## Abstract Interpretation of PIC Programs through Logic Programming (2006)

Venue: | In SCAM ’06: Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation (SCAM’06 |

Citations: | 9 - 1 self |

### BibTeX

@INPROCEEDINGS{Henriksen06abstractinterpretation,

author = {Kim S. Henriksen},

title = {Abstract Interpretation of PIC Programs through Logic Programming},

booktitle = {In SCAM ’06: Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation (SCAM’06},

year = {2006},

pages = {184--196},

publisher = {IEEE Computer Society}

}

### OpenURL

### Abstract

A logic based general approach to abstract interpretation of low-level machine programs is reported. It is based on modelling the behavior of the machine as a logic program. General purpose program analysis and transformation of logic programs, such as partial evaluation and convex hull analysis, are applied to the logic based model of the machine. A small PIC microcontroller is used as a case study. An emulator for this microcontroller is written in Prolog, and standard programming transformations and analysis techniques are used to specialise this emulator with respect to a given PIC program. The specialised emulator can now be further analysed to gain insight into the given program for the PIC microcontroller. The method describes a general framework for applying abstractions, illustrated here by linear constraints and convex hull analysis, to logic programs. Using these techniques on the specialised PIC emulator, it is possible to obtain constraints on and linear relations between data registers, enabling detection of for instance overflows, branch conditions and so on. 1

### Citations

630 | Systematic design of program analysis frameworks by abstract interpretation
- COUSOT, COUSOT
- 1979
(Show Context)
Citation Context ... Furthermore, techniques for combining existing logic program analyses using the abstract interpretation framework can gain precision compared to the individual analyses (the reduced produce approach =-=[7]-=-). Again, such techniques cansbe applied directly to the logic representations of other languages. We intend to combine boolean approximation domains with numeric approximation in the PIC case study. ... |

572 | Automatic discovery of linear restraints among variables of a program
- Cousot, Halbwachs
- 1978
(Show Context)
Citation Context ...traction of the variables in a program. The abstraction is a set of constraints and relations between the variables. Polyhedral Convex Hulls, first applied in program analysis by Cousot and Halbwachs =-=[8]-=-, have been used for a variety of purposes in program analysis , including in the field of logic and constraint logic programming [3, 4], e.g. for argument-size analysis, time-complexity analysis and ... |

284 |
Compilers : principles, techniques and tools
- Aho, Sethi, et al.
- 1986
(Show Context)
Citation Context ...s. To do this we build a straightforward translation from control-flow graphs and logic programs called control-flow programs. Then we show that the classical liveness analysis on control-flow graphs =-=[1]-=- is mimicked by the action of the FAR algorithm on control-flow programs. Note that the flow-programs and flow-graphs considered in this section are not part of the PIC case study; they are just defin... |

228 | M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
- Whaley, Lam
(Show Context)
Citation Context ...andled provided that they are stratified. An efficient BDD-based toolset for computing Datalog program models is available [22], and it has been applied to Java programs containing thousands of lines =-=[21, 16]-=-. In previous work we have also used Datalog programs as abstractions of full logic programs [12] and in that work the same bddbddb-package was used. 5.1.1 Datalog rules for PIC control flow We now pr... |

62 | Possibly not closed convex polyhedra and the Parma Polyhedra Library
- Bagnara, Ricci, et al.
(Show Context)
Citation Context ...are required. These are projection, emptiness checking, inclusion testing and convex hulls. The Parma Polyhedra Library (PPL) is a programming library targeted especially at analysis and verification =-=[2]-=-. It implements the operations needed for a convex hull analysis and it has interfaces for a variety of programming languages including Ciao Prolog [5]. 2 http://wearables.cs.bris.ac.uk/ 7 6.1 Bottom ... |

52 | Context-sensitive program analysis as database queries
- Lam, Whaley, et al.
- 2005
(Show Context)
Citation Context ...andled provided that they are stratified. An efficient BDD-based toolset for computing Datalog program models is available [22], and it has been applied to Java programs containing thousands of lines =-=[21, 16]-=-. In previous work we have also used Datalog programs as abstractions of full logic programs [12] and in that work the same bddbddb-package was used. 5.1.1 Datalog rules for PIC control flow We now pr... |

45 | Inferring Argument Size Relationships with CLP
- Benoy, King
- 1996
(Show Context)
Citation Context ...x Hulls, first applied in program analysis by Cousot and Halbwachs [8], have been used for a variety of purposes in program analysis , including in the field of logic and constraint logic programming =-=[3, 4]-=-, e.g. for argument-size analysis, time-complexity analysis and termination analysis [15]. Parma Polyhedra Library For a convex hull analyser a few polyhedra operations are required. These are project... |

42 | Efficient specialisation in Prolog using the handwritten compiler generator LOGEN
- Leuschel, Jørgensen
- 1999
(Show Context)
Citation Context ... In Section 5 the Control Flow Analysis, and how these nextInstr/2 facts are derived, is described in detail. For the specialisation step we use an off-line partial evaluator for Prolog, called Logen =-=[17]-=-. The PIC program and any environment data supplied are static inputs. In the execute-loop, everything is unfolded except the loop itself. Every execInst is unfolded completely, only in the integer do... |

42 | Redundant argument filtering of logic programs
- Leuschel, Srensen
- 1996
(Show Context)
Citation Context ...based on the flow graph and its annotation, for solving which data elements contain live values at which program points. 4.1 Liveness Analysis Using Redundant Argument Filtering Leuschel and Sørensen =-=[18]-=- proposed a general logic program transformation called “redundant argument filtering”. This transformation removes predicate arguments that are never “used”. There are two forms of the transformation... |

41 | Conjunctive Partial Deduction: Foundations, Control, Algorihtms, and Experiments
- Schreye, Glück, et al.
- 1999
(Show Context)
Citation Context ...d bottom-up propagation of information. The main motivation for the transformation was the simplification of programs produced by other transformations, in particular by conjunctive partial deduction =-=[9]-=-. We focus here on the transformation called FAR (Section 5 of [18]). In this section we show how the FAR algorithm is a generalisation of liveness analysis and can be applied to the specialised PIC e... |

37 | Program Analysis, Debugging and Optimization Using the Ciao System Preprocessor
- Hermenegildo, Bueno, et al.
- 1999
(Show Context)
Citation Context ...uivalent to the initially supplied PIC program. Existing analysis tools and techniques for logic programs can now be applied to the specialised emulator, to reason about the PIC program - e.g. CiaoPP =-=[14]-=-, a global program analysis, source to source transformation and optimisation tool for Logic Programs. In this section we describe a method for applying a particular numerical analysis method, Convex ... |

33 |
The ciao prolog system. reference manual
- Bueno, Cabeza, et al.
- 1997
(Show Context)
Citation Context ...targeted especially at analysis and verification [2]. It implements the operations needed for a convex hull analysis and it has interfaces for a variety of programming languages including Ciao Prolog =-=[5]-=-. 2 http://wearables.cs.bris.ac.uk/ 7 6.1 Bottom up analysis Our analyser is based on a bottom up evaluator for logic programs, developed by Michael Codish [6]. Prolog programs are evaluated top down,... |

22 |
Abstract interpretation of logic programs using magic transformations
- Debray, Ramakrishnan
- 1994
(Show Context)
Citation Context ...uery-answer transformation provides a way to use a bottom-up analysis tool to return information about the computations themselves, in particular, on the set of calls to each predicate in the program =-=[10]-=-. We illustrate the query-answer transformation for the specialised emulator clauses. Take the clause shown in Example 3. execute 5(B,A) :- C is B+A, 0 is C>>8, C \== 0, D is 24 /\ 254, execute 6(D,B,... |

20 | Efficient goal directed bottom-up evaluation of logic programs
- Codish
- 1999
(Show Context)
Citation Context ...gramming languages including Ciao Prolog [5]. 2 http://wearables.cs.bris.ac.uk/ 7 6.1 Bottom up analysis Our analyser is based on a bottom up evaluator for logic programs, developed by Michael Codish =-=[6]-=-. Prolog programs are evaluated top down, but bottom-up analysis computing the least model of the program provides sound information about the set of all possible answers obtained in top-down computat... |

19 | HOIST: A system for automatically deriving static analyzers for embedded systems
- Regehr, Reid
- 2004
(Show Context)
Citation Context ...em with convex hull analysis. Techniques for enhancing precision of widening, such as delayed widening, could also be used in our analyser. This has not yet been implemented. 7 Related work The Hoist =-=[19]-=- project is closely related to our work. This project is also based on applying abstract interpreta9 tion to embedded software, to aid the programmer in producing reliable and efficient programs. In t... |

17 | Lower-bound time-complexity analysis of logic programs
- King, Shen, et al.
- 1997
(Show Context)
Citation Context ...a variety of purposes in program analysis , including in the field of logic and constraint logic programming [3, 4], e.g. for argument-size analysis, time-complexity analysis and termination analysis =-=[15]-=-. Parma Polyhedra Library For a convex hull analyser a few polyhedra operations are required. These are projection, emptiness checking, inclusion testing and convex hulls. The Parma Polyhedra Library ... |

14 | Abstract domains based on regular types
- Gallagher, Henriksen
- 2004
(Show Context)
Citation Context ...tions. Other abstraction can be applied to the specialised emulator to give more precise results. A different domain being explored is a bit-size domain based on regular types and pre-interpretations =-=[11, 12]-=-. Registers are assigned a type based on which bit is the most significant bit in the value contained in the registers. The result of a boolean operation, take OR as an example, between to registers, ... |

10 |
A bdd-based deductive database for program analysis. http://bddbddb.sourceforge.net
- Whaley, Unkel, et al.
- 2004
(Show Context)
Citation Context ...f Datalog programs are finite and that negations in Datalog programs can be handled provided that they are stratified. An efficient BDD-based toolset for computing Datalog program models is available =-=[22]-=-, and it has been applied to Java programs containing thousands of lines [21, 16]. In previous work we have also used Datalog programs as abstractions of full logic programs [12] and in that work the ... |

7 | Computing Convex Hulls with a Linear Solver. Theory and Practice of Logic Programming
- Benoy, King, et al.
(Show Context)
Citation Context ...x Hulls, first applied in program analysis by Cousot and Halbwachs [8], have been used for a variety of purposes in program analysis , including in the field of logic and constraint logic programming =-=[3, 4]-=-, e.g. for argument-size analysis, time-complexity analysis and termination analysis [15]. Parma Polyhedra Library For a convex hull analyser a few polyhedra operations are required. These are project... |

7 | Techniques for Scaling Up Analyses Based on Pre-interpretations
- Gallagher, Henriksen, et al.
- 2005
(Show Context)
Citation Context ...m models is available [22], and it has been applied to Java programs containing thousands of lines [21, 16]. In previous work we have also used Datalog programs as abstractions of full logic programs =-=[12]-=- and in that work the same bddbddb-package was used. 5.1.1 Datalog rules for PIC control flow We now present a Datalog program representing the control flow of a PIC program. Each instruction of the m... |

6 |
Analysis and specialisation of a PIC processor
- Henriksen, Gallagher
- 2004
(Show Context)
Citation Context ...rocess ConvexHull 2 Emulating an abstract machine We have previously used the procedure described in this section for analysing read/write patterns of data memory, dead code etc. of abstract machines =-=[13]-=-. The procedure followed here differs on the representation of the machine state and the initial Control Flow Analysis. As an example abstract machine to work with, we have chosen the PIC microcontrol... |

3 |
Principles of Knowledge and Database Systems; Volume 1
- Ullman
- 1988
(Show Context)
Citation Context ...to much larger specialised programs and preclude the detection of some cases of dead code. The method described below gives a more precise result. 5.1 Datalog as a property modelling language Datalog =-=[20]-=- is a logic programming language in which there are no function symbols with arity greater than zero. Efficient techniques for computing Datalog models have been studied extensively in research on ded... |