Results 1  10
of
23
Abstract interpretation frameworks
 Journal of Logic and Computation
, 1992
"... We introduce abstract interpretation frameworks which are variations on the archetypal framework using Galois connections between concrete and abstract semantics, widenings and narrowings and are obtained by relaxation of the original hypotheses. We consider various ways of establishing the correctn ..."
Abstract

Cited by 238 (23 self)
 Add to MetaCart
We introduce abstract interpretation frameworks which are variations on the archetypal framework using Galois connections between concrete and abstract semantics, widenings and narrowings and are obtained by relaxation of the original hypotheses. We consider various ways of establishing the correctness of an abstract interpretation depending on how the relation between the concrete and abstract semantics is defined. We insist upon those correspondences allowing for the inducing of the approximate abstract semantics from the concrete one. Furthermore we study various notions interpretation.
A Per Model of Secure Information Flow in Sequential Programs
 HIGHERORDER AND SYMBOLIC COMPUTATION
, 1998
"... This paper proposes an extensional semanticsbased formal specification of secure informationflow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments i ..."
Abstract

Cited by 93 (19 self)
 Add to MetaCart
This paper proposes an extensional semanticsbased formal specification of secure informationflow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments in the literature and connections to other forms of program analysis. The approach is inspired by (and in the deterministic case equivalent to) the use of partial equivalence relations in specifying bindingtime analysis, and is thus able to specify security properties of higherorder functions and "partially confidential data". We also show how the per approach can handle nondeterminism for a firstorder language, by using powerdomain semantics and show how probabilistic security properties can be formalised by using probabilistic powerdomain semantics. We illustrate the usefulness of the compositional nature of the security specifications by presenting a straightforward correctness proof for a simple typebased security analysis.
Efficient Type Inference for HigherOrder BindingTime Analysis
 In Functional Programming and Computer Architecture
, 1991
"... Bindingtime analysis determines when variables and expressions in a program can be bound to their values, distinguishing between early (compiletime) and late (runtime) binding. Bindingtime information can be used by compilers to produce more efficient target programs by partially evaluating prog ..."
Abstract

Cited by 91 (4 self)
 Add to MetaCart
Bindingtime analysis determines when variables and expressions in a program can be bound to their values, distinguishing between early (compiletime) and late (runtime) binding. Bindingtime information can be used by compilers to produce more efficient target programs by partially evaluating programs at compiletime. Bindingtime analysis has been formulated in abstract interpretation contexts and more recently in a typetheoretic setting. In a typetheoretic setting bindingtime analysis is a type inference problem: the problem of inferring a completion of a λterm e with bindingtime annotations such that e satisfies the typing rules. Nielson and Nielson and Schmidt have shown that every simply typed λterm has a unique completion ê that minimizes late binding in TML, a monomorphic type system with explicit bindingtime annotations, and they present exponential time algorithms for computing such minimal completions. 1 Gomard proves the same results for a variant of his twolevel λcalculus without a socalled “lifting ” rule. He presents another algorithm for inferring completions in this somewhat restricted type system and states that it can be implemented in time O(n 3). He conjectures that the completions computed are minimal.
Simple Relational Correctness Proofs for Static Analyses and Program Transformations
, 2004
"... We show how some classical static analyses for imperative programs, and the optimizing transformations which they enable, may be expressed and proved correct using elementary logical and denotational techniques. The key ingredients are an interpretation of program properties as relations, rather tha ..."
Abstract

Cited by 81 (9 self)
 Add to MetaCart
We show how some classical static analyses for imperative programs, and the optimizing transformations which they enable, may be expressed and proved correct using elementary logical and denotational techniques. The key ingredients are an interpretation of program properties as relations, rather than predicates, and a realization that although many program analyses are traditionally formulated in very intensional terms, the associated transformations are actually enabled by more liberal extensional properties.
On flowsensitive security types
 ACM SIGPLAN Notices– Proceedings of POPL 2006
, 2006
"... This article investigates formal properties of a family of semantically sound flowsensitive type systems for tracking information flow in simple While programs. The family is indexed by the choice of flow lattice. By choosing the flow lattice to be the powerset of program variables, we obtain a sys ..."
Abstract

Cited by 76 (3 self)
 Add to MetaCart
This article investigates formal properties of a family of semantically sound flowsensitive type systems for tracking information flow in simple While programs. The family is indexed by the choice of flow lattice. By choosing the flow lattice to be the powerset of program variables, we obtain a system which, in a very strong sense, subsumes all other systems in the family (in particular, for each program, it provides a principal typing from which all others may be inferred). This distinguished system is shown to be equivalent to, though more simply described than, Amtoft and Banerjee’s Hoarestyle independence logic (SAS’04). In general, some lattices are more expressive than others. Despite this, we show that no type system in the family can give better results for a given choice of lattice than the type system for that lattice itself. Finally, for any program typeable in one of these systems, we show how to construct an equivalent program which is typeable in a simple flowinsensitive system. We argue that this general approach could be useful in a proofcarryingcode setting.
Strictness Analysis in Logical Form
, 1991
"... This paper presents a framework for comparing two strictness analysis techniques: Abstract interpretation and nonstandard type inference. The comparison is based on the representation of a lattice by its ideals. A formal system for deducing inclusions between ideals of a lattice is presented and p ..."
Abstract

Cited by 44 (2 self)
 Add to MetaCart
This paper presents a framework for comparing two strictness analysis techniques: Abstract interpretation and nonstandard type inference. The comparison is based on the representation of a lattice by its ideals. A formal system for deducing inclusions between ideals of a lattice is presented and proved sound and complete. Viewing the ideals as strictness properties we use the formal system to define a program logic for deducing strictness properties of expressions in a typed lambda calculus. This strictness logic is shown to be sound and complete with respect to the abstract interpretation, which establishes the main result that strictness analysis by typeinference and by abstract interpretation are equally powerful techniques. 1 Introduction Abstract interpretation is a wellestablished technique for static analysis of programs. Its virtue is its strong connection with denotational semantics which provides a means of proving the analysis correct. Its vice is that the process of...
Information flow analysis in logical form
 George Mason University
"... Abstract. We specify an information flow analysis for a simple imperative language, using a Hoarelike logic. The logic facilitates static checking of a larger class of programs than can be checked by extant typebased approaches in which a program is deemed insecure when it contains an insecure sub ..."
Abstract

Cited by 32 (5 self)
 Add to MetaCart
Abstract. We specify an information flow analysis for a simple imperative language, using a Hoarelike logic. The logic facilitates static checking of a larger class of programs than can be checked by extant typebased approaches in which a program is deemed insecure when it contains an insecure subprogram. The logic is based on an abstract interpretation of program traces that makes independence between program variables explicit. Unlike other, more precise, approaches based on a Hoarelike logic, our approach does not require a theorem prover to generate invariants. We demonstrate the modularity of our approach by showing that a frame rule holds in our logic. Moreover, given an insecure but terminating program, we show how strongest postconditions can be employed to statically generate failure explanations. 1
BindingTime Analysis and the Taming of C Pointers
 In Partial Evaluation and SemanticsBased Program Manipulation
, 1993
"... The aim of bindingtime analysis is to determine when variables, expressions, statements, etc. in a program can be evaluated by classifying these into static (compiletime) and dyamic (runtime). Explicit separation of binding times has turned out to be crucial for successful selfapplication of par ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
The aim of bindingtime analysis is to determine when variables, expressions, statements, etc. in a program can be evaluated by classifying these into static (compiletime) and dyamic (runtime). Explicit separation of binding times has turned out to be crucial for successful selfapplication of partial evaluators, and apparently, it is also an important steppingstone for profitable specialization of imperative languages with pointers and dynamic memory allocation. In this paper we present an automatic bindingtime analysis for a substantial subset of the C language. The paper has two parts. In the first part, the semantic issues of bindingtime separation is discussed with emphasis on pointers and classification of these. This leads to the introduction of a twolevel C language where binding times are explicit in the syntax. Finally, wellannotatedness rules are given which excludes nonconsistently annotated programs. In the second part, an automatic bindingtime analysis based on c...
Abstract Interpretation of Functional Languages: From Theory to Practice
, 1991
"... Abstract interpretation is the name applied to a number of techniques for reasoning about programs by evaluating them over nonstandard domains whose elements denote properties over the standard domains. This thesis is concerned with higherorder functional languages and abstract interpretations with ..."
Abstract

Cited by 25 (0 self)
 Add to MetaCart
Abstract interpretation is the name applied to a number of techniques for reasoning about programs by evaluating them over nonstandard domains whose elements denote properties over the standard domains. This thesis is concerned with higherorder functional languages and abstract interpretations with a formal semantic basis. It is known how abstract interpretation for the simply typed lambda calculus can be formalised by using binary logical relations. This has the advantage of making correctness and other semantic concerns straightforward to reason about. Its main disadvantage is that it enforces the identification of properties as sets. This thesis shows how the known formalism can be generalised by the use of ternary logical relations, and in particular how this allows abstract values to deno...
Higherorder Bindingtime Analysis
 In ACM Symposium on Partial Evaluation and SemanticsBased Program Manipulation (PEPM'93
, 1993
"... The partial evaluation process requires a bindingtime analysis. Bindingtime analysis seeks to determine which parts of a program's result is determined when some part of the input is known. Domain projections provide a very general way to encode a description of which parts of a data structure are ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
The partial evaluation process requires a bindingtime analysis. Bindingtime analysis seeks to determine which parts of a program's result is determined when some part of the input is known. Domain projections provide a very general way to encode a description of which parts of a data structure are static (known), and which are dynamic (not static). For firstorder functional languages Launchbury [Lau91a] has developed an abstract interpretation technique for bindingtime analysis in which the basic abstract value is a projection. Unfortunately this technique does not generalise easily to higherorder languages. This paper develops such a generalisation: a projectionbased abstract interpretation suitable for higherorder bindingtime analysis. Launchbury [Lau91b] has shown that bindingtime analysis and strictness analysis are equivalent problems at first order, and for projectionbased analyses have exactly the same safety condition. We argue that the same is true at higher order, ...