Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
Misconceptions about Loops in C
SOAP 2024: Proceedings of the 13th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2024, Pages 60–66https://doi.org/10.1145/3652588.3663324Loop analysis is a key component of static analysis tools. Unfortunately, there are several rare edge cases. As a tool moves from academic prototype to production-ready, obscure cases can and do occur. This results in loop analysis being a key source of ...
- research-articleJune 2024
Static Analysis for Transitioning to CHERI C/C++
SOAP 2024: Proceedings of the 13th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2024, Pages 52–59https://doi.org/10.1145/3652588.3663323We describe and evaluate custom static analyses to support transitioning C/C++ code to CHERI hardware. CHERI is a novel architectural extension, implemented for RISC-V and AArch64, that uses capabilities to provide fine-grained memory protection and ...
- research-articleJune 2024
A Better Approximation for Interleaved Dyck Reachability
SOAP 2024: Proceedings of the 13th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2024, Pages 18–25https://doi.org/10.1145/3652588.3663318Interleaved Dyck reachability is a standard, graph-based formulation of a plethora of static analyses that seek to be context- and field- sensitive, where each type of sensitivity is expressed via a CFL/Dyck language. Unfortunately, the problem is well-...
- research-articleJune 2023
Static Analysis of Data Transformations in Jupyter Notebooks
SOAP 2023: Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2023, Pages 8–13https://doi.org/10.1145/3589250.3596145Jupyter notebooks used to pre-process and polish raw data for data science and machine learning processes are challenging to analyze. Their data-centric code manipulates dataframes through call to library functions with complex semantics, and the ...
- research-articleJune 2023
Speeding up Static Analysis with the Split Operator
SOAP 2023: Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2023, Pages 14–19https://doi.org/10.1145/3589250.3596141In the context of static analysis based on Abstract Interpretation, we propose a new abstract operator modeling the split of control flow paths: the goal of the operator is to enable a more efficient analysis when using abstract domains that are ...
-
- research-articleJune 2023
When Long Jumps Fall Short: Control-Flow Tracking and Misuse Detection for Non-local Jumps in C
SOAP 2023: Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2023, Pages 20–26https://doi.org/10.1145/3589250.3596140The C programming language offers setjmp/longjmp as a mechanism for non-local control flow. This mechanism has complicated semantics. As most developers do not encounter it day-to-day, they may be unfamiliar with all its intricacies – leading to ...
- research-articleJune 2022
ADA: a tool for visualizing the architectural overview of open-source repositories
- Md Rakib Hossain Misu,
- Aleksandar Saša Janjanin,
- Zhiqiang Bian,
- Valentin-Sebastian Burlacu,
- Naum Anteski
SOAP 2022: Proceedings of the 11th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2022, Pages 30–35https://doi.org/10.1145/3520313.3534659Writing highly maintainable and efficient software code is becoming increasingly difficult, especially while following the rapid, agile development process and working in a distributed team. One of the key indicators of that inefficient software design ...
- research-articleJune 2022
Ensuring determinism in blockchain software with GoLiSA: an industrial experience report
- Luca Olivieri,
- Fabio Tagliaferro,
- Vincenzo Arceri,
- Marco Ruaro,
- Luca Negrini,
- Agostino Cortesi,
- Pietro Ferrara,
- Fausto Spoto,
- Enrico Talin
SOAP 2022: Proceedings of the 11th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2022, Pages 23–29https://doi.org/10.1145/3520313.3534658Ensuring determinism is mandatory when writing blockchain software. When determinism is not met it can lead to serious implications in the blockchain network while compromising the software development, release, and patching processes. In the ...
- research-articleJune 2021
Proving non-termination by program reversal
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and ImplementationJune 2021, Pages 1033–1048https://doi.org/10.1145/3453483.3454093We present a new approach to proving non-termination of non-deterministic integer programs. Our technique is rather simple but efficient. It relies on a purely syntactic reversal of the program's transition system followed by a constraint-based ...
When threads meet events: efficient and precise static race detection with origins
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and ImplementationJune 2021, Pages 725–739https://doi.org/10.1145/3453483.3454073Data races are among the worst bugs in software in that they exhibit non-deterministic symptoms and are notoriously difficult to detect. The problem is exacerbated by interactions between threads and events in real-world applications. We present a novel ...
- research-articleJune 2021
Incremental whole-program analysis in Datalog with lattices
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and ImplementationJune 2021, Pages 1–15https://doi.org/10.1145/3453483.3454026Incremental static analyses provide up-to-date analysis results in time proportional to the size of a code change, not the entire code base. This promises fast feedback to programmers in IDEs and when checking in commits. However, existing incremental ...
- invited-talkJune 2020
Formal reasoning and the hacker way (keynote)
SOAP 2020: Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2020, Page 1https://doi.org/10.1145/3394451.3401953In 2013 I moved from to industry after over 25 years in academia, when Facebook acquired a verification startup, Monoidics, that I was involved with. In this talk I’ll recount the clash of cultures I encountered, where traditionally calm and cool formal ...
- research-articleJune 2020
Explaining bug provenance with trace witnesses
SOAP 2020: Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2020, Pages 14–19https://doi.org/10.1145/3394451.3397206Bug finders are mainstream tools used during software development that significantly improve the productivity of software engineers and lower maintenance costs. These tools search for software anomalies by scrutinising the program's code using static ...
- research-articleJune 2020
Value and allocation sensitivity in static Python analyses
SOAP 2020: Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisJune 2020, Pages 8–13https://doi.org/10.1145/3394451.3397205Sound static analyses for large subsets of static programming languages such as C are now widespread. For example the Astrée static analyzer soundly overapproximates the behavior of C programs that do not contain any dynamic code loading, longjmp ...
- research-articleJune 2020Distinguished Paper
Fast graph simplification for interleaved Dyck-reachability
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2020, Pages 780–793https://doi.org/10.1145/3385412.3386021Many program-analysis problems can be formulated as graph-reachability problems. Interleaved Dyck language reachability. Interleaved Dyck language reachability (InterDyck-reachability) is a fundamental framework to express a wide variety of program-...
- research-articleJune 2019
MetaDL: analysing Datalog in Datalog
SOAP 2019: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program AnalysisJune 2019, Pages 38–43https://doi.org/10.1145/3315568.3329970Datalog has emerged as a powerful tool for expressing static program analyses. Program analysis researchers have built nontrivial code bases in Datalog, but tool support for working with Datalog itself has been lacking. In this paper, we introduce ...
- research-articleJune 2019
SootDiff: bytecode comparison across different Java compilers
SOAP 2019: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program AnalysisJune 2019, Pages 14–19https://doi.org/10.1145/3315568.3329966Different Java compilers and compiler versions, e.g., javac or ecj, produce different bytecode from the same source code. This makes it hard to trace if the bytecode of an open-source library really matches the provided source code. Moreover, it ...
Incremental precision-preserving symbolic inference for probabilistic programs
PLDI 2019: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2019, Pages 237–252https://doi.org/10.1145/3314221.3314623We present ISymb an incremental symbolic inference framework for probabilistic programs in situations when some loop-manipulated array data, upon which their probabilistic models are conditioned, undergoes small changes. To tackle the path explosion ...
- research-articleJune 2017
Systematic approaches for increasing soundness and precision of static analyzers
SOAP 2017: Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program AnalysisJune 2017, Pages 31–36https://doi.org/10.1145/3088515.3088521Building static analyzers for modern programming languages is difficult. Often soundness is a requirement, perhaps with some well-defined exceptions, and precision must be adequate for producing useful results on realistic input programs. Formally ...
- research-articleJune 2016
Towards cross-platform cross-language analysis with soot
SOAP 2016: Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program AnalysisJune 2016, Pages 1–6https://doi.org/10.1145/2931021.2931022To assess the security and quality of the growing number of programs on desktop computers, mobile devices, and servers, companies often rely on static analysis techniques. While static analysis has been applied successfully to various problems, the ...