P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In Symp. on Princ. of Prog. Lang., 1978.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....on the programmer. They analyze the input procedure using existing (potentially vacuous) contracts and yield a new, more restrictive, contract for this procedure. We have implemented CSSV using the AST Tooklit [22] CoreC, the Golf pointer analysis [4, 5] and the polyhedra integer analysis of [3] from [14] We have applied the implementation to real life programs. CSSV veri ed an intricate string library from EADS Airbus yielding only 6 false alarms. In the application xwrites, part of web2c, CSSV uncovered 8 errors with 2 false alarms. Finally, we implemented the derivation algorithms ....

....of string errors in this function, without reporting any false alarm. The toy main procedure, shown in Fig. 3, calls SkipLine to insert a newline character, reads input from the stanvoid SkipLine(int NbLine, char PtrEndText) int indice; char PtrEndLoc; 1] indice=0; 2] begin loop: [3] if (indice =NbLine) goto end loop; 4] PtrEndLoc = PtrEndText [5] PtrEndLoc = nn ; 6] PtrEndText = PtrEndLoc 1; 7] indice = indice 1; 8] goto begin loop; 9] end loop: 10] PtrEndLoc = PtrEndText [11] PtrEndLoc = n0 ; g void main( char buf[SIZE] char r, s; 1] r = ....

[Article contains additional citation context not shown here]

P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In Symp. on Princ. of Prog. Lang., 1978.

....of q. Dor et al. [8] therefore introduce special p overlaps q variables to quantify the pointer o set and thereby model string length interaction. This tactic potentially increases the number of variables quadratically which is unfortunate since relational numeric abstractions such as polyhedra [4] become less tractable as the number of variables increase. This is an eciency issue. More subtle is the correctness issue that relates to pointers that de nitely or possibly point to the same bu er. This is illustrated in the following code: 1 char p, q, s[32] t[32] 2 strcpy(s, Boat ) ....

....variables increase. This is an eciency issue. More subtle is the correctness issue that relates to pointers that de nitely or possibly point to the same bu er. This is illustrated in the following code: 1 char p, q, s[32] t[32] 2 strcpy(s, Boat ) s[5] 3 strcpy(t, Aero ) s[5] t[4] 4 p = t 4; p[4] s[5] t[4] 5 strcat(p, plane ) p[10] s[5] t[10] 6 if (rand( q=s; else q=t; p[10] q[5,10] s[5] t[10] 7 strcat(q, to R eunion ) p[10,20] q[15,20] s[5,15] t[10,20] The comments indicate the possible null positions at the various lines. The strcat in ....

[Article contains additional citation context not shown here]

P. Cousot and N. Halbwachs. Automatic Discovery of Linear Constraints among Variables of a Program. In Proceedings of Principles of Programming Languages, pages 84-97. ACM Press, 1978.

....three main results: 1. A source to source transformation that produces an instrumented C program which asserts when a string manipulation cleanness violation occurs. The transformation is described in Section 2. 2. In Section 3, we show that the integer analysis algorithm of Cousot and Halbwachs [5] can be used to analyze the instrumented program to nd all potentially unclean string expressions in a rather precise way. Methods with lower complexity such as range analysis [3] can also be used. 3. We have implemented both the source to source transformation and the static analysis algorithms ....

.... is to prove that conservative static cleanness checking of realistic C programs is feasible, while generating only a small number of false alarms, we use a rather expensive but precise integer analysis that detects linear restraints among the integer variables that our transformation introduces [5]. The integer analysis is conservative thus resulting in an algorithm that detects all unclean string manipulations. A Prototype Implementation We analyzed functions with massive string manipulations from three di erent applications: i) fixoutput a checker for the output of a lexical analyzer; ....

[Article contains additional citation context not shown here]

P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In ACM Symp. on Princ. of Prog. Lang., 1978.

....we obtain the configuration in Figure 11. We notice the fact that, due to the lack of an invariant in the inner loop, further application of exact propagation steps will not help proving the assertion. In order to generate an invariant for the inner loop, we apply a linear restraint analysis [7] to the inner loop. The result is given in Figure 12. We note that we could have applied the linear restraint analysis to the whole program, in order to prove our assertion. However, since such an analysis is expensive, it is important to restrict its application to small fragments of the program. ....

Patrick Cousot and Nicolas Halbwachs, "Automatic discovery of linear constraints among variables of a program", in Proc. of the 5th ACM Symp. on POPL, 1978, 84--97.

.... implement abstract debugging in a real world programming environment and give the programmer the ability to determine different categories of standard program properties (e.g. nil pointers, parity of integer variables, congruence relations [15] intervals, linear inequalities between variables [9], etc) ....

Patrick Cousot and Nicolas Halbwachs: "Automatic discovery of linear constraints among variables of a program", Proc. of the 5th ACM Symp. on POPL (1978) 84-- 97

....structure of their control flow graph. 1 Introduction Abstract interpretation [7, 10, 11] is a formal method that enables the static and automatic determination of run time properties of programs, such as the range [2, 4, 5] or congruence properties [15] of integer variables, linear inequalities [9] between variables, data aliasing [2, 4, 12, 13] etc. This method is based on a characterization of programs invariants as either least or greatest fixed points of continuous functions over complete lattices, which are classically computed by iterative computations starting from either the ....

....have a worst case complexity of 2 n , which is unacceptable in practice. Speed up techniques, known as widening and narrowing [7, 11] have been designed to determine safe approximations of extremal fixed points of continuous function over lattices of infinite height, non complete lattices [9], and even complete partial orders [3, 4] When the control flow graph of the program being analyzed is known in advance (as is the case for intraprocedural abstract interpretation) the fixed point equation to be solved amounts to a system of equations, each equation being associated with a ....

Patrick Cousot and Nicolas Halbwachs: "Automatic discovery of linear constraints among variables of a program", Proc. of the 5th ACM Symp. on POPL (1978) 84-- 97

....of a least upper approximation. But even so, it can be very interesting to have such a widening operator to define finite and tractable frameworks, as we have seen in section 2. Also, note that the use of widening operators over non complete lattices was already present in Cousot and Halbwachs [3], where the lattice of finitely represented convex hulls is not complete. Finally, it should be noted that our framework can be very easily generalized to cases where (R; is only a preorder 1 , in which case the meaning function need not be monotonic and the conditions imposed on the ....

....test is intractable or very costly, since we require that equivalent representations be comparable only when they are similar enough . It is interesting to note that a comparable idea, which was only a heuristic at the time, was used in the design of the widening operator of Cousot and Halbwachs [3] which preserves as much as possible the representations of convex hulls during iterative computations. So let (R; fl; r) be a representation of D, and F 2 D D be a continuous function, that is, a monotonic function such that for every directed subset C D: F( F C) F F(C) It is well ....

[Article contains additional citation context not shown here]

Patrick Cousot and Nicolas Halbwachs: "Automatic discovery of linear constraints among variables of a program", in Proc. of the 5th ACM Symp. on POPL (1978) 84--97

No context found.

P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In Symp. on Princ. of Prog. Lang., 1978.

No context found.

P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In Symp. on Princ. of Prog. Lang., 1978.

No context found.

Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: Princ. of Prog. Lang. (1978) 84--96

No context found.

Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: Princ. of Prog. Lang. (1978)

No context found.

P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In Symp. on Princ. of Prog. Lang., 1978.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC