Abstract. We present a program analysis that can automatically discover the shape of complex pointer data structures. The discovered invariants are, then, used to verify the absence of safety errors in the program, or to check whether the program preserves the data consistency. Our analysis extends the shape analysis of Sagiv et al. with grammar annotations, which can precisely express the shape of complex data structures. We demonstrate the usefulness of our analysis with binomial heap construction and the Schorr-Waite tree traversal. For a binomial heap construction algorithm, our analysis returns a grammar that precisely describes the shape of a binomial heap; for the Schorr-Waite tree traversal, our analysis shows that at the end of the execution, the result is a tree and there are no memory leaks. 1

Our results formalize and confirm a folklore theorem about traditional bindingtime analysis, namely that CPS has a positive effect on binding times. What may be more surprising is that the benefit does not arise from a standard refinement of program analysis, as, for instance, duplicating continuations.

Abstract not found

This thesis concerns fully automatic termination analysis for higher-order purely functional programs, both strict and lazy. We build on existing work on size-change termination, in which a program is deemed to terminate if any potential infinite sequence of calls would result in infinite descent in a well-founded data value. This was proposed for strict first-order programs, and a termination analysis of the pure untyped λ-calculus was subsequently obtained in this framework. We present a generalisation of this work, to handle realistic purely functional programming languages. From our general semantic framework, instances of the termination criterion are derived for both strict (call-by-value) and lazy (call-by-need) and proved sound. It is shown that nontrivial higher-order and lazy programs can be proved to terminate. It is further shown that the analysis of lazy programs requires techniques beyond previous work on size-change termination. Our analysis proceeds by extracting the call graph of a higher-order program, together with dataflow annotations; termination is then proved by showing that infinite paths in the

This paper presents a constraint-based static analysis to prove security (confidentiality) properties of Java Card programs. We define a subset of the Java Card bytecode focussing on aspects of the Java Card firewall, method invocation, field access, variable access, shareable objects and contexts and present an analysis to compute an approximation of the set of possible value stored in each variable. To achieve this task, we introduce a new kind of constraints: quantified conditional constraints. This kind of constraints permits to generate the constraints for a program in a demand-driven fashion. In addition, it permit to model precisely the effects of the Java Card firewall by only producing a constraint if the corresponding operation is authorized by the firewall. The result of this analysis is a precise description of the object flow and of the security exceptions which can be thrown by the firewall.