Josef Kittler. University of Surrey, Guildford, UK. Jon M. Kleinberg ... John C. Mitchell. Stanford University, CA, USA .... Manuel Carro. Swarat Chaudhuri. Henning ...
Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen University of Dortmund, Germany Madhu Sudan Massachusetts Institute of Technology, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany
5079
María Alpuente Germán Vidal (Eds.)
Static Analysis 15th International Symposium, SAS 2008 Valencia, Spain, July 16-18, 2008 Proceedings
13
Volume Editors María Alpuente Germán Vidal Technical University of Valencia, DSIC Camino de Vera S/N, 46022 Valencia, Spain E-mail: {alpuente, gvidal}@dsic.upv.es
Library of Congress Control Number: 2008928275 CR Subject Classification (1998): D.3, F.3.1-2, I.2.2, F.4.2, B.8.1, D.1 LNCS Sublibrary: SL 2 – Programming and Software Engineering ISSN ISBN-10 ISBN-13
0302-9743 3-540-69163-4 Springer Berlin Heidelberg New York 978-3-540-69163-1 Springer Berlin Heidelberg New York
This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. Springer is a part of Springer Science+Business Media springer.com © Springer-Verlag Berlin Heidelberg 2008 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper SPIN: 12277155 06/3180 543210
Preface
Static analysis is a research area aimed at developing principles and tools for verification, certification, semantics-based manipulation, and high-performance implementation of programming languages and systems. The series of Static Analysis symposia has served as the primary venue for presentation and discussion of theoretical, practical, and application advances in the area. This volume contains the papers accepted for presentation at the 15th International Static Analysis Symposium (SAS 2008), which was held July 16–18, 2008, in Valencia, Spain. The previous SAS conferences were held in Kongens Lyngby, Denmark (2007), Seoul, South Korea (2006), London, UK (2005), Verona, Italy (2004), San Diego, USA (2003), Madrid, Spain (2002), Paris, France (2001), Santa Barbara, USA (2000), Venice, Italy (1999), Pisa, Italy (1998), Paris, France (1997), Aachen, Germany (1996), Glasgow, UK (1995), and Namur, Belgium (1994). In response to the call for papers, 63 contributions were submitted from 26 different countries. The Program Committee selected 22 papers, basing this choice on their scientific quality, originality, and relevance to the symposium. Each paper was reviewed by at least three Program Committee members or external referees. In addition to the contributed papers, this volume includes contributions by two outstanding invited speakers: Roberto Giacobazzi (Universit` a degli Studi di Verona) and Ben Liblit (University of Wisconsin-Madison). The resulting volume offers the reader a complete landscape of the research in this area. SAS 2008 was held concurrently with LOPSTR 2008, International Symposium on Logic–Based Program Synthesis and Transformation; PPDP 2008, ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming; and the SAS affiliated workshop PLID 2008, 4th International Workshop on Programming Language Interference and Dependence. On behalf of the Program Committee, we would like to express our gratitude to all the authors who submitted papers and all external referees for their careful work in the reviewing process. The Program Chairs would like to thank in particular Alicia Villanueva (SAS Organizing Chair), Christophe Joubert (PPDP Organizing Chair), Josep Silva (LOPSTR Organizing Chair), and all the members of the Organization Committee who worked with enthusiasm in order to make this event possible. We are also grateful to Andrei Voronkov for making EasyChair available to us. Finally, we gratefully acknowledge the institutions that sponsored this event: Departamento de Sistemas Inform´aticos y Computaci´ on, EAPLS, ERCIM, Generalitat Valenciana, MEC (Feder) TIN2007-30509-E, and Universidad Polit´ecnica de Valencia.
July 2008
Mar´ıa Alpuente Germ´an Vidal
Organization
Program Chairs Mar´ıa Alpuente Germ´an Vidal
Technical University of Valencia, Spain Technical University of Valencia, Spain
Program Committee Elvira Albert Roberto Bagnara Maurice Bruynooghe Radhia Cousot Javier Esparza Sandro Etalle Moreno Falaschi Stephen Fink John Gallagher Mar´ıa del Mar Gallardo Chris Hankin Manuel Hermenegildo Julia Lawall Alexey Loginov Hanne Riis Nielson David Schmidt Harald Sondergaard Tachio Terauchi Ji Wang
Complutense University of Madrid, Spain University of Parma, Italy Katholieke Universiteit Leuven, Belgium ´ CNRS/Ecole Polytechnique, France Technical University of Munich, Germany University of Twente, The Netherlands University of Siena, Italy IBM T.J. Watson Research Center, New York, USA Roskilde University, Denmark University of M´ alaga, Spain Imperial College, UK Technical University of Madrid, Spain University of Copenhagen, Denmark IBM T.J. Watson Research Center, New York, USA Technical University of Denmark, Denmark Kansas State University, USA University of Melbourne, Australia Tohoku University, Japan National Lab. for Parallel and Distributed Processing, China
Steering Committee Patrick Cousot Gilberto Fil´e David Schmidt
´ Ecole Normale Sup´erieure, France Universit` a di Padova, Italy Kansas State University, USA
Organizing Committee Beatriz Alarc´ on, Gustavo Arroyo, Antonio Bella, Santiago Escobar, Vicent Estruch, Marco Feliu, C´esar Ferri, Salvador Lucas, Ra´ ul Guti´errez, Jos´e Hern´andez, Jos´e Iborra, Christophe Joubert, Alexei Lescaylle, Marisa Llorens, Rafael Navarro, Pedro Ojeda, Javier Oliver, Mar´ıa Jos´e Ram´ırez, Daniel Romero, Josep Silva, Salvador Tamarit, Alicia Villanueva (Chair).
VIII
Organization
External Reviewers Gianluca Amato Puri Arenas Demis Ballis Maria Garcia de la Banda Andrea Baruzzo Joerg Bauer Hubert Baumeister Ralph Becket Thomas Bolander Rafael Caballero Manuel Carro Swarat Chaudhuri Henning Christiansen Robert Clariso Michael Codish Agostino Cortesi Bart Demoen J´erˆome Feret Maurizio Gabbrielli Han Gao Samir Genaim Roberto Giacobazzi Miguel Gomez-Zamalloa Rene Rydhof Hansen Jerry den Hartog John Hatcliff Fritz Henglein Gerda Janssens Bertrand Jeannet Hugo Jonker Stefan Kiefer Herbert Kuchen Vitaly Lagoon Tal Lev-Ami Pedro Lopez-Garcia Michael Luttenberger Damiano Macedonio Angelika Mader Julio Mari˜ no Matthieu Martel Damien Masse’ Laurent Mauborgne
Guillaume Melquiond Mario Mendez-Lojo Maria Chiara Meo Pedro Merino Sebastian Nanz Christoffer Rosenkilde Nielsen Albert Nymeyer Ricardo Pe˜ na Quan Phan David Pichardie Henrik Pilegaard Ernesto Pimentel Christian Probst Femke van Raamsdonk Xavier Rival Enric Rodriguez Gwen Salaun Sriram Sankaranarayanan Peter Schachte Tom Schrijvers Stefan Schwoon Helmut Seidl Axel Simon Stefano Soffia Fred Spiessens Fausto Spoto Manu Sridharan Peter Stuckey Sriraman Tallam Schrijvers Tom Wim Vanhoof Martin Vechev Sven Verdoolaege Vesal Vojdani Pierre Wolper Fan Yang Hirotoshi Yasuoka Ender Yuksel Alessandro Zaccagnini Enea Zaffanella Damiano Zanardini
Table of Contents
Invited Papers Transforming Abstract Interpretations by Abstract Interpretation: New Challenges in Language-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Roberto Giacobazzi and Isabella Mastroeni
1
Reflections on the Role of Static Analysis in Cooperative Bug Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ben Liblit
18
Contributed Papers Relational Analysis of Correlation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J¨ org Bauer, Flemming Nielson, Hanne Riis Nielson, and Henrik Pilegaard
32
Convex Hull of Arithmetic Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J´erˆ ome Leroux
47
Pointer Analysis, Conditional Soundness, and Proving the Absence of Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Christopher L. Conway, Dennis Dams, Kedar S. Namjoshi, and Clark Barrett
62
Protocol Inference Using Static Path Profiles . . . . . . . . . . . . . . . . . . . . . . . . Murali Krishna Ramanathan, Koushik Sen, Ananth Grama, and Suresh Jagannathan
78
Solving Multiple Dataflow Queries Using WPDSs . . . . . . . . . . . . . . . . . . . . Akash Lal and Thomas Reps
93
Field Flow Sensitive Pointer and Escape Analysis for Java Using Heap Array SSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prakash Prabhu and Priti Shankar
110
Typing Linear Constraints for Moding CLP(R) Programs . . . . . . . . . . . . . Salvatore Ruggieri and Fred Mesnard
128
On Polymorphic Recursion, Type Systems, and Abstract Interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Marco Comini, Ferruccio Damiani, and Samuel Vrech
144
Modal Abstractions of Concurrent Behaviour . . . . . . . . . . . . . . . . . . . . . . . . Sebastian Nanz, Flemming Nielson, and Hanne Riis Nielson
159
X
Table of Contents
Hiding Software Watermarks in Loop Structures . . . . . . . . . . . . . . . . . . . . . Mila Dalla Preda, Roberto Giacobazzi, and Enrico Visentini
174
Inferring Min and Max Invariants Using Max-Plus Polyhedra . . . . . . . . . . ´ Xavier Allamigeon, St´ephane Gaubert, and Eric Goubault
189
Conflict Analysis of Programs with Procedures, Dynamic Thread Creation, and Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Peter Lammich and Markus M¨ uller-Olm
205
Automatic Inference of Upper Bounds for Recurrence Relations in Cost Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Elvira Albert, Puri Arenas, Samir Genaim, and Germ´ an Puebla
221
SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Gogul Balakrishnan, Sriram Sankaranarayanan, Franjo Ivanˇci´c, Ou Wei, and Aarti Gupta
238
Flow Analysis, Linearity, and PTIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . David Van Horn and Harry G. Mairson
255
Quantum Entanglement Analysis Based on Abstract Interpretation . . . . . Simon Perdrix
270
Language Strength Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Nicholas Kidd, Akash Lal, and Thomas Reps
283
Analysing All Polynomial Equations in Z2w . . . . . . . . . . . . . . . . . . . . . . . . . Helmut Seidl, Andrea Flexeder, and Michael Petter
299
Splitting the Control Flow with Boolean Flags . . . . . . . . . . . . . . . . . . . . . . . Axel Simon
315
Reasoning about Control Flow in the Presence of Transient Faults . . . . . Frances Perry and David Walker
332
A Calculational Approach to Control-Flow Analysis by Abstract Interpretation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jan Midtgaard and Thomas Jensen
347
Heap Decomposition for Concurrent Shape Analysis . . . . . . . . . . . . . . . . . . Roman Manevich, Tal Lev-Ami, Mooly Sagiv, Ganesan Ramalingam, and Josh Berdine
363
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
379
