Jean-Francois Bergeretti
Abstract
Until recently, information-flow analysis has been used primarily to verify that information transmission between program variables cannot violate security requirements. Here, the notion of information flow is explored as an aid to program development and validation.
Information-flow relations are presented for while-programs, which identify those program statements whose execution may cause information to be transmitted from or to particular input, internal, or output values. It is shown with examples how these flow relations can be helpful in writing, testing, and updating programs; they also usefully extend the class of errors which can be detected automatically in the “static analysis” of a program.
- 1 AHO, A.V., HOPCROFT, J.E., AND ULLMAN, J.D. The Design and Analysis of Computer Algorithms. Addison-Wesley, Reading, Mass., 1974. Google Scholar
- 2 AHO, A.V., AND ULLMAN, J.D. The Theory of Parsing, Translation and Compiling, Vol. 2: Compiling. Prentice-Hall, Englewood Cliffs, N.J., 1973. Google Scholar
- 3 ALLEN, F.E., AND COCKE, J. A program data flow analysis procedure. Commun. ACM 19, 3 (Mar. 1976), 137-147. Google Scholar
- 4 ANDREWS, G.R., AND REITMAN, R.P. An axiomatic approach to information flow in programs. ACM Trans. Prog. Lang. Syst. 2, I (Jan. 1980), 56-76. Google Scholar
- 5 CARRIe, B.A. Graphs and Networks. Oxford University Press, New York, 1979.Google Scholar
- 6 COHEN, E. Information transmission in sequential programs. In Foundations of Secure Computation, R. A. Demillo et al., Ed. Academic Press, New York, 1978, pp. 297-335.Google Scholar
- 7 DENNING, D.E., AND DENNING, P.J. Certification of programs for secure information flow. Commun. ACM 20, 7 (July 1977), 504-513. Google Scholar
- 8 FARROW, R., KENNEDY, K., AND ZUCCONI, L. Graph grammars and global program flow analysis. In Proceedings of the 17th Annual IEEE Symposium on Foundations of Computer Science (Houston, Tex., Nov.). IEEE, New York, 1975, pp. 42-56.Google Scholar
- 9 FOSDICK L.D., AND OSTERWEIL, L.J. Validation and global optimization of programs. In Proceedings of the 4th Texas Conference on Computing Systems (Austin, Tex.). 1975. Sponsored by the IEEE Computer Society.Google Scholar
- 10 FOSDICK, L.D., AND OSTERWEIL, L.J. Data flow analysis in software reliability. ACM Comput. Surv. 8, 3 (Sept. 1976), 305-330. Google Scholar
- 11 GRAHAM, S.L., AND WEGMAN, M. A fast and usually linear algorithm for global flow analysis. J. ACM 23, 1 (Sept. 1976), 172-202. Google Scholar
- 12 HECHT, M.S. Flow Analysis of Computer Programs. Elsevier North-Holland, New York, 1977. Google Scholar
- 13 HUANG, J.C. Detection of data flow anomaly through program instrumentation. IEEE Trans. So{tw. Eng. SE-5, 3 (May 1979), 226-236.Google Scholar
- 14 JENSEN, K., AND WlRTH, N. PASCAL User Manual and Report, 2nd ed. Springer-Verlag, New York, 1974. Google Scholar
- 15 KENNEDY, K. A survey of data flow analysis techniques. In Program Flow Analysis: Theory and Applications, S. S. Muchnick and N. D. Jones, Eds. Prentice-Hall, Englewood Cliffs, N.J., 1981, pp. 5-54.Google Scholar
- 16 KILDALL, G.A. A unified approach to global program optimization. In Conference Record of the ACM Symposium on Principles of Programming Languages (Boston, Mass., Oct.). ACM, New York, 1973, pp. 194-206. Google Scholar
- 17 MUNRO, I. Efficient determination of the transitive closure of a directed graph. Inf. Process. Lett. I (1971), 56-58.Google Scholar
- 18 OSTERWEIL, L.J. Using data flow tools in software engineering. In Program Flow Analysis: Theory and Applications, S. S. Muchnick and N. D. Jones, Eds. Prentice-Hall, Englewood Cliffs, N.J., 1981, pp. 237-263.Google Scholar
- 19 POPEK, G.J., HORNING, J.J., LAMPSON, B.W., MITCHELL, W.G., AND LONDON, R.L. Notes on the Design of EUCLID. In SIGPLAN Not. 12, 3 (Mar. 1977), 11-18. Google Scholar
- 20 ROSEN, B.K. High level data flow analysis. Commun. ACM 20, 10 (Oct. 1977), 712-724. Google Scholar
- 21 STRASSEN, V. Gaussian elimination is not optimal. Numer. Math. 13 (1969).Google Scholar
- 22 WARSHALL, S. A theorem on Boolean matrices. J. ACM 9, i (Jan. 1962), 11-13. Google Scholar
- 23 WERSER, M. Programmers use slicing when debugging. Commun. ACM 25, 7 (July 1982), 446- 452. Google Scholar
- 24 WITTEN, I.H. Algorithms for adaptive linear prediction. Comput. J. 23, i (Feb. 1980), 78-84.Google Scholar
Index Terms
- Information-flow and data-flow analysis of while-programs
Recommendations
Hybrid approach for data-flow analysis of MPI programs
ICS '13: Proceedings of the 27th international ACM conference on International conference on supercomputingWith the increasing cost of developing robust HPC software, precise data-flow analysis for MPI programs -- the mainstay of HPC programming -- are essential. The knowledge of communication is essential for precise data-flow analysis and the difficulty of ...
Precise and efficient integration of interprocedural alias information into data-flow analysis
Data-flow analysis is a basis for program optimization and parallelizing transformations. The mechanism of passing reference parameters at call sites generates interprocedural aliases which complicate this analysis. Solutions have been developed for ...
Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systems
Precise static analyses are context-, field- and flow-sensitive. Context- and field-sensitivity are both expressible as context-free language (CFL) reachability problems. Solving both CFL problems along the same data-flow path is undecidable, which is ...
Reviews
Richard N. Taylor
Three binary information flow relations are defined for while-programs. &lgr; relates variables to expressions, stating whether the value of variable v, as defined on entry to statement S, may be used in the evaluation of an expression e, where e is contained in S. v may be used in evaluating e even if v is not found directly in e, i.e., an intermediate set of assignments to other variables may transmit the value of v. ( S may be a compound statement.) &mgr; relates expressions to variables, stating whether an expression e in statement S may be used in obtaining the value of variable v on exit from S. Again, transitive relationships are included. &rgr; is a composition of &lgr; and &mgr;, relating variables to variables, in the sense of “the value of v on entry to S may be used in obtaining the value of v on exit from S.” Having defined these relationships, the authors proceed to show how they can be computed for assignment, if, while, empty, and compound statements. They then proceed to show a variety of uses for the information thus computed. Primarily, the information is useful in revealing errors or anomalies in a program. The &rgr; operator can be used to demonstrate, in an avionics system for example, that if the passenger in seat 8A flips the reading light switch there will be no effect on the position of the landing gear. The &lgr;, &mgr;, and &rgr; operators can also be used in computing program slices for use in debugging; that is, the set of only those program statements which may be involved in determining an expression's value. Other uses are also described. The operators in this paper may be used to compute many of the information relations that are computed by data flow analysis techniques (as well as many that are not typically done with data flow analysis). However, aside from one exception, the authors do not address the issue that computing must affect information, as opposed to may affect information. Experience with data flow analyzers has demonstrated the importance of the distinction. The authors have also neglected to consider how the relations may be computed for recursive procedures. The formulas they provide for handling procedure calls assume no recursion. The authors claim that, despite poor worst-case complexity measures for computing the information flow relations (cubic or worse), “in practice” they will be found sufficiently efficient. This claim is accompanied with a reference to experiments they have performed, but the description of the experiment leaves one to believe that substantial further study is necessary to support this claim. Overall, this paper presents some very interesting ideas for static analysis of programs and is suggested reading for builders of analysis and debugging tools.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments