symbolic heap abstraction with demand driven
play

Symbolic Heap Abstraction with Demand-Driven Axiomatization of - PowerPoint PPT Presentation

Sep 30, 2023 •383 likes •1.62k views

Symbolic Heap Abstraction with Demand-Driven Axiomatization of Memory Invariants Isil Dillig Thomas Dillig Alex Aiken Stanford University Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  1. Enforcing Memory Invariants Idea Enforce memory invariants symbolically using constraints on a single heap abstraction. No explicit case splits on the heap, but solver may internally need to perform case analysis Still advantageous because: Solver can often prove a constraint SAT or UNSAT without considering all cases: eager vs. lazy Don’t duplicate shared portions of the heap Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  2. Enforcing Memory Invariants Idea Enforce memory invariants symbolically using constraints on a single heap abstraction. No explicit case splits on the heap, but solver may internally need to perform case analysis Still advantageous because: Solver can often prove a constraint SAT or UNSAT without considering all cases: eager vs. lazy Don’t duplicate shared portions of the heap No heuristics for merging“similar”heaps Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  3. Enforcing Memory Invariants x a b To encode that x cannot point to a and b at the same time, we can use two constraints φ and ¬ φ Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  4. Enforcing Memory Invariants x a b To encode that x cannot point to a and b at the same time, we can use two constraints φ and ¬ φ Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  5. Enforcing Memory Invariants x a b To encode that x cannot point to a and b at the same time, we can use two constraints φ and ¬ φ ⇒ Uniqueness Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  6. Enforcing Memory Invariants x a b To encode that x cannot point to a and b at the same time, we can use two constraints φ and ¬ φ ⇒ Uniqueness Also encodes that x must point to either a or b Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  7. Enforcing Memory Invariants x a b To encode that x cannot point to a and b at the same time, we can use two constraints φ and ¬ φ ⇒ Uniqueness Also encodes that x must point to either a or b ⇒ Existence Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  8. Enforcing Memory Invariants x a y b Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  9. Enforcing Memory Invariants x a y b Correlation between x and y preserved x and y point to different locations under φ ∧ ¬ φ ⇒ Can prove the assertion! Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  10. Memory Invariants on Unbounded Locations Easy to enforce these invariants when each abstract location corresponds to one concrete location. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  11. Memory Invariants on Unbounded Locations Easy to enforce these invariants when each abstract location corresponds to one concrete location. But what about abstract locations that represent multiple concrete locations? Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  12. x a b Memory Invariants on Summary Locations Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  13. Memory Invariants on Summary Locations x a b Most techniques represent the array with a summary node. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  14. Memory Invariants on Summary Locations x a b Most techniques represent the array with a summary node. Graph encodes that any element in x may point to either a or b . Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  15. Memory Invariants on Summary Locations x a b Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  16. Memory Invariants on Summary Locations x a b Encodes that an element of x cannot point to both a and b Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  17. Memory Invariants on Summary Locations x a b Encodes that an element of x cannot point to both a and b . . . but erroneously encodes x[1] and x[2] must have same value! Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  18. Memory Invariants on Summary Locations x a b Conclusion To enforce memory invariants symbolically, we need a way to refer to individual elements in summary locations. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  19. Symbolic Heap Abstraction Use the symbolic heap from our previous work that allows distinguishing individual elements in a summary location. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  20. Symbolic Heap Abstraction Use the symbolic heap from our previous work that allows distinguishing individual elements in a summary location. This basic symbolic heap does not enforce memory invariants Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  21. Symbolic Heap Abstraction Use the symbolic heap from our previous work that allows distinguishing individual elements in a summary location. This basic symbolic heap does not enforce memory invariants Describe new technique to enforce memory invariants on the symbolic heap without explicit case splits Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  22. a b Symbolic Heap Abstract locations that represent more than one concrete location are qualified by index variables. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  23. Symbolic Heap a b Abstract locations that represent more than one concrete location are qualified by index variables. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  24. Symbolic Heap a b Abstract locations that represent more than one concrete location are qualified by index variables. Index variables allow us to refer to individual elements inside the abstract location Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  25. Symbolic Heap a b Bracketing constraints on points-to edges qualify which elements in the source location may and must point to which elements in the target location. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  26. Symbolic Heap a b Bracketing constraints on points-to edges qualify which elements in the source location may and must point to which elements in the target location. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  27. Symbolic Heap a b Bracketing constraints on points-to edges qualify which elements in the source location may and must point to which elements in the target location. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  28. Symbolic Heap a b This heap does not enforce memory invariants Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  29. Symbolic Heap a b This heap does not enforce memory invariants Uniqueness violated because conjunction of may conditions is not unsatisfiable. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  30. Symbolic Heap a b This heap does not enforce memory invariants Uniqueness violated because conjunction of may conditions is not unsatisfiable. Existence violated because disjunction of must conditions is not valid. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  31. Making the Symbolic Heap Relational Goal: Modify the basic symbolic heap such that: Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  32. Making the Symbolic Heap Relational Goal: Modify the basic symbolic heap such that: 1 Enforces the existence and uniqueness of memory contents Symbolically using constraints Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  33. Making the Symbolic Heap Relational Goal: Modify the basic symbolic heap such that: 1 Enforces the existence and uniqueness of memory contents Symbolically using constraints Replace original constraints with new constraints ∆ enforcing these invariants. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  34. Making the Symbolic Heap Relational Goal: Modify the basic symbolic heap such that: 1 Enforces the existence and uniqueness of memory contents Symbolically using constraints Replace original constraints with new constraints ∆ enforcing these invariants. 2 Preserves all the partial information encoded in the original symbolic heap Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  35. Making the Symbolic Heap Relational Goal: Modify the basic symbolic heap such that: 1 Enforces the existence and uniqueness of memory contents Symbolically using constraints Replace original constraints with new constraints ∆ enforcing these invariants. 2 Preserves all the partial information encoded in the original symbolic heap Restore existing information by adding quantified axioms relating ∆ to the original constraints Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  36. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  37. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  38. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  39. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  40. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  41. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  42. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  43. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Γ : Each concrete element → one abstract target Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  44. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Γ : Each concrete element → one abstract target Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  45. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Γ : Each concrete element → one abstract target Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  46. Enforcing Existence and Uniqueness on the Symbolic Heap Consider any location A for which invariants are violated. Replace constraint on i ’th edge from A with constraint ∆ i enforcing memory invariants on each concrete element in A . These ∆ i ’s are of the form Γ i ∧ Θ i Γ : Each concrete element → one abstract target Θ : In this abstract target, select one concrete element. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  47. Constructing Γ ’s Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  48. Constructing Γ ’s Want to ensure i ’th element of A points to exactly one B j . Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  49. Constructing Γ ’s Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  50. Constructing Γ ’s Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  51. Constructing Γ ’s Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  52. Constructing Γ ’s Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  53. Constructing Γ ’s Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  54. Constructing Γ ’s For any assignment v to i : Γ j ( v ) ∧ Γ m ( v ) is UNSAT. � j Γ j ( v ) is VALID. Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  55. Constructing Γ ’s For any assignment v to i : Γ j ( v ) ∧ Γ m ( v ) is UNSAT. � j Γ j ( v ) is VALID. Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. ⇒ Each concrete element in A has exactly one abstract target. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  56. Constructing Γ ’s For any assignment v to i : Γ j ( v ) ∧ Γ m ( v ) is UNSAT. � j Γ j ( v ) is VALID. Want to ensure i ’th element of A points to exactly one B j . Introduce an uninterpreted function δ ( i ) that selects an edge for the i ’th element. ⇒ Each concrete element in A has exactly one abstract target. Correctly allows different indices to point to same target. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  57. Example a b Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  58. Example a b Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  59. Example a b Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  60. Example a b We can now prove the assertion! Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  61. Example a b We can now prove the assertion! Because x[k] and y[k] point to different locations under δ ( k ) ≤ 0 ∧ δ ( k ) ≥ 1 ⇒ UNSAT Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  62. Why do we need Θ ? Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  63. Why do we need Θ ? Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  64. Why do we need Θ ? Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  65. Why do we need Θ ? Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  66. Why do we need Θ ? Encodes x[i] cannot point to a and b at the same time. Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  67. Why do we need Θ ? Encodes x[i] cannot point to a and b at the same time. But x[i] can still point to two different elements in a Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  68. Constructing Θ Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  69. Constructing Θ Want the heap abstraction to encode that i ’th element of A must point to exactly one element in B . Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  70. Constructing Θ Want the heap abstraction to encode that i ’th element of A must point to exactly one element in B . Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  71. Constructing Θ Want the heap abstraction to encode that i ’th element of A must point to exactly one element in B . Since τ is a function, each element in A is mapped to exactly one element in B . Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

  72. Constructing Θ Want the heap abstraction to encode that i ’th element of A must point to exactly one element in B . Since τ is a function, each element in A is mapped to exactly one element in B . Since τ is uninterpreted, each element in A is mapped to an unknown element in B . Isil Dillig Thomas Dillig Alex Aiken Symbolic Heap Abstraction with Demand-Driven Axiomatization

Recommend

Lazy Heap Analysis with Symbolic Memory Graphs Alexander Driemeyer Outline 1. Motivation 2.

Lazy Heap Analysis with Symbolic Memory Graphs Alexander Driemeyer Outline 1. Motivation 2.

Lazy Heap Analysis with Symbolic Memory Graphs Alexander Driemeyer Outline 1. Motivation 2. CPAchecker and Symbolic Memory Graphs 3. Abstractions of Symbolic Memory Graphs 4. Using counterexample guided abstraction refinement with Symbolic

412 views • 24 slides
WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was promoted by Workforce Investment Act of 1998 This approach is unique to Michigan and has been supported by the MEDC since 2006 Address

652 views • 14 slides
Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

11/27/2011 Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean Harrold Supported by NSF (CCF-0725202, CCF-0541048) and IBM (Software Quality Innovation Award) Symbolic Execution 35 Databases 30

558 views • 22 slides
Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 Reuben Rowe 1 1 UCL 2 Middlesex University Australian National University, Canberra, 9 December 2015 1/ 24 Model

1.13k views • 81 slides
PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low

PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low

ERIE COUNTY DEPARTMENT OF SOCIAL SERVICES Program Overview PROGRAM HEAP 2020-2021 WHAT IS HEAP? HEAP is a federally funded program that assists low income households to reduce energy expense s. HEAP PROGRAMS Regular HEAP Available

531 views • 14 slides
Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS

Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS

Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS ARGYROUDIS CENSUS S.A. argp@census-labs.com www.census-labs.com Who am I Researcher at CENSUS S.A. Vulnerability research, reverse

572 views • 44 slides
Accelerating Business Performance through Market-driven Demand Analytics and Supply Chain

Accelerating Business Performance through Market-driven Demand Analytics and Supply Chain

Accelerating Business Performance through Market-driven Demand Analytics and Supply Chain Optimization ToolsGroups Powerfully Simple software solutions deliver improved business outcomes in complex demand-driven environments. ToolsGroup

171 views • 4 slides
Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A)

Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A)

Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A) for i = floor( A.length/2 ) to 1 Max-Heapify(A, i) Build-Max-Heap Red part is already Heapified Build-Max-Heap Correctness: Base: Each alone

429 views • 23 slides
Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8 Heap Internals Who Chris Valasek (@nudehaberdasher) Sr. Research Scientist Coverity Tarjei Mandt (@kernelpool) Vulnerability

1.33k views • 91 slides
of predicate abstraction A. Cimatti, J. Dubrovin, T. Junttila, M. Roveri Fondazione Bruno

of predicate abstraction A. Cimatti, J. Dubrovin, T. Junttila, M. Roveri Fondazione Bruno

Structure-aware computation of predicate abstraction A. Cimatti, J. Dubrovin, T. Junttila, M. Roveri Fondazione Bruno Kessler, Trento, Italy Helsinki Institute of Technology, Finland Predicate abstraction: symbolic view Concrete state as

586 views • 24 slides
Combining data-driven and symbolic reasoning for Invariant Synthesis in SMT (Work in Progress)

Combining data-driven and symbolic reasoning for Invariant Synthesis in SMT (Work in Progress)

Combining data-driven and symbolic reasoning for Invariant Synthesis in SMT (Work in Progress) Haniel Barbosa Clark Barrett Andrew Reynolds Cesare Tinelli MVD 2018 20180929, Iowa City, IA, USA SyGuS Solving CEGIS [Solar-Lezama et

588 views • 26 slides
Symbolic Search and Abstraction Heuristics for Cost-Optimal Planning Alvaro Torralba

Symbolic Search and Abstraction Heuristics for Cost-Optimal Planning Alvaro Torralba

Symbolic Search and Abstraction Heuristics for Cost-Optimal Planning Alvaro Torralba Advisors: Daniel Borrajo and Carlos Linares L opez Universidad Carlos III de Madrid June 2, 2015 Alvaro Torralba PhD Defense June 2, 2015 1 /

1.35k views • 113 slides
Chapter 19: Binomial Heaps We will study another heap structure called, the binomial heap. The

Chapter 19: Binomial Heaps We will study another heap structure called, the binomial heap. The

Chapter 19: Binomial Heaps We will study another heap structure called, the binomial heap. The binomial heap allows for efficient union, which can not be done efficiently in the binary heap. The extra cost paid is the minimum operation, which

560 views • 24 slides
Point, Line, & Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, & Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, & Plane 1 Abstraction Abstraction is the act of considering something as a general quality or characteristic, apart from concrete realities, specific objects, or actual instances. 2 Abstraction Abstraction is

478 views • 21 slides
Binary heap operations Binary heap operations Insert. Add node at end, then swim it up. Insert.

Binary heap operations Binary heap operations Insert. Add node at end, then swim it up. Insert.

BBM 202 - ALGORITHMS TODAY Heapsort API Elementary implementations D EPT . OF C OMPUTER E NGINEERING Binary heaps Heapsort Event-driven simulation P RIORITY Q UEUES AND H EAPSORT Feb. 25, 2016 Acknowledgement: The

519 views • 39 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
When Testing in Production is a Good Idea Dan Robinson CTO, Heap whoami Joined as Heap's

When Testing in Production is a Good Idea Dan Robinson CTO, Heap whoami Joined as Heap's

When Testing in Production is a Good Idea Dan Robinson CTO, Heap whoami Joined as Heap's first hire in July, 2013. Previously an engineer at Palantir. Studied Math & CS at Stanford. What we'll talk about: 1. What is Heap? 2.

695 views • 47 slides
heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O (

heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O (

heaps and heapsort on n elements height of a heap is in (log n ) building a heap bottum-up in O ( n ) analysis via picture (learn) or using summations (know result) data structures and algorithms building a heap one-by-one in O ( n log n ) 2020

672 views • 7 slides
A prototype for ontology driven on-demand mapping of urban traffic accidents Nick Gould

A prototype for ontology driven on-demand mapping of urban traffic accidents Nick Gould

A prototype for ontology driven on-demand mapping of urban traffic accidents Nick Gould Manchester Metropolitan University nicholas.m.gould@stu.mmu.ac.uk nickgould@live.co.uk Project context NMA map production On-demand mapping Google Maps

656 views • 26 slides
Initializing A Max Heap Initializing A Max Heap 1 1 3 3 2 2 4 5 6 7 4 5 6 7 8 9 7

Initializing A Max Heap Initializing A Max Heap 1 1 3 3 2 2 4 5 6 7 4 5 6 7 8 9 7

Initializing A Max Heap Initializing A Max Heap 1 1 3 3 2 2 4 5 6 7 4 5 6 7 8 9 7 7 11 8 8 9 7 7 11 8 10 10 input array = [-, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11] Start at rightmost array position that has a child.

522 views • 9 slides
Understanding the heap by breaking it A case study of the heap as a persistent data structure

Understanding the heap by breaking it A case study of the heap as a persistent data structure

Understanding the heap by breaking it A case study of the heap as a persistent data structure through non-traditional exploitation techniques Justin N. Ferguson // BH2007 The heap, what is it? Globally scoped data structure

906 views • 58 slides
Data-Driven Demand Management Peter Yolles, Founder peter@WaterSmart.com WATERSMART SOFTWARE 1

Data-Driven Demand Management Peter Yolles, Founder peter@WaterSmart.com WATERSMART SOFTWARE 1

Data-Driven Demand Management Peter Yolles, Founder peter@WaterSmart.com WATERSMART SOFTWARE 1 Agenda Current challenges Demand management Data analytics Engaging customers Financial benefits A new framework The

743 views • 24 slides
Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound values combine other values together All A date: a year, a month, and a day A geographic position: latitude and longitude Data abstraction

430 views • 19 slides
In the Beginning was the Word Stephen Heap In the Beginning was the Word

In the Beginning was the Word Stephen Heap In the Beginning was the Word

In the Beginning was the Word Stephen Heap In the Beginning was the Word s.heap@uq.edu.au Stephen Heap s.heap@uq.edu.au Reading skill is based on three kinds of knowledge A fluent reader must have knowledge of: Language : word

480 views • 46 slides

More recommend