symbiotic with cpachecker
play

Symbiotic with CPAchecker Marek Chalupa, Masaryk University Brno - PowerPoint PPT Presentation

Dec 19, 2023 •414 likes •778 views

Symbiotic with CPAchecker Marek Chalupa, Masaryk University Brno October 2, 2019 4th International Workshop on CPAchecker Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for (

  1. Symbiotic with CPAchecker Marek Chalupa, Masaryk University Brno October 2, 2019 4th International Workshop on CPAchecker

  2. Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for ( int k = 0; k < 1000; ++k) { /* some code that does not touch x */ } } } if (x > 0) __VERIFIER_error(); } 1 / 17

  3. Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for ( int k = 0; k < 1000; ++k) { /* some code that does not touch x */ } } } if (x > 0) __VERIFIER_error(); } 1 / 17

  4. Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for ( int k = 0; k < 1000; ++k) { /* some code that does not touch x */ } } } if (x > 0) __VERIFIER_error(); } 1 / 17

  5. Outline • Symbiotic • What is Symbiotic? • How it works? • CPAchecker in Symbiotic • How is it integrated? • Some results. 2 / 17

  6. Symbiotic

  7. What is Symbiotic? • Framework for generating code fitted to verification. 3 / 17

  8. What is Symbiotic? • Framework for generating code fitted to verification. • It employs: • code instrumentation (combined with static analyses), • program slicing, • (compiler) optimizations. 3 / 17

  9. What is Symbiotic? • Framework for generating code fitted to verification. • It employs: • code instrumentation (combined with static analyses), • program slicing, • (compiler) optimizations. • It is highly modular. • Internally works with LLVM. 3 / 17

  10. What is Symbiotic? • Framework for generating code fitted to verification. • It employs: • code instrumentation (combined with static analyses), • program slicing, • (compiler) optimizations. • It is highly modular. • Internally works with LLVM. • Integrates several verification tools that can be seamlessly run on the generated code. 3 / 17

  11. Symbiotic – schema compilation .prp .c .c .c clang instrumentation optimizations verification slicing KLEE , CPAchecker , ... optimizations symbiotic-verify symbiotic-cc 4 / 17

  12. Instrumentation Instrumentation inserts auxiliary code to the analyzed program. • Symbiotic has a configurable instrumentation module • Configuration in JSON 5 / 17

  13. Instrumentation Instrumentation inserts auxiliary code to the analyzed program. • Symbiotic has a configurable instrumentation module • Configuration in JSON • It can use results of static analyses to prevent redundant code injection • Can run in several stages, passing information from former to later stages 5 / 17

  14. Instrumentation Instrumentation inserts auxiliary code to the analyzed program. • Symbiotic has a configurable instrumentation module • Configuration in JSON • It can use results of static analyses to prevent redundant code injection • Can run in several stages, passing information from former to later stages • Restriction: can insert only calls to functions at this moment 5 / 17

  15. Instrumentation – example 1. %p = alloca i32* call check pointer(%p, 8) 2. store null to %p 3. %addr = call malloc(20) call check pointer(%p, 8) 4. store %addr to %p call check free(%addr) 5. call free(%addr); call check pointer(%p, 8) 6. %tmp = load %p call check pointer(%tmp, 4) 7. store i32 1 to %tmp 6 / 17

  16. Instrumentation – example 1. %p = alloca i32* 2. store null to %p 3. %addr = call malloc(20) 4. store %addr to %p 5. call free(%addr); 6. %tmp = load %p call check pointer(%tmp, 4) 7. store i32 1 to %tmp 6 / 17

  17. Program slicing Program slicing removes instructions of a program that are irrelevant to a specified ”behavior” of the program. • The behavior is specified by slicing criterion < V , l > • V is a set of variables • l is a program location • meaning: preserve the value of variables in V at location l (and the reachability o f l ) during any execution of the program • Slicing criteria are (in our settings) error locations 7 / 17

  18. Program slicing – how it works? • Compute dependencies between instructions. • We say that instruction A depends on instruction B if: • instruction A uses values generated by instruction B, or • instruction A is not executed if we go some other way at (branching) B. • Slicing: keep only the instructions on which the error (transitively) depends. 8 / 17

  19. Program slicing – how it works? data dependence • Compute dependencies between instructions. • We say that instruction A depends on instruction B if: • instruction A uses values generated by instruction B, or • instruction A is not executed if we go some other way at (branching) B. • Slicing: keep only the instructions on which the error (transitively) depends. 8 / 17

  20. Program slicing – how it works? data dependence • Compute dependencies between instructions. • We say that instruction A depends on instruction B if: • instruction A uses values generated by instruction B, or • instruction A is not executed if we go some other way at (branching) B. • Slicing: keep only the instructions on which the error (transitively) depends. control dependence 8 / 17

  21. Program Slicing – example int zeroing( char *buf, size_t size) { int n = input(); for ( int i = 0; i < n; ++i) { assert(i < size && "Out␣of␣bounds"); buf[i] = 0; } return 0; } 9 / 17

  22. Program Slicing – example int zeroing( char *buf, size_t size) { int n = input(); for ( int i = 0; i < n; ++i) { assert(i < size && "Out␣of␣bounds"); buf[i] = 0; } return 0; } 9 / 17

  23. Once the code is generated... Once the code is generated, we can • Do nothing... (output the generated LLVM) • Generate C from it and output it ( llvm2c tool) • Pass it to a verification engine (as LLVM or C, according to the verifier) 10 / 17

  24. Once the code is generated... Once the code is generated, we can • Do nothing... (output the generated LLVM) • Generate C from it and output it ( llvm2c tool) • Pass it to a verification engine (as LLVM or C, according to the verifier) So Symbiotic can be viewed as a • C to LLVM compiler, • C to C transformer, • verification tool for C language 10 / 17

  25. Verification engines • Verification tools are integrated into Symbiotic by extending benchexec tool-info modules • The extension adds methods for: • specifying the required LLVM version • (optional) setting the environment • (optional) hooks that run before or after compilation/instrumentation/slicing/verification 11 / 17

  26. Verification engines • Verification tools are integrated into Symbiotic by extending benchexec tool-info modules • The extension adds methods for: • specifying the required LLVM version • (optional) setting the environment • (optional) hooks that run before or after compilation/instrumentation/slicing/verification • So far we have integrated KLEE, CPAchecker, DIVINE, SMACK, and SeaHorn • experimental support for CBMC, UltimateAutomizer, and IKOS 11 / 17

  27. Symbiotic – Limits. • No C++ (exceptions). • Symbiotic still does not scale to large programs. • The current bottle-neck is data-dependence analysis in slicer 12 / 17

  28. Symbiotic with CPAchecker

  29. CPAchecker integration into Symbiotic • CPAchecker has LLVM backend • Parses LLVM and creates a CFA over C language • Missing a support for some floats-related constructs • Missing a support for some global initializers 13 / 17

  30. CPAchecker integration into Symbiotic • CPAchecker has LLVM backend • Parses LLVM and creates a CFA over C language • Missing a support for some floats-related constructs • Missing a support for some global initializers • We can use also the C backend directly • Symbiotic can use llvm2c to generate C from the LLVM • The default option (as of a few weeks ago :) 13 / 17

  31. CPAchecker integration into Symbiotic • CPAchecker has LLVM backend • Parses LLVM and creates a CFA over C language • Missing a support for some floats-related constructs • Missing a support for some global initializers • We can use also the C backend directly • Symbiotic can use llvm2c to generate C from the LLVM • The default option (as of a few weeks ago :) • We use the SV-COMP’19 configuration ( -svcomp19 ) by default 13 / 17

  32. CPAchecker in Symbiotic • Symbiotic + llvm2c + CPAchecker (with the C backend) now works better then Symbiotic + CPAchecker (LLVM backend) • However, ”pure” CPAchecker still works better then Symbiotic+CPAchecker 14 / 17

  33. Experiments on ReachSafety category No slicing (LLVM bcknd) No Slicing (llvm2c) Slicing (LLVM bcknd) Slicing (llvm2c) Pure CPAchecker CPU time [s] 10 1 0 500 1000 1500 2000 2500 3000 n-th fastest benchmark 15 / 17

  34. Experiments with LLVM backend 1000 No slicing 800 Slicing CPU time [s] CPAchecker 600 400 200 0 1000 No slicing 800 Slicing CPU time [s] 600 KLEE 400 200 0 0 500 1000 1500 2000 n-th fastest benchmark 16 / 17

  35. Summary • Symbiotic is a framework that generates optimized (LLVM or C) code for verification • It is highly modular • It integrates several verification tools, including CPAchecker https://github.com/staticafi/symbiotic 17 / 17

Recommend

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And offer commercial versions of those tools with additional functionality and support Symbiotic EDA Suite We specialize in Formal

851 views • 31 slides
Value Creation in Symbiotic Innovation Value Creation in Symbiotic Innovation Ecosystems

Value Creation in Symbiotic Innovation Value Creation in Symbiotic Innovation Ecosystems

Value Creation in Symbiotic Innovation Value Creation in Symbiotic Innovation Ecosystems Ecosystems Ilkka Tuomi Aalto University and Meaning Processing ilkka.tuomi@ . meaningprocessing.com I. Tuomi 9 November 2015 page: 1 The New New

423 views • 9 slides
On Using Symbiotic Relationship to Repel Network Flooding Defense

On Using Symbiotic Relationship to Repel Network Flooding Defense

On Using Symbiotic Relationship to Repel Network Flooding Defense draft-haddad-mipshop-netflood-defense-00 What is a Symbiotic Relationship (SR)? An SR is a unidirectional cryptographic relation between two nodes or between one

377 views • 6 slides
Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics

Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics

Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics University of Passau September 23, 2016 Gernot Zorneck Implementing PDR in CPAchecker September 23, 2016 1 / 24 Outline Introduction 1

1.19k views • 39 slides
in Short-Term Interactions: a User Study Francesco Riccio and Andrea Vanzo PhD students December

in Short-Term Interactions: a User Study Francesco Riccio and Andrea Vanzo PhD students December

Enabling Symbiotic Autonomy in Short-Term Interactions: a User Study Francesco Riccio and Andrea Vanzo PhD students December 16 th 2015 Background Rosenthal, 2010 Coradeschi, 2006 Symbiotic Autonomy Background Symbiotic Autonomy

701 views • 17 slides
Relationships in Nature Predation Competition Symbiotic Predation An interaction in which

Relationships in Nature Predation Competition Symbiotic Predation An interaction in which

Relationships in Nature Predation Competition Symbiotic Predation An interaction in which one organism kills another for food Ex: green tree python eats a mouse C ompetition The struggle between organisms to survive as

412 views • 18 slides
Development Opportunities With Non-Traditional Partners Saturday, March 13 th , 2010 What is a

Development Opportunities With Non-Traditional Partners Saturday, March 13 th , 2010 What is a

Development Opportunities With Non-Traditional Partners Saturday, March 13 th , 2010 What is a Non-Traditional Partner? Commensal Symbiotic Parasitic The Symbiotic Relationships What is a Non-Traditional Partner? Commensal Symbiotic

596 views • 23 slides
Toward understanding the symbiotic role of microbial communities in human biology Ma ra Glo

Toward understanding the symbiotic role of microbial communities in human biology Ma ra Glo

Toward understanding the symbiotic role of microbial communities in human biology Ma ra Glo ria Do mng ue z-Be llo NYU Sc ho o l o f Me dic ine First picture of Earth from the surface of Mars NASAs Curiosity rover, Jan 31 st

656 views • 64 slides
MEDICINE MEDICINE AND THE AND THE MEDIA MEDIA A SYMBIOTIC RELATIONSHIP? Corey Hebert, MD

MEDICINE MEDICINE AND THE AND THE MEDIA MEDIA A SYMBIOTIC RELATIONSHIP? Corey Hebert, MD

MEDICINE MEDICINE AND THE AND THE MEDIA MEDIA A SYMBIOTIC RELATIONSHIP? Corey Hebert, MD Chief Med. Editor WDSU-NBC Medical Director, LSRD Asst. Prof Pediatrics, LSU Health Sciences Center HOW MANY OF YOU WATCHED THE TODAY SHOW THIS

425 views • 39 slides
Towards a Palestinian Program for symbiotic hybrid systems for the water sector Presented By:

Towards a Palestinian Program for symbiotic hybrid systems for the water sector Presented By:

27/04/19 UPWSP 5 th Conference Towards Integration In Fields of Water and Energy Towards a Palestinian Program for symbiotic hybrid systems for the water sector Presented By: Prof. Corinne DUBOIS April, 2019 Towards a Palestinian

252 views • 13 slides
Project Trellis &amp; nextpnr FOSS Tools for ECP5 FPGAs David Shah @fpga_dave Symbiotic EDA ||

Project Trellis &amp; nextpnr FOSS Tools for ECP5 FPGAs David Shah @fpga_dave Symbiotic EDA ||

Project Trellis &amp; nextpnr FOSS Tools for ECP5 FPGAs David Shah @fpga_dave Symbiotic EDA || Imperial College London 1 FPGA? Programmable digital logic Typical basic elements are look-up-tables and D- flipflops; connected by

269 views • 25 slides
SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA

SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA

SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA Yosys, Yosys-SMTBMC, SymbiYosys Yosys FOSS Verilog Synthesis tool and more highly flexible, customizable using scripts Formal

600 views • 35 slides
Symbiotic Simulation and its Application to Complex Adaptive Systems Stephen John Turner

Symbiotic Simulation and its Application to Complex Adaptive Systems Stephen John Turner

Symbiotic Simulation and its Application to Complex Adaptive Systems Stephen John Turner Parallel &amp; Distributed Computing Centre Nanyang Technological University Singapore Parallel Distributed Com puting Centre Outline of Talk

883 views • 38 slides
A Light-Weight Approach for Verifying Multi-Threaded Programs with CPAchecker ThreadingCPA Dirk

A Light-Weight Approach for Verifying Multi-Threaded Programs with CPAchecker ThreadingCPA Dirk

A Light-Weight Approach for Verifying Multi-Threaded Programs with CPAchecker ThreadingCPA Dirk Beyer 1 Karlheinz Friedberger 2 1 LMU Munich, Germany 2 University of Passau, Germany Dirk Beyer, Karlheinz Friedberger ThreadingCPA Multi-Threaded

414 views • 22 slides
CLIC a Component Model Symbiotic with Smalltalk N. Bouraqadi and L. Fabresse Ecole des Mines de

CLIC a Component Model Symbiotic with Smalltalk N. Bouraqadi and L. Fabresse Ecole des Mines de

CLIC! + CLIC a Component Model Symbiotic with Smalltalk N. Bouraqadi and L. Fabresse Ecole des Mines de Douai http://vst.ensm-douai.fr/Clic 2 Software Engineering Virtuous Circle Programming Language N. Bouraqadi &amp; L. Fabresse -

805 views • 35 slides
The nextpnr FOSS FPGA place-and-route tool Clifford Wolf Symbiotic EDA FOSS FPGA PnR VPR

The nextpnr FOSS FPGA place-and-route tool Clifford Wolf Symbiotic EDA FOSS FPGA PnR VPR

The nextpnr FOSS FPGA place-and-route tool Clifford Wolf Symbiotic EDA FOSS FPGA PnR VPR (Versatile Place-and-Route) Over 20 years old (1997). Timing driven. Portable. Focuses more on architecture exploration via architecture XML

489 views • 20 slides
Creativity in confinement Arvid&amp;Marie S.A.M. The Symbiotic Autonomous Machine 2017 Alve

Creativity in confinement Arvid&amp;Marie S.A.M. The Symbiotic Autonomous Machine 2017 Alve

Creativity in confinement Arvid&amp;Marie S.A.M. The Symbiotic Autonomous Machine 2017 Alve 2018 The Bestiary of Autonomous Machines 2018 What is art in confinement Art in prison Russian prisoner tattoos Art in prison Art in prison

1.31k views • 32 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
IMMUNOCYTOCHEMICAL ANALYSIS OF IMMUNOCYTOCHEMICAL ANALYSIS OF SPECIFIC MOLECULAR COMPONENTS

IMMUNOCYTOCHEMICAL ANALYSIS OF IMMUNOCYTOCHEMICAL ANALYSIS OF SPECIFIC MOLECULAR COMPONENTS

IMMUNOCYTOCHEMICAL ANALYSIS OF IMMUNOCYTOCHEMICAL ANALYSIS OF SPECIFIC MOLECULAR COMPONENTS SPECIFIC MOLECULAR COMPONENTS ORGANISATION OF EXTRACELLULAR ORGANISATION OF EXTRACELLULAR SYMBIOTIC COMPARTMENTS PROVIDED SYMBIOTIC COMPARTMENTS

348 views • 13 slides
Static Verifjcation Results Visualization in the Context of SV-COMP Vitaly Mordan

Static Verifjcation Results Visualization in the Context of SV-COMP Vitaly Mordan

The joint 4rd International Workshop on CPAchecker (CPA'19) and 9th Linux Driver Verification (LDV) Workshop October 2, 2019, Frauenchiemsee, Germany Static Verifjcation Results Visualization in the Context of SV-COMP Vitaly Mordan

611 views • 35 slides
Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University

Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University

Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University of Freiburg CPAchecker Workshop 2019 Outline Running Example and Floyd-Hoare Annotations Ultimate Referee A strict proof checker.

775 views • 65 slides
SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl Joint work with Dirk Beyer University of Passau, Germany SMT-based Software Model Checking Bounded Model Checking ( Cbmc , CPAchecker , Esbmc ,

496 views • 26 slides
Some remarks about pure and applied mathematics Mathematics is nourished and strengthened when

Some remarks about pure and applied mathematics Mathematics is nourished and strengthened when

Some remarks about pure and applied mathematics Mathematics is nourished and strengthened when it makes contact with significant ap- plications. symbiotic relationship of mathematics and physics; mathematization of biology tools for

462 views • 7 slides
Physics Billing and QA Documentation in Radiation Oncology by Ed Kline, MS RadPhysics

Physics Billing and QA Documentation in Radiation Oncology by Ed Kline, MS RadPhysics

Physics Billing and QA Documentation in Radiation Oncology by Ed Kline, MS RadPhysics Services, Inc. August 7, 2000 The Partnership Medical physics, quality management, CPT billing, and the clinical physicians and staff are symbiotic

1.04k views • 78 slides

More recommend