Riouak, I., Fors, N., Öqvist, J., Hedin, G., & Reichenbach, C. (2024). Efficient Demand Evaluation of Fixed-Point Attributes Using Static Analysis. Proceedings of the 17th International Conference on Software Language Engineering (SLE 2024). https://conf.researchr.org/home/sle-2024
@inproceedings{riouak2024efficient,
author = {Riouak, Idriss and Fors, Niklas and Öqvist, Jesper and Hedin, Görel and Reichenbach, Christoph},
title = {Efficient Demand Evaluation of Fixed-Point Attributes Using Static Analysis},
booktitle = {Proceedings of the 17th International Conference on Software Language Engineering (SLE 2024)},
year = {2024},
location = {Pasadena, CA, USA},
publisher = {ACM},
file = {dncpaper.pdf},
url = {https://conf.researchr.org/home/sle-2024},
award = {Distinguished Paper Award},
award2 = {Distinguished Artifact Award}
}
Declarative approaches to program analysis promise a number of practical advantages over imperative approaches, from eliminating manual worklist management to increasing modularity. Reference Attribute Grammars (RAGs) are one such approach. One particular advantage of RAGs is the automatic generation of on-demand implementations, suitable for query-based interactive tooling as well as for client analyses that do not require full evaluation of underlying analyses. While historically aimed at compiler frontend construction, the addition of circular (fixed-point) attributes also makes them suitable for dataflow problems. However, prior algorithms for on-demand circular RAG evaluation can be inefficient or even impractical for dataflow analysis of realistic programming languages like Java. We propose a new demand algorithm for attribute evaluation that addresses these weaknesses, and apply it to a number of real-world case studies. Our algorithm exploits the fact that some attributes can never be circular, and we describe a static meta-analysis that identifies such attributes, and obtains a median steady-state performance speedup of 2.5x and s22x for dead-assignment and null-pointer dereference analyses, respectively.
Riouak, I. (2024). Using Static Analysis to Improve the Efficiency of Program Analysis. Programming 2024, ACM SIGPLAN Student Research Competition. https://src.acm.org/binaries/content/assets/src/2024/idriss-riouak.pdf
@inproceedings{riouak2024src,
author = {Riouak, Idriss},
title = {Using Static Analysis to Improve the Efficiency of Program Analysis},
booktitle = {Programming 2024, ACM SIGPLAN Student Research Competition},
year = {2024},
location = {Lund, Sweden},
publisher = {ACM},
file = {src.pdf},
url = {https://src.acm.org/binaries/content/assets/src/2024/idriss-riouak.pdf},
award = {First Place}
}
Riouak, I., Fors, N., Hedin, G., & Reichenbach, C. (2024). IntraJ: An On-Demand Framework for Intraprocedural Java Code Analysis. The International Journal on Software Tools for Technology Transfer (STTT).
@inproceedings{Riouak2024IntraJ,
author = {Riouak, Idriss and Fors, Niklas and Hedin, G{\"o}rel and Reichenbach, Christoph},
title = {IntraJ: An On-Demand Framework for Intraprocedural Java Code Analysis},
journal = {The International Journal on Software Tools for Technology Transfer (STTT)},
year = {2024},
file = {intraj-sttt.pdf}
}
Static analysis tools play a crucial role in software development by detecting bugs and vulnerabilities. However, running these tools separately from the code editing process often causes developers to switch contexts, which can reduce productivity. Previous work has shown how Reference Attribute Grammars (RAGs) can be used for declarative implementation of competitive tooling for intraprocedural control-flow and dataflow analysis of Java source code, embodied in the tool IntraJ. In this paper, we demonstrate how IntraJ can be leveraged to provide interactive analysis results directly in the editor, similar to compile-time error detection, relying on automatic on-demand evaluation of RAGs. We discuss the architecture of IntraJ, and demonstrate how it can be integrated into the development process in three different ways: in the command line, in an editor integration based on the Language Server Protocol, and in an integration with the debugging tool CodeProber. We showcase the extensibility of IntraJ by illustrating how new client analyses and language constructs can be added to the framework through RAG specifications. Finally, we evaluate the interactive performance of IntraJ on a set of real-world Java benchmarks, demonstrating that IntraJ can provide interactive feedback to developers, achieving a response time of under 0.1 seconds for most compilation units.
Riouak, I., Hedin, G., Reichenbach, C., & Fors, N. (2022). JFeature: Know Your Corpus. 22st IEEE International Working Conference on Source Code Analysis
and Manipulation, SCAM 2022, Cyprus October 3-4, 2022. https://github.com/lu-cs-sde/JFeature/blob/main/preprint.pdf
@inproceedings{RiouakCorpus22,
author = {Riouak, Idriss and Hedin, G{\"{o}}rel and Reichenbach, Christoph and Fors, Niklas},
title = {JFeature: Know Your Corpus},
booktitle = {22st {IEEE} International Working Conference on Source Code Analysis
and Manipulation, {SCAM} 2022, Cyprus October 3-4, 2022},
publisher = {{IEEE}},
year = {2022},
url = {https://github.com/lu-cs-sde/JFeature/blob/main/preprint.pdf},
file = {JFeature.pdf},
slide = {JFeatureSlides.pdf}
}
Software corpora are crucial for evaluating research artifacts and ensuring repeatability of outcomes. Corpora such as DaCapo and Defects4J provide a collection of real-world open-source projects for evaluating the robustness and performance of software tools like static analysers. However, what do we know about these corpora? What do we know about their composition? Are they really suited for our particular problem? We developed JFeature, an extensible static analysis tool that extracts syntactic and semantic features from Java programs, to assist developers in answering these questions. We demonstrate the potential of JFeature by applying it to four widely-used corpora in the program analysis area, and we suggest other applications, including longitudinal studies of individual Java projects and the creation of new corpora.
Riouak, I., Reichenbach, C., Hedin, G., & Fors, N. (2021). A Precise Framework for Source-Level Control-Flow Analysis. 21st IEEE International Working Conference on Source Code Analysis
and Manipulation, SCAM 2021, Luxembourg, September 27-28, 2021, 1–11. https://doi.org/10.1109/SCAM52516.2021.00009
@inproceedings{RiouakRHF21,
author = {Riouak, Idriss and Reichenbach, Christoph and Hedin, G{\"{o}}rel and Fors, Niklas},
title = {A Precise Framework for Source-Level Control-Flow Analysis},
booktitle = {21st {IEEE} International Working Conference on Source Code Analysis
and Manipulation, {SCAM} 2021, Luxembourg, September 27-28, 2021},
pages = {1--11},
publisher = {{IEEE}},
year = {2021},
url = {https://doi.org/10.1109/SCAM52516.2021.00009},
doi = {10.1109/SCAM52516.2021.00009},
biburl = {https://dblp.org/rec/conf/scam/RiouakRHF21.bib},
bibsource = {dblp computer science bibliography, https://dblp.org},
youtube = {https://www.youtube.com/watch?v=H5MJefq0fkw},
file = {IntraJ.pdf},
slide = {IntraJSlides.pdf},
poster = {IntraJPoster.pdf}
}
This paper presents INTRACFG, a declarative and language-independent framework for constructing precise intraprocedural control-flow graphs (CFGs) based on the reference attribute grammar system JastAdd. Unlike most other frameworks, which build CFGs on an Intermediate Representation level, e.g., bytecode, our approach superimposes the CFGs on the Abstract Syntax Tree, enabling accurate client analysis. Moreover, INTRACFG overcomes expressivity limitations of an earlier RAG-based framework, allowing the construction of AST-Unrestricted CFGs: CFGs whose shape is not confined to the AST structure. We evaluate the expressivity of INTRACFG with INTRAJ, an application of INTRACFG to Java 7, by comparing two data flow analyses built on top of INTRAJ against tools from academia and from the industry. The results demonstrate that INTRAJ is effective at building precise and efficient CFGs and enables analyses with competitive performance.
Fabiano, F., Riouak, I., Dovier, A., & Pontelli, E. (2019). Non-Well-Founded Set Based Multi-Agent Epistemic Action Language. In A. Casagrande & E. G. Omodeo (Eds.), Proceedings of the 34th Italian Conference on Computational Logic,
Trieste, Italy, June 19-21, 2019 (Vol. 2396, pp. 242–259). CEUR-WS.org. http://ceur-ws.org/Vol-2396/paper38.pdf
@inproceedings{FabianoRDP19,
author = {Fabiano, Francesco and Riouak, Idriss and Dovier, Agostino and Pontelli, Enrico},
editor = {Casagrande, Alberto and Omodeo, Eugenio G.},
title = {Non-Well-Founded Set Based Multi-Agent Epistemic Action Language},
booktitle = {Proceedings of the 34th Italian Conference on Computational Logic,
Trieste, Italy, June 19-21, 2019},
series = {{CEUR} Workshop Proceedings},
volume = {2396},
pages = {242--259},
publisher = {CEUR-WS.org},
year = {2019},
url = {http://ceur-ws.org/Vol-2396/paper38.pdf},
timestamp = {Wed, 12 Feb 2020 16:44:22 +0100},
biburl = {https://dblp.org/rec/conf/cilc/FabianoRDP19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org},
file = {nonwellfoundedsets.pdf}
}
This work focuses
Frehse, G., Abate, A., Adzkiya, D., Becchi, A., Bu, L., Cimatti, A., Giacobbe, M., Griggio, A., Mover, S., Mufid, M. S., Riouak, I., Tonetta, S., & Zaffanella, E. (2019). ARCH-COMP19 Category Report: Hybrid Systems with Piecewise Constant
Dynamics. In G. Frehse & M. Althoff (Eds.), ARCH19. 6th International Workshop on Applied Verification of Continuous
and Hybrid Systemsi, part of CPS-IoT Week 2019, Montreal, QC, Canada,
April 15, 2019 (Vol. 61, pp. 1–13). EasyChair. https://doi.org/10.29007/rjwn
@inproceedings{FrehseAABBCGGMM19,
author = {Frehse, Goran and Abate, Alessandro and Adzkiya, Dieky and Becchi, Anna and Bu, Lei and Cimatti, Alessandro and Giacobbe, Mirco and Griggio, Alberto and Mover, Sergio and Mufid, Muhammad Syifa'ul and Riouak, Idriss and Tonetta, Stefano and Zaffanella, Enea},
editor = {Frehse, Goran and Althoff, Matthias},
title = {{ARCH-COMP19} Category Report: Hybrid Systems with Piecewise Constant
Dynamics},
booktitle = {{ARCH19.} 6th International Workshop on Applied Verification of Continuous
and Hybrid Systemsi, part of CPS-IoT Week 2019, Montreal, QC, Canada,
April 15, 2019},
series = {EPiC Series in Computing},
volume = {61},
pages = {1--13},
publisher = {EasyChair},
year = {2019},
url = {https://doi.org/10.29007/rjwn},
doi = {10.29007/rjwn},
timestamp = {Thu, 14 Oct 2021 10:03:59 +0200},
biburl = {https://dblp.org/rec/conf/cpsweek/FrehseAABBCGGMM19.bib},
bibsource = {dblp computer science bibliography, https://dblp.org},
file = {arch.pdf}
}
Theses
Riouak, I. (2024). Towards Declarative Specification of Static Analysis for Programming Tools. Lund University.
@thesis{phd,
title = {Towards Declarative Specification of Static Analysis for Programming Tools},
author = {Riouak, Idriss},
year = {2024},
month = nov,
day = {22},
language = {English},
isbn = {978-91-8104-242-9},
publisher = {Lund University},
file = {phd_thesis_idriss_riouak.pdf},
slidesonline = {https://lunduniversityo365-my.sharepoint.com/:p:/g/personal/id2767ri_lu_se/EaeVJA_3lEdOh0sVidwK-SMBZ4fFktVEhreimv13u1oTBQ?e=7UYfTU}
}
Static program analysis plays a crucial role in ensuring the quality and security of software applications by detecting bugs and potential vulnerabilities in the code. Traditionally, these analyses are performed offline, either as part of the continuous integration/continuous deployment pipeline or overnight on the entire repository. However, this delayed feedback disrupts developer productivity, requiring context switches and adding overhead to the development process. Integrating these analysis results directly into the integrated development environment (IDE), similar to how type errors or code smells are reported, would enhance the development process. As developers increasingly rely on IDEs for real-time feedback, the efficiency and responsiveness of these tools have become critical. In such settings, developers expect immediate and precise results as they write and modify code, making it particularly challenging to achieve response times sufficiently low to not interrupt the thought process. This thesis addresses these challenges by investigating the design and implementation of control-flow and dataflow analyses using the declarative Reference Attribute Grammars formalism. This formalism provides a high-level programming approach that enhances expressivity and modularity, making it easier to develop and maintain analyses. Central to this thesis is the development of IntraCFG, a language-agnostic framework designed to perform control-flow and dataflow analyses directly on source code rather than relying on intermediate representations. By superimposing control-flow graphs onto the abstract syntax tree, IntraCFG removes the need for intermediate representations that are often lossy and expensive to generate. This approach allows for the construction of efficient but still precise dataflow analysis. We demonstrate the effectiveness of IntraCFG through two case studies: IntraJ and IntraTeal. These case studies showcase the potential and flexibility of IntraCFG in diverse contexts, such as bug detection and education. IntraJ supports the Java programming language, while IntraTeal is a tool designed for teaching program analysis for the educational language Teal. IntraJ has proven to be faster than, and as precise as, well-known industrial tools. Additionally, this thesis introduces a new algorithm for the demand-driven evaluation of fixed-point (i.e., circular) attributes, which has proven essential for the performance of dataflow analyses in IntraJ. This improvement allows IntraJ to achieve response times below 0.1 seconds, making it suitable for use in interactive development environments.
Riouak, I. (2023). Declarative Specification of Intraprocedural Control-flow and Dataflow Analysis. Lund University.
@thesis{licensiate,
title = {Declarative Specification of Intraprocedural Control-flow and Dataflow Analysis},
keywords = {Static program analysis, Declarative paradigms, Reference Attribute Grammars, Control flow analysis, Data flow analysis, IntraCFG framework, Bug detection, IntraJ Static Analyser, Interactive bug detection and fixing, JFeature Static Analyser},
author = {Riouak, Idriss},
year = {2023},
month = feb,
day = {17},
language = {English},
isbn = {978-91-8039-587-8},
publisher = {Lund University},
file = {2023_IdrissRiouak_Lic.pdf},
doi = {https://lucris.lub.lu.se/ws/portalfiles/portal/138416191/2023_IdrissRiouak_Lic.pdf},
slidesonline = {https://1drv.ms/p/s!Ak1s59rIlqOyqaBhr0G62ZazZDf0_A?e=Jjhhhx}
}
Static program analysis plays a crucial role in ensuring the quality and security of software applications by detecting and fixing bugs, and potential security vulnerabilities in the code. The use of declarative paradigms in dataflow analysis as part of static program analysis has become increasingly popular in recent years. This is due to its enhanced expressivity and modularity, allowing for a higher-level programming approach, resulting in easy and efficient development.The aim of this thesis is to explore the design and implementation of control-flow and dataflow analyses using the declarative Reference Attribute Grammars formalism. Specifically, we focus on the construction of analyses directly on the source code rather than on an intermediate representation.The main result of this thesis is our language-agnostic framework, called IntraCFG. IntraCFG enables efficient and effective dataflow analysis by allowing the construction of precise and source-level control-flow graphs. The framework superimposes control-flow graphs on top of the abstract syntax tree of the program. The effectiveness of IntraCFG is demonstrated through two case studies, IntraJ and IntraTeal. These case studies showcase the potential and flexibility of IntraCFG in diverse contexts, such as bug detection and education. IntraJ supports the Java programming language, while IntraTeal is a tool designed for teaching program analysis for an educational language, Teal.IntraJ has proven to be faster than and as precise as well-known industrial tools. The combination of precision, performance, and on-demand evaluation in IntraJ leads to low latency in querying the analysis results. This makes IntraJ a suitable tool for use in interactive tools. Preliminary experiments have also been conducted to demonstrate how IntraJ can be used to support interactive bug detection and fixing.Additionally, this thesis presents JFeature, a tool for automatically extracting and summarising the features of a Java corpus, including the use of different Java features (e.g., use of Lambda Expressions) across different Java versions. JFeature provides researchers and developers with a deeper understanding of the characteristics of corpora, enabling them to identify suitable benchmarks for the evaluation of their tools and methodologies.
Riouak, I. (2019). Non-Well-Founded Set Based Multi-Agent Epistemic Action Language. University of Udine.
@thesis{uniud,
author = {Riouak, Idriss},
title = {Non-Well-Founded Set Based Multi-Agent Epistemic Action Language},
publisher = {University of Udine},
year = {2019},
month = jul,
file = {NonWelFoundedSetThesis.pdf}
}
As the research in multi-agent domain continues to grow it is becoming more and more important to investigate the agents’ relations in such systems: not only to reason about agents’ perception of the world but also about agents’ knowledge of her and others’ knowledge. This type of study is referred as epistemic reasoning. Epistemic planning i.e., planning with epistemic reasoning, is essential in many multi-agent domains.
In a variety of fields, e.g., economy, security, justice and politics, reasoning about others’ beliefs could lead to winning strategies or help in changing a group of agents’ view of the world.
In this thesis we will formalize the epistemic planning problem where the state description is based on non-well-founded set theory. The introduction of a semantics based on non-well-founded sets would permit us to characterize the planning problem without using Kripke structures, as the state-of-the-art suggests, overcoming problematic aspects such as the huge memory requirements.
Moreover, we present the language mAp where states are represented by possibilities: structures based on non-well-founded set theory. This representation will allow us to describe the language through set-based operations and also to exploit some of the results from this field, such as the concept of bisimulation, to add important features to the multi-agent epistemic community.
Riouak, I. (2016). A study on the effectiveness of automatic checkers for modernizing C++. University of Parma; Language: Italian.
@thesis{unipr,
author = {Riouak, Idriss},
title = {A study on the effectiveness of automatic checkers for modernizing C++},
publisher = {University of Parma},
year = {2016},
month = dec,
note = {Language: Italian},
file = {Parma.pdf}
}
La continua evoluzione dei linguaggi di programmazione ha reso difficile mantenere i software aggiornati alle più recenti prescrizioni e convenzioni stabilite dagli standard. Come ogni processo aziendale, la modernizzazione del software 1 rappresenta un costo. Nasce così l’esigenza d’avere strumenti che automatizzino tale processo.
Clang Tidy è uno software scritto in C++. Il suo scopo è quello di mettere a disposizione degli sviluppatori un framework flessibile per diagnosticare e correggere i più comuni errori di programmazione e l’utilizzo obsoleto dei costrutti del linguaggio.
Talks
Riouak, I. (2022). Source-Level Dataflow-Based Fixes: Experiences From Using Intraj and Magpiebridge. ECOOP; PRIDE Workshop - Berlin. https://2022.ecoop.org/details/pride-2022/6/Source-Level-Dataflow-Based-Fixes-Experiences-From-Using-Intraj-and-Magpiebridge
@incollection{invited_3,
author = {Riouak, Idriss},
note = {PRIDE Workshop - Berlin},
publisher = {ECOOP},
year = {2022},
url = {https://2022.ecoop.org/details/pride-2022/6/Source-Level-Dataflow-Based-Fixes-Experiences-From-Using-Intraj-and-Magpiebridge},
title = {Source-Level Dataflow-Based Fixes: Experiences From Using Intraj and Magpiebridge},
file = {pride.pdf}
}
Riouak, I. (2022). Presenting IntraJ Poster ad CISOSE, Google and Apple. IEEE; 2022 IEEE CISOSE - California.
@incollection{invited_4,
author = {Riouak, Idriss},
note = {2022 IEEE CISOSE - California},
publisher = {IEEE},
year = {2022},
title = {Presenting IntraJ Poster ad CISOSE, Google and Apple},
file = {poster.pdf}
}
Idriss Riouak, C. R., Hedin, G., & Fors, N. (2021). IntraJ - Artifact reusability. IEEE; ROSE - Recognizing and Rewarding Open Science in SE. https://icsme2021.github.io/cfp/AEandROSETrack.html
@incollection{invited_2,
author = {Idriss Riouak, Christoph Reichenbach and Hedin, G{\"{o}}rel and Fors, Niklas},
note = {ROSE - Recognizing and Rewarding Open Science in SE},
publisher = {IEEE},
year = {2021},
url = {https://icsme2021.github.io/cfp/AEandROSETrack.html},
title = {IntraJ - Artifact reusability},
youtube = {https://www.youtube.com/watch?v=0jX7doHeUp8}
}