Results 1 
7 of
7
Decompilation of Java Bytecode to Prolog by Partial Evaluation
, 2009
"... Reasoning about Java bytecode (JBC) is complicated due to its unstructured controlflow, the use of threeaddress code combined with the use of an operand stack, etc. Therefore, many static analyzers and model checkers for JBC first convert the code into a higherlevel representation. In contrast to ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
Reasoning about Java bytecode (JBC) is complicated due to its unstructured controlflow, the use of threeaddress code combined with the use of an operand stack, etc. Therefore, many static analyzers and model checkers for JBC first convert the code into a higherlevel representation. In contrast to traditional decompilation, such representation is often not Java source, but rather some intermediate language which is a good input for the subsequent phases of the tool. Interpretive decompilation consists in partially evaluating an interpreter for the compiled language (in this case JBC) written in a highlevel language w.r.t. the code to be decompiled. There have been proofsofconcept that interpretive decompilation is feasible, but there remain important open issues when it comes to decompile a real language such as JBC. This paper presents, to the best of our knowledge, the first modular scheme to enable interpretive decompilation of a realistic programming language to a highlevel representation, namely of JBC to Prolog. We introduce two notions of optimality which together require that decompilation does not generate code more than once for each program point. We demonstrate the impact of our modular approach and optimality issues on a series of realistic benchmarks. Decompilation times and decompiled program sizes are linear with the size of the input bytecode program. This demonstrates empirically the scalability of modular decompilation of JBC by partial evaluation.
Abstract Interpretation with Specialized Definitions
 In Proc. of SAS’06, LNCS
, 2006
"... Abstract. The relationship between abstract interpretation and partial deduction has received considerable attention and (partial) integrations have been proposed starting from both the partial deduction and abstract interpretation perspectives. In this work we present what we argue is the first ful ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
Abstract. The relationship between abstract interpretation and partial deduction has received considerable attention and (partial) integrations have been proposed starting from both the partial deduction and abstract interpretation perspectives. In this work we present what we argue is the first fully described generic algorithm for efficient and precise integration of abstract interpretation and partial deduction. Taking as starting point stateoftheart algorithms for contextsensitive, polyvariant abstract interpretation and (abstract) partial deduction, we present an algorithm which combines the best of both worlds. Key ingredients include the accurate success propagation inherent to abstract interpretation and the powerful program transformations achievable by partial deduction. In our algorithm, the calls which appear in the analysis graph are not analyzed w.r.t. the original definition of the procedure but w.r.t. specialized definitions of these procedures. Such specialized definitions are obtained by applying both unfolding and abstract executability. Our framework is parametric w.r.t. different control strategies and abstract domains. Different combinations of such parameters correspond to existing algorithms for program analysis and specialization. Simultaneously, our approach opens the door to the efficient computation of strictly more precise results than those achievable by each of the individual techniques. The algorithm is now one of the key components of the CiaoPP analysis and specialization system.
PolyControlled Partial Evaluation in Practice
 In Proceedings of the ACM Symposium on Partial Evaluation and Program Manipulation (PEPM’07
, 2007
"... PolyControlled Partial Evaluation (PCPE) is a powerful approach to partial evaluation, which has recently been proposed. PCPE takes into account sets of control strategies instead of a single one. Thus, different control strategies can be assigned to different call patterns, possibly obtaining resu ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
PolyControlled Partial Evaluation (PCPE) is a powerful approach to partial evaluation, which has recently been proposed. PCPE takes into account sets of control strategies instead of a single one. Thus, different control strategies can be assigned to different call patterns, possibly obtaining results that cannot be obtained using a single control strategy. PCPE can be implemented as a searchbased algorithm, producing sets of candidate optimized programs. The quality of each of these programs is assessed through the use of a fitness function, which can be resource aware, in the sense that it can take multiple factors into account, such as runtime and code size. Unfortunately, PCPE suffers from an inherent blowup of its search space when implemented as an allsolutions, searchbased algorithm. Thus, in order to use it in practice we must be able to prune its search space without losing the (most) interesting solutions. In this work we explore several techniques for pruning the search space of PCPE. Some of these techniques are based on heuristics, while others are based on branch and bound and are guaranteed to obtain an optimal solution. Our experimental results show that, when combined with the proposed pruning techniques, PCPE can cope with realistic programs. Also, that the solutions obtained by PCPE outperform the solutions found by PE under similar conditions.
TypeBased Homeomorphic Embedding and Its Applications to Online Partial Evaluation
"... Abstract. Homeomorphic Embedding (HEm) hasproventobevery powerful for supervising termination of computations, provided that such computations are performed over a finite signature, i.e., the number of constants and function symbols involved is finite. However, there are situations, for example nume ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
Abstract. Homeomorphic Embedding (HEm) hasproventobevery powerful for supervising termination of computations, provided that such computations are performed over a finite signature, i.e., the number of constants and function symbols involved is finite. However, there are situations, for example numeric computations, which involve an infinite (or too large) signature, in which HEm does not guarantee termination. Some extensions to HEm for the case of infinite signatures have been proposed which guarantee termination, but they either do not provide systematic means for generating such extensions or the extensions are too simplistic and do not produce the expected results in practice. We introduce Typebased Homeomorphic Embedding (TbHEm) asanextension of the standard, untyped HEm to deal with infinite signatures. In the paper, we show how TbHEm can be used to improve the accuracy of online partial evaluation. For this purpose, we propose an approach to constructing suitable types for partial evaluation automatically based on existing analysis tools for constraint logic programs. We also present useful properties of types which allow us to take full advantage of TbHEm in practice. Experimental results are reported which show that our work improves the state of the practice of online partial evaluation. 1
Modular Decompilation of LowLevel Code by Partial Evaluation
"... Decompiling lowlevel code to a highlevel intermediate representation facilitates the development of analyzers, model checkers, etc. which reason about properties of the lowlevel code (e.g., bytecode,.NET). Interpretive decompilation consists in partially evaluating an interpreter for the lowleve ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Decompiling lowlevel code to a highlevel intermediate representation facilitates the development of analyzers, model checkers, etc. which reason about properties of the lowlevel code (e.g., bytecode,.NET). Interpretive decompilation consists in partially evaluating an interpreter for the lowlevel language (written in the highlevel language) w.r.t. the code to be decompiled. There have been proofsofconcept that interpretive decompilation is feasible, but there remain important open issues when it comes to decompile a real language: does the approach scale up? is the quality of decompiled programs comparable to that obtained by adhoc decompilers? do decompiled programs preserve the structure of the original programs? This paper addresses these issues by presenting, to the best of our knowledge, the first modular scheme to enable interpretive decompilation of lowlevel code to a highlevel representation, namely, we decompile bytecode into Prolog. We introduce two notions of optimality. The first one requires that each method/block is decompiled just once. The second one requires that each program point is traversed at most once during decompilation. We demonstrate the impact of our modular approach and optimality issues on a series of realistic benchmarks. Decompilation times and decompiled program sizes are linear with the size of the input bytecode program. This demostrates empirically the scalability of modular decompilation of lowlevel code by partial evaluation. 1
Software
, 2008
"... We present OracleBased Partial Evaluation (OBPE), a novel approach to online Partial Evaluation (PE) which decides the control strategy to use for each call pattern by using an oracle function which compares the results of specializing such call pattern w.r.t. a set of strategies. Our proposal is ..."
Abstract
 Add to MetaCart
We present OracleBased Partial Evaluation (OBPE), a novel approach to online Partial Evaluation (PE) which decides the control strategy to use for each call pattern by using an oracle function which compares the results of specializing such call pattern w.r.t. a set of strategies. Our proposal is motivated by PolyControlled Partial Evaluation (PCPE), which allows using different control strategies for different call patterns. Given a set CS of control strategies, the best PCPE specialized programs outperform the specialized programs obtained by traditional PE for any of the control strategies in CS, especially when resourceaware specialization is performed. Unfortunately, computing all PCPE specialized programs and then choosing a posteriori the best one is too costly in practice. In contrast, in OBPE a single specialized program is computed. We have developed an empirical oracle whose parameters are approximated from a set of training data, by using constraint logic programming. Our experimental results show that the additional cost of OBPE when compared with traditional PE is a constant factor and that, at least in our experiments, OBPE obtains significantly better specializations. We argue that our proposal is relevant in practice and introduces clear improvements over standard PE. Our work is developed in the context of logic programs, though the ideas are in principle of interest to the PE of any programming language.
Under consideration for publication in Theory and Practice of Logic Programming 1 Test Case Generation for ObjectOriented Imperative Languages in CLP
"... Testing is a vital part of the software development process. Test Case Generation (TCG) is the process of automatically generating a collection of testcases which are applied to a system under test. Whitebox TCG is usually performed by means of symbolic execution, i.e., instead of executing the pr ..."
Abstract
 Add to MetaCart
Testing is a vital part of the software development process. Test Case Generation (TCG) is the process of automatically generating a collection of testcases which are applied to a system under test. Whitebox TCG is usually performed by means of symbolic execution, i.e., instead of executing the program on normal values (e.g., numbers), the program is executed on symbolic values representing arbitrary values. When dealing with an objectoriented (OO) imperative language, symbolic execution becomes challenging as, among other things, it must be able to backtrack, complex heapallocated data structures should be created during the TCG process and features like inheritance, virtual invocations and exceptions have to be taken into account. Due to its inherent symbolic execution mechanism, we pursue in this paper that Constraint Logic Programming (CLP) has a promising application field in TCG. We will support our claim by developing a fully CLPbased framework to TCG of an OO imperative language, and by assessing it on a corresponding implementation on a set of challenging Java programs.