preventing arithmetic overflows in alloy
play

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic - PowerPoint PPT Presentation

Oct 03, 2022 •1.29k likes •2.03k views

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson (aleks@csail.mit.edu) (dnj@csail.mit.edu) Software Design Group Massachusetts Institute of Technology Cambridge, MA International Conference of Alloy, ASM, B, VDM,

  1. Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson (aleks@csail.mit.edu) (dnj@csail.mit.edu) Software Design Group Massachusetts Institute of Technology Cambridge, MA International Conference of Alloy, ASM, B, VDM, and Z Users Pisa, Italy, June 2012 1

  2. Checking Prim’s Algorithm C Prim’s algorithm for finding A 8 7 minimum spanning tree in a graph 5 B 5 7 9 15 E D 8 9 6 11 F G

  3. Checking Prim’s Algorithm C Prim’s algorithm for finding A 8 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 15 E D D 8 9 6 11 F G 2

  4. Checking Prim’s Algorithm C Prim’s algorithm for finding A 8 7 minimum spanning tree in a graph 5 5 B 5 select an arbitrary node to start with 7 9 9 15 15 find edges from selected to unselected nodes E D D 8 9 6 6 11 F G 2

  5. Checking Prim’s Algorithm C Prim’s algorithm for finding A A 8 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 15 find edges from selected to unselected nodes E D D 8 9 select the edge with the smallest weight 6 11 F G 2

  6. Checking Prim’s Algorithm C Prim’s algorithm for finding A A 8 7 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 9 15 15 find edges from selected to unselected nodes E D D 8 9 select the edge with the smallest weight 6 6 11 F G repeat until all nodes have been selected 2

  7. Checking Prim’s Algorithm C Prim’s algorithm for finding A A 8 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 15 find edges from selected to unselected nodes E D D 8 9 select the edge with the smallest weight 6 11 F F G repeat until all nodes have been selected 2

  8. Checking Prim’s Algorithm C C Prim’s algorithm for finding A A 8 7 minimum spanning tree in a graph 5 B B 5 select an arbitrary node to start with 7 9 15 find edges from selected to unselected nodes E E D D 8 9 select the edge with the smallest weight 6 11 F F G G repeat until all nodes have been selected 2

  9. Checking Prim’s Algorithm C C A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } 2

  10. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } 2

  11. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } 2

  12. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } 2

  13. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { no edges: set Edge { spanningTree[edges] ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  14. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { counterexample: leftSum = -5; rightSum = 24 no edges: set Edge { spanningTree[edges] ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  15. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { counterexample: leftSum = -5; rightSum = 24 no edges: set Edge { spanningTree[edges] and ( sum e: edges | e.weight) > 0 ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  16. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { counterexample: leftSum = 2; rightSum = 28 no edges: set Edge { spanningTree[edges] and ( sum e: edges | e.weight) > 0 ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  17. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { causes arithmetic overflows! no edges: set Edge { spanningTree[edges] and ( sum e: edges | e.weight) > 0 ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  18. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 3

  19. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy 3

  20. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy consequences of the bounded analysis not sound with respect to proof → if no counterexample is found, one may still exist in a larger scope 3

  21. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy consequences of the bounded analysis not sound with respect to proof → if no counterexample is found, one may still exist in a larger scope not sound w.r.t. counterexamples when integers are used → arithmetic operations can overflow ⇒ spurious counterexamples 3

  22. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy consequences of the bounded analysis not sound with respect to proof → if no counterexample is found, one may still exist in a larger scope not sound w.r.t. counterexamples when integers are used → arithmetic operations can overflow ⇒ spurious counterexamples sound w.r.t. counterexamples if no integers are used → i.e., if a counterexample is found, the property does not hold → reason : relational operators are closed under finite universe 3

  23. Goal & Approach goal eliminate spurious counterexamples caused by overflows → makes the analyzer sound w.r.t. to counterexamples 4

Recommend

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz Daniel Pallos Fridman Alarcio Martins Vieira Technology Center - CBMM - Brazil Overview Motivation Master Alloy Design

537 views • 18 slides
Dealing with arithmetic overflows in the polyhedral model Bruno Cuervo Parrino Julien Narboux

Dealing with arithmetic overflows in the polyhedral model Bruno Cuervo Parrino Julien Narboux

Dealing with arithmetic overflows in the polyhedral model Bruno Cuervo Parrino Julien Narboux Eric Violard Nicolas Magaud Universit e de Strasbourg - INRIA Camus IMPACT 2012, Paris Julien Narboux (UdS) IMPACT 2012, Paris 1 / 30

535 views • 30 slides
An Overview of the Alloy Language &amp; Analyzer Slides contain some modified content from the

An Overview of the Alloy Language &amp; Analyzer Slides contain some modified content from the

An Overview of the Alloy Language &amp; Analyzer Slides contain some modified content from the Alloy Tutorial by G. Dennis &amp; R. Seater (see alloy.mit.edu) Alloy Lecture 1 1 What is Alloy? A formal language and analyzer based on Z

329 views • 6 slides
Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive Applications Alloy Zinc Automotive Applications Anti-Vibration Components Door Hinges Fasteners Brake Calipers Fluid Delivery Tubes Alkaline

317 views • 18 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a

ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a

ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a solution provider and a manufacturing company for windows openings, shutters, rapid action doors and projection screens. The company came into existence

570 views • 19 slides
Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy April 30 &amp; May 1, 2018. Cambridge, MA Alloys widespread applications Program verification Design modeling and analysis PO POL Mo MonA

220 views • 21 slides
Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Principles Of Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary Arithmetic Same basic methodology as decimal arithmetic Important to know number representation Unsigned Signed

704 views • 11 slides
Capabilities Metal Alloy and Rare Earth Alloy Manufacture Inert Atmosphere Grinding Atomizing

Capabilities Metal Alloy and Rare Earth Alloy Manufacture Inert Atmosphere Grinding Atomizing

Capabilities Metal Alloy and Rare Earth Alloy Manufacture Inert Atmosphere Grinding Atomizing Vacuum Induction Melting Vacuum Annealing Hydriding Metal Alloys Ingots and Powder Hydrogen S torage Magnets Batteries Additive

393 views • 11 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1 Buffer Overflows One of the most common vulnerabili@es in soEware Programming languages commonly associated with buffer overflows including

199 views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1 Buffer Overflows One of the most common vulnerabiliCes in soGware Programming languages commonly associated with buffer overflows including

195 views • 17 slides
Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit Performs most processor operations Control signal predicates addition subtraction logic operations shifting (w / or w / o sign extension) Figure:

205 views • 8 slides
Alloy Modeling Language meets SMT-LIB Forrest Cinelli, Kyle McCormick, Dan Dougherty WPI NSF

Alloy Modeling Language meets SMT-LIB Forrest Cinelli, Kyle McCormick, Dan Dougherty WPI NSF

Alloy Modeling Language meets SMT-LIB Forrest Cinelli, Kyle McCormick, Dan Dougherty WPI NSF Support 1408745 and 1714431 April 30 2018 1 / 11 Plan Talk about relationship between Alloy Language and SMT-LIB Want to raise questions to

237 views • 13 slides
Alloy Intro Trimble &amp; Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

Alloy Intro Trimble &amp; Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

2018 IGNSS Conference | Michael Bruno | Trimble Inc Alloy Intro Trimble &amp; Authorized Trimble Dealer Only Trimble RTN Overview RTN Software Trimble Pivot Platform RTN Hardware Trimble Alloy GNSS Receiver Zephyr 3 Antennas GNSS Field Users

317 views • 10 slides
Aluminium Niobium A Foundry and Master Alloy Manufacturers Perspective 1 Norton

Aluminium Niobium A Foundry and Master Alloy Manufacturers Perspective 1 Norton

Aluminium Niobium A Foundry and Master Alloy Manufacturers Perspective 1 Norton Aluminium Foundry &amp; Master Alloy Manufacturer A presentation at the Charles Hatchett Seminar 13 th July 2016 Background UKs leading

377 views • 21 slides
ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR &amp; DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows Buffer overflows are the source of many of the common vulnerabilities in modern software Caused by not checking the source length when writing to a

1.88k views • 130 slides
CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows II TA: Viktor Farkas vfarkas@cs Original slides by Franzi Lab 1 Deadline Reminders Lab

373 views • 11 slides
Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to understand where you have made your mistakes. Are your scores improving each week? You will need to subtract 100 from the hundreds column. 800 -

461 views • 20 slides
Overflow in addition and subtraction can happen if?? ta7 What can

Overflow in addition and subtraction can happen if?? ta7 What can

Overflows Overflow in addition and subtraction can happen if?? ta7 What can we do if there is an overflow?? Spring 2006 MIPS support two kinds of arithmetic operations in order to support the two choices

50 views • 4 slides
Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in

Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in

9/9/2012 For Next Time Read Chapter 4 Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in normal mathematics: Operator Operation * and / are applied before + and + Addition Parentheses

152 views • 3 slides
Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach

Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach

Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach Approach NY NYS S Se Senior nior Acti Action on Co Coun uncil cil Dec Decem embe ber 13 r 13, , 20 2016 16 Ev Eve e Bank Bankert ert

283 views • 24 slides
Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to understand where you have made your mistakes. Try to improve your score each week! You will need to add 100 to the hundreds column. 400 + 100 = 500

361 views • 19 slides
Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

COMPUTER ORGANIZATION AND DESIGN 5 th Edition The Hardware/Software Interface Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers Operations on integers Addition and subtraction

719 views • 57 slides

More recommend