Introduction to Language Based Security
|
|
- Melinda Charles
- 6 years ago
- Views:
Transcription
1 Introduction to Language Based Security Ana Matos and Miguel Correia
2 who ARE YOU? Ana Almeida Matos Office: Tagus, 2N3-11. Contact hours: See web page or send . Research: Language Based Security, Information Flow, Type systems...
3 Class Outline Language Based Security - what and why Program Analysis for Security - an overview Semantics of Programming Languages - basics
4 Topics of the course part I Principles of Computer Security Overview and Protection Software vulnerabilities Development of secure software Control of execution environment
5 Questions raised in this course Which are the most common software security vulnerabilities? How can we secure the execution environment? What are the fundamental problems behind the vulnerabilities? How can we design techniques and tools to prevent or fix them?
6 Language-Based Security techniques based on programming language theory and implementation, including semantics, types, optimization and verification, brought to bear on the security question Schneider et. al, 2000 "Laguage-based security - A research manifesto for a Dagstuhl Seminar,
7 Language-Based Security In sum: Attacks: Application level Tools: Programming language analysis techniques.
8 Programming language techniques For design, implementation, analysis, characterization, classification of programming languages and their individual features. Examples: compilation, monitoring, type checking and other program analysis, program rewriting... Offer appropriate abstractions to deal with software security issues.
9 Security by design Applications are implemented in programming languages systems are modeled at different levels of abstraction (using different languages) security policies can be expressed and analyzed at each of these levels security-by-design: using language-based analysis techniques to provably enforce specified security properties offers strong guarantees Some examples...
10 Buffer overflows... Buffer-Overflow Protection: The Theory by Krerk Piromsopa and Richard J. Enbody (2006) Abstract. We propose a framework for protecting against buffer overflow attacks the oldest and most pervasive attack technique. The malicious nature of buffer-overflow attacks is the use of external data (input) as addresses (or control data). With this observation, we establish a sufficient condition for preventing buffer-overflow attacks and prove that it creates a secure system with respect to buffer-overflow attacks. The underlying concept is that input is untrustworthy, and should not be used as addresses (return addresses and function pointers.). If input can be identified, buffer-overflow attacks can be caught. We used this framework to create an effective, hardware, buffer-overflow prevention tool.
11 Buffer overflows... Code-Pointer Integrity by Volodymyr Kuznetsov, Laszló Szekerés, Mathias Payer, George Candea, R. Sekar, Dawn Song (2014) Abstract. Systems code is often written in low-level languages like C/C+ +, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees [19, 15, 9]. We introduce code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks, including return-oriented programming. (...)
12 Format strings... Detecting Format String Vulnerabilities with Type Qualifiers Flow Abstraction by Umesh Shankar Kunal Talwar Jeffrey S. Foster David Wagner (2001) Abstract. We present a new system for automatically detecting format string security vulnerabilities in C programs using a constraint-based type-inference engine. We describe new techniques for presenting the results of such an analysis to the user in a form that makes bugs easier to find and to fix. The system has been implemented and tested on several real-world software packages. Our tests show that the system is very effective, detecting several bugs previously unknown to the authors and exhibiting a low rate of false positives in almost all cases. Many of our techniques are applicable to additional classes of security vulnerabilities, as well as other type- and constraint based systems.
13 Data races... Maximal Sound Predictive Race Detection with Control Flow Abstraction by Jeff Huang Patrick O Neil Meredith Grigore Rosu (2014) Abstract. Despite the numerous static and dynamic program analysis techniques in the literature, data races remain one of the most common bugs in modern concurrent software. Further, the techniques that do exist either have limited detection capability or are unsound, meaning that they report false positives. We present a sound race detection technique that achieves a provably higher detection capability than existing sound techniques. (...) Moreover, we formally prove that our formulation achieves the maximal possible detection capability (...). We demonstrate via extensive experimentation that our technique detects more races than the other state-of-the-art sound race detection techniques, and that it is scalable to executions of real world concurrent applications with tens of millions of critical events. These experiments also revealed several previously unknown races in real systems (e.g., Eclipse) that have been confirmed or fixed by the developers. (...)
14 Code-injection... Automated Code Injection Prevention for Web Applications by Zhengqin Luo, Tamara Rezk, and Manuel Serrano (2011) Abstract. We propose a new technique based on multitier compilation for preventing code injection in web applications. It consists in adding an extra stage to the client code generator which compares the dynamically generated code with the specification obtained from the syntax of the source program. No intervention from the programmer is needed. No plugin or modification of the web browser is required. The soundness and validity of the approach are proved formally by showing that the client compiler can be fully abstract. The practical interest of the approach is proved by showing the actual implementation in the Hop environment.
15 Topics of the course part II Language Based Security Security monitors Program analysis for security - overview Information flow security Security type systems Security-preserving compilation
16 Class Outline Language Based Security - what and why Program Analysis for Security - an overview Semantics of Programming Languages - basics
17 Program Analysis (for Security) the process of automatically analyzing the behavior of computer programs regarding a (security) specification. Segurança no Software, Miguel Correia and Paulo Sousa, 2010 (Chapter 11). Static Analysis for Security, Brian Chess and Gary McGraw, 2004.
18 So why do developers keep making the same mistakes? Instead of relying on programmers memories, we should strive to produce tools that codify what is known about common security vulnerabilities and integrate it directly into the development process. D. Evans e D. Larochelle, 2002
19 What is the right question? Is this program secure? Is this program secure against this threat? We need to be precise. Does this program meet security requirement P? Does this program meet security requirement P given attacker model A? When do programs written in this language meet security requirement P given attacker model A?
20 Aims of Program Analysis Optimization - about performance, to compute in a more efficient way. Improve running time, decrease space requirements, decrease power consumption Correctness - about assurance, to compute as intended. Detecting/correcting bugs, security vulnerabilities Guaranteeing security properties
21 Security properties correctness - intended behavior robustness - doesn t crash or hang safety - doesn t run into bad states (ex: access control is violated) liveness - good things happen (ex: you get a response)...
22 Precision of a mechanism Given a computer system and a security policy, how precisely can we enforce it? If S is the set of secure states, and a mechanism restricts the system to a set of states R: Sound mechanism: R S Precise mechanism: R = S Complete mechanism: R S
23 Question on limitations Given a computer program and a security policy, can we determine automatically whether or not it is secure? In other words: Is the security problem decidable? Decidable problem - A decision problem that can be solved by an algorithm (that halts on all inputs). The halting problem (termination of a program written in a Turing-expressive language) is undecidable.
24 Limits to precision Security policies typically talk about behavior of a system, and are often undecidable. Who is allowed to do something?, What is allowed to be done?... Mechanisms typically provide automatic ways of restricting the behavior of the system, and are often decidable. How can we enforce these rules? In such (most) cases... a mechanism cannot be precise!
25 Usefulness of automatic analysis In spite of these known limits, automatic analysis can still be useful: Unsound mechanisms might accept insecure programs (false negatives). But, they can still filter out a number of vulnerabilities. Incomplete mechanisms might reject secure programs (false positives). But, they can give strong guarantees about the absence of vulnerabilities.
26 Advantages of automatic analysis Verifies code thoroughly and consistently, without bias or errors introduced by human auditors. Time efficiency. Can analyze binary or intermediate code. Can be designed to give strong guarantees.
27 Limitations of automatic analysis Limited precision We have seen that a decidable analysis cannot be precise: it is either unsound (too permissive) or incomplete (too conservative). Limited scope (as strong as it s assumptions) Designed to look for a finite set of problems - it is not possible to test all conditions. Limited understanding Manual work is still needed, at different degrees.
28 Timing of program analysis Static analysis - before program execution. Dynamic analysis - during program execution, or posteriorly based on collected data. or... Hybrid - combination of both. Use output of one analysis as input to another (static to dynamic and dynamic to static).
29 Dynamic Analysis techniques Examples Testing Dynamic type checking (ex: Perl, Python, JavaScript...) Monitoring (future class)...
30 Static Analysis techniques Examples Control-flow analysis Model checking Program Verification... Abstract interpretation Type and effect systems
31 Precision if <input> then <fine> else <vulnerability> Static analysis Requires an approximation of actual input data. Conservative in accounting for all possibilities. Dynamic analysis Can take advantage of runtime knowledge in order to increase precision. Restricted to a subset of possible executions. Results may not generalize to all executions.
32 Precision if <secret_input> then <output 0> else <output 1> Static analysis Can consider all possible input data by abstraction. Dynamic analysis Analyzing a subset of possible executions can be theoretically insufficient for asserting properties that involve sets of traces (ex: information flow).
33 Precision Hybrid analysis: Dynamic to Static Example: Profile directed compilation - collects useful information from one program execution to assist compilation and improve program optimizations Hybrid analysis: Static to Dynamic Increase scope by combining with prior static analysis.
34 Time cost Static analysis Static time overhead. Slow to analyze large models of input data Dynamic analysis - May impose a cost on efficiency, due to runtime checks.
35 Time cost Hybrid analysis: Static to Dynamic Optimize execution time checks Example: type checks my be guaranteed at compilation time Indicate suspicious code to test more thoroughly Hybrid analysis: Dynamic to Static Apply more complex static analysis to properties observed at run time
36 Development Static analysis Can find problems early in the development cycle, even before the code is run for the first time. Reveals the root of a security problem, not its symptoms (as opposed to testing). Dynamic analysis Can find problems that are left aside by the static analysis. Requires a choice of test runs and an infrastructure for running them.
37 Static Analysis Tools -- an overview
38 Static analysis and compilation are closely related Analyze to compile, compile to analyze Compilers always include some form of program analysis, as certain errors impede compilation. Standard analysis performed by compilers can be used for additional security checks and transformations. Compilers are also programs that can be analyzed: Does the compiler preserve the security properties that are checked on the source code? (Another class)
39 Standard compilation stages source code lexical analyzer (scanner) breaks source code into tokens preprocessor semantic analyzer (parser) builds a syntax tree intermediate code generator optimizer target code generator target code front end back end
40 A generic static analysis tool
41 Build model Do lexical analysis and parsing Build an abstract syntax tree (AST) Generate simultaneously a table of symbols AST can be used for doing type checking Use the AST to build a control flow graph and a call graph... CFG can be used for doing control-flow analysis / dataflow analysis
42 Specify property What to verify can be stated as assertions or rules Ex: strcpy(dest, src) assert(size(dest) > size(src)) Ex: no tainted data can be assigned to an untainted attribute
43 Complexity of tools String matcher - runs directly over source code. Lexical analyzer - runs over the tokens generated by the scanner. Does not confuse a variable getshow with a call to gets (different tokens). Semantic analyzer - runs over the syntax tree generated by the parser. Does not confuse a variable gets with a call to function gets (different meaning).
44 String matchers Simple tools like grep and findstr can do a very basic form of analysis. grep gets *.c and grep strcpy *.c Limitations The user has to know which functions are dangerous The user has to do all the greps Does not distinguish between actual dangerous functions and instances of these strings that are not calls int main { int strcpy; return 0; } // var. strcpy
45 Lexical analyzers Look for dangerous library/system calls Detect calls which are always dangerous (for ex: gets...). Attribute danger levels to the potential vulnerabilities Main components Database of vulnerable system/library calls Code preprocessor (to get what will be really compiled) Lexical analyzer (to read functions names) Examples: RATS, Flawfinder, ITS4
46 Example output (Flawfinder)
47 Example database (Flawfinder)
48 Semantic analyzers Control flow analysis Data flow analysis Type checking
49 Control-flow analysis All the possible control flows of a program can be represented by a control flow graph (CFG). Control-flow analysis performs checks based on the possible control paths of a program. Essential for many compiler optimizations. Can be used to statically verify properties that depend on the sequencing of instructions. Example: PREfix.
50 PREfix C/C++ Detects problems like: invalid pointer references, use of uninitialized memory, improper operations on resources like files (e.g., trying to close a closed file) Individual functions are tested and errors reported Starting in the leafs Determine the control flow paths and simulate a representative set (configurable)
51 Example: memory allocation Simulating a path: traverses the abstract syntax tree of a function evaluating the relevant instructions In the end, the state of the memory is summarized
52
53
54 Scope of the analysis Local analysis: analyzes one function at a time. Module-level analysis: analyzes one class / compilation unit at a time, based on the models generated by local analysis. Considers the relations among functions. Global analysis: analyzes the whole program, given the previous analysis of functions and modules. Considers the relations among modules.
55 Data-flow analysis A technique for gathering information about the possible set of values calculated at various points of a program. Can determine where an actual value assigned to a variable might propagate. Often used by compilers for optimization (ex: reaching definitions) One application of data-flow analysis for security is taint analysis. Ex: FlowDroid (a static taint analysis tool for Android applications)
56 Taint analysis with CQUAL Uses type qualifiers to perform taint analysis in C programs Requires someone to annotate functions as either returning data tainted or requiring untainted data Type qualifiers: $tainted, $untainted Then uses type inference rules (along with preannotated system libraries) to detect vulnerabilities e.g., format string vulnerabilities, user-space/ kernel-space trust errors; XSS
57 Example: detection of a format string vulnerability getenv returns a tainted string printf requires an untainted format string annotations
58 Type checking Type systems associate types to selected programs that fulfill certain requirements (eg. are considered correct with respect to a property). Type checking - to verify whether a program is accepted by the type system. Type inference - to infer the type that allows a type system to accept a program.
59 Type checking in programming languages The notion of type is central to programming Types are used in programming to limit how programming objects (variables, functions...) are used, for example: Integers can t be assigned to string variables Functions are called with the right number and type of arguments. Type checking is done by compilers and interpreters
60 Type checking and security Type systems of programming languages are important but most are limited for security Some integer manipulation vulnerabilities that are found by type checking: Signedness integer with signal is attributed to an unsigned (or vice-versa) Truncation integer represented with N bits is assigned to an integer variable with less than N bits (e.g., int to short)
61 Static vs. dynamic typing Statically typed languages performed in run-time performed in compile time Ex: C(++), Java, Haskell, Pascal, ML... Dynamically typed languages Ex: PHP, JavaScript, Tcl, Prolog, Python...
62 Security Type Systems There is a range of security-oriented type systems developed by the research community. Some are integrated in full-fledged programming languages. Ex: Jif Java extension to enforce information flow policies by imposing confidentiality and integrity constraints.
63 Human intervention trade-off Verification of complex properties can be achieved with more human intervention: Model checking -- Checks a model of a program, or the code itself. Enables to check its design. Program Verification -- Formally proves a property about a program.
64 Model checking Given a model of a system, check automatically whether this model satisfies a certain property. Application example: security protocols. A model is a description of the system (program, protocol, hardware...) based on states and possible transitions in between them. Can check reachability of states bad states cannot reached - safety properties good states will be reached - liveness properties
65 Limitations of model checking Defining the model involves some manual work. State space explosion (although there are techniques for reducing the number of states). As precise as the model (proving that a model is correct does not mean that the implementation is correct)
66 Model checking C programs Tools: CBMC, MOPS, F-SOFT, BLAST,... Some of these tools put constraints on the programs, check only safety properties, perform only bounded model checking, work over an abstraction (possible imprecision), but they can be used for checking security properties (including buffer overflow, race condition,...).
67 Program verification How to formally verify that a program satisfies a given (security) property? Use a program logic, which consists of a specification language for expressing properties of a program an associated logic for (dis)proving that programs meet specifications ex: Hoare logic, weakest pre-condition calculus
68 Limitations of Program verification Requires high expertise for describing the model and properties to be verified Involves some manual work.
69 Class Outline Language Based Security - what and why Program Analysis for Security - an overview Semantics of Programming Languages - basics
70 (A bit of) Programming language semantics specification of the meaning of programs of that programming language Semantics with Applications: A Formal Introduction, H. Nielson, F. Nielson, 1992 (Chapter 1 -- Section 2.1.).
71 Formal semantics Why do it formally? For clarity (prevent ambiguities in language specification) For correctness (the basis for implementation, analysis and verification) Why do it in this course? Security properties are often semantic.
72 How to do it? Operational semantics - describe how the effect of a computation is produced when executed on a machine. Denotational semantics - define what is the effect of a computation, as a mathematical object. Axiomatic semantics - assert properties of the effect of a computation.
73 A WHILE language The next slides present a WHILE language as defined in the tutorial G. Barthe et al. (2011). The language is a (simpler) variation of the one in Nielson & Nielson (1999).(*) (*) Differences are: Constants are simply integers (and not numerals). Arithmetic expressions use operations that are used directly in the semantics. Boolean expressions are reduced to comparisons between arithmetic expressions (tests).
74 Syntax of WHILE Syntactic categories: n Num - numerals x Var - variables a Aexp - arithmetic expressions t Bexp - tests S Stm - statements Grammar (BNF notation): basic elements + composite elements op ::= + - / cmp ::= < = > n ::= 0 1 n 0 n 1 a ::= n x a1 op a2 t ::= a1 cmp a2 S ::= x:=a skip S1 ; S2 if t then S else S while t do S
75 Syntax of WHILE Syntactic categories: c Z - constants (integers) x Var - variables a Aexp - arithmetic expressions t Bexp - tests S Stm - statements Grammar (BNF notation): (Abuse: to simplify, we will specify constants directly as integers.) op ::= + - / cmp ::= < = > a ::= c x a1 op a2 t ::= a1 cmp a2 S ::= x:=a skip S1 ; S2 if t then S else S while t do S
76 Abstract syntax Tree representation Linear representation Example: z:=x ; x:=y ; y:=z we will write either (z:=x ; x:=y) ; y:=z or z:=x ; (x:=y ; y:=z)
77 State function ρ ρ - memory or state function that maps variables to integers Example: ρ(x) = 1, ρ(y) = 42...
78 Semantics functions to define next (N - function that maps numerals to integers) A - function that maps pairs of arithmetic expression and state to integers B - function that maps pairs of test and state, to booleans S - partial function that maps pairs of statement and state to state.
79 A - function that maps pairs of arithmetic expression and state, to integers A[c]ρ = c op ::= + - / Semantics of arithmetic expressions: A A[x]ρ = ρ(x) Abuse: skipping the use of N to get value of numerals (cf. exercise) A[a1 op a2]ρ = A[a1]ρ op A[a2]ρ Abuse: syntactic representation of op equals its mathematical meaning.
80 Semantics of arithmetic expressions: A A - function that maps pairs of arithmetic expression and state, to integers A[c]ρ = c A[x]ρ = ρ(x) compositional definition: one semantic clause for each basic element and each composite element (in terms of immediate constituents) A[a1 op a2]ρ = A[a1]ρ op A[a2]ρ op ::= + - /
81 Semantics of boolean expressions: B B - function that maps pairs of test and state, to booleans (from the set {true, false}) B[a1 cmp a2]ρ = A[a1]ρ cmp A[a2]ρ Abuse: syntactic representation of cmp equals its mathematical meaning. cmp ::= < = >
82 Semantics of statements: S S - partial function that maps pairs (statement,state) to state. We will define it using a natural operational semantics, by means of big-step transitions: speaks about how the overall result of executions is obtained. S, ρ ρ When executing program S on memory ρ we obtain the new memory ρ
83 We could also have used a structural operational semantics, by means of small-step transitions: speaks about how the individual steps of the computations take place. S, ρ S, ρ Performing one step of program S on memory ρ leavsthe continuation S and produces new memory ρ We will define a small step semantics for a bytecode language in a future class.
84 Big-step transitions Axioms - do not depend on any hypothesis in order to give the final result of the computation Skip: skip, ρ ρ Does nothing! Assignment: x:=a, ρ ρ[x A[a]ρ] Updates the value of x in ρ with the result of evaluating a { the update of state ρ is defined as: (ρ[y c])(x) = c, if x=y ρ(x), otherwise
85 Rules - the final result of the computation below the line, depends on the hypothesis above the line When the first program starting on ρ produces ρ... Sequential composition:... and the second program starting on ρ produces ρ... S1, ρ ρ ρ2, ρ ρ S1;S2, ρ ρ... then the entire sequential composition starting on ρ produces ρ.
86 Rules - the final result of the computation below the line, depends on the hypothesis above the line When t evaluates to true... Conditional test: S1, ρ ρ if t then S1 else S2, ρ ρ S2, ρ ρ if t then S1 else S2, ρ ρ... and the first branch starting on ρ produces ρ... if B[t]ρ = true then the conditional starting on ρ produces ρ. if B[t]ρ = false
87 Rules - the final result of the computation below the line, depend on the hypothesis above the line While loop: S,ρ ρ while t do S, ρ ρ if B[t]ρ = true... the body starting on ρ produces ρ... When t evaluates to true... while t do S, ρ ρ... and the continuation of the cycle on ρ produces ρ then the cycle on ρ produces ρ. while t do S, ρ ρ if B[t]ρ = false When t evaluates to false the cycle does nothing.
88 (All) Big-step axioms & rules Assignment: x:=a, ρ ρ[x A[a]ρ] Skip: skip, ρ ρ Sequential composition: S1, ρ ρ ρ2, ρ ρ S1;S2, ρ ρ Conditional test: S1, ρ ρ if B[t]ρ = true if t then S1 else S2, ρ ρ S2, ρ ρ if B[t]ρ = false if t then S1 else S2, ρ ρ While loop: S,ρ ρ while t do S, ρ ρ if B[t]ρ = true while t do S, ρ ρ while t do S, ρ ρ if B[t]ρ = false
89 Example - Evaluation Evaluate (z:=x ; x:=y) ; y:=z, starting from a state ρ0 that maps all variables except x and y to 0, and has ρ0(x) = 5 and ρ0(y) = 7. z:=x, ρ0 ρ1 x:=y, ρ1 ρ2 derivation tree (z:=x ; x:=y), ρ0 ρ2 y:=z, ρ2 ρ3 (z:=x ; x:=y) ; y:=z, ρ0 ρ3 ρ1 = ρ0[z 5] ρ2 = ρ1[x 7] ρ3 = ρ2[y 5]
90 Evaluation - derivation tree To evaluate a statement S, starting from a state ρ, a derivation tree must be constructed: 1. Construct the tree from root upwards. 2. Try to find an axiom or rule whose left side matches S, ρ and whose side conditions are satisfied. If it is an axiom - determine the final state and terminate. If it is a rule - try to construct the derivation tree for the premisses of the rule in order to determine the final state.
91 The semantic function S The meaning of statements is given as a (partial) function from the set of states to the set of states. { ρ if S, ρ ρ S[S]ρ= undefined, otherwise no meaning is given to non-terminating computations
92 Summarizing: Natural semantics (big-step transition system) Configurations: intermediate Statement S, state ρ terminal ρ Transitions: S, ρ ρ Rules: S1, ρ1 ρ1... Sn, ρn ρn if... S, ρ ρ
93 Conclusions We have defined formally the operational semantics for a simple language WHILE. The same can be done for any language in a similar manner (in future class, for a byte-code language.) This allows us to reason rigorously about the behavior of programs in the language. We will use it to formalize and prove security properties, which are often semantic.
Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.
CS 6110 S18 Lecture 8 Structural Operational Semantics and IMP Today we introduce a very simple imperative language, IMP, along with two systems of rules for evaluation called small-step and big-step semantics.
More information1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.
1. true / false By a compiler we mean a program that translates to code that will run natively on some machine. 2. true / false ML can be compiled. 3. true / false FORTRAN can reasonably be considered
More informationFormal Semantics of Programming Languages
Formal Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html Benefits of formal
More informationApplication: Programming Language Semantics
Chapter 8 Application: Programming Language Semantics Prof. Dr. K. Madlener: Specification and Verification in Higher Order Logic 527 Introduction to Programming Language Semantics Programming Language
More informationCOP4020 Programming Languages. Compilers and Interpreters Robert van Engelen & Chris Lacher
COP4020 ming Languages Compilers and Interpreters Robert van Engelen & Chris Lacher Overview Common compiler and interpreter configurations Virtual machines Integrated development environments Compiler
More informationIn Our Last Exciting Episode
In Our Last Exciting Episode #1 Lessons From Model Checking To find bugs, we need specifications What are some good specifications? To convert a program into a model, we need predicates/invariants and
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationFormal Semantics of Programming Languages
Formal Semantics of Programming Languages Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson http://www.daimi.au.dk/~bra8130/wiley_book/wiley.html Benefits of formal
More informationCompiling and Interpreting Programming. Overview of Compilers and Interpreters
Copyright R.A. van Engelen, FSU Department of Computer Science, 2000 Overview of Compilers and Interpreters Common compiler and interpreter configurations Virtual machines Integrated programming environments
More informationCS 242. Fundamentals. Reading: See last slide
CS 242 Fundamentals Reading: See last slide Syntax and Semantics of Programs Syntax The symbols used to write a program Semantics The actions that occur when a program is executed Programming language
More informationSemantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End
Outline Semantic Analysis The role of semantic analysis in a compiler A laundry list of tasks Scope Static vs. Dynamic scoping Implementation: symbol tables Types Static analyses that detect type errors
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-18/spa/ Preliminaries Outline of Lecture 1 Preliminaries Introduction
More informationStatic Program Analysis
Static Program Analysis Lecture 1: Introduction to Program Analysis Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de http://moves.rwth-aachen.de/teaching/ws-1415/spa/
More informationPROGRAM ANALYSIS & SYNTHESIS
Lecture 02 Structural Operational Semantics (SOS) PROGRAM ANALYSIS & SYNTHESIS EranYahav 1 Previously static analysis over-approximation of program behavior abstract interpretation abstraction, transformers,
More informationStatic Vulnerability Analysis
Static Vulnerability Analysis Static Vulnerability Detection helps in finding vulnerabilities in code that can be extracted by malicious input. There are different static analysis tools for different kinds
More informationSimply-Typed Lambda Calculus
#1 Simply-Typed Lambda Calculus #2 Back to School What is operational semantics? When would you use contextual (small-step) semantics? What is denotational semantics? What is axiomatic semantics? What
More informationProgramming Languages Third Edition
Programming Languages Third Edition Chapter 12 Formal Semantics Objectives Become familiar with a sample small language for the purpose of semantic specification Understand operational semantics Understand
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationProgramming Languages and Compilers Qualifying Examination. Answer 4 of 6 questions.
Programming Languages and Compilers Qualifying Examination Fall 2017 Answer 4 of 6 questions. GENERAL INSTRUCTIONS 1. Answer each question in a separate book. 2. Indicate on the cover of each book the
More informationCOSC252: Programming Languages: Semantic Specification. Jeremy Bolton, PhD Adjunct Professor
COSC252: Programming Languages: Semantic Specification Jeremy Bolton, PhD Adjunct Professor Outline I. What happens after syntactic analysis (parsing)? II. Attribute Grammars: bridging the gap III. Semantic
More informationConcepts of Programming Languages
Concepts of Programming Languages Lecture 1 - Introduction Patrick Donnelly Montana State University Spring 2014 Patrick Donnelly (Montana State University) Concepts of Programming Languages Spring 2014
More informationCMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics
Recall Architecture of Compilers, Interpreters CMSC 330: Organization of Programming Languages Source Scanner Parser Static Analyzer Operational Semantics Intermediate Representation Front End Back End
More informationChapter 3. Describing Syntax and Semantics
Chapter 3 Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings of Programs:
More informationThe role of semantic analysis in a compiler
Semantic Analysis Outline The role of semantic analysis in a compiler A laundry list of tasks Scope Static vs. Dynamic scoping Implementation: symbol tables Types Static analyses that detect type errors
More informationSimple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;
Simple Overflow 1 #include int main(void){ unsigned int num = 0xffffffff; printf("num is %d bits long\n", sizeof(num) * 8); printf("num = 0x%x\n", num); printf("num + 1 = 0x%x\n", num + 1); }
More informationA Simple Syntax-Directed Translator
Chapter 2 A Simple Syntax-Directed Translator 1-1 Introduction The analysis phase of a compiler breaks up a source program into constituent pieces and produces an internal representation for it, called
More informationaxiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.
CS 6110 S18 Lecture 18 Denotational Semantics 1 What is Denotational Semantics? So far we have looked at operational semantics involving rules for state transitions, definitional semantics involving translations
More informationCS152 Programming Language Paradigms Prof. Tom Austin, Fall Syntax & Semantics, and Language Design Criteria
CS152 Programming Language Paradigms Prof. Tom Austin, Fall 2014 Syntax & Semantics, and Language Design Criteria Lab 1 solution (in class) Formally defining a language When we define a language, we need
More informationCSCE 314 Programming Languages. Type System
CSCE 314 Programming Languages Type System Dr. Hyunyoung Lee 1 Names Names refer to different kinds of entities in programs, such as variables, functions, classes, templates, modules,.... Names can be
More informationSyntax and Grammars 1 / 21
Syntax and Grammars 1 / 21 Outline What is a language? Abstract syntax and grammars Abstract syntax vs. concrete syntax Encoding grammars as Haskell data types What is a language? 2 / 21 What is a language?
More informationFoundations: Syntax, Semantics, and Graphs
Foundations: Syntax, Semantics, and Graphs Testing, Quality Assurance, and Maintenance Winter 2018 Prof. Arie Gurfinkel based on slides by Ruzica Pizkac, Claire Le Goues, Lin Tan, Marsha Chechik, and others
More informationCrafting a Compiler with C (II) Compiler V. S. Interpreter
Crafting a Compiler with C (II) 資科系 林偉川 Compiler V S Interpreter Compilation - Translate high-level program to machine code Lexical Analyzer, Syntax Analyzer, Intermediate code generator(semantics Analyzer),
More informationChapter 3 (part 3) Describing Syntax and Semantics
Chapter 3 (part 3) Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings
More informationCMSC 330: Organization of Programming Languages. Operational Semantics
CMSC 330: Organization of Programming Languages Operational Semantics Notes about Project 4, Parts 1 & 2 Still due today (7/2) Will not be graded until 7/11 (along with Part 3) You are strongly encouraged
More informationGoals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1
Natural Semantics Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1 1 Natural deduction is an instance of first-order logic; that is, it is the formal
More informationSecurity Analyses For The Lazy Superhero
#1 Security Analyses For The Lazy Superhero #2 One-Slide Summary We can statically detect buffer overruns in programs by modeling the space allocated for a buffer and the space used for a buffer. We cannot
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationSemantic Analysis. Lecture 9. February 7, 2018
Semantic Analysis Lecture 9 February 7, 2018 Midterm 1 Compiler Stages 12 / 14 COOL Programming 10 / 12 Regular Languages 26 / 30 Context-free Languages 17 / 21 Parsing 20 / 23 Extra Credit 4 / 6 Average
More informationStatic Analysis. Systems and Internet Infrastructure Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Static Analysis Trent
More informationWorking of the Compilers
Working of the Compilers Manisha Yadav Nisha Thakran IT DEPARTMENT IT DEPARTMENT DCE,GURGAON DCE,GURGAON Abstract- The objective of the paper is to depict the working of the compilers that were designed
More information9/5/17. The Design and Implementation of Programming Languages. Compilation. Interpretation. Compilation vs. Interpretation. Hybrid Implementation
Language Implementation Methods The Design and Implementation of Programming Languages Compilation Interpretation Hybrid In Text: Chapter 1 2 Compilation Interpretation Translate high-level programs to
More informationAn Annotated Language
Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of
More informationCOMP 181. Agenda. Midterm topics. Today: type checking. Purpose of types. Type errors. Type checking
Agenda COMP 181 Type checking October 21, 2009 Next week OOPSLA: Object-oriented Programming Systems Languages and Applications One of the top PL conferences Monday (Oct 26 th ) In-class midterm Review
More informationMatching Logic A New Program Verification Approach
Matching Logic A New Program Verification Approach Grigore Rosu and Andrei Stefanescu University of Illinois at Urbana-Champaign (work started in 2009 with Wolfram Schulte at MSR) Usable Verification Relatively
More informationCST-402(T): Language Processors
CST-402(T): Language Processors Course Outcomes: On successful completion of the course, students will be able to: 1. Exhibit role of various phases of compilation, with understanding of types of grammars
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More informationProgramming Languages Third Edition. Chapter 9 Control I Expressions and Statements
Programming Languages Third Edition Chapter 9 Control I Expressions and Statements Objectives Understand expressions Understand conditional statements and guards Understand loops and variation on WHILE
More informationCSCE 314 Programming Languages
CSCE 314 Programming Languages Syntactic Analysis Dr. Hyunyoung Lee 1 What Is a Programming Language? Language = syntax + semantics The syntax of a language is concerned with the form of a program: how
More informationSeminar in Programming Languages
Seminar in Programming Languages Shuly Wintner Fall 2010-11 Course web site: http://cs.haifa.ac.il/~shuly/teaching/10/plseminar/ Course Goals Programming Language Concepts A language is a conceptual universe
More informationLECTURE 3. Compiler Phases
LECTURE 3 Compiler Phases COMPILER PHASES Compilation of a program proceeds through a fixed series of phases. Each phase uses an (intermediate) form of the program produced by an earlier phase. Subsequent
More informationSoK: Eternal War in Memory
SoK: Eternal War in Memory László Szekeres, Mathias Payer, Tao Wei, Dawn Song Presenter: Wajih 11/7/2017 Some slides are taken from original S&P presentation 1 What is SoK paper? Systematization of Knowledge
More informationType Checking. Outline. General properties of type systems. Types in programming languages. Notation for type rules.
Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationThe Compiler So Far. CSC 4181 Compiler Construction. Semantic Analysis. Beyond Syntax. Goals of a Semantic Analyzer.
The Compiler So Far CSC 4181 Compiler Construction Scanner - Lexical analysis Detects inputs with illegal tokens e.g.: main 5 (); Parser - Syntactic analysis Detects inputs with ill-formed parse trees
More informationProgram Analysis: Lecture 02 Page 1 of 32
Program Analysis: Lecture 02 Page 1 of 32 Program Analysis/ Mooly Sagiv Lecture 1, 31/10/2012 Operational Semantics Notes by: Kalev Alpernas As background to the subject of Program Analysis, we will first
More informationA simple syntax-directed
Syntax-directed is a grammaroriented compiling technique Programming languages: Syntax: what its programs look like? Semantic: what its programs mean? 1 A simple syntax-directed Lexical Syntax Character
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationOutline. General properties of type systems. Types in programming languages. Notation for type rules. Common type rules. Logical rules of inference
Type Checking Outline General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationOperational Semantics. One-Slide Summary. Lecture Outline
Operational Semantics #1 One-Slide Summary Operational semantics are a precise way of specifying how to evaluate a program. A formal semantics tells you what each expression means. Meaning depends on context:
More informationSecuring Software Applications Using Dynamic Dataflow Analysis. OWASP June 16, The OWASP Foundation
Securing Software Applications Using Dynamic Dataflow Analysis Steve Cook OWASP June 16, 2010 0 Southwest Research Institute scook@swri.org (210) 522-6322 Copyright The OWASP Foundation Permission is granted
More informationCS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012
CS-XXX: Graduate Programming Languages Lecture 9 Simply Typed Lambda Calculus Dan Grossman 2012 Types Major new topic worthy of several lectures: Type systems Continue to use (CBV) Lambda Caluclus as our
More informationSemantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler so far
Outline Semantic Analysis The role of semantic analysis in a compiler A laundry list of tasks Scope Static vs. Dynamic scoping Implementation: symbol tables Types Statically vs. Dynamically typed languages
More informationPierce Ch. 3, 8, 11, 15. Type Systems
Pierce Ch. 3, 8, 11, 15 Type Systems Goals Define the simple language of expressions A small subset of Lisp, with minor modifications Define the type system of this language Mathematical definition using
More informationSecure Programming I. Steven M. Bellovin September 28,
Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 7b Andrew Tolmach Portland State University 1994-2017 Values and Types We divide the universe of values according to types A type is a set of values and
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 17 - Language-based security October 25, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Engineering Disaster? Millions of Bots Compromised applications Programming
More informationOutline. Introduction Concepts and terminology The case for static typing. Implementing a static type system Basic typing relations Adding context
Types 1 / 15 Outline Introduction Concepts and terminology The case for static typing Implementing a static type system Basic typing relations Adding context 2 / 15 Types and type errors Type: a set of
More informationProgramming Languages Third Edition. Chapter 7 Basic Semantics
Programming Languages Third Edition Chapter 7 Basic Semantics Objectives Understand attributes, binding, and semantic functions Understand declarations, blocks, and scope Learn how to construct a symbol
More informationProgramming Languages, Summary CSC419; Odelia Schwartz
Programming Languages, Summary CSC419; Odelia Schwartz Chapter 1 Topics Reasons for Studying Concepts of Programming Languages Programming Domains Language Evaluation Criteria Influences on Language Design
More informationSecure Programming Lecture 13: Static Analysis
Secure Programming Lecture 13: Static Analysis David Aspinall 10th March 2014 Outline Overview Vulnerabilities and analysis Using static analysis Simple static analysis tasks Type checking Style checking
More informationStatic Program Analysis Part 1 the TIP language
Static Program Analysis Part 1 the TIP language http://cs.au.dk/~amoeller/spa/ Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Questions about programs Does the program terminate
More informationLecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Spring 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationStatic Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security
Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2014 Outline Overview Syntactic Analysis Abstract
More informationA Gentle Introduction to Program Analysis
A Gentle Introduction to Program Analysis Işıl Dillig University of Texas, Austin January 21, 2014 Programming Languages Mentoring Workshop 1 / 24 What is Program Analysis? Very broad topic, but generally
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationIntroduction to Axiomatic Semantics
Introduction to Axiomatic Semantics Meeting 10, CSCI 5535, Spring 2009 Announcements Homework 3 due tonight Homework 2 is graded 13 (mean), 14 (median), out of 21 total, but Graduate class: final project
More informationVerification Overview Testing Theory and Principles Testing in Practice. Verification. Miaoqing Huang University of Arkansas 1 / 80
1 / 80 Verification Miaoqing Huang University of Arkansas Outline 1 Verification Overview 2 Testing Theory and Principles Theoretical Foundations of Testing Empirical Testing Principles 3 Testing in Practice
More informationWriting Evaluators MIF08. Laure Gonnord
Writing Evaluators MIF08 Laure Gonnord Laure.Gonnord@univ-lyon1.fr Evaluators, what for? Outline 1 Evaluators, what for? 2 Implementation Laure Gonnord (Lyon1/FST) Writing Evaluators 2 / 21 Evaluators,
More informationProgramming Languages & Translators PARSING. Baishakhi Ray. Fall These slides are motivated from Prof. Alex Aiken: Compilers (Stanford)
Programming Languages & Translators PARSING Baishakhi Ray Fall 2018 These slides are motivated from Prof. Alex Aiken: Compilers (Stanford) Languages and Automata Formal languages are very important in
More informationCNIT 127: Exploit Development. Ch 18: Source Code Auditing. Updated
CNIT 127: Exploit Development Ch 18: Source Code Auditing Updated 4-10-17 Why Audit Source Code? Best way to discover vulnerabilities Can be done with just source code and grep Specialized tools make it
More informationAUTOMATIC VULNERABILITY DETECTION USING STATIC SOURCE CODE ANALYSIS ALEXANDER IVANOV SOTIROV A THESIS
AUTOMATIC VULNERABILITY DETECTION USING STATIC SOURCE CODE ANALYSIS by ALEXANDER IVANOV SOTIROV A THESIS Submitted in partial fulfillment of the requirements for the degree of Master of Science in the
More informationLecture 5 - Axiomatic semantics
Program Verification March 2014 Lecture 5 - Axiomatic semantics Lecturer: Noam Rinetzky Scribes by: Nir Hemed 1.1 Axiomatic semantics The development of the theory is contributed to Robert Floyd, C.A.R
More informationEI326 ENGINEERING PRACTICE & TECHNICAL INNOVATION (III-G) Kenny Q. Zhu Dept. of Computer Science Shanghai Jiao Tong University
EI326 ENGINEERING PRACTICE & TECHNICAL INNOVATION (III-G) Kenny Q. Zhu Dept. of Computer Science Shanghai Jiao Tong University KENNY ZHU Research Interests: Programming Languages Data processing Coordination
More informationCS101 Introduction to Programming Languages and Compilers
CS101 Introduction to Programming Languages and Compilers In this handout we ll examine different types of programming languages and take a brief look at compilers. We ll only hit the major highlights
More informationCompilers and computer architecture From strings to ASTs (2): context free grammars
1 / 1 Compilers and computer architecture From strings to ASTs (2): context free grammars Martin Berger October 2018 Recall the function of compilers 2 / 1 3 / 1 Recall we are discussing parsing Source
More informationCOMP-421 Compiler Design. Presented by Dr Ioanna Dionysiou
COMP-421 Compiler Design Presented by Dr Ioanna Dionysiou Administrative! Any questions about the syllabus?! Course Material available at www.cs.unic.ac.cy/ioanna! Next time reading assignment [ALSU07]
More informationFoundations. Yu Zhang. Acknowledgement: modified from Stanford CS242
Spring 2013 Foundations Yu Zhang Acknowledgement: modified from Stanford CS242 https://courseware.stanford.edu/pg/courses/317431/ Course web site: http://staff.ustc.edu.cn/~yuzhang/fpl Reading Concepts
More informationLanguage Security. Lecture 40
Language Security Lecture 40 (from notes by G. Necula) Prof. Hilfinger CS 164 Lecture 40 1 Lecture Outline Beyond compilers Looking at other issues in programming language design and tools C Arrays Exploiting
More informationTypes and Type Inference
CS 242 2012 Types and Type Inference Notes modified from John Mitchell and Kathleen Fisher Reading: Concepts in Programming Languages, Revised Chapter 6 - handout on Web!! Outline General discussion of
More informationMore Lambda Calculus and Intro to Type Systems
More Lambda Calculus and Intro to Type Systems Plan Heavy Class Participation Thus, wake up! Lambda Calculus How is it related to real life? Encodings Fixed points Type Systems Overview Static, Dyamic
More informationVulnerabilities and analysis. Simple static analysis tasks Type checking Style checking
Outline Recap Secure Programming Lecture 13: Static Analysis David Aspinall 10th March 2014 Overview Vulnerabilities and analysis Using static analysis Simple static analysis tasks Type checking Style
More informationSemantic Analysis. CSE 307 Principles of Programming Languages Stony Brook University
Semantic Analysis CSE 307 Principles of Programming Languages Stony Brook University http://www.cs.stonybrook.edu/~cse307 1 Role of Semantic Analysis Syntax vs. Semantics: syntax concerns the form of a
More informationLecture 2: SML Basics
15-150 Lecture 2: SML Basics Lecture by Dan Licata January 19, 2012 I d like to start off by talking about someone named Alfred North Whitehead. With someone named Bertrand Russell, Whitehead wrote Principia
More information3.7 Denotational Semantics
3.7 Denotational Semantics Denotational semantics, also known as fixed-point semantics, associates to each programming language construct a well-defined and rigorously understood mathematical object. These
More informationINSTITUTE OF AERONAUTICAL ENGINEERING
INSTITUTE OF AERONAUTICAL ENGINEERING (Autonomous) Dundigal, Hyderabad -500 043 INFORMATION TECHNOLOGY TUTORIAL QUESTION BANK Name : PRINCIPLES OF PROGRAMMING LANGUAGES Code : A40511 Class : II B. Tech
More informationCSE 413 Languages & Implementation. Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341)
CSE 413 Languages & Implementation Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341) 1 Goals Representing programs as data Racket structs as a better way to represent
More informationLecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Fall 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationChapter 3. Describing Syntax and Semantics ISBN
Chapter 3 Describing Syntax and Semantics ISBN 0-321-49362-1 Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the
More informationVerification Condition Generation
Verification Condition Generation Jorge Sousa Pinto Departamento de Informática / Universidade do Minho jsp@di.uminho.pt www.di.uminho.pt/~jsp Outline (1) - From Hoare Logic to VCGen algorithms: an architecture
More information