lightweight verification of array indexing
play

Lightweight Verification of Array Indexing Martin Kellogg* , - PowerPoint PPT Presentation

Oct 03, 2022 •405 likes •751 views

Lightweight Verification of Array Indexing Martin Kellogg* , Vlastimil Dort**, Suzanne Millstein*, Michael D. Ernst* * University of Washington, Seattle ** Charles University, Prague The problem: unsafe array indexing In unsafe

  1. Lightweight Verification of Array Indexing Martin Kellogg* , Vlastimil Dort**, Suzanne Millstein*, Michael D. Ernst* * University of Washington, Seattle ** Charles University, Prague

  2. The problem: unsafe array indexing ● In unsafe languages (C): buffer overflow! ● In managed languages (Java, C#, etc.): exception, program crashes 2

  3. The state of the art Strength of guarantees Practical for developers 3

  4. The state of the art Coq KeY Clousot Strength of guarantees Practical for developers 4

  5. The state of the art Coq KeY Clousot Strength of guarantees Coverity FindBugs Practical for developers 5

  6. The state of the art Coq KeY Clousot The Index Checker (this talk) Strength of guarantees Coverity FindBugs Practical for developers 6

  7. Problems with complex analyses - false positives - annotation burden - complex analyses are hard to predict 7

  8. Problems with complex analyses - false positives ● bounds checking is hard → complex analysis ● complex analysis → harder to implement ● harder to implement → more false positives - annotation burden - complex analyses are hard to predict 8

  9. Problems with complex analyses - false positives ● bounds checking is hard → complex analysis ● complex analysis → harder to implement ● harder to implement → more false positives - annotation burden ● complex analysis → complex annotations - complex analyses are hard to predict 9

  10. Problems with complex analyses - false positives ● bounds checking is hard → complex analysis ● complex analysis → harder to implement ● harder to implement → more false positives - annotation burden ● complex analysis → complex annotations complex analyses are hard to predict - 10

  11. Insight: Fundamental problem is complex analyses! 11

  12. Cooperating simple analyses Solve all three problems: 12

  13. Cooperating simple analyses Solve all three problems: ● simpler implementation → fewer false positives 13

  14. Cooperating simple analyses Solve all three problems: ● simpler implementation → fewer false positives ● simpler abstractions → easier to write annotations 14

  15. Cooperating simple analyses Solve all three problems: ● simpler implementation → fewer false positives ● simpler abstractions → easier to write annotations ● simpler analysis → simpler to predict 15

  16. Proving an array access safe T[] a = …; int i = …; ... a[i] ... We need to show that: ● i is an index for a 16

  17. Proving an array access safe T[] a = …; int i = …; ... a[i] ... We need to show that: ● i is an index for a ● i ≥ 0 ● i < a.length 17

  18. Proving an array access safe T[] a = …; int i = …; ... a[i] ... We need to show that: ● i is an index for a A lower bound on i ● i ≥ 0 An upper bound on i ● i < a.length 18

  19. A type system for lower bounds T @LowerBoundUnknown int i ↑ ↑ i ≥ -1 @GTENegativeOne int i ↑ ↑ i ≥ 0 @NonNegative int i ↑ ↑ i ≥ 1 @Positive int i 19

  20. A type system for lower bounds T @LowerBoundUnknown int i ↑ ↑ i ≥ -1 @GTENegativeOne int i ↑ ↑ i ≥ 0 @NonNegative int i ↑ ↑ i ≥ 1 @Positive int i 20

  21. A type system for upper bounds if (i >= 0 && i < a. length ) { a[i] = ... } 21

  22. A type system for upper bounds if (i >= 0 && i < a. length ) { a[i] = ... } i < a.length @LTLengthOf (“a”) int i 22

  23. Type systems Linear inequalities Minimum lengths i < j a.length > 10 Negative indices Lower bounds | i | < a.length i ≥ 0 Equal lengths Upper bounds a.length = b.length i < a.length 23

  24. Type systems Linear inequalities Minimum lengths i < j a.length > 10 Negative indices Lower bounds | i | < a.length i ≥ 0 Equal lengths Upper bounds a.length = b.length i < a.length 24

  25. A type system for minimum array lengths if (a. length >= 3) { a[2] = ...; } 25

  26. A type system for minimum array lengths if (a. length >= 3) { a[2] = ...; } a.length ≥ i T @MinLen (i) [] a 26

  27. Evaluation Three case studies: ● Google Guava (two packages) ● JFreeChart ● plume-lib Comparison to existing tools: ● FindBugs, KeY, Clousot 27

  28. Case Studies Guava JFreeChart plume-lib Total Lines of code 10,694 94,233 14,586 119,503 Bugs found 5 64 20 89 Annotations 510 2,938 241 3,689 False positives 138 386 43 567 Java casts 222 2,740 219 3,181 28

  29. Comparison to other tools: confirmed bugs Approach Bug finder Verif. w/ solver Abs. interpret. Types Tool Index Checker FindBugs KeY Clousot True Positives False Negatives Time (100k LoC) 29

  30. Comparison to other tools: confirmed bugs Approach Bug finder Verif. w/ solver Abs. interpret. Types Tool Index Checker FindBugs KeY Clousot True Positives False Negatives Time (100k LoC) ~10 minutes ~1 minute cannot scale ~200 minutes 30

  31. Comparison to other tools: confirmed bugs Approach Bug finder Verif. w/ solver Abs. interpret. Types Tool Index Checker FindBugs KeY Clousot True Positives 18/18 0/18 9/18 16/18 False Negatives 0/18 18/18 1/18 2/18 Time (100k LoC) ~10 minutes ~1 minute cannot scale ~200 minutes 31

  32. Using the Index Checker ● Distributed with Checker Framework www.checkerframework.org 32

  33. Contributions ● A methodology: simple, cooperative type systems ● An analysis: abstractions for array indexing ● An implementation and evaluation for Java ● Verifying the absence of array bounds errors in real codebases (and finding bugs in the process!) 33

Recommend

L10 June 26, 2017 1 Lecture 10: Array Indexing, Slicing, and Broadcasting CSCI 1360E:

L10 June 26, 2017 1 Lecture 10: Array Indexing, Slicing, and Broadcasting CSCI 1360E:

L10 June 26, 2017 1 Lecture 10: Array Indexing, Slicing, and Broadcasting CSCI 1360E: Foundations for Informatics and Analytics 1.1 Overview and Objectives Most of this lecture will be a review of basic indexing and slicing operations, albeit

514 views • 13 slides
L9 June 25, 2018 1 Lecture 9: Array Indexing, Slicing, and Broadcasting CSCI 1360E: Foundations

L9 June 25, 2018 1 Lecture 9: Array Indexing, Slicing, and Broadcasting CSCI 1360E: Foundations

L9 June 25, 2018 1 Lecture 9: Array Indexing, Slicing, and Broadcasting CSCI 1360E: Foundations for Informatics and Analytics 1.1 Overview and Objectives Most of this lecture will be a review of basic indexing and slicing operations, albeit

620 views • 13 slides
Two Birds, One Stone: A Fast, yet Lightweight, Indexing Scheme for Modern Database Systems Jia Yu

Two Birds, One Stone: A Fast, yet Lightweight, Indexing Scheme for Modern Database Systems Jia Yu

Two Birds, One Stone: A Fast, yet Lightweight, Indexing Scheme for Modern Database Systems Jia Yu and Mohamed Sarwat Arizona State University Motivation Tree index Fast index search Large storage overhead: 5% - 15% additional

371 views • 23 slides
C: Array layout and indexing CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming

C: Array layout and indexing CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming

ex C: Array layout and indexing CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of Computer Systems Ben Wood Ben Wood int val[5]; +0 +4 +8 +12 +16 Representing Write x86 code to load val[i] into

213 views • 4 slides
GLAD: Groningen Lightweight Authorship Detection PAN, Authorship verification, 2015 Manuela

GLAD: Groningen Lightweight Authorship Detection PAN, Authorship verification, 2015 Manuela

GLAD: Groningen Lightweight Authorship Detection PAN, Authorship verification, 2015 Manuela Hrlinmann, Benno Weck, Esther van den Berg, Simon uster, Malvina Nissim The challenge given: a set of Known documents written by the same Author

579 views • 34 slides
Preventing errors before they happen: Lightweight verification via pluggable type-checking

Preventing errors before they happen: Lightweight verification via pluggable type-checking

print( @Readonly Object x) { List&lt; @NonNull String&gt; lst; } Preventing errors before they happen: Lightweight verification via pluggable type-checking Michael D. Ernst University of Washington (Seattle, WA, USA) University of Buenos

600 views • 48 slides
Representing Data Structures Multidimensional arrays Structs Array Layout and Indexing int

Representing Data Structures Multidimensional arrays Structs Array Layout and Indexing int

Representing Data Structures Multidimensional arrays Structs Array Layout and Indexing int val[5]; +0 +4 +8 +12 +16 Write x86 code to load val[i] into %rax. 1. Assume: Base address of val is in %rdi i is in %rsi 2. Assume:

457 views • 14 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Program Verification using Constraint Handling Rules and Array Constraint Generalizations

Program Verification using Constraint Handling Rules and Array Constraint Generalizations

Program Verification using Constraint Handling Rules and Array Constraint Generalizations Emanuele De Angelis 1 , 3 , Fabio Fioravanti 1 , Alberto Pettorossi 2 , and Maurizio Proietti 3 1 University of Chieti-Pescara G. dAnnunzio, Italy 2

508 views • 36 slides
Distributed Indexing Indexing, session 8 CS6200: Information Retrieval Slides by: Jesse Anderton

Distributed Indexing Indexing, session 8 CS6200: Information Retrieval Slides by: Jesse Anderton

Distributed Indexing Indexing, session 8 CS6200: Information Retrieval Slides by: Jesse Anderton Distributing Indexing The scale of web indexing makes it infeasible to maintain an index on a single computer. Instead, we distribute the task

383 views • 36 slides
The Calculus of Computation: Decision Procedures with 11. Arrays Applications to Verification

The Calculus of Computation: Decision Procedures with 11. Arrays Applications to Verification

The Calculus of Computation: Decision Procedures with 11. Arrays Applications to Verification by Aaron Bradley Zohar Manna Springer 2007 11- 1 11- 2 (2) Array Property Fragment of T A Array Property Fragment of T A Decidable fragment of T A

425 views • 6 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
Indexing Presentation - The Basics Attached is the slide deck for a short presentation on indexing

Indexing Presentation - The Basics Attached is the slide deck for a short presentation on indexing

Steve Stedman Freelance SQL Server Consultant http://stevestedman.com Indexing Presentation - The Basics Attached is the slide deck for a short presentation on indexing that was created to educate software developers on the basics of indexing.

173 views • 4 slides
(from Chapters 10/11 of the text) document.write(theArray[ii] + &lt;br/&gt;&quot; ); }

(from Chapters 10/11 of the text) document.write(theArray[ii] + &lt;br/&gt;&quot; ); }

Everything you ever wanted to know about arrays function initializeArrays() IT350 Web and Internet Programming { var n1 = new Array( 5 ); // allocate 5-element Array var n2 = new Array(); // allocate empty Array for ( var i = 0; i

210 views • 8 slides
The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept will revolutionise the aviation industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight applications Patent Applied For

479 views • 12 slides
x86 ARRAYS RECALL ARRAYS char foo[80]; An array of 80 characters int bar[40]; An array of

x86 ARRAYS RECALL ARRAYS char foo[80]; An array of 80 characters int bar[40]; An array of

x86 ARRAYS RECALL ARRAYS char foo[80]; An array of 80 characters int bar[40]; An array of 40 integers 2 ARRAY ALLOCATION Basic Principle T A[L]; A is an array of data type T and length L Contiguously allocated region of L *

520 views • 22 slides
+ Arrays and Files + Review n Array n int[] diameters = new int[10]; n diameters[0],

+ Arrays and Files + Review n Array n int[] diameters = new int[10]; n diameters[0],

+ Arrays and Files + Review n Array n int[] diameters = new int[10]; n diameters[0], diameters[2], diameters[9] n diameters.length Indexing starts at 0 A way to have a collection of variables instead of individual ones +

450 views • 17 slides
singly linked lists Sept. 18, 2017 1 Recall last lecture: Java array array array array of

singly linked lists Sept. 18, 2017 1 Recall last lecture: Java array array array array of

COMP 250 Lecture 5 singly linked lists Sept. 18, 2017 1 Recall last lecture: Java array array array array of int of Shape (unspecified objects type) 34 657 -232 -823 23 1192 0 null 0 null I have drawn each of these as array

693 views • 31 slides
PDL Basics of Indexing and Threading Outline Motivation Indexing Dimension

PDL Basics of Indexing and Threading Outline Motivation Indexing Dimension

PDL Basics of Indexing and Threading Outline Motivation Indexing Dimension manipulation Slicing Parent and child relation Threading Function's signature The core and extra dimensions References: 1.

470 views • 31 slides
Review We can declare an array of any type, even other arrays A 2D array is an array of

Review We can declare an array of any type, even other arrays A 2D array is an array of

Review We can declare an array of any type, even other arrays A 2D array is an array of arrays float[][] myFloats = new float[10][20]; All elements of a 2D array can be accessed using nested loops for (int i=0; i&lt;10; i++) {

679 views • 33 slides
New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K. Schramm Workshop on Fast Software Encryption 2007 Outline Introduction Why lightweight? Why choose DES? DESL: DES Lightweight Why change DES?

364 views • 12 slides
Bitmap Indexing and related indexing techniques Presented by: El Ghailani Maher Outline I

Bitmap Indexing and related indexing techniques Presented by: El Ghailani Maher Outline I

Bitmap Indexing and related indexing techniques Presented by: El Ghailani Maher Outline I ntroduction ! W hy I ndexing? ! Factors that determ ine the convenient I ndexing ! technique Criteria to develop a new indexing technique ! Bitm

516 views • 41 slides
Quick Check A Lightweight Tool for Random Testing of Haskell Programs Koen Claessen, John Hughes

Quick Check A Lightweight Tool for Random Testing of Haskell Programs Koen Claessen, John Hughes

Quick Check A Lightweight Tool for Random Testing of Haskell Programs Koen Claessen, John Hughes Verification versus Validation # We want a program to be correct. # Problem: To verify it, we need specifications. # We can validate it by

356 views • 20 slides
Proof-Theoretic Foundations of Indexing in Logic Programming Iliano Cervesato iliano@cmu.edu

Proof-Theoretic Foundations of Indexing in Logic Programming Iliano Cervesato iliano@cmu.edu

Indexing over Predicates Indexing over Terms Beyond Horn Clauses Conclusions Proof-Theoretic Foundations of Indexing in Logic Programming Iliano Cervesato iliano@cmu.edu Carnegie Mellon University Supported by grant NPRP 4-341-1-059, Usable

867 views • 55 slides

More recommend