This paper describes an automated tool called Dex (Difference extractor) for analyzing syntactic and semantic changes in large C-language code bases. It is applied to patches obtained from a source code repository, each of which comprises the code changes made to accomplish a particular task. Dex produces summary statistics characterizing these changes for all of the patches that are analyzed. Dex applies a graph differencing algorithm to abstract semantic graphs (ASGs) representing each version. The differences are then analyzed to identify higher-level program changes. We describe the design of Dex, its potential applications, and the results of applying it to analyze bug fixes from the Apache and GCC projects. The results include detailed information about the nature and frequency of missing condition defects in these projects. 1.

Current critical systems often use a lot of floating-point computations, and thus the testing or static analysis of programs containing floatingpoint operators has become a priority. However, correctly defining the semantics of common implementations of floating-point is tricky, because semantics may change according to many factors beyond source-code level, such as choices made by compilers. We here give concrete examples of problems that can appear and solutions for implementing in analysis software. 1

We propose preventing format-string attacks with a combination of static dataflow analysis and dynamic white-lists of safe address ranges. The dynamic nature of our white-lists provides the flexibility necessary to encode a very precise security policy—namely, that %n-specifiers in printf-style functions should modify a memory location x only if the programmer explicitly passes a pointer to x. Our static dataflow analysis and source transformations let us automatically maintain and check the white-list without any programmer effort—they merely need to change the Makefile. Our analysis also detects pointers passed to vprintfstyle functions through (possibly multiple layers of) wrapper functions. Our results establish that our approach provides better protection than previous work and incurs little performance overhead.

We present a new approach to code compression which was designed as part of a larger infrastructure for mobile code deployment. Our approach operates on abstract syntax trees and can be parameterized by abstract grammars, making it applicable to any source language without further language-specific modifications. It employs a variation of prediction by partial match to drive an arithmetic coder adaptively, thereby achieving unmatched compression results without requiring prior statistical analysis. We have developed a prototype implementation and have used it to compress Java programs. It reduces the size of compressed Java classes/packages by 5--50 per cent compared to the best published compression scheme, which was specifically tailored towards Java.

Implementing a concurrent programming language such as Java by the means of a translator to an existing language is attractive as it provides portability over all platforms supported by the host language and reduces development time – as many low-level tasks can be delegated to the host compiler. The C and C++ programming languages are popular choices for many language implementations due to the availability of efficient compilers on a wide range of platforms. For garbage-collected languages, however, they are not a perfect match as no support is provided for accurately discovering pointers to heap-allocated data on thread stacks. We evaluate several previously published techniques, and propose a new mechanism, lazy pointer stacks, for performing accurate garbage collection in such uncooperative environments. We implemented the new technique in the Ovm Java virtual machine with our own Java-to-C/C++ compiler using GCC as a back-end compiler. Our extensive experimental results confirm that lazy pointer stacks outperform existing approaches: we provide a speed-up of 4.5 % over Henderson’s accurate collector with a 17 % increase in code size. Accurate collection is essential in the context of real-time systems, we thus validate our approach with the implementation of a real-time concurrent garbage collection algorithm. 1.

This paper proposes a methodology to develop countermeasures against code injection attacks, and validates the methodology by working out a specific countermeasure. This methodology is based on modeling the execution environment of a program. Such a model is then used to build countermeasures. The paper justifies the need for a more structured approach to protect programs against code injection attacks: we examine advanced techniques for injecting code into C and C++ programs and we discuss state-of-the -art (often ad hoc) approaches that typically protect singular memory locations. We validate our methodology by building countermeasures that prevent attacks by protecting a broad variety of memory locations that may be used by attackers to perform code injections. The paper evaluates our approach and discusses ongoing and future work.

For complex systems that are reusing intellectual property components, functional and compositional design correctness are an important part of the design process. Common system level capture in software programming languages such as C/C++ allow for a comfortable design entry and simulation, but mere simulation is not enough to ensure proper design integration. Validating that reused components are properly connected to each other and function correctly has become a major issue for such designs and requires the use of formal methods. In this paper, we propose an approach in which we automatically translate C/C++ programs into the synchronous formalism SIGNAL, hence enabling the application of formal methods without having to deal with the complex and error prone task to build formal models by hand. The main benefit of considering the model of SIGNAL for C/C++ languages lies in the formal nature of the synchronous language SIGNAL, which supports verification and optimization techniques. The C/C++ into SIGNAL transformation process is performed in two steps. We first translate C/C++ programs into an intermediate Static Single Assignment form, and next we translate this into SIGNAL programs. Our implementation of the SIGNAL generation is inserted in the GNU Compiler Collection source code as an additional Front end optimization pass. It does benefit from both GCC code optimization techniques as well as the optimizations of the SIGNAL compiler.

We present the design and implementation of Jello, a retargetable Just-In-Time (JIT) compiler for the Intel IA-32 architecture. The input to Jello is a C program statically compiled to Low-Level Virtual Machine (LLVM) bytecode. Jello takes advantage of the features of the LLVM bytecode representation to permit efficient run-time code generation, while emphasizing retargetability. Our approach uses an abstract machine code representation in Static Single Assignment form that is machine-independent, but can handle machine-specific features such as implicit and explicit register references. Because this representation is target-independent, many phases of code generation can be target-independent, making the JIT easily retargetable to new platforms without changing the code generator. Jello's ultimate goal is to provide a flexible host for future research in runtime optimization for programs written in languages which are traditionally compiled statically.

Growing design sizes and shrinking time to market windows can only be met with drastically increased productivity. One way to obtain this is a smart reuse of intellectual property. This paper presents a methodology for modular design with the help of component abstraction. It describes how imperative components can be transformed into a formal, synchronous description to provide behavioral types to the components. The synchronous composition of these abstracted components helps discover errors in the component composition. The presented methodology is illustrated by the detailed case study of a Finite Impulse Response filter. We transform initial SYSTEMC modules into an intermediate static single assignment representation which is used as a basis from which corresponding behavioral types are built. 1.

ii To Mom, Dad, and Frank... iii ACKNOWLEDGMENTS I am very grateful for the help of my advisor, Dr. David Whalley. Without you, this thesis would not have been possible. Thank you for believing in me, as well as inspiring me to work hard to achieve my goals. I would also like to thank the other members of the Compilers Group (Prasad Kulkarni, Bill Kreahling, Clint Whaley, Wankang Zhao) for their assistance. This work would have been extraordinarily difficult without your insight and your friendship. I would like to extend a big thanks to my family and friends for their unwavering love and support. You may not understand all of the complexities involved in my research, but I certainly learned that you are always willing to listen to me. I am truly blessed to have each of you in my life.