from array domains to abstract interpretation under store
play

From Array Domains to Abstract Interpretation Under - PowerPoint PPT Presentation

Feb 15, 2024 •246 likes •759 views

From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models Thibault Suzanne, Antoine Min Static Analysis: 23rd International Symposium, SAS 2016 September, 2016, Edinburgh, UK Pirmin Schmid Seminar Software

  1. From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models Thibault Suzanne, Antoine Miné Static Analysis: 23rd International Symposium, SAS 2016 September, 2016, Edinburgh, UK Pirmin Schmid Seminar Software Engineering December 7, 2016 1

  2. De quoi s’agit-il? • New abstract interpretation of concurrent programs • Setting: Weak memory consistency • Model: store-buffer (FIFO) of infinite size • including theoretical model, proof and working implementation (OCaml) 2

  3. Memory models in Hardware and Languages • Strong consistency core 0 core 1 core 2 core 3 cache(s) cache(s) cache(s) cache(s) shared cache(s) RAM 4

  4. Memory models in Hardware and Languages • Weak consistency core 0 core 1 core 2 core 3 cache(s) cache(s) cache(s) cache(s) shared cache(s) RAM 5

  5. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) core 0 core 1 Array buffer FIFO pipeline shared memory 6

  6. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 2: Y = 2 3: shared memory (X=0; Y=0) 7

  7. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) core 0 core 1 initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3: shared memory 8

  8. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3: shared memory 9

  9. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 Y = 2 1b: ? flush 2: Y = 2 X = 1 2b: ? flush 3: shared memory 10

  10. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 2b: ? flush 3: shared memory 11

  11. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 1 2b: ? flush 3: shared memory 12

  12. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 1 2 2b: ? flush 3: shared memory 13

  13. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 1 2 2b: ? flush 3: fence 4: shared memory 14

  14. Verification: Model checkers • Promela / spin • Scyther: crypto protocols • Limitation: only finite state space • State space explosion 15

  15. Verification: Abstract interpretation. SC 16

  16. Verification: Abstract interpretation. Dan et al. 17

  17. Verification: Abstract interpretation. This study 18

  18. Comparison buffer size n ∞ m Model Checker ----- state size ∞ Dan et al. This study 19

  19. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 20

  20. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 21

  21. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 22

  22. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 23

  23. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 24

  24. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 25

  25. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 =e z 12 x 21 y 21 x 22 z 22 x 31 y 31 x 32 z 32 x 41 x 51 shared: x mem , y mem , z mem 26

  26. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 x 32 z 32 x 41 x 51 shared: x mem , y mem , z mem 27

  27. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 x 32 z 32 x 41 x 51 shared: x mem , y mem , z mem 28

  28. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 29

  29. Abstraction: handling ∞ • Key insight: summarize and partition. 𝛽 "#$ : thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 32

  30. Abstraction: handling ∞ • Key insight: summarize and partition. 𝛽 "#$ : thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 shared: x mem , y mem , z mem 33

  31. Abstraction: handling ∞ • Key insight: summarize and partition. 𝛽 "#$ : thread 1 thread 2 x 11 y 11 x 12 z 12 ∞ solved x bot1 y bot1 z bot2 cost: loosing precision shared: x mem , y mem , z mem 34

  32. Abstraction: partial buffer state information thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 shared: x mem , y mem , z mem 35

  33. Abstraction: partial buffer state information thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 2 steps: 1) summarize 2) resolve partition shared: x mem , y mem , z mem 36

  34. Abstract transformers 37

  35. Abstract transformers on partitions {.} 38

  36. Abstract transformers on partitions {.} 39

  37. Abstract transformers [[.]] using the {.} 40

  38. Abstraction: partial buffer state information thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 2 steps: 1) summarize 2) resolve partition shared: x mem , y mem , z mem 41

  39. My own code example 42

  40. Result PSO 43

  41. My own code example with fences 44

  42. Result with fences 45

  43. Code example from paper 46

  44. Benchmark 47

  45. Benchmark 48

  46. Benchmark 49

  47. Benchmark 50

  48. Benchmark 51

  49. Discussion • Good things • Limitations • Suggested improvements 52

  50. Acknowledgment • Thibault Suzanne for the VM with the working analyzer • Andrei Dan for interesting discussion 53

Recommend

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation The Verification Grand Challenge - Abstract interpretation is a mathematical theory of - - and Abstract Interpretation sound approximation of properties of formal sys- tems (including program specifications, semantics,

422 views • 10 slides
TreeKs: a Functor to Make Abstract Numerical Domains Scalable Research Internship, advised by

TreeKs: a Functor to Make Abstract Numerical Domains Scalable Research Internship, advised by

TreeKs: a Functor to Make Abstract Numerical Domains Scalable Research Internship, advised by Antoine Min e Ecole normale sup erieure, Paris, team Abstraction Mehdi Bouaziz Motivation and context Abstract interpretation is a formal

466 views • 31 slides
Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an abstract interpretation (AI)? Given: A complete join semi-lattice D . This is the abstract semantic domain. A monotonic

297 views • 25 slides
Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in this file were taken from the tutorial slides that Patrick Cousot used in VMCAI05 Abstract Interpretation A theory of sound approximation of

946 views • 92 slides
Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Motivation (1 mn) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Abstract interpretation, reminder (10 mn) . . . . . . . . . . . . . . . . . . 6 Applications of abstract interpretation (2 mn) . . . . . . . . .

876 views • 16 slides
Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e Ecole normale sup erieure, Paris year 20152016 Course 12 20 May 2016 Course 12 Abstract Interpretation III Antoine Min e p. 1 / 60

706 views • 67 slides
A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta Dipartimento di Informatica - Universit di Pisa 19/09/2012 - ITCTCS 2012 Outline 1 Type and Effect Systems 2 Abstract Interpretation 3

762 views • 24 slides
Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Just-In-Time compilation Study setup Abstract interpretation Correctness proof Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile Bastian March 7, 2018 Slides: https://tiny.tobast.fr/m2-absint-slides

445 views • 16 slides
A Practical Construction for Decomposing Numerical Abstract Domains Gagandeep Singh Markus

A Practical Construction for Decomposing Numerical Abstract Domains Gagandeep Singh Markus

A Practical Construction for Decomposing Numerical Abstract Domains Gagandeep Singh Markus Pschel Martin Vechev Department of Computer Science 1 Numerical abstract domains ( ) Cost and Numerical Domain

572 views • 19 slides
30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a 20 minute talk I gave at the 30 Years of Abstract Interpretation Workshop in San Francisco, California, USA on January 9, 2008. The subsections

196 views • 9 slides
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the class Automatically verify partial correctness of programs like the following using abstract interpretation. Void Init(int* A, int n) { for (i := 0;

908 views • 62 slides
Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer, Jan Reineke Advanced Lecture, Winter 2014/15 Abstract Interpretation Semantics-based approach to program analysis Framework to develop

488 views • 33 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John Gallagher 12 1 Roskilde University 2 IMDEA Software Institute, Madrid CP meets CAV Turun, Turkey John Gallagher Constraints in Abstract Model

375 views • 16 slides
4/18/16 Review 2D array exercise Lab 5 is now available.

4/18/16 Review 2D array exercise Lab 5 is now available.

4/18/16 Review 2D array exercise Lab 5 is now available. Find the average of each column of the 2D array int [][] ages; Store the averages in a

375 views • 4 slides
Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45 rue dUlm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot IFIP WCC Topical day on Abstract Interpretation P.

1.95k views • 183 slides
Expanded Conformal Array Sonar Atlas next generation of Bow and Flank Array Sebastian Hess 1 1

Expanded Conformal Array Sonar Atlas next generation of Bow and Flank Array Sebastian Hess 1 1

UDT 2020 UDT Extended Abstract Presentation/Panel Expanded Conformal Array Sonar Atlas next generation of Bow and Flank Array Sebastian Hess 1 1 M. Sc., Atlas Elektronik GmbH, Bremen, Germany Abstract The ATLAS Expanded Conformal Array

1.02k views • 3 slides
Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH

Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH

Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH Kim, SH Kong, HJ Lee, HJ Oh, DJ Park, Kwangkeun Yi Programming Research Laboratory Seoul National University Korea 30 Years of Abstract

920 views • 37 slides
A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with

A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with

A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with Vijay DSilva, Alessandra Palmigiano and Caterina Urban (with images from Patrick Cousot) TACL 2017 - Prague A bstract interpretation A bstract

341 views • 14 slides
Dynamic tables Task: Store a dynamic set in a table/array. Elements can only be inserted, and all

Dynamic tables Task: Store a dynamic set in a table/array. Elements can only be inserted, and all

CS 5633 -- Spring 2008 Dynamic tables Task: Store a dynamic set in a table/array. Elements can only be inserted, and all inserted elements are stored in one contiguous part in the array. The table should be as small as possible, but large enough

593 views • 9 slides
Evaluation of the Implementation of an Abstract Interpretation Algorithm using Tabled CLP n

Evaluation of the Implementation of an Abstract Interpretation Algorithm using Tabled CLP n

ICLP19 Las Cruces, September 22, 2019 Evaluation of the Implementation of an Abstract Interpretation Algorithm using Tabled CLP n Arias 1 , 2 Manuel Carro 1 , 2 Joaqu 1 IMDEA Software Institute, 2 Universidad Polit ecnica de Madrid

468 views • 42 slides
Second-Order Abstract Interpretation via Kleene Algebra Dexter Kozen Cornell University AVM

Second-Order Abstract Interpretation via Kleene Algebra Dexter Kozen Cornell University AVM

Second-Order Abstract Interpretation via Kleene Algebra Dexter Kozen Cornell University AVM 2015 Attersee, Austria 4 May 2015 Joint work with Lucja Kot CS Department Cornell University Abstract Interpretation Cousot & Cousot 79

737 views • 60 slides
Abstract Interpretation with Applications to Semantics and Static Analysis 1. The

Abstract Interpretation with Applications to Semantics and Static Analysis 1. The

Abstract Interpretation with Applications to Semantics and Static Analysis 1. The Problem: The Design of Safe and Secure Computer- Patrick Cousot cole normale suprieure Based Systems 45 rue dUlm, 75230 Paris cedex 05, France

288 views • 27 slides
Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Ahmed Rezine IDA, Linkpings Universitet Hsttermin 2019 Outline Overview Syntactic Analysis Abstract Interpretation Outline Overview

323 views • 28 slides

More recommend