Server-side programming is one of the key technologies that support today's WWW environment. It makes it possible to generate Web pages dynamically according to a user's request and to customize pages for each user. However, the flexibility obtained by server-side programming makes it much harder to guarantee validity and security of dynamically generated pages.

Many program analyses can be reduced to graph reachability problems involving a limited form of context-free language reachability called Dyck-CFL reachability. We show a new reduction from Dyck-CFL reachability to set constraints that can be used in practice to solve these problems. Our reduction is much simpler than the general reduction from context-free language reachability to set constraints. We have implemented our reduction on top of a set constraints toolkit and tested its performance on a substantial polymorphic flow analysis application.

This paper is a contribution to the already existing series of work on the algorithmic principles of interprocedural analysis. We consider the generalization to the case of parallel programs. We give algorithms that compute the sets of backward resp. forward reachable configurations for parallel ow graph systems in linear time in the size of the graph viz. the program. These operations are important in dataflow analysis and in model checking. In our method, we first model configurations as terms (viz. trees) in the process algebra PA that can express call stack operations and parallelism. We then give a `declarative' Horn-clause specification of the sets of predecessors resp. successors. The `operational' computation of these sets is carried out using the Dowling-Gallier procedure for HornSat.

Path logic programming is a modest extension of Prolog for the specification of program transformations. We give an informal introduction to this extension, and we show how it can be used in coding standard compiler optimisations, and also a number of obfuscating transformations. The object language is the Microsoft .NET intermediate language (IL).

Abstract. This paper describes a general and powerful method for dead code analysis and elimination in the presence of recursive data constructions. We represent partially dead recursive data using liveness patterns based on general regular tree grammars extended with the notion of live and dead, and we formulate the analysis as computing liveness patterns at all program points based on program semantics. This analysis yields a most precise liveness pattern for the data at each program point, which is signi cantly more precise than results from previous methods. The analysis algorithm takes cubic time in terms of the size of the program in the worst case but is very e cient in practice, as shown by our prototype implementation. The analysis results are used to identify and eliminate dead code. The general framework for representing and analyzing properties of recursive data structures using general regular tree grammars applies to other analyses as well. 1

Anumber of program-analysis problems can be tackled by transforming them into certain kinds of graph-reachability problems in labeled directed graphs. The edge labels can be used to filter out paths that are not of interest: A path P from vertex s to vertex t only counts as a “valid connection ” between s and t if the word spelled out by P is in a certain language. Often the languages used for such filtering purposes are languages of matching parentheses: • Insome cases, the matched-parenthesis condition is used to filter out paths with mismatched calls and returns. This leads to so-called “context-sensitive ” program analyses, such as context-sensitive interprocedural slicing and contextsensitive interprocedural dataflow analysis. • Inother cases, the matched-parenthesis condition is used to capture a graph-theoretic analog of McCarthy’s rules: “car(cons(x,y))=x ” and “cdr(cons(x,y))=y”. That is, in the code fragment c=cons(a,b); d=car(c); the fact that there is a “structure-transmitted data dependence ” from a to d, but not from b to d, iscaptured in a graph by using (i) avertex for each variable, (ii) an edge from vertex i to vertex j when i is used on the right-hand side of an assignment to j, (iii) parentheses that match as the labels on the edges that run fromatocandctod, and (iv) parentheses that do not match as the labels on the edges that run frombtocandctod.

Smoke simulation is a key feature of serious gaming applications for fire-fighting professionals. A perfect visual appearance is not of paramount importance, the behavior of the smoke must however closely resemble its natural counterpart for successful adoption of the application. We therefore suggest a hybrid grid/particle based architecture for smoke simulation that uses a cheap multi-sampling technique for controlling smoke behavior. This approach is simple enough for it to be implemented in current generation game engines, and uses techniques that are very suitable for GPU implementation, thus enabling the use of hardware acceleration for the smoke simulation.

Typestate systems ensure many desirable properties of imperative programs, including initialization of object fields and correct use of stateful library interfaces. Abstract sets with cardinality constraints naturally generalize typestate properties: relationships between the typestates of objects can be expressed as subset and disjointness relations on sets, and elements of sets can be represented as sets of cardinality one. In addition, sets with cardinality constraints provide a natural language for specifying operations and invariants of data structures. Motivated by these program analysis applications, this paper presents new algorithms and new complexity results for constraints on sets and their cardinalities. We study several classes of constraints and demonstrate a trade-off between their expressive power and their complexity. Our first result concerns a quantifier-free fragment of Boolean Algebra with Presburger Arithmetic. We give a nondeterministic polynomial-time algorithm for reducing the satisfiability of sets with symbolic cardinalities to constraints on constant cardinalities, and give a polynomial-space algorithm for the resulting problem. The best previously existing algorithm runs in exponential space and nondeterministic exponential time. In a quest for more efficient fragments, we identify several subclasses of sets with cardinality constraints whose satisfiability is NP-hard. Finally, we identify a class of constraints that has polynomial-time satisfiability and entailment problems and can serve as a foundation for efficient program analysis. We give a system of rewriting rules for enforcing certain consistency properties of these constraints and show how to extract complete information from constraints in normal form. This result implies the soundness and completeness of our algorithms. 1.

This paper describes the precise specification, design, analysis, implementation, and measurements of an efficient algorithm for solving regular tree grammar based constraints. The particular constraints are for dead-code elimination on recursive data, but the method used for the algorithm design and complexity analysis is general and applies to other program analysis problems as well. The method is centered around Paige's finite differencing, i.e., computing expensive set expressions incrementally, and allows the algorithm to be derived and analyzed formally and implemented easily. We study higherlevel transformations that make the derived algorithm concise and allow its complexity to be analyzed accurately. Although a rough analysis shows that the worst-case time complexity is cubic in program size, an accurate analysis shows that it is linear in the number of live program points and in other parameters, including mainly the arity of data constructors and the number of selector applications into whose arguments the value constructed at a program point might flow. These parameters explain the performance of the analysis in practice. Our implementation also runs two to ten times as fast as a previous implementation of an informally designed algorithm.

The contributions of this thesis can be broadly divided into two categories: we present novel pathprofiling techniques, and we present techniques for performing the express-lane transformation, a program transformation that duplicates frequently executed paths in the hope that better data-flow facts result along those paths. In path profiling, a program is instrumented with code that counts the number of times particular finite-length path fragments of the program’s control flow graph are executed. This thesis presents a number of extensions to the intraprocedural path-profiling technique of Ball and Larus. Several of our techniques collect information about interprocedural paths (i.e., paths that cross procedure boundaries). We show that the overhead of our techniques is not prohibitive (300–700%), and that they often capture more information than the Ball-Larus technique. The express-lane transformation isolates and duplicates hot paths in a program, aiming for better data-flow facts along the duplicated path. We describe several variants of the interprocedural expresslane transformation, each of which duplicates hot paths from an interprocedural path profile. We show that an interprocedural express-lane transformation helps range analysis to determine the outcome of