Abstract Interpretation of PIC Programs through Logic Programming

A logic based general approach to abstract interpretation of low-level machine programs is reported. It is based on modelling the behavior of the machine as a logic program. General purpose program analysis and transformation of logic programs, such as partial evaluation and convex hull analysis, are applied to the logic based model of the machine. A small PIC microcontroller is used as a case study. An emulator for this microcontroller is written in Prolog, and standard programming transformations and analysis techniques are used to specialise this emulator with respect to a given PIC program. The specialised emulator can now be further analysed to gain insight into the given program for the PIC microcontroller. The method describes a general framework for applying abstractions, illustrated here by linear constraints and convex hull analysis, to logic programs. Using these techniques on the specialised PIC emulator, it is possible to obtain constraints on and linear relations between data registers, enabling detection of for instance overflows, branch conditions and so on.

[1]  John Regehr,et al.  HOIST: a system for automatically deriving static analyzers for embedded systems , 2004, ASPLOS XI.

[2]  Manuel V. Hermenegildo,et al.  Program Analysis, Debugging, and Optimization Using the Ciao System Preprocessor , 1999, ICLP.

[3]  M. Sørensen,et al.  Conjunctive Partial Deduction: Foundations, Control, Algorithms, and Experiments , 1999, J. Log. Program..

[4]  Michael Codish,et al.  Efficient Goal Directed Bottom-up Evaluation of Logic Programs , 1999, ICLP.

[5]  Michael Leuschel,et al.  Efficient Specialisation in Prolog Using the Hand-Written Compiler Generator LOGEN , 1999, WOID@ICLP.

[6]  Michael Leuschel,et al.  Redundant Argument Filtering of Logic Programs , 1996, LOPSTR.

[7]  John Cocke,et al.  Register allocation via graph coloring , 1981 .

[8]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[9]  Jan Maluszy¿ski Lower-bound Time-complexity Analysis of Logic Programs , 1997 .

[10]  John P. Gallagher,et al.  Abstract Domains Based on Regular Types , 2004, ICLP.

[11]  Saumya K. Debray,et al.  Abstract Interpretation of Logic Programs using Magic Transformations , 1994, J. Log. Program..

[12]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[13]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[14]  John P. Gallagher,et al.  Analysis and specialisation of a PIC processor , 2004, 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).

[15]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[16]  B. Liu,et al.  [Effect of BN52021 on platelet activating factor induced aggregation of psoriatic polymorphonuclear neutrophils]. , 1994, Zhonghua yi xue za zhi.

[17]  Frédéric Mesnard,et al.  Computing convex hulls with a linear solver , 2003, Theory and Practice of Logic Programming.

[18]  Manuel V. Hermenegildo,et al.  The ciao prolog system , 2002 .

[19]  Benjamin Livshits,et al.  Context-sensitive program analysis as database queries , 2005, PODS.

[20]  John P. Gallagher,et al.  Techniques for Scaling Up Analyses Based on Pre-interpretations , 2005, ICLP.

[21]  Andy King,et al.  Lower-bound Time-complexity Analysis of Logic Programs , 1997, ILPS.

[22]  Andy King,et al.  Inferring Argument Size Relationships with CLP(R) , 1996, LOPSTR.

[23]  Roberto Bagnara,et al.  Possibly Not Closed Convex Polyhedra and the Parma Polyhedra Library , 2002, SAS.