Results 1 -
4 of
4
Efficient Path Conditions in Dependence Graphs for Software Safety Analysis
"... A new method for software safety analysis is presented which uses program slicing and constraint solving to construct and analyze path conditions, conditions defined on a programs input variables which must hold for information flow between two points in a program. Path conditions are constructed f ..."
Abstract
-
Cited by 32 (7 self)
- Add to MetaCart
A new method for software safety analysis is presented which uses program slicing and constraint solving to construct and analyze path conditions, conditions defined on a programs input variables which must hold for information flow between two points in a program. Path conditions are constructed from subgraphs of a programs dependence graph, specifically, slices and chops. The article describes how constraint solvers can be used to determine if a path condition is satisfiable and, if so, to construct a witness for a safety violation, such as an information flow from a program point at one security level to another program point at a different security level. Such a witness can prove useful in legal matters. The article reviews previous research on path conditions in program dependence graphs; presents new extensions of path conditions for arrays, pointers, abstract data types, and multithreaded programs; presents new decomposition formulae for path conditions; demonstrates how interval analysis and BDDs (binary decision diagrams) can be used to reduce the scalability problem for path conditions; and presents case studies illustrating the use of path conditions in safety analysis. Applying interval analysis and BDDs is shown to overcome the combinatorial explosion that can occur in constructing path conditions. Case studies and empirical data demonstrate the usefulness of path conditions for analyzing practical programs, in particular, how illegal influences on safety-critical programs can be discovered and analyzed.
Dominators in Linear Time
, 1997
"... A linear time algorithm is presented for finding dominators in control flow graphs. ..."
Abstract
-
Cited by 23 (0 self)
- Add to MetaCart
A linear time algorithm is presented for finding dominators in control flow graphs.
A Formal, Language-Independent, and Compositional Approach to Interprocedural Control Dependence Analysis
, 2000
"... Dependence relationships among the statements of a program are important to understand for various software development and maintenance purposes. The program's dependence graph is used as a base for various types of program analyses. A dependence graph represents the potential for one statement in a ..."
Abstract
-
Cited by 6 (2 self)
- Add to MetaCart
Dependence relationships among the statements of a program are important to understand for various software development and maintenance purposes. The program's dependence graph is used as a base for various types of program analyses. A dependence graph represents the potential for one statement in a program to affect another in terms of the control and data dependencies among a program's statements. A dependence graph is a directed multi-graph; the vertices of the graph represent the statements in a program and the arcs represent control and data dependencies separately. During the past two decades the value of a dependence graph as a program representation has been recognized by a wide audience and the definition has been extended in various ways in order to incorporate dependence relationships in various types of programs. Ths
Interprocedural Dataflow Analysis - Alias Analysis
, 2001
"... Storage Graph . . . . . . . . . . . . . . . . . . . . . . . . . 124 6.4.2 Dataow Lattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 6.5 Transfer Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 ix 6.5.1 Labeling execution instances . . . . . . . . . . ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
Storage Graph . . . . . . . . . . . . . . . . . . . . . . . . . 124 6.4.2 Dataow Lattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 6.5 Transfer Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 ix 6.5.1 Labeling execution instances . . . . . . . . . . . . . . . . . . . . . . 125 6.5.2 LTFs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 6.6 Intraprocedural Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 6.6.1 Malloc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 6.6.2 Assignment Statements . . . . . . . . . . . . . . . . . . . . . . . . . 127 6.7 Interprocedural Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 6.7.1 Processing SCCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 7 An elimination algorithm for interprocedural alias analysis 136 7.1.1 Alias Abstractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 7.1.2 Elimination algorithms for interprocedural pointer analysis . . . . . 138 7.1.3 An Example Program . . . . . . . . . . . . . . . . . . . . . . . . . . 138 7.2 Induction variable introduction . . . . . . . . . . . . . . . . . . . . . . . . . 139 7.2.1 Iterative control structures . . . . . . . . . . . . . . . . . . . . . . . 140 7.2.2 Interprocedural context . . . . . . . . . . . . . . . . . . . . . . . . . 142 7.3 Sequence Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 7.3.1 Dynamic Sequence Tokens . . . . . . . . . . . . . . . . . . . . . . . . 144 7.3.2 Interprocedural sequence tokens . . . . . . . . . . . . . . . . . . . . 145 7.4 Data types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 7.4.1 A Layout dependent represe...
