The semantics of Scheme control-flow analysis
PEPM '91 Proceedings of the 1991 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Term rewriting and all that
A formal framework for the Java bytecode language and verifier
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Decidable Approximations of Sets of Descendants and Sets of Normal Forms
RTA '98 Proceedings of the 9th International Conference on Rewriting Techniques and Applications
Rewriting for Cryptographic Protocol Verification
CADE-17 Proceedings of the 17th International Conference on Automated Deduction
Reachability Analysis over Term Rewriting Systems
Journal of Automated Reasoning
Regular Tree Languages And Rewrite Systems
Fundamenta Informaticae
A theoretical limit for safety verification techniques with regular fix-point computations
Information Processing Letters
Finer Is Better: Abstraction Refinement for Rewriting Approximations
RTA '08 Proceedings of the 19th international conference on Rewriting Techniques and Applications
Towards an Efficient Implementation of Tree Automata Completion
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Certifying a Tree Automata Completion Checker
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
Handling Left-Quadratic Rules When Completing Tree Automata
Electronic Notes in Theoretical Computer Science (ENTCS)
Approximating Term Rewriting Systems: A Horn Clause Specification and Its Implementation
LPAR '08 Proceedings of the 15th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning
TAGED Approximations for Temporal Properties Model-Checking
CIAA '09 Proceedings of the 14th International Conference on Implementation and Application of Automata
How to Tackle Integer Weighted Automata Positivity
RP '09 Proceedings of the 3rd International Workshop on Reachability Problems
Approximation-based tree regular model-checking
Nordic Journal of Computing
Equational approximations for tree automata completion
Journal of Symbolic Computation
Functional term rewriting systems towards symbolic model-checking
International Journal of Critical Computer-Based Systems
Characterizing conclusive approximations by logical formulae
RP'11 Proceedings of the 5th international conference on Reachability problems
Rewriting approximations for properties verification over CCS specifications
FSEN'11 Proceedings of the 4th IPM international conference on Fundamentals of Software Engineering
From linear temporal logic properties to rewrite propositions
IJCAR'12 Proceedings of the 6th international joint conference on Automated Reasoning
Equational abstraction refinement for certified tree regular model checking
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
A completion algorithm for lattice tree automata
CIAA'13 Proceedings of the 18th international conference on Implementation and Application of Automata
Hi-index | 0.00 |
This paper shows how to construct static analyzers using tree automata and rewriting techniques. Starting from a term rewriting system representing the operational semantics of the target programming language and given a program to analyze, we automatically construct an over-approximation of the set of reachable terms, i.e. of the program states that can be reached. The approach enables fast prototyping of static analyzers because modifying the analysis simply amounts to changing the set of rewrite rules defining the approximation. A salient feature of this approach is that the approximation is correct by construction and hence does not require an explicit correctness proof. To illustrate the framework proposed here on a realistic programming language we instantiate it with the Java Virtual Machine semantics and perform class analysis on Java bytecode programs.