Residual Monitoring of Safety Properties Prove what you can and - PowerPoint PPT Presentation

Dynamic Typestate Analysis sc = …open() [1] close sc.connect(…) close [1] open connect sc.read(…) 1 2 3 [5] read, write read, write sc.write(…) [4] read, write, connect connect, close err sc != null sc.close(); return

Dynamic Typestate Analysis sc = …open() [1] close sc.connect(…) close [1] open connect sc.read(…) 1 2 3 [5] read, write read, write sc.write(…) [4] read, write, connect connect, close err sc != null sc.close(); [1] return

Leveraging Static Typestate Analysis {1} sc = …open() {1} {2} sc.connect(…) {3} {2} sc.read(…) {3} {3} {3} sc.write(…) {3} {3} sc != null {1,2,3} {1,2,3} sc.close(); {1, err} return {1, 2, 3, err}

Leveraging Static Typestate Analysis sc = …open() [1] sc.connect(…) [1] sc.read(…) [5] sc.write(…) [4] sc != null sc.close(); [1] return

Leveraging Static Typestate Analysis sc = …open() [1] sc.connect(…) [1] sc.read(…) sc.write(…) sc != null sc.close(); [1] return

Safe Region A single-entry region, , of a control flow graph such that where

Safe Region A region of a control flow graph for which – all paths have the same cumulative effect on the typestate FSA – no transitions from a non-error state to error state

Safe Region A region of a control flow graph for which – all paths have the same cumulative effect on the typestate FSA – no transitions from a non-error state to error state 1

Safe Region A region of a control flow graph for which – all paths have the same cumulative effect on the typestate FSA – no transitions from a non-error state to error state 1 2

Example of Safe Region err 1 2 3 r1 1 -> 3 r2 2 -> 1 3 -> 2 r3 err -> err r4

Example of Safe Region err 1 2 3 r1 r2 r3 r4

Reachably Safe Region Not all states of a property reach all program points in a typestate analysis Reachably Safe Region – A region of a control flow graph which is safe relative to the subset of the typestates that may reach its entry

Example of Reachably Safe Region err 1 2 3 public void simplifiedTransformData() { SocketChannel sc; open ByteBuffer buf; sc = SocketChannel.open(); connect sc.connect( new InetSocketAddress(…)); while while (sc.read(buf) != -1){ sc.write(buf); if } if (sc != null ) sc.close(); }

Identity Safe Region • Identity Safe Region – A special case of a (reachably) safe region that yields identity summary on the subset of the typestates that may reach its entry

Example of Identity Safe Region err 1 2 3 public void simplifiedTransformData() { SocketChannel sc; open ByteBuffer buf; sc = SocketChannel.open(); connect sc.connect( new InetSocketAddress(…)); while while (sc.read(buf) != -1){ sc.write(buf); if } if (sc != null ) sc.close(); }

Algorithm Basic Steps 1. Reduces a control flow graph region to a sequence of single entry regions 2. Calls static typestate analysis to calculate functional summaries of reachable program regions 3. Within a region, identify candidate safe regions by marking boundaries that cannot be crossed by any safe region 4. Identify safe regions inside candidate safe regions 5. Drop (and if required, add) FSA transitions for safe regions 6. Repeat the steps for all regions that lie outside safe regions

Reduce Control Flow Graph public void simplifiedTransformData() sc = …open() { SocketChannel sc; sc.connect(…) ByteBuffer buf; sc = SocketChannel.open(); sc.read(…) sc.connect( new InetSocketAddress(…)); while (sc.read(buf) != -1){ sc.write(…) sc.write(buf); } if (sc != null ) sc != null sc.close(); } sc.close(); return

Reduce Control Flow Graph public void simplifiedTransformData() sc = …open() { SocketChannel sc; sc.connect(…) ByteBuffer buf; sc = SocketChannel.open(); while … sc.connect( new InetSocketAddress(…)); while (sc.read(buf) != -1){ sc != null sc.write(buf); } if (sc != null ) sc.close(); sc.close(); } return

Reduce Control Flow Graph public void simplifiedTransformData() sc = …open() { SocketChannel sc; sc.connect(…) ByteBuffer buf; sc = SocketChannel.open(); while… sc.connect( new InetSocketAddress(…)); while (sc.read(buf) != -1){ sc != null sc.write(buf); } if (sc != null ) sc.close(); sc.close(); } return

Reduce Control Flow Graph public void simplifiedTransformData() sc = …open() { SocketChannel sc; sc.connect(…) ByteBuffer buf; sc = SocketChannel.open(); while… sc.connect( new InetSocketAddress(…)); while (sc.read(buf) != -1){ if… sc.write(buf); } if (sc != null ) return sc.close(); }

Algorithm Basic Steps 1. Reduces a control flow graph region to a sequence of single entry and single exit regions 2. Calls static typestate analysis to calculate functional summaries of reachable program regions 3. Within a region, identify candidate safe regions by marking boundaries that cannot be crossed by any safe region 4. Identify safe regions inside candidate safe regions 5. Drop (and if required, add) FSA transitions for safe regions 6. Repeat the steps for all regions that lie outside safe regions

Calculate Functional Summary public void simplifiedTransformData() sc = …open() { SocketChannel sc; sc.connect(…) ByteBuffer buf; sc = SocketChannel.open(); while… 3->3 sc.connect( new InetSocketAddress(…)); while (sc.read(buf) != -1){ if… sc.write(buf); } if (sc != null ) return sc.close(); }

Identify Candidate Safe Regions err 1 2 3 r1 r2 r3 r4 r5 r6

Identify Candidate Safe Regions r1 err 1 2 3 r1 1->{1,2} 3->{3} r1 r2 r3 r4 r5 r6 Region Matrix

Identify Candidate Safe Regions r1 r2 err 1 2 3 1->{1,2} 1->{2} r1 3->{3} 3->{3} r1 1->{2} r2 2->{2} r2 3->{3} r3 r4 r5 r6 Region Matrix

Identify Candidate Safe Regions r1 r2 r3 err 1 2 3 1->{1,2} 1->{2} 1->{1,2} r1 3->{3} 3->{3} 3->{3} r1 1->{2} 1->{1,2} r2 2->{2} 2->{1,2} r2 3->{3} 3->{3} r3 2->{1,2} r3 3->{3} r4 r5 r6 Region Matrix

Identify Candidate Safe Regions r1 r2 r3 r4 err 1 2 3 1->{1,2} 1->{2} 1->{1,2} 1->{1,2} r1 3->{3} 3->{3} 3->{3} 3->{3} r1 1->{2} 1->{1,2} 1->{1,2} r2 2->{2} 2->{1,2} 2->{1,2} r2 3->{3} 3->{3} 3->{3} r3 2->{1,2} 2->{1,2} r3 3->{3} 3->{3} r4 1->{2} 2->{1} r4 r5 3->{3} r6 Region Matrix

Identify Candidate Safe Regions r1 r2 r3 r4 r5 err 1 2 3 1->{1,2} 1->{2} 1->{1,2} 1->{1,2} 1->{1,2} r1 3->{3} 3->{3} 3->{3} 3->{3} 3->{3} r1 1->{2} 1->{1,2} 1->{1,2} 1->{1,2} r2 2->{2} 2->{1,2} 2->{1,2} 2->{1,2} r2 3->{3} 3->{3} 3->{3} 3->{3} r3 2->{1,2} 2->{1,2} 2->{1,2} r3 3->{3} 3->{3} 3->{3} r4 1->{2} 1->{1} 2->{1} 2->{2} r4 r5 3->{3} 3->{3} 1->{2} r6 Region Matrix r5 2->{1} 3->{3}

Identify Safe Regions r1 r2 r3 r4 r5 err 1 2 3 1->{1,2} 1->{2} 1->{1,2} 1->{1,2} 1->{1,2} r1 3->{3} 3->{3} 3->{3} 3->{3} 3->{3} r1 1->{2} 1->{1,2} 1->{1,2} 1->{1,2} r2 2->{2} 2->{1,2} 2->{1,2} 2->{1,2} r2 3->{3} 3->{3} 3->{3} 3->{3} r3 2->{1,2} 2->{1,2} 2->{1,2} r3 3->{3} 3->{3} 3->{3} r4 1->{2} 1->{1} 2->{1} 2->{2} r4 r5 3->{3} 3->{3} 1->{2} r6 Region Matrix r5 2->{1} 3->{3}

Identify Safe Regions r1 r2 r3 r4 r5 err 1 2 3 1->{1,2} 1->{2} 1->{1,2} 1->{1,2} 1->{1,2} r1 3->{3} 3->{3} 3->{3} 3->{3} 3->{3} r1 1->{2} 1->{1,2} 1->{1,2} 1->{1,2} r2 2->{2} 2->{1,2} 2->{1,2} 2->{1,2} r2 safe 3->{3} 3->{3} 3->{3} 3->{3} r3 2->{1,2} 2->{1,2} 2->{1,2} r3 3->{3} 3->{3} 3->{3} r4 1->{2} 1->{1} 2->{1} 2->{2} r4 identity r5 3->{3} 3->{3} 1->{2} r6 Region Matrix r5 2->{1} 3->{3}

Residual Monitoring of Safety Properties Prove what you can and - PowerPoint PPT Presentation

Residual Monitoring of Safety Properties Prove what you can and monitor the leftovers Matthew Dwyer joint work with Rahul Purandare, Sebastian Elbaum, Madeline Diep, and Alex Kinneer Department of Computer Science and Engineering Reality Check

Pipeline Strategies and conversations behind securing a Residual Bequest Agenda 1. Why Residual?

Monitoring Minimal Residual Disease in AML with molecular markers Giuseppe Saglio University of

STATISTICAL PROPERTIES OF QUIET SPACE WEATHER NOTRHERN ADRIATIC RESIDUAL GPS IONOSPHERIC DELAY

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

An Overview of Deep Residual Learning Semih Yagcioglu 01.03.2016 Deep Residual Learning

Content Variations on CUSUM tests for flutter monitoring Introduction Mich` ele Basseville,

Modeling of thermal properties of peat soil Dyukarev E.A. Institute of monitoring of climatic

Clarifying Residual Flow s for Surface Water Takes August 2017 Clarifying Residual Flow s

COVID-19 vaccine safety monitoring Tom Shimabukuro, MD, MPH, MBA CDC COVID-19 Vaccine Planning

Lecture 3 Residual Analysis + Generalized Linear Models Colin Rundel 1/23/2017 1 Residual

Lecture 3 Residual Analysis + Generalized Linear Models Colin Rundel 1/23/2018 1 Residual

Residual Flows for Invertible Generative Modeling Ricky T. Q. Chen, Jens Behrmann, David

Lecture 9: Residual Analysis Instructor: Prof. Shuai Huang Industrial and Systems Engineering

DYNAMICS : THE RESIDUAL DISTRIBUTION POINT OF VIEW . A PPLICATION TO LAMINAR AND TURBULENT FLOWS

SPOT Farm East (Elveden) 2016 Residual Herbicide Demonstration Report Background The urea

Making Runtime Monitoring of Parametric Properties Practical - PhD Thesis Defense - Dongyun Jin

Dam Safety Surveillance and Monitoring W orkshop March 3 0 -3 1 , 2 0 1 6 W illiam H. Allerton,

Linear types : A simple way to derive safety properties of programs Software Analysis and

Current Issues Regarding Data and Safety Monitoring Committees in Clinical Trials Discussion:

Safety monitoring and reporting for clinical trials in Europe Ingrid Wallenbeck, Head Clinical

CDC post-authorization/post-licensure safety monitoring of COVID-19 vaccines Tom Shimabukuro, MD,

Enhanced safety monitoring for COVID-19 vaccines in early phase vaccination Tom Shimabukuro, MD,

Remote Independent Professional Monitoring Promoting Quality and Safety Who Are We? UK

SESSION 8: VALUING RESIDUAL CLAIMS (EQUITY) Valuing Equity Equity represents a residual