Program transformation

About: Program transformation is a research topic. Over the lifetime, 2468 publications have been published within this topic receiving 73415 citations.

Using program transformation to secure C programs against buffer overflows

Abstract: Buffer overflows are the most common source of securityvulnerabilities in C programs. This class of vulnerability,which is found in both legacy and modern software, coststhe software industry hundreds of millions of dollars peryear.The most common type of buffer overflow is the run-timestack overflow. It is common because programmersoften use stack allocated arrays. This enables the attackerto change a program's control flow by writing beyond theboundary of an array onto a return address on the run-timestack. If the arrays are repositioned to the heap at compiletime, none of these attacks succeed. Furthermore, repositioningbuffers to the heap should perturb the heap memoryenough to prevent many heap overflows as well.We have created a tool called Gemini that repositionsstack allocated arrays at compile time using TXL. Thetransformation preserves the semantics of the program witha small performance penalty. This paper discusses thesemantics-preserving transformation of stack allocated arraysto heap allocated "pointers to arrays". A program thatis amenable to a buffer overflow attack and several Linuxprograms are used as examples to demonstrate the effectivenessand overhead of our technique.

On the occur-check-free PROLOG programs

Abstract: In most PROLOG implementations, for efficiency occur-check is omitted from the unification algorithm. This paper provides natural syntactic conditions that allow the occur-check to be safely omitted. The established results apply to most well-known PROLOG programs, including those that use difference lists, and seem to explain why this omission does not lead in practice to any complications. When applying these results to general programs, we show their usefulness for proving absence of floundering. Finally, we propose a program transformation that transforms every program into a program for which only the calls to the built-in unification predicate need to be resolved by a unification algorithm with the occur-check.

Modular monadic semantics and compilation

Abstract: Modular monadic semantics is a high-level and modular form of denotational semantics. It is capable of capturing individual programming language features and their interactions. This thesis explores the theory and applications of modular monadic semantics, including: building blocks for individual programming features, equational reasoning with laws and axioms, modular proofs, program transformation, modular interpreters, and compiler construction. We will demonstrate that the modular monadic semantics framework makes programming languages easy to specify, reason about, and implement.

Slicing as a program transformation

Abstract: The aim of this article is to provide a unified mathematical framework for program slicing which places all slicing work for sequential programs on a sound theoretical foundation. The main advantage to a mathematical approach is that it is not tied to a particular representation. In fact the mathematics provides a sound basis for any particular representation. We use the WSL (wide-spectrum language) program transformation theory as our framework. Within this framework we define a new semantic relation, semirefinement, which lies between semantic equivalence and semantic refinement. Combining this semantic relation, a syntactic relation (called reduction), and WSL's remove statement, we can give mathematical definitions for backwards slicing, conditioned slicing, static and dynamic slicing, and semantic slicing as program transformations in the WSL transformation theory. A novel technique of “encoding” operational semantics within a denotational semantics allows the framework to handle “operational slicing”. The theory also enables the concept of slicing to be applied to nondeterministic programs. These transformations are implemented in the industry-strength FermaT transformation system.

Language Design with the Spoofax Language Workbench

Abstract: IDEs are essential for programming language developers, and state-of-the-art IDE support is mandatory for programming languages to be successful. Although IDE features for mainstream programming languages are typically implemented manually, this often isn't feasible for programming languages that must be developed with significantly fewer resources. The Spoofax language workbench is a platform for developing textual programming languages with state-of-the-art IDE support. Spoofax is a comprehensive environment that integrates syntax definition, name binding, type analysis, program transformation, code generation, and declarative specification of IDE components. It also provides high-level languages for each of these aspects. These languages are highly declarative, abstracting over the implementation of IDE features and letting engineers focus on language design.