lucefe wrote:> Hi,
> Who can recommand me some books about static analysis including
> systems verification, shape analysis and logic, termination analysis,
> security and safety, abstract interpretation and algorithms, abstract
> domain and data structures, pointer analysis, shape analysis, and data
> flow analysis.
For classic data-flow analysis, I would recommend Principles of Program
Analysis by Nielson, Nielson, and Hankin(ISBN 3642084745). The book
comes more from a programming language theory (i.e., mathematician's)
perspective, but the data-flow analysis chapter is accessible. The book
also contains some text on shape analysis, but I'm not sure if the
analysis is applicable to real languages like C.
The fourth edition "Dragon book" by Aho, Sethi, Ullman, and Lam may
also
contain good content on data-flow analysis, but I haven't used it for
that material.
After reading about classical data-flow analysis, you should read about
SSA-based analyses. SSA makes analysis more efficient. Search for papers
by cited by the SSA paper
(http://portal.acm.org/citation.cfm?id=115320&dl=).
For pointer analysis, I would recommend reading the Steensgaard paper
(http://portal.acm.org/citation.cfm?id=237727&dl=GUIDE&coll=GUIDE&CFID=85962222&CFTOKEN=76577341)
and the "Ant and the Grasshopper" paper
(http://portal.acm.org/citation.cfm?id=1250734.1250767). The first paper
describes unification-based points-to analysis, and the second one
provides the most readable English language description of Anderson's
algorithm.
Security and safety are really broad topics. If you're interested in
compiler-based memory safety, I selfishly recommend reading the SAFECode
and SVA papers (http://safecode.cs.illinois.edu) and the papers they
cite (e.g., Jones-Kelley, Ruwase and Lam). I also recommend the
SoftBound paper (PLDI 2009), the Baggy Bounds checking paper (Usenix
Security 2009), and the papers listed on Miguel Castro's publication
page (http://research.microsoft.com/en-us/um/people/mcastro/) (primarily
the Control-Flow Integrity, Data-Flow Integrity, and WIT papers).
My best recommendation, though, is to take a few compiler courses and
maybe a security course. It makes understanding the written material easier.
-- John T.
> I want to read some basic books about the topic, Thank you!
> With Best Regards to you!