Results 1  10
of
53
Analyzing Memory Accesses in x86 Executables
 In CC
, 2004
"... This paper concerns staticanalysis algorithms for analyzing x86 executables. ..."
Abstract

Cited by 114 (28 self)
 Add to MetaCart
This paper concerns staticanalysis algorithms for analyzing x86 executables.
Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis
"... Abstract. This paper addresses the analysis of concurrent programs with shared memory. Such an analysis is undecidable in the presence of multiple procedures. One approach used in recent work obtains decidability by providing only a partial guarantee of correctness: the approach bounds the number of ..."
Abstract

Cited by 49 (11 self)
 Add to MetaCart
Abstract. This paper addresses the analysis of concurrent programs with shared memory. Such an analysis is undecidable in the presence of multiple procedures. One approach used in recent work obtains decidability by providing only a partial guarantee of correctness: the approach bounds the number of context switches allowed in the concurrent program, and aims to prove safety, or find bugs, under the given bound. In this paper, we show how to obtain simple and efficient algorithms for the analysis of concurrent programs with a context bound. We give a general reduction from a concurrent program P, and a given context bound K, to a slightly larger sequential program P K s such that the analysis of P K s can be used to prove properties about P. The reduction introduces symbolic constants and assume statements in P K s. Thus, any sequential analysis that can deal with these two additions can be extended to handle concurrent programs as well, under the context bound. We give instances of the reduction for common program models used in model checking, such as Boolean programs, pushdown systems (PDSs), and symbolic PDSs. 1
Extended weighted pushdown systems
 In CAV
, 2005
"... Abstract. Recent work on weightedpushdown systems shows how to generalize interproceduraldataflow analysis to answer “stackqualified queries”, which answer the question “what dataflow values hold at a program node for a particular set of calling contexts?” The generalization, however, does not ac ..."
Abstract

Cited by 33 (25 self)
 Add to MetaCart
Abstract. Recent work on weightedpushdown systems shows how to generalize interproceduraldataflow analysis to answer “stackqualified queries”, which answer the question “what dataflow values hold at a program node for a particular set of calling contexts?” The generalization, however, does not account for precise handling of local variables. Extendedweightedpushdown systems address this issue, and provide answers to stackqualified queries in the presence of local variables as well. 1
Program analysis as constraint solving
 In PLDI
, 2008
"... A constraintbased approach to invariant generation in programs translates a program into constraints that are solved using offtheshelf constraint solvers to yield desired program invariants. In this paper we show how the constraintbased approach can be used to model a wide spectrum of program ana ..."
Abstract

Cited by 33 (11 self)
 Add to MetaCart
A constraintbased approach to invariant generation in programs translates a program into constraints that are solved using offtheshelf constraint solvers to yield desired program invariants. In this paper we show how the constraintbased approach can be used to model a wide spectrum of program analyses in an expressive domain containing disjunctions and conjunctions of linear inequalities. In particular, we show how to model the problem of contextsensitive interprocedural program verification. We also present the first constraintbased approach to weakest precondition and strongest postcondition inference. The constraints we generate are boolean combinations of quadratic inequalities over integer variables. We reduce these constraints to SAT formulae using bitvector modeling and use offtheshelf SAT solvers to solve them. Furthermore, we present interesting applications of the above analyses, namely bounds analysis and generation of mostgeneral counterexamples for both safety and termination properties. We also present encouraging preliminary experimental results demonstrating the feasibility of our technique on a variety of challenging examples.
Interprocedural analysis of concurrent programs under a context bound
 In TACAS
, 2007
"... Abstract. Analysis of recursive programs in the presence of concurrency and shared memory is undecidable. In previous work, Qadeer and Rehof [23] showed that contextbounded analysis is decidable for recursive programs under a finitestate abstraction of program data. In this paper, we show that con ..."
Abstract

Cited by 29 (7 self)
 Add to MetaCart
Abstract. Analysis of recursive programs in the presence of concurrency and shared memory is undecidable. In previous work, Qadeer and Rehof [23] showed that contextbounded analysis is decidable for recursive programs under a finitestate abstraction of program data. In this paper, we show that contextbounded analysis is decidable for certain families of infinitestate abstractions, and also provide a new symbolic algorithm for the finitestate case. 1
A Note on Karr’s Algorithm
 In 31st Int. Coll. on Automata, Languages and Programming (ICALP
"... Abstract. We give a simple formulation of Karr’s algorithm for computing all affine relationships in affine programs. This simplified algorithm runs in time O(nk 3) where n is the program size and k is the number of program variables assuming unit cost for arithmetic operations. This improves upon t ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
Abstract. We give a simple formulation of Karr’s algorithm for computing all affine relationships in affine programs. This simplified algorithm runs in time O(nk 3) where n is the program size and k is the number of program variables assuming unit cost for arithmetic operations. This improves upon the original formulation by a factor of k. Moreover, our reformulation avoids exponential growth of the lengths of intermediately occurring numbers (in binary representation) and uses less complicated elementary operations. We also describe a generalization that determines all polynomial relations up to degree d in time O(nk 3d). 1
SubPolyhedra: A (more) scalable approach to infer linear inequalities
"... domain to infer and propagate linear inequalities. SubPoly is as expressive as Polyhedra, but it drops some of the deductive power to achieve scalability. SubPoly is based on the insight that the reduced product of linear equalities and intervals produces powerful yet scalable analyses. Precision ca ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
domain to infer and propagate linear inequalities. SubPoly is as expressive as Polyhedra, but it drops some of the deductive power to achieve scalability. SubPoly is based on the insight that the reduced product of linear equalities and intervals produces powerful yet scalable analyses. Precision can be recovered using hints. Hints can be automatically generated or provided by the user in the form of annotations. We implemented SubPoly on the top of Clousot, a generic abstract interpreter for.Net. Clousot with SubPoly analyzes very large and complex code bases in few minutes. SubPoly can efficiently capture linear inequalities among hundreds of variables, a result wellbeyond stateoftheart implementations of Polyhedra. 1
Computing procedure summaries for interprocedural analysis
 ESOP
, 2007
"... Abstract. We describe a new technique for computing procedure summaries for performing an interprocedural analysis on programs. Procedure summaries are computed by performing a backward analysis of procedures, but there are two key new features: (i) information is propagated using “generic ” asserti ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
Abstract. We describe a new technique for computing procedure summaries for performing an interprocedural analysis on programs. Procedure summaries are computed by performing a backward analysis of procedures, but there are two key new features: (i) information is propagated using “generic ” assertions (rather than regular assertions that are used in intraprocedural analysis); and (ii) unification is used to simplify these generic assertions (thus generalizing our recent technique of using unification to simplify regular assertions in intraprocedural analysis [6]). We describe conditions under which this technique yields efficient interprocedural analyses. We illustrate this technique by applying it to two abstractions: unary uninterpreted functions and linear arithmetic. In the first case, we get a PTIME algorithm for a special case of the longstanding open problem of interprocedural global value numbering (the special case being that we consider unary uninterpreted functions instead of binary). This also requires developing efficient algorithms for manipulating singleton contextfree grammars, and builds on an earlier work by Plandowski [13]. In linear arithmetic case, we get new algorithms for precise interprocedural analysis of linear arithmetic programs with complexity matching that of the best known deterministic algorithm [11]. 1