Program analysis

Abstract: Until recently, model checking and data-flow analysis—two traditional approaches to software verification—were used independently and in isolation for solving similar problems. Theoretically, the two different approaches are equivalent; they are two different ways to compute the same solution to a problem. In recent years, new practical approaches have shown how to combine the approaches and how to make them benefit from each other—model-checking techniques can make data-flow analyses more precise, and data-flow-analysis techniques can make model checking more efficient. This chapter starts by discussing the relationship (differences and similarities) between type checking, data-flow analysis, and model checking. Then we define algorithms for data-flow analysis and model checking in the same formal setting, called configurable program analysis. This identifies key differences that make us call an algorithm a “model-checking” algorithm or a “data-flow-analysis” algorithm. We illustrate the effect of using different algorithms for running certain classic example analyses and point out the reason for one algorithm being “better” than the other. The chapter presents combined verification techniques in the framework of configurable program analysis, in order to emphasize techniques used in data-flow analysis and in model checking. Besides the iterative algorithm that is used to illustrate the similarities and differences between data-flow analysis and model checking, we discuss different algorithmic approaches for constructing program invariants. To show that the border between data-flow analysis and model checking is blurring and disappearing, we also discuss directions in tool implementations for combined verification approaches.

Abstract: This paper presents an approach to formalizing and enforcing a class of use privacy properties in data-driven systems. In contrast to prior work, we focus on use restrictions on proxies (i.e. strong predictors) of protected information types. Our definition relates proxy use to intermediate computations that occur in a program, and identify two essential properties that characterize this behavior: 1) its result is strongly associated with the protected information type in question, and 2) it is likely to causally affect the final output of the program. For a specific instantiation of this definition, we present a program analysis technique that detects instances of proxy use in a model, and provides a witness that identifies which parts of the corresponding program exhibit the behavior. Recognizing that not all instances of proxy use of a protected information type are inappropriate, we make use of a normative judgment oracle that makes this inappropriateness determination for a given witness. Our repair algorithm uses the witness of an inappropriate proxy use to transform the model into one that provably does not exhibit proxy use, while avoiding changes that unduly affect classification accuracy. Using a corpus of social datasets, our evaluation shows that these algorithms are able to detect proxy use instances that would be difficult to find using existing techniques, and subsequently remove them while maintaining acceptable classification performance.

Abstract: This paper describes a general approach for automatic and accurate time-bound analysis. The approach consists of transformations for building time-bound functions in the presence of partially known input structures, symbolic evaluation of the time-bound function based on input parameters, optimizations to make the overall analysis efficient as well as accurate, and measurements of primitive parameters, all at the source-language level. We have implemented this approach and performed a number of experiments for analyzing Scheme programs. The measured worst-case times are closely bounded by the calculated bounds.

Abstract: Invited Papers.- Refactoring Using Type Constraints.- Programming Language Design and Analysis Motivated by Hardware Evolution.- Contributed Papers.- A Compilation Model for Aspect-Oriented Polymorphically Typed Functional Languages.- Lattice Automata: A Representation for Languages on Infinite Alphabets, and Some Applications to Verification.- Compositional Verification and 3-Valued Abstractions Join Forces.- Formalised Inductive Reasoning in the Logic of Bunched Implications.- Optimal Abstraction on Real-Valued Programs.- Taming the Wrapping of Integer Arithmetic.- Under-Approximations of Computations in Real Numbers Based on Generalized Affine Arithmetic.- A Framework for End-to-End Verification and Evaluation of Register Allocators.- A New Algorithm for Identifying Loops in Decompilation.- Accelerated Data-Flow Analysis.- Abstract Error Projection.- Precise Thread-Modular Verification.- Modular Safety Checking for Fine-Grained Concurrency.- Static Analysis of Dynamic Communication Systems by Partner Abstraction.- Exploiting Pointer and Location Equivalence to Optimize Pointer Analysis.- Hierarchical Pointer Analysis for Distributed Programs.- Semantics-Based Transformation of Arithmetic Expressions.- A Fast Implementation of the Octagon Abstract Domain on Graphics Hardware.- Fixpoint-Guided Abstraction Refinements.- Guided Static Analysis.- Program Analysis Using Symbolic Ranges.- Shape Analysis with Structural Invariant Checkers.- Footprint Analysis: A Shape Analysis That Discovers Preconditions.- Arithmetic Strengthening for Shape Analysis.- Astree: From Research to Industry.- Magic-Sets Transformation for the Analysis of Java Bytecode.