This paper presents a framework for comparing two strictness analysis techniques: Abstract interpretation and non--standard type inference. The comparison is based on the representation of a lattice by its ideals. A formal system for deducing inclusions between ideals of a lattice is presented and proved sound and complete. Viewing the ideals as strictness properties we use the formal system to define a program logic for deducing strictness properties of expressions in a typed lambda calculus. This strictness logic is shown to be sound and complete with respect to the abstract interpretation, which establishes the main result that strictness analysis by type--inference and by abstract interpretation are equally powerful techniques. 1 Introduction Abstract interpretation is a well--established technique for static analysis of programs. Its virtue is its strong connection with denotational semantics which provides a means of proving the analysis correct. Its vice is that the process of...

Abstract not found

Analysing time complexity of functional programs in a lazy language is problematic, because the time required to evaluate a function depends on how much of the result is "needed" in the computation. Recent results in strictness analysis provide a formalisation of this notion of "need", and thus can be adapted to analyse time complexity. The future of programming may be in this paradigm: to create software, first write a specification that is clear, and then refine it to an implementation that is efficient. In particular, this paradigm is a prime motivation behind the study of functional programming. Much has been written about the process of transforming one functional program into another. However, a key part of the process has been largely ignored, for very little has been written about assessing the efficiency of the resulting programs. Traditionally, the major indicators of efficiency are time and space complexity. This paper focuses on the former. Functional programming can be sp...

Given a description of the parameters in a program that will be known at partial evaluation time, a binding time analysis must determine which parts of the program are dependent solely on these known parts (and therefore also known at partial evaluation time). In this paper a binding time analysis for the simply typed lambda calculus is presented. The analysis takes the form of an abstract interpretation and uses a novel formalisation of the problem of binding time analysis, based on the use of partial equivalence relations. A simple proof of correctness is achieved by the use of logical relations. 1 Introduction Given a description of the parameters in a program that will be known at partial evaluation time, a binding time analysis must determine which parts of the program are dependent solely on these known parts (and therefore also known at partial evaluation time). A binding time analysis performed prior to the partial evaluation process can have several practical benefits (see [...

We develop formal methods for reasoning about memory usage at a level of abstraction suitable for establishing or refuting claims about the potential applications of linear logic for static analysis. In particular, we demonstrate a precise relationship between type correctness for a language based on linear logic and the correctness of a reference-counting interpretation of the primitives that the language draws from the rules for the `of course' operation. Our semantics is `low-level' enough to express sharing and copying while still being `highlevel ' enough to abstract away from details of memory layout. This enables the formulation and proof of a result describing the possible run-time reference counts of values of linear type. Contents 1 Introduction 1 2 Operational Semantics with Memory 4 3 A Programming Language Based on Linear Logic 9 4 Semantics 14 5 Properties of the Semantics 24 6 Linear Logic and Memory 27 7 Discussion 32 A Proofs of the Main Theorems 36 Acknowledgements...

Recent years have seen dramatic growth in the application of model checking techniques to the validation and verification of correctness properties of hardware, and more recently software, systems. Most of this work has been aimed at reasoning about properties of complete systems. This paper describes an automatable approach for building finite-state models of partially defined software systems that are amenable to model checking using existing tools. It enables the application of existing model checking tools to system components taking into account assumptions about the behavior of the environment in which the components will execute. We illustrate the application of the approach by validating and verifying properties of a reusable parameterized programming framework. 1.1 Keywords Software verification and validation, model checking, assume-guarantee reasoning, filter-based analysis 2 INTRODUCTION Modern software is, increasingly, built as a collection of independently produced c...

We give a formal definition of the notion of information flow for a simple guarded command language. We propose an axiomatisation of security properties based on this notion of information flow and we prove its soundness with respect to the operational semantics of the language. We then identify the sources of non determinism in proofs and we derive in successive steps an inference algorithm which is both sound and complete with respect to the inference system. Keywords: formal verification, program analysis, verification tools, computer security, information flow. 1 Introduction The context of the work described in this paper is the application of formal methods to the verification of information flow properties in programs. In contrast with most previous contributions in this area we put emphasis on the design of mechanical tools. Rather than considering a general (and undecidable) logic in which the development of proofs requires some interaction with the user, we start with a rest...

Abstract. A strength of model checking is its ability to automate the detection of subtle system errors and produce traces that exhibit those errors. Given the highcomputational cost of model checking most researchers advocate the use of aggressive property-preserving abstractions. Unfortunately, the more aggressively a system is abstracted the more infeasible behavior it will have. Thus, while abstraction enables efficient model checking it also threatens the usefulness of model checking as a defect detection tool, since it may be difficult to determine whether a counter-example is feasible and hence worth developer time to analyze. We have explored several strategies for addressing this problem by extending an explicit-state model checker, Java PathFinder (JPF), to search for and analyze counter-examples in the presence of abstractions. We demonstrate that these techniques effectively preserve the defect detection ability of model checking in the presence of aggressive abstraction by applying them to check properties of several abstracted multi-threaded Java programs. These new capabilities are not specific to JPF and can be easily adapted to other model checking frameworks; we describe how this was done for the Bandera toolset.

Shape theory provides a framework for the study of data types in which shape and data can be manipulated separately. This paper is concerned with shape checking, i.e. the detection of shape errors, such as array bound errors, without handling the data stored within. It can be seen as a form of partial evaluation in which data computations are ignored. We construct a simply-typed lambda-calculus that supports a vector type constructor, whose iteration yields types of arrays. It is expressive enough to construct all of the usual linear algebra operations. All shape errors in a term t can be detected by evaluating its shape #t. Evaluation of #t will terminate if that of t does. Keywords shape analysis, partial evaluation, arrays, higher-order. 1 Introduction Shape theory explores the consequences of manipulating shape and data separately (Jay [14]). Shape refers to the data structure in which the data is stored. For example, the shape of a three-dimensional regular array is a tuple of...

The conventional classification of software fault detection techniques as static or dynamic analysis is inadequate as a basis for identifying useful relationships between techniques. A more useful distinction is between techniques that sample the space of possible executions, and techniques that fold the space. The new distinction provides better insight into the ways different techniques can interact, and is a basis for considering hybrid fault detection techniques including combinations of testing and formal verification.