Nevin Heintze

The SLam calculus: programming with secrecy and integrity

The SLam calculus is a typed ¿-calculus that maintains security information as well as type information. The type system propagates security information for each object in four forms: the objects creators and readers, and the objects indirect creators and readers (i.e., those agents who, through flow-of-control or the actions of other agents, can influence or be influenced by the content of the object). We prove that the type system prevents security violations and give some examples of its power.

A core calculus of dependency

Notions of program dependency arise in many settings: security, partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings that can be captured within a single calculus, the Dependency Core Calculus (DCC), a small extension of Moggis computational lambda calculus. To establish this thesis, we translate typed calculi for secure information flow, binding-time analysis, slicing, and call-tracking into DCC. The translations help clarify aspects of the source calculi. We also define a semantic model for DCC and use it to give simple proofs of noninterference results for each case.

Ultra-fast aliasing analysis using CLA: a million lines of C code in a second

We describe the design and implementation of a system for very fast points-to analysis. On code bases of about million lines of unpreprocessed C code, our system performs field-based Andersen-style points-to analysis in less than a second and uses less than 10MB of memory. Our two main contributions are a database-centric analysis architecture called compile-link-analyze (CLA), and a new algorithm for implementing dynamic transitive closure. Our points-to analysis system is built into a forward data-dependence analysis tool that is deployed within Lucent to help with consistent type modifications to large legacy C code bases.

Set-based analysis of ML programs

Reasoning about program variables as sets of “values” leads to a simple, accurate and intuitively appealing notion of program approximation. This paper presents approach for the compile-time analysis of ML programs. To develop the core ideas of the analysis, we consider a simple untyped call-by-value functional language. Starting with an operational semantics for the language, we develop an approximate “set-based” operational semantics, which formalizes the intuition of treating program variables as sets. The key result of the paper is an O(n3) algorithm for computing the set based approximation of a program. We then extend this analysis in a natural way to deal with arrays, arithmetic, exceptions and continuations. We briefly describe our experience with an implementation of this analysis for ML programs.

A finite presentation theorem for approximating logic programs

The notion of Cartesian closure on a set of unifiers has been used to define approximations of the least models of logic programs. Such approximations, often called types, are not known to be recursive. In this paper, we use Cartesian closure to define a similar, but more accurate, approximation. The main result proves that our approximation is not only recursive, but that it can be finitely represented in the form of a cyclic term graph. This explicit representation can be used as a starting point for logic program analyzers.

Demand-driven pointer analysis

Known algorithms for pointer analysis are “global” in the sense that they perform an exhaustive analysis of a program or program component. In this paper we introduce a demand-driven approach for pointer analysis. Specifically, we describe a demand-driven flow-insensitive, subset-based, con text-insensitive points-to analysis. Given a list of pointer variables (a query), our analysis performs just enough computation to determine the points-to sets for these query variables. Using deductive reachability formulations of both the exhaustive and the demand-driven analyses, we prove that our algorithm is correct. We also show that our analysis is optimal in the sense that it does not do more work than necessary. We illustrate the feasibility and efficiency of our analysis with an implementation of demand-driven points-to analysis for computing the call-graphs of C programs with function pointers. The performance of our system varies substantially across benchmarks - the main factor is how much of the points-to graph must be computed to determine the call-graph. For some benchmarks, only a small part of the points-to graph is needed (e.g pouray emacs and gcc), and here we see more than a 10x speedup. For other benchmarks (e.g. burlap and gimp), we need to compute most (> 95%) of the points-to graph, and here the demand-driven algorithm is considerably slower, because using the demand-driven algorithm is a slow method of computing the full points-to graph.

Control-Flow Analysis and Type Systems

We establish a series of equivalences between type systems and control-flow analyses. Specifically, we take four type systems from the literature (involving simple types, subtypes and recursion) and conservatively extend them to reason about control-flow information. Similarly, we take four standard control-flow systems and conservatively extend them to reason about type consistency. Our main result is that we can match up the resulting type and control-flow systems such that we obtain pairs of equivalent systems, where the equivalence is with respect to both type and control-flow information. In essence, type systems and control-flow analysis can be viewed as complementary approaches for addressing questions of type consistency and control-flow.

A decision procedure for a class of set constraints

A set constraint is of the form exp/sub 1/ contains exp/sub 2/ where exp/sub 1/ and exp/sub 2/ are set expressions constructed using variables, function symbols, projection symbols, and the set union, intersection, and complement symbols. While the satisfiability problem for such constraints is open, restricted classes have been useful in program analysis. The main result is a decision procedure for definite set constraints which are of the restricted form a contains exp, where a contains only constants, variables, and function symbols, and exp is a positive set expression (that is, it does not contain the complement symbol). A conjunction of such constraints, whenever satisfiable, has a least model and the algorithm will output an explicit representation of this model. An additional feature of the algorithm is that it deals with another important class of set constraints. These are the solved form set constraints which have the form X/sub 1/=exp/sub 1/, . . ., X/sub n/=exp/sub n/, where the X/sub i/ are distinct variables and the exp/sub i/ are positive set expressions. A solved form constraint is always satisfiable and possesses a least and a greatest model. The algorithm can output explicit representations of both.<<ETX>>

CLP( R ) and some electrical engineering problems

The Constraint Logic Programming Scheme defines a class of languages designed for programming with constraints using a logic programming approach. These languages are soundly based on a unified framework of formal semantics. In particular, as an instance of this scheme with real arithmetic constraints, the CLP(ℜ) language facilitates and encourages a concise and declarative style of programming for problems involving a mix of numeric and non-numeric computation.In this paper we illustrate the practical applicability of CLP(ℜ) with examples of programs to solve electrical engineering problems. This field is particularly rich in problems that are complex and largely numeric, enabling us to demonstrate a number of the unique features of CLP(ℜ). A detailed look at some of the more important programming techniques highlights the ability of CLP(ℜ) to support well-known, powerful techniques from constraint programming. Our thesis is that CLP(ℜ) is an embodiment of these techniques in a language that is more general, elegant and versatile than the earlier languages, and yet is practical.

Set Constraints and Set-Based Analysis

The calculus of set constraints was presented, and its history of basic results and applications briefly described. The approach of set-based analysis was then presented in an informal style, with a focus on the breadth of applicability of the technique. The relationship between set constraints and set-based analysis is roughly that the approximation of a program by ignoring inter-variable dependencies can be captured by set constraints. It was then argued that set-based analysis can provide accurate and efficient program analysis.