compositional and mechanically verified program analyzers
play

Compositional and Mechanically Verified Program Analyzers David - PowerPoint PPT Presentation

Oct 07, 2023 •206 likes •945 views

Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland Let's Design an Analysis 2 Let's Design an Analysis Property x/0 2 Let's Design an Analysis Property Program x/0 0: int x y; 1: void

  1. Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland

  2. Let's Design an Analysis 2

  3. Let's Design an Analysis Property x/0 2

  4. Let's Design an Analysis Property Program x/0 0: int x y; 1: void safe_fun(int N) { 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} 3

  5. Let's Design an Analysis Property Program 0: int x y; 1: void safe_fun(int N) { Value Abstraction x/0 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} ℤ ⊑ {-,0,+} 4

  6. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { Implement x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} analyze : exp → results analyze(x := æ) := .. x .. æ .. analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. 5

  7. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { Results x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} N ∈ {-,0,+} x ∈ {0,+} Implement y ∈ {-,0,+} 
 analyze : exp → results analyze(x := æ) := UNSAFE : {100/N} 
 .. x .. æ .. UNSAFE : {100/x} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. 6

  8. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { Prove Correct x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ Implement Results analyze : exp → results N ∈ {-,0,+} analyze(x := æ) := x ∈ {0,+} .. x .. æ .. y ∈ {-,0,+} 
 analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. UNSAFE : {100/N} 
 UNSAFE : {100/x} 7

  9. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct analyze : exp → results N ∈ {-,0,+} analyze(x := æ) := x ∈ {0,+} ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. y ∈ {-,0,+} 
 analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. UNSAFE : {100/N} 
 UNSAFE : {100/x} 8

  10. Let's Design an Analysis 0: int x y; N ∈ {-,0,+} 1: void safe_fun(int N) { x ∈ {0,+} 2: if (N ≠ 0) {x := 0;} y ∈ {-,0,+} 
 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} UNSAFE : {100/N} 
 5: else {y := 100/x;}} UNSAFE : {100/x} Flow-insensitive results : var ↦ ℘ ({-,0,+}) 9

  11. Let's Design an Analysis 4: x ∈ {0,+} 0: int x y; 4.T: N ∈ {-,+} 1: void safe_fun(int N) { 5.F: x ∈ {0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} N,y ∈ {-,0,+} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} UNSAFE : {100/x} Flow-sensitive results : loc ↦ (var ↦ ℘ ({-,0,+})) 10

  12. Let's Design an Analysis 4: N ∈ {-,+},x ∈ {0} 0: int x y; 4: N ∈ {0},x ∈ {+} 1: void safe_fun(int N) { 2: if (N ≠ 0) {x := 0;} N ∈ {-,+},y ∈ {-,0,+} 3: else {x := 1;} N ∈ {0},y ∈ {0,+} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} SAFE Path-sensitive results : loc ↦ ℘ (var ↦ ℘ ({-,0,+})) 11

  13. Let's Design an Analysis Property Program Value Abstraction ✓ 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct ? ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 13

  14. Let's Design an Analysis Property Program Value Abstraction ✓ ? x/0 safe_fun.js ℤ ⊑ {-,0,+} Implement Results Prove Correct ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 14

  15. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 15

  16. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 16

  17. Orthogonal Components Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct ? ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 17

  18. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis 18

  19. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis Challenge: Path and flow sensitivity are deeply integrated 18

  20. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis Challenge: Path and flow sensitivity are deeply integrated State-of-the-art: Redesign from scratch 18

  21. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis Challenge: Path and flow sensitivity are deeply integrated State-of-the-art: Redesign from scratch Our Insight: Monads capture path and flow sensitivity 18

  22. Galois Transformers type ! (t) op x ← e ₁ ; e ₂ Monadic small-step interpreter op return(e) 19

  23. Galois Transformers type ! (t) op x ← e ₁ ; e ₂ Monadic small-step interpreter op return(e) + Monad Transformers FlowT[ 퓈 ] 19

  24. Galois Transformers type ! (t) op x ← e ₁ ; e ₂ Monadic small-step interpreter op return(e) + Monad Transformers FlowT[ 퓈 ] + α Galois Connections γ 19

  25. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof 20

  26. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters 20

  27. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters ✓ Implemented in Haskell and available on Github 20

  28. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters ✓ Implemented in Haskell and available on Github ✗ Not whole story for path-sensitivity refinement 20

  29. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters ✓ Implemented in Haskell and available on Github ✗ Not whole story for path-sensitivity refinement ✗ Somewhat naive fixpoint iteration strategies 20

  30. Orthogonal Components Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct ✓ ✓ ? 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 21

  31. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 22

  32. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 23

  33. Systematic Design Property Program Value Abstraction x/0 ℤ ⊑ {-,0,+} Implement Results Prove Correct ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 24

  34. Systematic Design Property Program Value Abstraction ? x/0 safe_fun.js ℤ ⊑ {-,0,+} Implement Results Prove Correct ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 24

  35. Systematic Design Problem: Turn interpreters into program analyzers 25

Recommend

Developing Fast, Mechanically-Verified Cryptographic Code Bryan Parno Carnegie Mellon University

Developing Fast, Mechanically-Verified Cryptographic Code Bryan Parno Carnegie Mellon University

Developing Fast, Mechanically-Verified Cryptographic Code Bryan Parno Carnegie Mellon University 1 The HTTPS Ecosystem is critical Services & Applications Edge cURL Skype Apache Nginx WebKit IIS Clients Servers HTTPS Ecosystem

1.17k views • 82 slides
SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM Liu Yang, Associate

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM Liu Yang, Associate

1 SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Securify Architecture Reasoning with Untrusted Components

418 views • 13 slides
Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Generic Programming and Library Development The Problems Presentation on Program Code Analyzers Dynamic and Static Tools May 18 th 2007 Examples of Tools Program Code Analyzers Agenda The Problem Dynamic and Static Tools

388 views • 13 slides
An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSuplec 2 19 January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong

251 views • 21 slides
New UPM analyzers & smart kits Power analyzers for energy control in industrial environment

New UPM analyzers & smart kits Power analyzers for energy control in industrial environment

New UPM analyzers & smart kits Power analyzers for energy control in industrial environment for CTs (UPM209 UPM309) for DIRECT connection up to 80A (UPM209) for ROGOWSKI coils (UPM209RGW UPM309RGW) 1 NEW UPM ANALYZERS UPM209 UPM309

260 views • 10 slides
Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September 28, 2015 Compositional program analysis P P Break program into parts P P Analyze each part P P Compose the results Incremental analysis

787 views • 62 slides
COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction) Mykola (Nikolaj) S. Nikitchenko Taras Shevchenko National University of Kyiv Linz, JKU, November 08-19, 2012 1 Contents Introduction

783 views • 40 slides
Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P areanu 2 Jos as 1 Technical University of Madrid, Spain 2 CMU-SV/NASA Ames, Moffett Field, CA, USA BYTECODE 2013 March 23, Rome, Italy Software

579 views • 33 slides
Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc Brockschmidt, Daniel Larraz, Albert Oliveras, Jos Miguel Rivero and Enric Rodrguez-Carbonell Universitat Politcnica de Catalunya - Barcelona Tech UCM

1.2k views • 96 slides
Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman Imperial Concurrency Workshop, July 2015 @miike Overview The C11 model is (arguably) broken: we omit problem features, most importantly no RLX.

544 views • 42 slides
A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston College g , g Andrew W. Appel, Princeton University Jan 8 2006 Jan 8, 2006 1 Mobile Code Security Protect trusted system against

561 views • 26 slides
Mechanically Stabilized Earth (MSE) Walls A Y R S T T H E C M Rajiv Goel, MD O S

Mechanically Stabilized Earth (MSE) Walls A Y R S T T H E C M Rajiv Goel, MD O S

E S Mechanically Stabilized Earth (MSE) Walls A Y R S T T H E C M Rajiv Goel, MD O S EARTHCON SYSTEMS (INDIA) PVT. LTD. N E S MECHAN ME HANICALLY ICALLY STAB TABIL ILIZ IZED ED EARTH RTH (MS MSE) E) A Y SYNO NONYMS

623 views • 46 slides
Showing a CakeML program is safe CakeML A verified implementation of ML Formally

Showing a CakeML program is safe CakeML A verified implementation of ML Formally

First steps towards a semantic type system for CakeML Hrutvik Kanabar 1 January 23, 2020 University of Kent 1 Supervised by Scott Owens. Supported by the UK Research Institute in Verified Trustworthy Software Systems (VeTSS). Showing a CakeML

425 views • 28 slides
Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Full functional verification Method: Come up with a complete specification of the program Prove the program

852 views • 52 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
MS Mass Analyzers Mass analyzers are analogous to optical monochromator Two main

MS Mass Analyzers Mass analyzers are analogous to optical monochromator Two main

CEE 772 Lecture #27 12/10/2014 Updated: 10 December 2014 Print version CEE 772: Instrumental Methods in Environmental Analysis Lecture #21 Mass Spectrometry: Mass Filters & Spectrometers (Skoog, Chapt. 20, pp.511 524 ) (Harris, Chapt.

522 views • 20 slides
Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

From the office of Texas Conference of SDA Human Resources ___________________________________ Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus She will be working with every church and

279 views • 5 slides
Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional

Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional

Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional Deep Learning Bruno Gavranovi c Faculty of Electrical Engineering and Computing (FER) University of Zagreb, Croatia bruno.gavranovic@fer.hr

1.22k views • 102 slides
Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda What is Verified Boot? Description of Verified Boot Components Q&A What Is Verified Boot? Verified Boot establishes a chain of

432 views • 19 slides
ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical Systems Stefan Mitsch Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop 2017 May 12, 2017 joint work with Andr e

537 views • 31 slides
Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop, Dec. 12, 2014 For Details, see ModelPlex paper at

504 views • 27 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert

Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert

Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert Sison 13 Jan 2018 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au A confidentiality-preserving program Cross Domain Desktop Compositor

1.49k views • 118 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides

More recommend