Results 1  10
of
89
Program Analysis and Specialization for the C Programming Language
, 1994
"... Software engineers are faced with a dilemma. They want to write general and wellstructured programs that are flexible and easy to maintain. On the other hand, generality has a price: efficiency. A specialized program solving a particular problem is often significantly faster than a general program. ..."
Abstract

Cited by 613 (0 self)
 Add to MetaCart
Software engineers are faced with a dilemma. They want to write general and wellstructured programs that are flexible and easy to maintain. On the other hand, generality has a price: efficiency. A specialized program solving a particular problem is often significantly faster than a general program. However, the development of specialized software is timeconsuming, and is likely to exceed the production of today’s programmers. New techniques are required to solve this socalled software crisis. Partial evaluation is a program specialization technique that reconciles the benefits of generality with efficiency. This thesis presents an automatic partial evaluator for the Ansi C programming language. The content of this thesis is analysis and transformation of C programs. We develop several analyses that support the transformation of a program into its generating extension. A generating extension is a program that produces specialized programs when executed on parts of the input. The thesis contains the following main results.
Using Temporal Logics to Express Search Control Knowledge for Planning
 ARTIFICIAL INTELLIGENCE
, 1999
"... Over the years increasingly sophisticated planning algorithms have been developed. These have made for more efficient planners, but unfortunately these planners still suffer from combinatorial complexity even in simple domains. Theoretical results demonstrate that planning is in the worst case in ..."
Abstract

Cited by 317 (15 self)
 Add to MetaCart
(Show Context)
Over the years increasingly sophisticated planning algorithms have been developed. These have made for more efficient planners, but unfortunately these planners still suffer from combinatorial complexity even in simple domains. Theoretical results demonstrate that planning is in the worst case intractable. Nevertheless, planning in particular domains can often be made tractable by utilizing additional domain structure. In fact, it has long been acknowledged that domain independent planners need domain dependent information to help them plan effectively. In this
Proving Properties of Security Protocols by Induction
 In 10th IEEE Computer Security Foundations Workshop
, 1997
"... Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction ..."
Abstract

Cited by 164 (7 self)
 Add to MetaCart
(Show Context)
Informal justifications of security protocols involve arguing backwards that various events are impossible. Inductive definitions can make such arguments rigorous. The resulting proofs are complicated, but can be generated reasonably quickly using the proof tool Isabelle/HOL. There is no restriction to finitestate systems and the approach is not based on belief logics. Protocols are inductively defined as sets of traces, which may involve many interleaved protocol runs. Protocol descriptions model accidental key losses as well as attacks. The model spy can send spoof messages made up of components decrypted from previous traffic. Several key distribution protocols have been studied, including NeedhamSchroeder, Yahalom and OtwayRees. The method applies to both symmetrickey and publickey protocols. A new attack has been discovered in a variant of OtwayRees (already broken by Mao and Boyd). Assertions concerning secrecy and authenticity have been proved. CONTENTS i Contents 1 Intro...
Rewriting Logic as a Logical and Semantic Framework
, 1993
"... Rewriting logic [72] is proposed as a logical framework in which other logics can be represented, and as a semantic framework for the specification of languages and systems. Using concepts from the theory of general logics [70], representations of an object logic L in a framework logic F are und ..."
Abstract

Cited by 163 (55 self)
 Add to MetaCart
Rewriting logic [72] is proposed as a logical framework in which other logics can be represented, and as a semantic framework for the specification of languages and systems. Using concepts from the theory of general logics [70], representations of an object logic L in a framework logic F are understood as mappings L ! F that translate one logic into the other in a conservative way. The ease with which such maps can be defined for a number of quite different logics of interest, including equational logic, Horn logic with equality, linear logic, logics with quantifiers, and any sequent calculus presentation of a logic for a very general notion of "sequent," is discussed in detail. Using the fact that rewriting logic is reflective, it is often possible to reify inside rewriting logic itself a representation map L ! RWLogic for the finitely presentable theories of L. Such a reification takes the form of a map between the abstract data types representing the finitary theories of...
Modular structural operational semantics
, 2004
"... Modular SOS (MSOS) is a variant of conventional Structural Operational Semantics (SOS). Using MSOS, the transition rules for each construct of a programming language can be given incrementally, once and for all, and do not need reformulation when further constructs are added to the language. MSOS th ..."
Abstract

Cited by 74 (8 self)
 Add to MetaCart
Modular SOS (MSOS) is a variant of conventional Structural Operational Semantics (SOS). Using MSOS, the transition rules for each construct of a programming language can be given incrementally, once and for all, and do not need reformulation when further constructs are added to the language. MSOS thus provides an exceptionally high degree of modularity in language descriptions, removing a shortcoming of the original SOS framework. After sketching the background and reviewing the main features of SOS, the paper explains the crucial differences between SOS and MSOS, and illustrates how MSOS descriptions are written. It also discusses standard notions of semantic equivalence based on MSOS. Appendix A shows how the illustrative MSOS rules given in the paper would be formulated in conventional SOS.
The rewriting logic semantics project
 University of Illinois at UrbanaChampaign
, 2005
"... Rewriting logic is a flexible and expressive logical framework that unifies algebraic denotational semantics and structural operational semantics (SOS) in a novel way, avoiding their respective limitations and allowing succinct semantic definitions. The fact that a rewrite logic theory’s axioms incl ..."
Abstract

Cited by 55 (14 self)
 Add to MetaCart
(Show Context)
Rewriting logic is a flexible and expressive logical framework that unifies algebraic denotational semantics and structural operational semantics (SOS) in a novel way, avoiding their respective limitations and allowing succinct semantic definitions. The fact that a rewrite logic theory’s axioms include both equations and rewrite rules provides a useful “abstraction dial ” to find the right balance between abstraction and computational observability in semantic definitions. Such semantic definitions are directly executable as interpreters in a rewriting logic language such as Maude, whose generic formal tools can be used to endow those interpreters with powerful program analysis capabilities. Key words: Semantics and analysis of programming languages, rewriting logic 1
Reasoning with inductively defined relations in the HOL theorem prover
, 1992
"... Abstract: Inductively defined relations are among the basic mathematical tools of computer science. Examples include evaluation and computation relations in structural operational semantics, labelled transition relations in process algebra semantics, inductivelydefined typing judgements, and proof ..."
Abstract

Cited by 47 (0 self)
 Add to MetaCart
(Show Context)
Abstract: Inductively defined relations are among the basic mathematical tools of computer science. Examples include evaluation and computation relations in structural operational semantics, labelled transition relations in process algebra semantics, inductivelydefined typing judgements, and proof systems in general. This paper describes a set of HOL theoremproving tools for reasoning about such inductively defined relations. We also describe a suite of worked examples using these tools. First printed: August 1992
Rewriting Logic Semantics: From Language Specifications to Formal Analysis Tools
 In Proceedings of the IJCAR 2004. LNCS
, 2004
"... Abstract. Formal semantic definitions of concurrent languages, when specified in a wellsuited semantic framework and supported by generic and efficient formal tools, can be the basis of powerful software analysis tools. Such tools can be obtained for free from the semantic definitions; in our exper ..."
Abstract

Cited by 47 (11 self)
 Add to MetaCart
(Show Context)
Abstract. Formal semantic definitions of concurrent languages, when specified in a wellsuited semantic framework and supported by generic and efficient formal tools, can be the basis of powerful software analysis tools. Such tools can be obtained for free from the semantic definitions; in our experience in just the few weeks required to define a language’s semantics even for large languages like Java. By combining, yet distinguishing, both equations and rules, rewriting logic semantic definitions unify both the semantic equations of equational semantics (in their higherorder denotational version or their firstorder algebraic counterpart) and the semantic rules of SOS. Several limitations of both SOS and equational semantics are thus overcome within this unified framework. By using a highperformance implementation of rewriting logic such as Maude, a language’s formal specification can be automatically transformed into an efficient interpreter. Furthermore, by using Maude’s breadth first search command, we also obtain for free a semidecision procedure for finding failures of safety properties; and by using Maude’s LTL model checker, we obtain, also for free, a decision procedure for LTL properties of finitestate programs. These possibilities, and the competitive performance of the analysis tools thus obtained, are illustrated by means of a concurrent Camllike language; similar experience with Java (source and JVM) programs is also summarized. 1
The Program Counter Security Model: Automatic Detection and Removal of ControlFlow Side Channel Attacks
 In Cryptology ePrint Archive, Report 2005/368
, 2005
"... Abstract. We introduce new methods for detecting controlflow side channel attacks, transforming C source code to eliminate such attacks, and checking that the transformed code is free of controlflow side channels. We model controlflow side channels with a program counter transcript, in which the ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
Abstract. We introduce new methods for detecting controlflow side channel attacks, transforming C source code to eliminate such attacks, and checking that the transformed code is free of controlflow side channels. We model controlflow side channels with a program counter transcript, in which the value of the program counter at each step is leaked to an adversary. The program counter transcript model captures a class of side channel attacks that includes timing attacks and error disclosure attacks. Further, we propose a generic sourcetosource transformation that produces programs provably secure against controlflow side channel attacks. We implemented this transform for C together with a static checker that conservatively checks x86 assembly for violations of program counter security; our checker allows us to compile with optimizations while retaining assurance the resulting code is secure. We then measured our technique’s effect on the performance of binary modular exponentiation and realworld implementations in C of RC5 and IDEA: we found it has a performance overhead of at most 5 × and a stack space overhead of at most 2×. Our approach to side channel security is practical, generally applicable, and provably secure against an interesting class of side channel attacks. 1