We consider slicing extended finite state machines. Extended finite state machines (EFSMs) combin... more We consider slicing extended finite state machines. Extended finite state machines (EFSMs) combine a finite state machine with a store and can model a range of computational phenomena, from high-level software to cyber-physical systems. EFSMs are essentially interactive, possibly non-terminating or with multiple exit states and may be nondeterministic, so standard techniques for slicing, developed for control flow graphs of programs with a functional semantics, are not immediately applicable. This paper addresses the various aspects of correctness for slicing of EFSMs, and provides syntactic criteria that we prove are sufficient for our proposed notions of semantic correctness. The syntactic criteria are based on the "weak commitment" and "strong commitment" properties highlighted by Danicic et alia. We provide polynomial-time algorithms to compute the least sets satisfying each of these two properties. We have conducted experiments using widely-studied benchmark and industrial EFSMs that compare our slicing algorithms with those using existing definitions of control dependence. We found that our algorithms produce the smallest average slices sizes, 21% of the original EFSMs when "weak commitment" is sufficient and 58% when "strong commitment" is needed (to preserve termination properties).
The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues o... more The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues of mobility and migrant code [6]. We consider an Ambient Calculus where ambients transport and exchange programs rather that just inert data. We propose different senses in which such a calculus can be said to be polymorphically typed, and design accordingly a polymorphic type system for it. Our type system assigns types to embedded programs and what we call behaviors to processes; a denotational semantics of behaviors is then proposed, here called trace semantics, underlying much of the remaining analysis. We state and prove a Subject Reduction property for our polymorphically-typed calculus. Based on techniques borrowed from finite automata theory, typechecking of fully type-annotated processes is shown to be decidable. Our polymorphically-typed calculus is a conservative extension of the typed Ambient Calculus originally proposed by Cardelli and Gordon [7].
We present a theory for slicing probabilistic imperative programs-containing random assignments, ... more We present a theory for slicing probabilistic imperative programs-containing random assignments, and "observe" statements (for conditioning)-represented as probabilistic control-flow graphs (pCFGs) whose nodes modify probability distributions. We show that such a representation allows direct adaptation of standard machinery such as data and control dependence, postdominators, relevant variables, etc. to the probabilistic setting. We separate the specification of slicing from its implementation: first we develop syntactic conditions that a slice must satisfy; next we prove that any such slice is semantically correct; finally we give an algorithm to compute the least slice. To generate smaller slices, we may in addition take advantage of knowledge that certain loops will terminate (almost) always. A key feature of our syntactic conditions is that they involve two disjoint slices such that the variables of one slice are probabilistically independent of the variables of the other. This leads directly to a proof of correctness of probabilistic slicing. In a companion article we show adequacy of the semantics of pCFGs with respect to the standard semantics of structured probabilistic programs.
ACM Transactions on Programming Languages and Systems, 2020
Dedicated to the memory of Sebastian Danicic. We present a theory for slicing imperative probabil... more Dedicated to the memory of Sebastian Danicic. We present a theory for slicing imperative probabilistic programs containing random assignments and “observe” statements for conditioning. We represent such programs as probabilistic control-flow graphs (pCFGs) whose nodes modify probability distributions. This allows direct adaptation of standard machinery such as data dependence, postdominators, relevant variables, and so on, to the probabilistic setting. We separate the specification of slicing from its implementation: (1) first, we develop syntactic conditions that a slice must satisfy (they involve the existence of another disjoint slice such that the variables of the two slices are probabilistically independent of each other); (2) next, we prove that any such slice is semantically correct; (3) finally, we give an algorithm to compute the least slice. To generate smaller slices, we may in addition take advantage of knowledge that certain loops will terminate (almost) always. Our res...
These notes are written as a supplement to [1, Sect. 16.1&16.3], but can be read independently. 1... more These notes are written as a supplement to [1, Sect. 16.1&16.3], but can be read independently. 1 Demystifying Induction Consider a loop of the form while B do C od, and assume that we know 1 ψ is established by the preamble of the loop (1) if with B true, ψ holds prior to C, then ψ also holds after C (2) Then we can infer that ψ is an invariant of the loop. (3) That is, each time control reaches B, ψ holds. this amounts to (1) and (2) below being valid annotations. {ψ} (1) while B do {ψ ∧ B} WhileTrue C {ψ} (2) od
We study an annotated type and effect system that integrates let-polymorphism, effects, and subty... more We study an annotated type and effect system that integrates let-polymorphism, effects, and subtyping into an annotated type and effect system for a fragment of Concurrent ML. First a small step operational semantics is defined for concurrent ML and next the annotated type and effect system is proved semantically sound. This provides insights into the rule for generalisation in the annotated type and effect system.
We introduce an annotated type system for a compiler intermediate language. The type system is de... more We introduce an annotated type system for a compiler intermediate language. The type system is designed to support inter-procedural register allocation and the representation of tuples and variants directly in the register file. We present an algorithm that generates constraints for assigning annotations, and prove its soundness with respect to the type system.
IFIP International Federation for Information Processing
Previous type systems for mobility calculi (the original Mobile Ambients‚ its variants and descen... more Previous type systems for mobility calculi (the original Mobile Ambients‚ its variants and descendants‚ e.g.‚ Boxed Ambients and Safe Ambients‚ and other related systems) offer little support for generic mobile agents. Previous systems either do not handle communication at all or globally assign fixed communication types to ambient names that do not change as an ambient moves around or interacts with other ambients. This makes it hard to type examples such as a messenger ambient that uses communication primitives to collect a message of non-predetermined type and deliver it to a non-predetermined destination. In contrast‚ we present our new type system PolyA. Instead of assigning communication types to ambient names‚ PolyA assigns a type to each process P that gives upper bounds on (1) the possible ambient nesting shapes of any process P' to which P can evolve‚ (2) the values that may be communicated at each location‚ and (3) the capabilities that can be used at each location. Because PolyA can type generic mobile agents‚ we believe PolyA is the first type system for a mobility calculus that provides type polymorphism comparable in power to polymorphic type systems for the PolyA is easily extended to ambient calculus variants. A restriction of PolyA has principal typings.
Slicing is a program transformation technique with nu-merous applications, since it allows the us... more Slicing is a program transformation technique with nu-merous applications, since it allows the user to focus on the parts of a given program that are relevant for a given pur-pose. Ideally, the sliced program should have the same ter-mination properties as the original program, but to achieve this, the slicing algorithm must include in the slice all com-mands that influence the guards of potential loops. For practical purposes, so as to keep the slices manageable, it might be better to slice away loops that do not affect the values of relevant variables. This paper presents foundational work that accom-plishes this goal for arbitrary control flow graphs, whereas previous approaches have assumed the presence of a unique end node; therefore, the proposed approach is able to han-dle the control flow graphs that arise from modern program structures, such as when modeling reactive systems. A slice set is required to be closed under data dependency and un-der a certain variant of control ...
These notes are inspired by [1]. 1 Secure Information Flow Assume we are dealing with two kinds o... more These notes are inspired by [1]. 1 Secure Information Flow Assume we are dealing with two kinds of variables: those of high security (classified); and those of low security (non-classified). Our goal is that users with low clearance should not be able to gain information about the values of the classified variables. In the following, this notion will be made precise. For the sake of simplicity, let us assume that there are only two variables in play: l (for low) and h (for high). We want to protect ourselves against an attacker (spy) who
Proceedings of the 2007 ACM workshop on Formal methods in security engineering, 2007
We formulate an intraprocedural information flow analysis algorithm for sequential, heap manipula... more We formulate an intraprocedural information flow analysis algorithm for sequential, heap manipulating programs. We prove correctness of the algorithm, and argue that it can be used to verify some naturally occurring examples in which information flow is conditional on some Hoare-like state predicates being satisfied. Because the correctness of information flow analysis is typically formulated in terms of noninterference of pairs of computations, the algorithm takes as input a program together with two-state assertions as postcondition, and generates two-state preconditions together with verification conditions. To process heap manipulations and while loops, the algorithm must additionally be supplied "object flow invariants" as well as "loop flow invariants" which are themselves two-state, and possibly conditional.
See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained... more See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained by contacting:
We describe a case study where novel program analysis technology has been used to pinpoint a subt... more We describe a case study where novel program analysis technology has been used to pinpoint a subtle bug in a formally developed control program for an embedded system. The main technology amounts to first defining a process algebra (called behaviours) suited to the programming language used (in our case CML) and secondly to devise an annotated type and effect system for extracting behaviours from programs in a such a manner that an automatic inference algorithm can be developed. The case study is a control program developed for the "Karlsruhe Production Cell" and our analysis of the behaviours shows that one of the safety conditions fails to hold.
The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues o... more The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues of mobility and migrant code [6]. We consider an Ambient Calculus where ambients transport and exchange programs rather that just inert data. We propose different senses in which such a calculus can be said to be polymorphically typed, and design accordingly a polymorphic type system for it. Our type system assigns types to embedded programs and what we call behaviors to processes; a denotational semantics of behaviors is then proposed, here called trace semantics, underlying much of the remaining analysis. We state and prove a Subject Reduction property for our polymorphically-typed calculus. Based on techniques borrowed from finite automata theory, typechecking of fully type-annotated processes is shown to be decidable. Our polymorphically-typed calculus is a conservative extension of the typed Ambient Calculus originally proposed by Cardelli and Gordon [7].
Design and Verification of Microprocessor Systems for High-Assurance Applications, 2010
Information assurance applications built according to the MILS (Multiple Independent Levels of Se... more Information assurance applications built according to the MILS (Multiple Independent Levels of Security) architecture often contain information flow policies that are conditional in the sense that data is allowed to flow between system components only when the system satisfies certain state predicates. However, existing specification and verification environments, such as SPARK Ada, used to develop MILS applications can only capture unconditional information flows. Motivated by the need to better formally specify and certify MILS applications in industrial contexts, we present an enhancement of the SPARK information flow annotation language that enables specification, inferring, and compositional checking of conditional information flow contracts. We report on the use of this framework for a collection of SPARK examples.
The design and implementation of a correct system can benefit from employing static techniques fo... more The design and implementation of a correct system can benefit from employing static techniques for ensuring that the dynamic behaviour satisfies the specification. Many programming languages incorporate types for ensuring that certain operations are only applied to data of the appropriate form. A natural extension of type checking techniques is to enrich the types with annotations and effects that further describe intensional aspects of the dynamic behaviour.
There are many calculi for reasoning about concurrent com- municating processes which have locati... more There are many calculi for reasoning about concurrent com- municating processes which have locations and are mobile. Examples include the original Ambient Calculus and its many variants, the Seal Calculus, the MR-calculus, the M-calculus, etc. It is desirable to use such calculi to describe the behavior of mobile agents. It seems reasonable that mobile agents should be able to follow non-predetermined paths and to carry non-predetermined types of data from location to location, collect- ing and delivering this data using communication primitives. Previous type systems for ambient calculi make this dicult or impossible to ex- press, because these systems (if they handle communication at all) have always globally mapped each ambient name to a type governing the type of values that can be communicated locally or with adjacent locations, and this type can not depend on where the ambient has traveled. We present a new type system where there are no global assignments of types to ambient ...
These notes are written as a supplement to [1, Sect. 16.5], but can be read independently. Sectio... more These notes are written as a supplement to [1, Sect. 16.5], but can be read independently. Section 6 is inspired by Chapter 16 in [4], an excellent treatise on the subject of program construction; also our Section 8 is inspired by that book. The proof rules in Section 7 are inspired by the presentation in [5, Chap. 4]. Section 10 is inspired by [3].
In this paper we develop a sound and complete type and behaviour inference algorithm for a fragme... more In this paper we develop a sound and complete type and behaviour inference algorithm for a fragment of CML (Standard ML with primitives for concurrency). Behaviours resemble terms of a process algebra and yield a concise representation of the communications taking place during execution; types are mostly as usual except that function types and "delayed communication types" are labelled by behaviours expressing the communications that will take place if the function is applied or the delayed action is activated. The development of the present paper improves a previously published algorithm in achieving completeness as well as soundness; this is due to an alternative strategy for generalising over types and behaviours.
Control dependence forms the basis for many program analyses, such as program slicing. Recent wor... more Control dependence forms the basis for many program analyses, such as program slicing. Recent work on control dependence analysis has led to new definitions of dependence that can allow for reactive programs with their necessarily nonterminating computations. One important such definition is the definition of Weak Order Dependence, which was introduced to generalize classical control dependence for a Control Flow Graph (CFG) without end nodes. In this paper we show that for a CFG where all nodes are reachable from each other, weak order dependence can be expressed in terms of traditional control dependence where one node has been converted into an end node.
We consider slicing extended finite state machines. Extended finite state machines (EFSMs) combin... more We consider slicing extended finite state machines. Extended finite state machines (EFSMs) combine a finite state machine with a store and can model a range of computational phenomena, from high-level software to cyber-physical systems. EFSMs are essentially interactive, possibly non-terminating or with multiple exit states and may be nondeterministic, so standard techniques for slicing, developed for control flow graphs of programs with a functional semantics, are not immediately applicable. This paper addresses the various aspects of correctness for slicing of EFSMs, and provides syntactic criteria that we prove are sufficient for our proposed notions of semantic correctness. The syntactic criteria are based on the "weak commitment" and "strong commitment" properties highlighted by Danicic et alia. We provide polynomial-time algorithms to compute the least sets satisfying each of these two properties. We have conducted experiments using widely-studied benchmark and industrial EFSMs that compare our slicing algorithms with those using existing definitions of control dependence. We found that our algorithms produce the smallest average slices sizes, 21% of the original EFSMs when "weak commitment" is sufficient and 58% when "strong commitment" is needed (to preserve termination properties).
The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues o... more The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues of mobility and migrant code [6]. We consider an Ambient Calculus where ambients transport and exchange programs rather that just inert data. We propose different senses in which such a calculus can be said to be polymorphically typed, and design accordingly a polymorphic type system for it. Our type system assigns types to embedded programs and what we call behaviors to processes; a denotational semantics of behaviors is then proposed, here called trace semantics, underlying much of the remaining analysis. We state and prove a Subject Reduction property for our polymorphically-typed calculus. Based on techniques borrowed from finite automata theory, typechecking of fully type-annotated processes is shown to be decidable. Our polymorphically-typed calculus is a conservative extension of the typed Ambient Calculus originally proposed by Cardelli and Gordon [7].
We present a theory for slicing probabilistic imperative programs-containing random assignments, ... more We present a theory for slicing probabilistic imperative programs-containing random assignments, and "observe" statements (for conditioning)-represented as probabilistic control-flow graphs (pCFGs) whose nodes modify probability distributions. We show that such a representation allows direct adaptation of standard machinery such as data and control dependence, postdominators, relevant variables, etc. to the probabilistic setting. We separate the specification of slicing from its implementation: first we develop syntactic conditions that a slice must satisfy; next we prove that any such slice is semantically correct; finally we give an algorithm to compute the least slice. To generate smaller slices, we may in addition take advantage of knowledge that certain loops will terminate (almost) always. A key feature of our syntactic conditions is that they involve two disjoint slices such that the variables of one slice are probabilistically independent of the variables of the other. This leads directly to a proof of correctness of probabilistic slicing. In a companion article we show adequacy of the semantics of pCFGs with respect to the standard semantics of structured probabilistic programs.
ACM Transactions on Programming Languages and Systems, 2020
Dedicated to the memory of Sebastian Danicic. We present a theory for slicing imperative probabil... more Dedicated to the memory of Sebastian Danicic. We present a theory for slicing imperative probabilistic programs containing random assignments and “observe” statements for conditioning. We represent such programs as probabilistic control-flow graphs (pCFGs) whose nodes modify probability distributions. This allows direct adaptation of standard machinery such as data dependence, postdominators, relevant variables, and so on, to the probabilistic setting. We separate the specification of slicing from its implementation: (1) first, we develop syntactic conditions that a slice must satisfy (they involve the existence of another disjoint slice such that the variables of the two slices are probabilistically independent of each other); (2) next, we prove that any such slice is semantically correct; (3) finally, we give an algorithm to compute the least slice. To generate smaller slices, we may in addition take advantage of knowledge that certain loops will terminate (almost) always. Our res...
These notes are written as a supplement to [1, Sect. 16.1&16.3], but can be read independently. 1... more These notes are written as a supplement to [1, Sect. 16.1&16.3], but can be read independently. 1 Demystifying Induction Consider a loop of the form while B do C od, and assume that we know 1 ψ is established by the preamble of the loop (1) if with B true, ψ holds prior to C, then ψ also holds after C (2) Then we can infer that ψ is an invariant of the loop. (3) That is, each time control reaches B, ψ holds. this amounts to (1) and (2) below being valid annotations. {ψ} (1) while B do {ψ ∧ B} WhileTrue C {ψ} (2) od
We study an annotated type and effect system that integrates let-polymorphism, effects, and subty... more We study an annotated type and effect system that integrates let-polymorphism, effects, and subtyping into an annotated type and effect system for a fragment of Concurrent ML. First a small step operational semantics is defined for concurrent ML and next the annotated type and effect system is proved semantically sound. This provides insights into the rule for generalisation in the annotated type and effect system.
We introduce an annotated type system for a compiler intermediate language. The type system is de... more We introduce an annotated type system for a compiler intermediate language. The type system is designed to support inter-procedural register allocation and the representation of tuples and variants directly in the register file. We present an algorithm that generates constraints for assigning annotations, and prove its soundness with respect to the type system.
IFIP International Federation for Information Processing
Previous type systems for mobility calculi (the original Mobile Ambients‚ its variants and descen... more Previous type systems for mobility calculi (the original Mobile Ambients‚ its variants and descendants‚ e.g.‚ Boxed Ambients and Safe Ambients‚ and other related systems) offer little support for generic mobile agents. Previous systems either do not handle communication at all or globally assign fixed communication types to ambient names that do not change as an ambient moves around or interacts with other ambients. This makes it hard to type examples such as a messenger ambient that uses communication primitives to collect a message of non-predetermined type and deliver it to a non-predetermined destination. In contrast‚ we present our new type system PolyA. Instead of assigning communication types to ambient names‚ PolyA assigns a type to each process P that gives upper bounds on (1) the possible ambient nesting shapes of any process P' to which P can evolve‚ (2) the values that may be communicated at each location‚ and (3) the capabilities that can be used at each location. Because PolyA can type generic mobile agents‚ we believe PolyA is the first type system for a mobility calculus that provides type polymorphism comparable in power to polymorphic type systems for the PolyA is easily extended to ambient calculus variants. A restriction of PolyA has principal typings.
Slicing is a program transformation technique with nu-merous applications, since it allows the us... more Slicing is a program transformation technique with nu-merous applications, since it allows the user to focus on the parts of a given program that are relevant for a given pur-pose. Ideally, the sliced program should have the same ter-mination properties as the original program, but to achieve this, the slicing algorithm must include in the slice all com-mands that influence the guards of potential loops. For practical purposes, so as to keep the slices manageable, it might be better to slice away loops that do not affect the values of relevant variables. This paper presents foundational work that accom-plishes this goal for arbitrary control flow graphs, whereas previous approaches have assumed the presence of a unique end node; therefore, the proposed approach is able to han-dle the control flow graphs that arise from modern program structures, such as when modeling reactive systems. A slice set is required to be closed under data dependency and un-der a certain variant of control ...
These notes are inspired by [1]. 1 Secure Information Flow Assume we are dealing with two kinds o... more These notes are inspired by [1]. 1 Secure Information Flow Assume we are dealing with two kinds of variables: those of high security (classified); and those of low security (non-classified). Our goal is that users with low clearance should not be able to gain information about the values of the classified variables. In the following, this notion will be made precise. For the sake of simplicity, let us assume that there are only two variables in play: l (for low) and h (for high). We want to protect ourselves against an attacker (spy) who
Proceedings of the 2007 ACM workshop on Formal methods in security engineering, 2007
We formulate an intraprocedural information flow analysis algorithm for sequential, heap manipula... more We formulate an intraprocedural information flow analysis algorithm for sequential, heap manipulating programs. We prove correctness of the algorithm, and argue that it can be used to verify some naturally occurring examples in which information flow is conditional on some Hoare-like state predicates being satisfied. Because the correctness of information flow analysis is typically formulated in terms of noninterference of pairs of computations, the algorithm takes as input a program together with two-state assertions as postcondition, and generates two-state preconditions together with verification conditions. To process heap manipulations and while loops, the algorithm must additionally be supplied "object flow invariants" as well as "loop flow invariants" which are themselves two-state, and possibly conditional.
See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained... more See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained by contacting:
We describe a case study where novel program analysis technology has been used to pinpoint a subt... more We describe a case study where novel program analysis technology has been used to pinpoint a subtle bug in a formally developed control program for an embedded system. The main technology amounts to first defining a process algebra (called behaviours) suited to the programming language used (in our case CML) and secondly to devise an annotated type and effect system for extracting behaviours from programs in a such a manner that an automatic inference algorithm can be developed. The case study is a control program developed for the "Karlsruhe Production Cell" and our analysis of the behaviours shows that one of the safety conditions fails to hold.
The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues o... more The Ambient Calculus was developed by Cardelli and Gordon as a formal framework to study issues of mobility and migrant code [6]. We consider an Ambient Calculus where ambients transport and exchange programs rather that just inert data. We propose different senses in which such a calculus can be said to be polymorphically typed, and design accordingly a polymorphic type system for it. Our type system assigns types to embedded programs and what we call behaviors to processes; a denotational semantics of behaviors is then proposed, here called trace semantics, underlying much of the remaining analysis. We state and prove a Subject Reduction property for our polymorphically-typed calculus. Based on techniques borrowed from finite automata theory, typechecking of fully type-annotated processes is shown to be decidable. Our polymorphically-typed calculus is a conservative extension of the typed Ambient Calculus originally proposed by Cardelli and Gordon [7].
Design and Verification of Microprocessor Systems for High-Assurance Applications, 2010
Information assurance applications built according to the MILS (Multiple Independent Levels of Se... more Information assurance applications built according to the MILS (Multiple Independent Levels of Security) architecture often contain information flow policies that are conditional in the sense that data is allowed to flow between system components only when the system satisfies certain state predicates. However, existing specification and verification environments, such as SPARK Ada, used to develop MILS applications can only capture unconditional information flows. Motivated by the need to better formally specify and certify MILS applications in industrial contexts, we present an enhancement of the SPARK information flow annotation language that enables specification, inferring, and compositional checking of conditional information flow contracts. We report on the use of this framework for a collection of SPARK examples.
The design and implementation of a correct system can benefit from employing static techniques fo... more The design and implementation of a correct system can benefit from employing static techniques for ensuring that the dynamic behaviour satisfies the specification. Many programming languages incorporate types for ensuring that certain operations are only applied to data of the appropriate form. A natural extension of type checking techniques is to enrich the types with annotations and effects that further describe intensional aspects of the dynamic behaviour.
There are many calculi for reasoning about concurrent com- municating processes which have locati... more There are many calculi for reasoning about concurrent com- municating processes which have locations and are mobile. Examples include the original Ambient Calculus and its many variants, the Seal Calculus, the MR-calculus, the M-calculus, etc. It is desirable to use such calculi to describe the behavior of mobile agents. It seems reasonable that mobile agents should be able to follow non-predetermined paths and to carry non-predetermined types of data from location to location, collect- ing and delivering this data using communication primitives. Previous type systems for ambient calculi make this dicult or impossible to ex- press, because these systems (if they handle communication at all) have always globally mapped each ambient name to a type governing the type of values that can be communicated locally or with adjacent locations, and this type can not depend on where the ambient has traveled. We present a new type system where there are no global assignments of types to ambient ...
These notes are written as a supplement to [1, Sect. 16.5], but can be read independently. Sectio... more These notes are written as a supplement to [1, Sect. 16.5], but can be read independently. Section 6 is inspired by Chapter 16 in [4], an excellent treatise on the subject of program construction; also our Section 8 is inspired by that book. The proof rules in Section 7 are inspired by the presentation in [5, Chap. 4]. Section 10 is inspired by [3].
In this paper we develop a sound and complete type and behaviour inference algorithm for a fragme... more In this paper we develop a sound and complete type and behaviour inference algorithm for a fragment of CML (Standard ML with primitives for concurrency). Behaviours resemble terms of a process algebra and yield a concise representation of the communications taking place during execution; types are mostly as usual except that function types and "delayed communication types" are labelled by behaviours expressing the communications that will take place if the function is applied or the delayed action is activated. The development of the present paper improves a previously published algorithm in achieving completeness as well as soundness; this is due to an alternative strategy for generalising over types and behaviours.
Control dependence forms the basis for many program analyses, such as program slicing. Recent wor... more Control dependence forms the basis for many program analyses, such as program slicing. Recent work on control dependence analysis has led to new definitions of dependence that can allow for reactive programs with their necessarily nonterminating computations. One important such definition is the definition of Weak Order Dependence, which was introduced to generalize classical control dependence for a Control Flow Graph (CFG) without end nodes. In this paper we show that for a CFG where all nodes are reachable from each other, weak order dependence can be expressed in terms of traditional control dependence where one node has been converted into an end node.
Uploads
Papers by Torben Amtoft