Results 1  10
of
31
Formal Language, Grammar and SetConstraintBased Program Analysis by Abstract Interpretation
, 1995
"... Grammarbased program analysis à la Jones and Muchnick and setconstraintbased program analysis à la Aiken and Heintze are static analysis techniques that have traditionally been seen as quite different from abstractinterpretationbased analyses, in particular because of their apparent noniterati ..."
Abstract

Cited by 72 (10 self)
 Add to MetaCart
Grammarbased program analysis à la Jones and Muchnick and setconstraintbased program analysis à la Aiken and Heintze are static analysis techniques that have traditionally been seen as quite different from abstractinterpretationbased analyses, in particular because of their apparent noniterative nature. For example, on page 18 of N. Heintze thesis, it is alleged that ``The finitary nature of abstract interpretation implies that there is a fundamental limitation on the accuracy of this approach to program analysis. There are decidable kinds of analysis that cannot be computed using abstract interpretation (even with widening and narrowing). The setbased analysis considered in this thesis is one example''. On the contrary, we show that grammar and setconstraintbased program analyses are similar abstract interpretations with iterative fixpoint computation using either a widening or a finitary grammar/setconstraints transformer or even a finite domain for each particular program. The understanding of grammarbased and setconstraintbased program analysis as a particular instance of abstract interpretation of a semantics has several advantages. First, the approximation process is formalized and not only explained using examples. Second, a domain of abstract properties is exhibited which is of general scope. Third, these analyses can be easily combined with other abstractinterpretationbased analyses, in particular for the analysis of numerical values. Fourth, they can be generalized to very powerful attributedependent and contextdependent analyses. Finally, a few misunderstandings may be removed.
ControlFlow Analysis and Type Systems
, 1995
"... . We establish a series of equivalences between type systems and controlflow analyses. Specifically, we take four type systems from the literature (involving simple types, subtypes and recursion) and conservatively extend them to reason about controlflow information. Similarly, we take four standa ..."
Abstract

Cited by 47 (1 self)
 Add to MetaCart
. We establish a series of equivalences between type systems and controlflow analyses. Specifically, we take four type systems from the literature (involving simple types, subtypes and recursion) and conservatively extend them to reason about controlflow information. Similarly, we take four standard controlflow systems and conservatively extend them to reason about type consistency. Our main result is that we can match up the resulting type and controlflow systems such that we obtain pairs of equivalent systems, where the equivalence is with respect to both type and controlflow information. In essence, type systems and controlflow analysis can be viewed as complementary approaches for addressing questions of type consistency and controlflow. Recent and independent work by Palsberg and O'Keefe has addressed the same general question. Our work differs from theirs in two respects. First, they only consider what happens when controlflow systems are used to reason about types. In co...
Lineartime Subtransitive Control Flow Analysis
, 1997
"... We present a lineartime algorithm for boundedtype programs that builds a directed graph whose transitive closure gives exactly the results of the standard (cubictime) ControlFlow Analysis (CFA) algorithm. Our algorithm can be used to list all functions calls from all call sites in (optimal) quadr ..."
Abstract

Cited by 41 (1 self)
 Add to MetaCart
We present a lineartime algorithm for boundedtype programs that builds a directed graph whose transitive closure gives exactly the results of the standard (cubictime) ControlFlow Analysis (CFA) algorithm. Our algorithm can be used to list all functions calls from all call sites in (optimal) quadratic time. More importantly, it can be used to give lineartime algorithms for CFAconsuming applications such as: ffl effects analysis: find the sideeffecting expressions in a program. ffl klimited CFA: for each callsite, list the functions if there are only a few of them ( k) and otherwise output "many". ffl calledonce analysis: identify all functions called from only one callsite. 1 Introduction The controlflow graph of a program plays a central role in compilation  it identifies the block and loop structure in a program, a prerequisite for many code optimizations. For firstorder languages, this graph can be directly constructed from a program because information about flow of ...
Set Constraints and SetBased Analysis
 In Proceedings of the Workshop on Principles and Practice of Constraint Programming, LNCS 874
, 1994
"... This paper contains two main parts. The first examines the set constraint calculus, discusses its history, and overviews the current state of known algorithms and related issues. Here we will also survey the uses of set constraints, starting from early work in (imperative) program analysis, to more ..."
Abstract

Cited by 35 (0 self)
 Add to MetaCart
This paper contains two main parts. The first examines the set constraint calculus, discusses its history, and overviews the current state of known algorithms and related issues. Here we will also survey the uses of set constraints, starting from early work in (imperative) program analysis, to more recent work in logic and functional programming systems. The second part describes setbased analysis. The aim here is a declarative interpretation of what it means to approximate the meaning of a program in just one way: ignore dependencies between variables, and instead, reason about each variable as the set of its possible runtime values. The basic approach starts with some description of the operational semantics, and then systematically replaces descriptions of environments (mappings from program variables to values) by set environments (mappings from program variables to sets
On the Cubic Bottleneck in Subtyping and Flow Analysis
, 1997
"... A variety of program analysis methods have worst case time complexity that grows cubicly in the length of the program being analyzed. Cubic complexity typically arises in control flow analyses and the inference of recursive types (including object types). It is often said that such cubic performance ..."
Abstract

Cited by 32 (6 self)
 Add to MetaCart
A variety of program analysis methods have worst case time complexity that grows cubicly in the length of the program being analyzed. Cubic complexity typically arises in control flow analyses and the inference of recursive types (including object types). It is often said that such cubic performance can not be improved because these analyses require "dynamic transitive closure". Here we prove linear time reductions from the problem of determining membership for languages defined by 2way nondeterministic pushdown automata (2NPDA) to problems of flow analysis and typability in the AmadioCardelli type system. An O(n 3 ) algorithm was given for 2NPDA acceptability in 1968 and is still the best known. The reductions are factored through the problem of "monotone closure" and we propose linear time reduction of the monotone closure as a method of establishing "monotone closure hardness" for program analysis problems. A subcubic procedure for a monotone closure hard problem would imply a ...
Interconvertibility of a Class of Set Constraints and ContextFreeLanguage Reachability
 TCS
, 1998
"... We show the interconvertibility of contextfreelanguage reachability problems and a class of setconstraint problems: given a contextfreelanguage reachability problem, we show how to construct a setconstraint problem whose answer gives a solution to the reachability problem; given a setconstra ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
We show the interconvertibility of contextfreelanguage reachability problems and a class of setconstraint problems: given a contextfreelanguage reachability problem, we show how to construct a setconstraint problem whose answer gives a solution to the reachability problem; given a setconstraint problem, we show how to construct a contextfreelanguage reachability problem whose answer gives a solution to the setconstraint problem. The interconvertibility of these two formalisms offers an conceptual advantage akin to the advantage gained from the interconvertibility of finitestate automata and regular expressions in formal language theory, namely, a problem can be formulated in whichever formalism is most natural. It also offers some insight into the "O(n ) bottleneck" for different types of programanalysis problems and allows results previously obtained for contextfreelanguage reachability problems to be applied to setconstraint problems and vice versa.
xBook: Redesigning Privacy Control in Social Networking Platforms
"... Social networking websites have recently evolved from being service providers to platforms for running third party applications. Users have typically trusted the social networking sites with personal data, and assume that their privacy preferences are correctly enforced. However, they are now being ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
Social networking websites have recently evolved from being service providers to platforms for running third party applications. Users have typically trusted the social networking sites with personal data, and assume that their privacy preferences are correctly enforced. However, they are now being asked to trust each thirdparty application they use in a similar manner. This has left the users’ private information vulnerable to accidental or malicious leaks by these applications. In this work, we present a novel framework for building privacypreserving social networking applications that retains the functionality offered by the current social networks. We use information flow models to control what untrusted applications can do with the information they receive. We show the viability of our design by means of a platform prototype. The usability of the platform is further evaluated by developing sample applications using the platform APIs. We also discuss both security and nonsecurity challenges in designing and implementing such a framework. 1
Static Enforcement of Web Application Integrity Through Strong Typing
"... Security vulnerabilities continue to plague web applications, allowing attackers to access sensitive data and coopt legitimate web sites as a hosting ground for malware. Accordingly, researchers have focused on various approaches to detecting and preventing common classes of security vulnerabilitie ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
Security vulnerabilities continue to plague web applications, allowing attackers to access sensitive data and coopt legitimate web sites as a hosting ground for malware. Accordingly, researchers have focused on various approaches to detecting and preventing common classes of security vulnerabilities in web applications, including anomalybased detection mechanisms, static and dynamic analyses of serverside web application code, and clientside security policy enforcement. This paper presents a different approach to web application security. In this work, we present a web application framework that leverages existing work on strong type systems to statically enforce a separation between the structure and content of both web documents and database queries generated by a web application, and show how this approach can automatically prevent the introduction of both serverside crosssite scripting and SQL injection vulnerabilities. We present an evaluation of the framework, and demonstrate both the coverage and correctness of our sanitization functions. Finally, experimental results suggest that web applications developed using this framework perform competitively with applications developed using traditional frameworks.
Compilation of Functional Languages Using Flow Graph Analysis
, 1994
"... syntax, and syntactic and semantic domains of a flow graph Figure 9. Semantic equations Def and Exp of a flow graph The first argument to the functions Def and Exp specifies a set of nodes that represent a flow graph, from which the element(s) of current interest are selected by pattern matching. ..."
Abstract

Cited by 17 (13 self)
 Add to MetaCart
syntax, and syntactic and semantic domains of a flow graph Figure 9. Semantic equations Def and Exp of a flow graph The first argument to the functions Def and Exp specifies a set of nodes that represent a flow graph, from which the element(s) of current interest are selected by pattern matching.
Reachability Analysis of Term Rewriting Systems with Timbuk
 LPAR PROCEEDINGS
, 2001
"... We present Timbuk  a tree automata library  which implements usual operations on tree automata as well as a completion algorithm used to compute an overapproximation of the set of descendants (E) for a regular set E and a term rewriting system R, possibly non linear and non terminating. On seve ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We present Timbuk  a tree automata library  which implements usual operations on tree automata as well as a completion algorithm used to compute an overapproximation of the set of descendants (E) for a regular set E and a term rewriting system R, possibly non linear and non terminating. On several examples of term rewriting systems representing programs and systems to verify, we show how to use Timbuk to construct their approximations and then prove unreachability properties of these systems.