Papers by Damiano Zanardini
In programming languages with dynamic use of memory, such as Java, knowing that a reference varia... more In programming languages with dynamic use of memory, such as Java, knowing that a reference variable x points to an acyclic data structure is valuable for the analysis of termination and resource usage (e.g., execution time or memory consumption). For instance, this information guarantees that the depth of the data structure to which x points is greater than the depth of the data structure pointed to by x.f for any field f of x. This, in turn, allows bounding the number of iterations of a loop which traverses the structure by its depth, which is essential in order to prove the termination or infer the resource usage of the loop. The present paper provides an Abstract-Interpretation-based formalization of a static analysis for inferring acyclicity, which works on the reduced product of two abstract domains: reachability, which models the property that the location pointed to by a variable w can be reached by dereferencing another variable v (in this case, v is said to reach w); and cyclicity, modeling the property that v can point to a cyclic data structure. The analysis is proven to be sound and optimal with respect to the chosen abstraction.
This work is organized in seven chapters. The introduction, Chapter 1, illus-trates the context a... more This work is organized in seven chapters. The introduction, Chapter 1, illus-trates the context and highlights the importance of security properties in the present day practice of software developing and analysis. Chapter 2 introduces the various programming languages which are used throughout the remaining chapters (excluding Haskell, which implements the dependency calculus in Appendix A). It also provides the necessary back-ground in lattice and xpoint theory. The original denition of Abstract Non-Interference and its foundational theories (in particular, Abstract Interpretation and the basics of Information Flow analysis) are presented in Chapter 3. Since we are dealing with the framework of code certication, the promising Proof-Carrying code architec-ture is also illustrated. Proof-Carrying code is the goal of the framework which is sketched in Chapter 6. Chapter 3 also presents, in its last section, recent research which is relevant to our purpose. In particular, security anal...
Proceedings of the 16th International Software Product Line Conference on - SPLC '12 -volume 1, 2012
The configuration of concrete products from a product line infrastructure is the process of resol... more The configuration of concrete products from a product line infrastructure is the process of resolving the variability captured in the product line according to a company's market strategy or specific customer's requirements. Several aspects influence the selection of features for a concrete product, such as dependencies and constraints between features, the different stakeholders involved in the process, the desired degree of quality, and cost constraints. This paper presents the vision of a configurator that will focus on providing indicators of security and performance for features and empowering its users to interactively observe the effect of the selected set of features on these two quality characteristics. We propose the use of reusable expert knowledge and static analysis for obtaining the indicators of security and performance, respectively. The two main issues to be investigated are: (1) to which degree the configuration process should be automated; and (2) how exactly to obtain indicators of security and performance for features that can be used to predict the security and performance of whole configurations.
Theoretical Computer Science, 2012
Cost analysis statically approximates the cost of programs in terms of their input data size. Thi... more Cost analysis statically approximates the cost of programs in terms of their input data size. This paper presents, to the best of our knowledge, the first approach to the automatic cost analysis of Object-Oriented bytecode programs. In languages such as Java and C#, analyzing bytecode has a much wider application area than analyzing source code since the latter is often not available. Cost analysis in this context has to consider, among others, dynamic dispatch, jumps, the operand stack, and the heap. Our method takes a bytecode program and a cost model specifying the resource of interest, and generates cost relations which approximate the execution cost of the program with respect to such resource. We report on COSTA, an implementation for Java bytecode which can obtain upper bounds on cost for a large class of programs and complexity classes. Our basic techniques can be directly applied to infer cost relations for other Object-Oriented imperative languages, not necessarily in bytecode form.
Theoretical Computer Science, 2013
In programming languages with dynamic use of memory, such as Java, knowing that a reference varia... more In programming languages with dynamic use of memory, such as Java, knowing that a reference variable x points to an acyclic data structure is valuable for the analysis of termination and resource usage (e.g., execution time or memory consumption). For instance, this information guarantees that the depth of the data structure to which x points is greater than the depth of the data structure pointed to by x.f for any field f of x. This, in turn, allows bounding the number of iterations of a loop which traverses the structure by its depth, which is essential in order to prove the termination or infer the resource usage of the loop. The present paper provides an Abstract-Interpretation-based formalization of a static analysis for inferring acyclicity, which works on the reduced product of two abstract domains: reachability, which models the property that the location pointed to by a variable w can be reached by dereferencing another variable v (in this case, v is said to reach w); and cyclicity, modeling the property that v can point to a cyclic data structure. The analysis is proven to be sound and optimal with respect to the chosen abstraction.
New Generation Computing, 2012
The Information-Flow property of Non-Interference was recently relaxed into Abstract Non-Interfer... more The Information-Flow property of Non-Interference was recently relaxed into Abstract Non-Interference (ANI), a weakened version where attackers can only observe properties of data, rather than their exact value. ANI was originally defined on integers, where a property models the set of numbers satisfying it. The present work proposes an Object-Oriented, Java-based formulation of an instance of ANI where data take the form of objects, and the observed property comes to be their type. The execution of a program is taken to be the invocation of some method by an external user: a class is secure if, for all its (non-private) methods, the type of their low-security data after the execution does not depend on the initial type of its high-security data (i.e., there are no illicit flows). The relation to ANI theory (in its abstract version) can be seen in the representation of abstract domains in terms of class hierarchies: an upper closure operator map an object into the smallest class it is an instance of. An analyzer for a non-trivial subset of Java is illustrated. A sketch of a soundness proof is provided: a program is never misclassified as secure, i.e., it is rejected whenever the absence of illicit flows cannot be guaranteed.
Abstract. In programming languages with a dynamic use of memory, such as Java, knowing that a ref... more Abstract. In programming languages with a dynamic use of memory, such as Java, knowing that a reference variable x points to an acyclic data structure is valuable for the analysis of termination and resource usage (eg, execution time or memory consumption). For instance, this information guarantees that the depth of the data structure to which x points is greater than the depth of the data structure pointed to by xf for any field f of x. This, in turn, allows bounding the number of iterations of a loop which traverses the structure by its depth, ...
In this paper we present the SICOMORo-CM project. Its main aim is to advance the state of the art... more In this paper we present the SICOMORo-CM project. Its main aim is to advance the state of the art in the development of reliable and trustworthy systems by combining formal and model-based approaches. The project started on October 1st, 2014 and will last four years. The project consortium is integrated by five research groups based in Madrid (Spain) and it has been funded by the Regional Government of Madrid and the European Social Fund of the European Commission with a total of 635.088,65€.
Creating and Improving Educational Materials: An Approach Based on Crowdsourcing
ICERI2018 Proceedings, 2018
One way of increasing the quantity and quality of educational materials that are available on-lin... more One way of increasing the quantity and quality of educational materials that are available on-line is to apply collaborative and crowdsourcing techniques during the production process. The idea of involving groups of learners working together to solve a problem, to complete a task, or to create a product is an educational approach to teach and learn called Collaborative Learning (CL). One way of applying the CL approach is by using a collaborative authoring platform such as SlideWiki. This paper presents a crowdsourced-based approach for involving students in the creation and improvement of educational materials using the SlideWiki platform.
In programming languages with a dynamic use of memory, such as Java, knowing that a reference var... more In programming languages with a dynamic use of memory, such as Java, knowing that a reference variable x points to an acyclic data structure is valuable for the analysis of termination and resource usage (e.g., execution time or memory consumption). For instance, this information guarantees that the depth of the data structure to which x points is greater than the depth of the data structure pointed to by x.f for any field f of x. This, in turn, allows bounding the number of iterations of a loop which traverses the structure by its depth, which is essential in order to prove the termination or infer the resource usage of the loop. The present paper develops an abstract-interpretation-based static analysis for inferring acyclicity, which works on the reduced product of two abstract domains: reachability, which models the property that the location pointed to by a variable w can be reached by dereferencing another variable v (in this case, v is said to reach w); and cyclicity, modelli...
Field-sensitive sharing
In static analysis of programming languages with dynamic memory, sharing analysis tries to infer ... more In static analysis of programming languages with dynamic memory, sharing analysis tries to infer if two variables point to data structures which are not disjoint. I.e., two variables share at a certain program point if there is a memory cell which can be accessed from both via two converging paths in the heap. Sharing information is used as an auxiliary component in a number of static analysis techniques: to know that two variables do not share any memory cell allows to guarantee that any modification to the first variable has no effect on the data structure accessible from the second. On the other hand, if it cannot be guaranteed that the data structures accessible from two variables x and y are disjoint, then a loss of information occurs in that any update to x must be considered as a possible update of y , thus making the inference of interesting program properties much harder. This paper introduces a novel sharing analysis which takes into account the fields involved in convergi...
Challenge-Based Learning in Explainable Artificial Intelligence Education
EDULEARN21 Proceedings
Intelligent Agent for Roadway Data Analysis
Advances in Intelligent Systems and Computing
![Research paper thumbnail of Aprendizaje experiencial en ciencia de datos: satisfacción de los estudiantes para tres modelos de enseñanza y aprendizaje - [Experiential learning in data science: student satisfaction for three models of teaching and learning]](https://attachments.academia-assets.com/78674815/thumbnails/1.jpg)
La innovación docente como misión del profesorado : Congreso Internacional Sobre Aprendizaje, Innovación y Competitividad, 2017
Resumen-La Ciencia de Datos es una revolución que ya está cambiando la manera en la que nos ocupa... more Resumen-La Ciencia de Datos es una revolución que ya está cambiando la manera en la que nos ocupamos de negocios, sanidad, política, educación e innovación. Hay una gran variedad de cursos online, másteres, grados, y asignaturas que se enfocan a la enseñanza de este campo interdisciplinar, donde existe una demanda creciente de profesionales. Este artículo describe tres modelos de enseñanza y aprendizaje diferentes para Ciencia de Datos, inspirados en el paradigma del aprendizaje experiencial. Además, estos modelos han sido empleados en una asignatura de Deep Learning, dentro del contexto de un máster internacional de Ciencia de Datos. Finalmente, la satisfacción de los estudiantes es cuantificada por medio de una encuesta para: evaluar los tres modelos, decidir el enfoque favorito y considerar una metodología de aprendizaje experiencial pura.
Abstract Non-Interference in a functional Dependency Calculus
La innovación docente como misión del profesorado : Congreso Internacional Sobre Aprendizaje, Innovación y Competitividad, 2017
partiendo de las calificaciones obtenidas por el alumno dentro del proceso de evaluación continua... more partiendo de las calificaciones obtenidas por el alumno dentro del proceso de evaluación continua. Lo que se pretende es cuantificar la probabilidad de un alumno tiene de suspender conociendo las calificaciones obtenidas, por ejemplo, durante el primer mes de curso. El conjunto de datos estudiado son las notas (parciales y finales) de los alumnos en los años anteriores. Se ha desarrollado una aplicación web para que el alumno pueda ingresar las calificaciones obtenidas hasta el momento y saber qué probabilidad tiene de aprobar finalmente la asignatura.
This work presents a program analyzer for checking Abstract Non-Interference in a fragment of Jav... more This work presents a program analyzer for checking Abstract Non-Interference in a fragment of Java bytecode. Abstract Non-Interference is an information flow property which is weaker and more general than standard Non-Interference, since it can allow some selected parts of secret information to flow into the public part of a program. The motivation for such a weakening is that some flows are indeed useful in real-life applications. The amount of allowed flows is encoded into abstract domains, which characterize the degree of precision of a potential attacker in observing data; flows are forbidden as long as they can be observed and exploited by attackers. Abstract values describe possible values of programs in different executions. Basic features of Java bytecode are considered; advanced topics, such as method calls, objects and exceptions, are also discussed. A program is said to be secure if analysis computes a state which does not contain private information in public places; inf...
Uploads
Papers by Damiano Zanardini