Schmidt, D.A., Ste#en, B.: Program analysis as model checking of abstract interpretations. In: SAS '98: Proceedings of the 5th International Symposium on Static Analysis, London, UK, Springer-Verlag (1998) 351--380  Home/Search   Document Details and Download   Summary   Related Articles   Check

....the heap. Typically, such analyses are based on abstract interpretations [7] of heaps with various kinds of shape graphs. This paper presents a new framework for shape analysis, which is based on Schmidt and Ste en s observation that static analysis is model checking of an abstract interpretation [30]. The exploitation of this paradigm renders our framework di erent in several key ways. A major di erence is the way in which abstract interpretation is performed. We use a generic abstraction algorithm to calculate an abstraction of the program, relative to a given shape property. Starting with ....

D.A. Schmidt and B. Steen. Program analysis as model checking of abstract interpretations. In SAS, volume 1503 of LNCS, 1998.

.... 10, 11] In the recent years there has been a convergence of ideas in static analysis and model checking: di erent kinds of program analysis can be performed by xed point computations and these computations can either be carried out by specialized algorithms or by general purpose model checkers [14, 15]. Whereas static analysis techniques have a longstanding history, the application of model checking to static analysis problems is more recent. The idea of using model checking for bytecode veri cation was originally suggested by Posegga and Vogt [9] They carried out a few small examples by hand ....

D. Schmidt and B. Steen. Program analysis as model checking of abstract interpretations. In Proceedings of Static Analysis Symposium (SAS'98), volume 1503 of LNCS, pages 351-380, Pisa, Italy, September 1998. Springer-Verlag.

....These methods are mathematically rather more sophisticated than those of this paper, which seem more appropriate for traditional intermediate code optimizations. 1. 4 Model checking and program analysis This situation has improved with the advent of model checking approaches to program analysis [4, 27, 29, 30, 32, 28]. Work by Ste#en and Schmidt [29, 30] showed that temporal logic is well suited to describing data dependencies and other program properties exploited in classical compiler optimizations. In particular, work by Knoop, Ste#en and Ruthing [14] showed that new insights could be gained from using ....

....than those of this paper, which seem more appropriate for traditional intermediate code optimizations. 1. 4 Model checking and program analysis This situation has improved with the advent of model checking approaches to program analysis [4, 27, 29, 30, 32, 28] Work by Ste#en and Schmidt [29, 30] showed that temporal logic is well suited to describing data dependencies and other program properties exploited in classical compiler optimizations. In particular, work by Knoop, Ste#en and Ruthing [14] showed that new insights could be gained from using temporal logic, enabling new and stronger ....

D.A. Schmidt, B. Ste#en. Program analysis as model checking of abstract interpretations. In Proc. of 5th Static Analysis Symposium, G. Levi. ed., Pisa, volume 1503 of Lecture Notes in Computer Science, Springer-Verlag, 1998.

.... 10, 11] In the recent years there has been a convergence of ideas in static analysis and model checking: di#erent kinds of program analysis can be performed by fixed point computations and these computations can either be carried out by specialized algorithms or by general purpose model checkers [14, 15]. Whereas static analysis techniques have a longstanding history, the application of model checking to static analysis problems is more recent. The idea of using model checking for bytecode verification was originally suggested by Posegga and Vogt [9] They carried out a few small examples by hand ....

D. Schmidt and B. Ste#en. Program analysis as model checking of abstract interpretations. In Proceedings of Static Analysis Symposium (SAS'98), volume 1503 of LNCS, pages 351--380, Pisa, Italy, September 1998. Springer-Verlag.

....the formula can be checked. We extend model checking to programs written in real programming languages. However the model checking problem in general is undecidable for system implementations using programming languages and properties described in interesting logics. Hence we need abstraction [CC77,JN94,SS98]. In industry the programming language Erlang [AWV93] is used for the implementation of distributed systems. Erlang is a strict functional language with additional features for the creation of processes and communication between them, independently of a process being executed on the same computer ....

D. Schmidt and B. Steen. Program analysis as model checking of abstract interpretations. LNCS, 1503:351-380, 1998.

....code, but correctness proofs were out of its scope (and would have been impractically complex in a denotational framework, witness [14] 1. 3 Model checking and program analysis This unsatisfactory situation has improved with the advent of model checking approaches to program analysis [4, 20, 22, 23, 25, 21]. Work by Ste en and Schmidt [22, 23] showed that temporal logic is well suited to describing data dependencies and other program properties exploited in classical compiler optimizations. In particular, work by Knoop, Ste en and R uthing [12] showed that new insights could be gained from using ....

....its scope (and would have been impractically complex in a denotational framework, witness [14] 1. 3 Model checking and program analysis This unsatisfactory situation has improved with the advent of model checking approaches to program analysis [4, 20, 22, 23, 25, 21] Work by Ste en and Schmidt [22, 23] showed that temporal logic is well suited to describing data dependencies and other program properties exploited in classical compiler optimizations. In particular, work by Knoop, Ste en and R uthing [12] showed that new insights could be gained from using temporal logic, enabling new and ....

D.A. Schmidt, B. Steen. Program analysis as model checking of abstract interpretations. Proc. 5th Static Analysis Symposium, G. Levi. ed., Pisa, 1998. Springer-Verlag Lecture Notes in Computer Science, vol. 1503.

....path IVP) All returns are matched but not all calls. This is similar to 1 . Path Edge SLIVP: This is = 0 and 0 Summary Edge SLIVP: This is = 0 restricted to call nodes. Although the interplay between data ow analysis and model checking has been widely recognized (e.g. [16]) the closeness in the details of algorithms used indicates a potential for furthering the practice in both areas through a better understanding of the interactions. Finally, although model checking of recursive programs using mu calculus has been explored [5] the techniques appear to have an ....

D. A. Schmidt and B. Steen. Program analysis as model checking of abstract interpretations. In Static Analysis Symposium, pages 351-380, 1998.

....is needed. We propose an extension of model checking to programs written in real programming languages. However the model checking problem in general is undecidable for system implementations using programming languages and properties described in interesting logics. Hence we need abstraction [5, 12, 15]. In industry the programming language Erlang [1] is used for the implementation of distributed systems. We have developed a framework for abstract interpretations for a core fragment of Erlang in [10] with the property that the transition system de ned by the abstract operational semantics (AOS) ....

David Schmidt and Bernhard Steen. Program analysis as model checking of abstract interpretations. LNCS, 1503:351-380, 1998.

....the application of model checking to flow analysis, e.g. Ste91,DS97] In these works, it has been shown how many problems usually solved by means of data flow techniques can be solved more simply by model checking techniques. In particular, our work is consistent with the methodology proposed in [SS98], which uses abstract interpretation [CC77] to abstract and analyze programs by combining model checking and data flow techniques. The links among abstract interpretation and data flow analysis are also well known (e.g. CC99] There is also some relation with works, such as [Rep98] that ....

. D.A. Schmidt and B.Steffen, Program analysis as model checking of abstract interpretations, G. Levi. (ed.), pages 351--380. Proc. 5th Static Analysis Symposium,Pisa, September, 1998. Berlin: Springer-Verlag, 1998. Springer LNCS 1503.

....and Static Analysis: The relationship between model checking and abstract interpretation continues to be the subject of much research. Static program analysis methods based on abstract interpretation have been recently re formulated in terms of model checking. For instance, Schmidt and Ste#en [55] show how many program analysis techniques can be understood as the model checking of particular kinds of abstractions. ESC [23] and Nitpick [34] are tools that automatically detect errors in software systems by combining static analysis and automatic theorem proving methods. Another challenge is ....

D. A. Schmidt and B. Ste#en. Program analysis as model checking of abstract interpretations. In Proc. 5th Static Analysis Symp., LNCS. Springer, Sept. 1998.

....for concurrent garbage collection. 1 Introduction Abstract model checking is a methodology for verifying state tarnsition systems. In abstract model checking, we construct an abstract system of the target system by an abstract map, and then apply traditional model checking to the abstract system [6, 10, 9, 7]. While the number of states is in nite or intractable, the number of abstract states can be reduced to nite or tractable provided that the abstract map is appropriate[2, 5] In this paper, we consider the case that states of the system have link structures. A link structure consists cells which ....

....algorithms for concurrent garbage collection. One is the so called on the y garbage collector formulated by Dijkstra et al. 3] The other is the snapshot garbage collector by Yuasa [12] modi ed to t our model. 4 R[0] XXXXX Xz R[1] R[2] registers C[7] J J J J J C[8] C[9] C[10] cells Figure 1: registers and cells 4.1.1 Cells and Registers The heap for cells is formally de ned as a function (or an array) from cell indices to cells. We do not specify the set of cell indices at the moment. We use C to denote the heap, and C[i] to denote the i th cell. C : heap ....

David Schmidt and Bernhard Steen. Program analysis as model checking of abstract interpretations. In Static Analysis, volume 1503 of Lecture Notes in Computer Science, pages 351-380, 1998.

....the slicing description and the correctness proofs. Moreover, the entire issue seems to be an an artifact of the particular style of specification logic and the granularity of the transition system model that one wishes to expose to the user. For example, if one uses an action based version of LTL [44] instead of a state based version, the notion of non stuttering transition would appear in an alternate form, and would most likely require a slightly different mechanism for ensuring that non stuttering transitions are not compressed. In addition, in our approach where software is compiled to ....

David Schmidt and Bernhard Steffen. Program analysis as model checking of abstract interpretations. In Giorgio Levi, editor, Proceedings of the 5th International Static Analysis Symposium (SAS'98), volume 1503 of Lecture Notes in Computer Science, pages 351--380. Berlin: Springer-Verlag, 1998.

....and other parts are fully automatic. 1 Introduction Abstract model checking is a methodology for verifying state transition systems, with which an abstraction mapping on the target system is first defined and then traditional finite model checking is performed against the abstract system [8, 12, 13, 10]. Even if the state space of the target concrete system is infinite, the abstract one might have a finite state space provided that the abstraction mapping is powerful. Muller and Nipkow s work [8] is a typical example of abstract model checking. They succeeded in verifying the safety of ....

David Schmidt and Bernhard Steffen. Program Analysis as Model Checking of Abstract Interpretations. Static Analysis, Lecture Notes in Computer Science, Vol.1503, pp.351--380.

....checking problem for branching time logics is only exponential in the number of control states of the PDS; for a xed number of states the algorithms of [2, 11] are polynomial. Inspired by the work of Ste en and others on the connection between model checking and data ow analysis (see for instance [9]) it has been recently observed that relevant data ow problems for programs with procedures (so called interprocedural data ow problems) as well as security problems for Java programs can be reduced to di erent variants of the model checking problem for PDSs and LTL [5, 6, 8] Motivated by this ....

D. Schmidt and B. Steen. Program analysis as model checking of abstract interpretations. In Proceedings of SAS'98, Pisa, LNCS 1503, pages 351-380, 1998.

.... every path of C observables in the source program is also present in the slice but not vice versa (in essence, the sliced program can C simulate the source, but not vice versa) This is a typical situation in model construction when models are constructed using abstract interpretation techniques [20]. 6 Related Work Static slicing of concurrent programs: Cheng [4] presents an approach to static and dynamic slicing of concurrent programs based on a generalization of PDG s which he calls program dependence nets (PDN) PDN s include edges for what Cheng calls synchronization dependence, ....

David Schmidt and Bernhard Steffen. Program analysis as model checking of abstract interpretations. In Giorgio Levi, editor, Proceedings of the 5th International Static Analysis Symposium (SAS'98), volume 1503 of Lecture Notes in Computer Science, pages 351--380. Berlin: Springer-Verlag, 1998.

No context found.

Schmidt, D.A., Ste#en, B.: Program analysis as model checking of abstract interpretations. In: SAS '98: Proceedings of the 5th International Symposium on Static Analysis, London, UK, Springer-Verlag (1998) 351--380

No context found.

D. Schmidt and B. Steen. Program analysis as model checking of abstract interpretations. In Proceedings of SAS'98, Pisa, LNCS 1503, pages 351-380, 1998.

No context found.

D.A. Schmidt and B. Ste#en. Program analysis as model checking of abstract interpretations. In Proceedings of SAS '98, LNCS 1503:351--380, 1998.

No context found.

David A. Schmidt and Bernhard Steffen. Program analysis as model checking of abstract interpretations. In Proceedings of SAS'98, pages 351 -- 380, 1998.

No context found.

David Schmidt and Bernhard Ste#en. Program analysis as model checking of abstract interpretations. In Proceedings of SAS'98, Static Analysis Symposium, pages 351--380. Springer-Verlag (LNCS 1503), 1998.

No context found.

David A. Schmidt and Bernhard Steffen. Program analysis as model checking of abstract interpretations. In Proceedings of SAS'98, pages 351 -- 380, 1998.

No context found.

David Schmidt and Bernhard Steen. Program analysis as model checking of abstract interpretations. In Proceedings of SAS'98, Static Analysis Symposium, pages 351-380. Springer-Verlag (LNCS 1503), 1998.

No context found.

D. Schmidt and B. Steen. Program analysis as model checking of abstract interpretations. In SAS'98, pages 351-380, 1998.

No context found.

David Schmidt and Bernhard Steen. Program analysis as model checking of abstract interpretations. In Proceedings of SAS'98, Static Analysis Symposium, pages 351-380. Springer-Verlag (LNCS 1503), 1998.

No context found.

Schmidt, D. and B. Ste#en: 1998, `Program Analysis as Model Checking of Abstract Interpretations'. In: G. Levi (ed.): Static Analysis, 5th International Symposium, SAS'98, Vol. 1503 of LNCS. pp. 351--380.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC