreds of publications over several decades. One might then expect that good off-the-shelf solutions are widely available, ready to be plugged into a compiler or verifier. This is not the case. In practice, efficient and precise alias analysis remains an open problem. We present a practical tool, AutoAlias, which can be used to perform automatic alias analysis for object-oriented programs. Based on the theory of "duality semantics", an application of Abstract Interpretation ideas, it is directed at object-oriented languages and has been implemented for Eiffel as an addition to the EiffelStudio environment. It offers variable-precision analysis, controllable through the choice of a constant that governs the number of fix point iterations: a higher number means better precision and higher computation time. All the source code of AutoAlias, as well as detailed results of analyses reported in this article, are publicly available. Practical applications so far have covered a library of data structures and algorithms and a library for GUI creation. For the former, AutoAlias achieves a precision appropriate for practical purposes and execution times in the order of 25 seconds for about 8000 lines of intricate code. For the GUI library, AutoAlias produces the alias analysis in around 232 seconds for about 150000 lines of intricate code.

Software Engineering

Mohamed A. El-Zawawy,Mohammad N. Alanazi

DOI: https://doi.org/10.48550/arXiv.1405.4401

2014-05-17

Abstract:Static alias analysis of different type of programming languages has been drawing researcher attention. However most of the results of existing techniques for alias analysis are not precise enough compared to needs of modern compilers. Probabilistic versions of these results, in which result elements are associated with occurrence probabilities, are required in optimizations techniques of modern compilers. This paper presents a new probabilistic approach for alias analysis of parallel programs. The treated parallelism model is that of SPMD where in SPMD, a program is executed using a fixed number of program threads running on distributed machines on different data. The analyzed programs are assumed to be in the static single assignment (SSA) form which is a program representation form facilitating program analysis. The proposed technique has the form of simply-strictured system of inference rules. This enables using the system in applications like Proof-Carrying Code (PPC) which is a general technique for proving the safety characteristics of modern programs.

Programming Languages,Software Engineering

Benjamin Mourad,Matteo Cimini

DOI: https://doi.org/10.1007/978-3-030-38919-2_44

2020-01-01

Abstract:In this paper we propose a calculus for expressing algorithms for programming languages transformations. We present the type system and operational semantics of the calculus, and we prove that it is type sound. We have implemented our calculus, and we demonstrate its applicability with common examples in programming languages. As our calculus manipulates inference systems, our work can, in principle, be applied to logical systems.

Azadeh Farzan,Zachary Kincaid

DOI: https://doi.org/10.48550/arXiv.1310.3481

2013-10-13

Abstract:The purpose of a program analysis is to compute an abstract meaning for a program which approximates its dynamic behaviour. A compositional program analysis accomplishes this task with a divide-and-conquer strategy: the meaning of a program is computed by dividing it into sub-programs, computing their meaning, and then combining the results. Compositional program analyses are desirable because they can yield scalable (and easily parallelizable) program analyses. This paper presents algebraic framework for designing, implementing, and proving the correctness of compositional program analyses. A program analysis in our framework defined by an algebraic structure equipped with sequencing, choice, and iteration operations. From the analysis design perspective, a particularly interesting consequence of this is that the meaning of a loop is computed by applying the iteration operator to the loop body. This style of compositional loop analysis can yield interesting ways of computing loop invariants that cannot be defined iteratively. We identify a class of algorithms, the so-called path-expression algorithms [Tarjan1981,Scholz2007], which can be used to efficiently implement analyses in our framework. Lastly, we develop a theory for proving the correctness of an analysis by establishing an approximation relationship between an algebra defining a concrete semantics and an algebra defining an analysis.

Programming Languages

Anirban Majumdar,Antoine Monsifrot,Clark Thomborson

DOI: https://doi.org/10.1109/adcom.2006.4289963

2006-01-01

Abstract:Aliasing occurs when two variables refer to the same memory location. This technique has been exploited for constructing resilient obfuscation transforms in languages that extensively use indirect referencing. The theoretical basis for these transforms is derived from the hard complexity results of precisely determining which set of variables refer to the same memory location at a given program point during execution. However, no method is known for randomly generating hard problem instances. Unless we are able to evaluate the obfuscatory strength of these transforms using static analysis tools, we cannot correlate the resilience expected in theory with what actually holds in practice. In this contribution, we will outline the main difficulties in experimentally evaluating obfuscatory strength and give an overview of techniques that are suited for analysing well-established alias-based obfuscation transforms.

Matthieu Lemerre,Sébastien Bardin

DOI: https://doi.org/10.48550/arXiv.1712.10058

2017-12-29

Abstract:The traditional abstract domain framework for imperative programs suffers from several shortcomings; in particular it does not allow precise symbolic abstractions. To solve these problems, we propose a new abstract interpretation framework, based on symbolic expressions used both as an abstraction of the program, and as the input analyzed by abstract domains. We demonstrate new applications of the frame- work: an abstract domain that efficiently propagates constraints across the whole program; a new formalization of functor domains as approximate translation, which allows the production of approximate programs, on which we can perform classical symbolic techniques. We used these to build a complete analyzer for embedded C programs, that demonstrates the practical applicability of the framework.

Software Engineering

Alex Gyori,Shuvendu K. Lahiri,Nimrod Partush

DOI: https://doi.org/10.48550/arXiv.1609.08734

2016-09-28

Abstract:Change-impact analysis (CIA) is the task of determining the set of program elements impacted by a program change. Precise CIA has great potential to avoid expensive testing and code reviews for (parts of) changes that are refactorings (semantics-preserving). Existing CIA is imprecise because it is coarse-grained, deals with only few refactoring patterns, or is unaware of the change semantics. We formalize the notion of change impact in terms of the trace semantics of two program versions. We show how to leverage equivalence relations to make dataflow-based CIA aware of the change semantics, thereby improving precision in the presence of semantics-preserving changes. We propose an anytime algorithm that allows applying costly equivalence relation inference incrementally to refine the set of impacted statements. We have implemented a prototype in SymDiff, and evaluated it on 322 real-world changes from open-source projects and benchmark programs used by prior research. The evaluation results show an average 35% improvement in the size of the set of impacted statements compared to standard dataflow-based techniques.

Software Engineering

Daniel J. Buehrer

DOI: https://doi.org/10.48550/arXiv.1804.03301

2018-04-10

Abstract:We describe a class calculus that is expressive enough to describe and improve its own learning process. It can design and debug programs that satisfy given input/output constraints, based on its ontology of previously learned programs. It can improve its own model of the world by checking the actual results of the actions of its robotic activators. For instance, it could check the black box of a car crash to determine if it was probably caused by electric failure, a stuck electronic gate, dark ice, or some other condition that it must add to its ontology in order to meet its sub-goal of preventing such crashes in the future. Class algebra basically defines the eval/eval-1 Galois connection between the residuated Boolean algebras of 1. equivalence classes and super/sub classes of class algebra type expressions, and 2. a residual Boolean algebra of biclique relationships. It distinguishes which formulas are equivalent, entailed, or unrelated, based on a simplification algorithm that may be thought of as producing a unique pair of Karnaugh maps that describe the rough sets of maximal bicliques of relations. Such maps divide the n-dimensional space of up to 2n-1 conjunctions of up to n propositions into clopen (i.e. a closed set of regions and their boundaries) causal sets. This class algebra is generalized to type-2 fuzzy class algebra by using relative frequencies as probabilities. It is also generalized to a class calculus involving assignments that change the states of programs. INDEX TERMS 4-valued Boolean Logic, Artificial Intelligence, causal sets, class algebra, consciousness, intelligent design, IS-A hierarchy, mathematical logic, meta-theory, pointless topological space, residuated lattices, rough sets, type-2 fuzzy sets

Artificial Intelligence

Andrej Bauer,Gaëtan Gilbert,Philipp G. Haselwarter,Matija Pretnar,Christopher A. Stone

DOI: https://doi.org/10.48550/arXiv.1802.06217

2018-02-17

Abstract:Andromeda is an LCF-style proof assistant where the user builds derivable judgments by writing code in a meta-level programming language AML. The only trusted component of Andromeda is a minimalist nucleus (an implementation of the inference rules of an object-level type theory), which controls construction and decomposition of type-theoretic judgments. Since the nucleus does not perform complex tasks like equality checking beyond syntactic equality, this responsibility is delegated to the user, who implements one or more equality checking procedures in the meta-language. The AML interpreter requests witnesses of equality from user code using the mechanism of algebraic operations and handlers. Dynamic checks in the nucleus guarantee that no invalid object-level derivations can be constructed. %even if the AML code (or interpreter) is untrusted. To demonstrate the flexibility of this system structure, we implemented a nucleus consisting of dependent type theory with equality reflection. Equality reflection provides a very high level of expressiveness, as it allows the user to add new judgmental equalities, but it also destroys desirable meta-theoretic properties of type theory (such as decidability and strong normalization). The power of effects and handlers in AML is demonstrated by a standard library that provides default algorithms for equality checking, computation of normal forms, and implicit argument filling. Users can extend these new algorithms by providing local "hints" or by completely replacing these algorithms for particular developments. We demonstrate the resulting system by showing how to axiomatize and compute with natural numbers, by axiomatizing the untyped $\lambda$-calculus, and by implementing a simple automated system for managing a universe of types.

Logic in Computer Science

Swati Jaiswal,Uday P. Khedker,Supratik Chakraborty

DOI: https://doi.org/10.48550/arXiv.1802.00932

2018-02-03

Programming Languages

Abstract:A demand-driven approach to program analysis have been viewed as efficient algorithms to compute only the information required to serve a target demand. In contrast, an exhaustive approach computes all information in anticipation of it being used later. However, for a given set of demands, demand-driven methods are believed to compute the same information that would be computed by the corresponding exhaustive methods. We investigate the precision and bidirectional nature of demand-driven methods and show that: (a) demand-driven methods can be formalized inherently as bidirectional data flow analysis because the demands are propagated against the control flow and the information to satisfy the demands is propagated along the control flow. We extend the formalization of the Meet Over Paths solution to bidirectional flows. This formalization helps us to prove the soundness and precision of our analysis, and (b) since a demand-driven method computes only the required information to meet a demand, it should be able to reduce the imprecision caused by data abstractions and hence should be more precise than an exhaustive method. We show that while this is indeed the case with Java, for C/C++, the precision critically hinges on how indirect assignments are handled. We use this insight and propose a demand-driven alias analysis that is more precise than an exhaustive analysis for C/C++ too. We have chosen devirtualization as an application. Our measurements show that our method is not only more efficient but more precise than the existing demand-driven method, as well as the corresponding exhaustive method.

Aboubakr Achraf El Ghazi,Mana Taghdiri

DOI: https://doi.org/10.48550/arXiv.1505.00672

2015-05-04

Abstract:This paper describes how Yices, a modern SAT Modulo theories solver, can be used to analyze the address-book problem expressed in Alloy, a first-order relational logic with transitive closure. Current analysis of Alloy models - as performed by the Alloy Analyzer - is based on SAT solving and thus, is done only with respect to finitized types. Our analysis generalizes this approach by taking advantage of the background theories available in Yices, and avoiding type finitization when possible. Consequently, it is potentially capable of proving that an assertion is a tautology - a capability completely missing from the Alloy Analyzer. This paper also reports on our experimental results that compare the performance of our analysis to that of the Alloy Analyzer for various versions of the address book problem.

Logic in Computer Science

Julian Erhard,Simmo Saan,Sarah Tilscher,Michael Schwarz,Karoliine Holter,Vesal Vojdani,Helmut Seidl

DOI: https://doi.org/10.1007/s10009-024-00768-9

2024-09-25

International Journal on Software Tools for Technology Transfer

Abstract:To put sound program analysis at the fingertips of the software developer, we propose a framework for interactive abstract interpretation of multithreaded C code. interpretation provides sound analysis results, but can be quite costly in general. To achieve quick response times, we incrementalize the analysis infrastructure, including postprocessing, without necessitating any modifications to the analysis specifications themselves. We rely on the local generic fixpoint engine TD – which we enhance with reluctant destabilization to minimize reanalysis effort. Dedicated further improvements support precise incremental analysis of program properties that include concurrency deficiencies such as data-races. The framework has been implemented in the static analyzer Goblint , and combined with the MagpieBridge framework to relay findings to IDEs. We evaluate our implementation w.r.t. the yard sticks of response time and consistency. We also provide examples of program development highlighting the usability of our approach.

computer science, software engineering

Antoine Miné

DOI: https://doi.org/10.48550/arXiv.cs/0703084

2007-03-16

Abstract:This article presents a new numerical abstract domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on Difference-Bound Matrices and allows us to represent invariants of the form (+/-x+/-y<=c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on Difference-Bound Matrices - O(n2) memory cost, where n is the number of variables - and graph-based algorithms for all common abstract operators - O(n3) time cost. This includes a normal form algorithm to test equivalence of representation and a widening operator to compute least fixpoint approximations.

Programming Languages

Dylan McDermott,Alan Mycroft

DOI: https://doi.org/10.46298/lmcs-20(1:13)2024

2024-02-13

Logical Methods in Computer Science

Abstract:We establish a general framework for reasoning about the relationship between call-by-value and call-by-name. In languages with computational effects, call-by-value and call-by-name executions of programs often have different, but related, observable behaviours. For example, if a program might diverge but otherwise has no effects, then whenever it terminates under call-by-value, it terminates with the same result under call-by-name. We propose a technique for stating and proving properties like these. The key ingredient is Levy's call-by-push-value calculus, which we use as a framework for reasoning about evaluation orders. We show that the call-by-value and call-by-name translations of expressions into call-by-push-value have related observable behaviour under certain conditions on computational effects, which we identify. We then use this fact to construct maps between the call-by-value and call-by-name interpretations of types, and identify further properties of effects that imply these maps form a Galois connection. These properties hold for some computational effects (such as divergence), but not others (such as mutable state). This gives rise to a general reasoning principle that relates call-by-value and call-by-name. We apply the reasoning principle to example computational effects including divergence and nondeterminism.

computer science, theory & methods,logic

Yingjin Xu

DOI: https://doi.org/10.3969/j.issn.1674-3202.2011.02.007

2011-01-01

Abstract:The basic worry condensed in the so-called"Frame Problem"in Artificial Intelligence (AI)is:When an artificial agent's actions are being represented in forms of programs, how can a programmer of this system represent the desired effects of these actions without representing all of their none-effects?(He should be able to do this,otherwise he would introduce too many frame axioms into the action-representation of the very agent, but this will definitely render the computing budget of the whole system too big in the real time.)There are two basic approaches to this problem in the literature:First,by appealing to the"common sense law of inertia"or default logic,which can be explicated by the metaphysical assumption that the untouched part of the world is always inertial, a programmer is supposed to be able to avoid representing those undesired non-effects; second,by appealing to Hayes'"Naive Physics"project,which aims at a systematic formalization of human's common sense of the physical world in terms of predicate logic,a programmer is also supposed to be able to avoid representing those frame-axioms,given that the built-in knowledge stored in the computers has already constrained the logical space of representing the action-triggered effects.However,I will try to argue that neither approach is promising.Then,I will sketch a Wittgenstein-inspired cognitive model on belief-revision,i.e.,an experience-revisable semantic network in which the activation of some nodes,representing causes,will only lead to that of other nodes,representing the desired effects.Finally,I will provide an engineering approximation to this model with the help of Non-Axiomatic Reasoning System(NARS).

Horatiu Cirstea

DOI: https://doi.org/10.48550/arXiv.cs/0011043

2000-11-28

Symbolic Computation

Abstract:This thesis is devoted to the study of a calculus that describes the application of conditional rewriting rules and the obtained results at the same level of representation. We introduce the rewriting calculus, also called the rho-calculus, which generalizes the first order term rewriting and lambda-calculus, and makes possible the representation of the non-determinism. In our approach the abstraction operator as well as the application operator are objects of calculus. The result of a reduction in the rewriting calculus is either an empty set representing the application failure, or a singleton representing a deterministic result, or a set having several elements representing a not-deterministic choice of results. In this thesis we concentrate on the properties of the rewriting calculus where a syntactic matching is used in order to bind the variables to their current values. We define evaluation strategies ensuring the confluence of the calculus and we show that these strategies become trivial for restrictions of the general rewriting calculus to simpler calculi like the lambda-calculus. The rewriting calculus is not terminating in the untyped case but the strong normalization is obtained for the simply typed calculus. In the rewriting calculus extended with an operator allowing to test the application failure we define terms representing innermost and outermost normalizations with respect to a set of rewriting rules. By using these terms, we obtain a natural and concise description of the conditional rewriting. Finally, starting from the representation of the conditional rewriting rules, we show how the rewriting calculus can be used to give a semantics to ELAN, a language based on the application of rewriting rules controlled by strategies.

Francesco Gavazzo

2023-05-03

Abstract:Moving from the mathematical theory of (abstract) syntax, we develop a general relational theory of symbolic manipulation parametric with respect to, and accounting for, general notions of syntax. We model syntax relying on categorical notions, such as free algebras and monads, and show that a general theory of symbolic manipulation in the style of rewriting systems can be obtained by extending such notions to an allegorical setting. This way, we obtain an augmented calculus of relations accounting for syntax-based rewriting. We witness the effectiveness of the relational approach by generalising and unifying milestones results in rewriting, such as the parallel moves and the Tait-Martin-Löf techniques.

Logic in Computer Science

Andreas Teucke,Marco Voigt,Christoph Weidenbach

DOI: https://doi.org/10.48550/arXiv.1905.03651

2019-05-09

Abstract:A number of first-order calculi employ an explicit model representation formalism for automated reasoning and for detecting satisfiability. Many of these formalisms can represent infinite Herbrand models. The first-order fragment of monadic, shallow, linear, Horn (MSLH) clauses, is such a formalism used in the approximation refinement calculus. Our first result is a finite model property for MSLH clause sets. Therefore, MSLH clause sets cannot represent models of clause sets with inherently infinite models. Through a translation to tree automata, we further show that this limitation also applies to the linear fragments of implicit generalizations, which is the formalism used in the model-evolution calculus, to atoms with disequality constraints, the formalisms used in the non-redundant clause learning calculus (NRCL), and to atoms with membership constraints, a formalism used for example in decision procedures for algebraic data types. Although these formalisms cannot represent models of clause sets with inherently infinite models, through an additional approximation step they can. This is our second main result. For clause sets including the definition of an equivalence relation with the help of an additional, novel approximation, called reflexive relation splitting, the approximation refinement calculus can automatically show satisfiability through the MSLH clause set formalism.

Logic in Computer Science

Yichen Xu,Martin Odersky

DOI: https://doi.org/10.48550/arXiv.2306.06496

2023-06-11

Abstract:Capture calculus has recently been proposed as a solution to effect checking, achieved by tracking the captured references of terms in the types. Boxes, along with the box and unbox operations, are a crucial construct in capture calculus, which maintains the hygiene of types and improves the expressiveness of polymorphism over capturing types. Despite their usefulness in the formalism, boxes would soon become a heavy notational burden for users when the program grows. It thus necessitates the inference of boxes when integrating capture checking into a mainstream programming language. In this paper, we develop a formalisation of box inference for capture calculus. We begin by introducing a semi-algorithmic variant of the capture calculus, from which we derive an inference system where typed transformations are applied to complete missing box operations in programs. Then, we propose a type-level system that performs provably equivalent inference on the type level, without actually transforming the program. In the metatheory, we establish the relationships between these systems and capture calculus, thereby proving both the soundness and the completeness of box inference.

Programming Languages