compositional and mechanically verified program analyzers
play

Compositional and Mechanically Verified Program Analyzers David - PowerPoint PPT Presentation

Oct 07, 2023 •206 likes •945 views

Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland Let's Design an Analysis 2 Let's Design an Analysis Property x/0 2 Let's Design an Analysis Property Program x/0 0: int x y; 1: void

  1. Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland

  2. Let's Design an Analysis 2

  3. Let's Design an Analysis Property x/0 2

  4. Let's Design an Analysis Property Program x/0 0: int x y; 1: void safe_fun(int N) { 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} 3

  5. Let's Design an Analysis Property Program 0: int x y; 1: void safe_fun(int N) { Value Abstraction x/0 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} ℤ ⊑ {-,0,+} 4

  6. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { Implement x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} analyze : exp → results analyze(x := æ) := .. x .. æ .. analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. 5

  7. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { Results x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} N ∈ {-,0,+} x ∈ {0,+} Implement y ∈ {-,0,+} 
 analyze : exp → results analyze(x := æ) := UNSAFE : {100/N} 
 .. x .. æ .. UNSAFE : {100/x} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. 6

  8. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { Prove Correct x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ Implement Results analyze : exp → results N ∈ {-,0,+} analyze(x := æ) := x ∈ {0,+} .. x .. æ .. y ∈ {-,0,+} 
 analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. UNSAFE : {100/N} 
 UNSAFE : {100/x} 7

  9. Let's Design an Analysis Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct analyze : exp → results N ∈ {-,0,+} analyze(x := æ) := x ∈ {0,+} ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. y ∈ {-,0,+} 
 analyze( IF( æ ){ e ₁ }{ e ₂ } ) := .. æ .. e ₁ .. e ₂ .. UNSAFE : {100/N} 
 UNSAFE : {100/x} 8

  10. Let's Design an Analysis 0: int x y; N ∈ {-,0,+} 1: void safe_fun(int N) { x ∈ {0,+} 2: if (N ≠ 0) {x := 0;} y ∈ {-,0,+} 
 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} UNSAFE : {100/N} 
 5: else {y := 100/x;}} UNSAFE : {100/x} Flow-insensitive results : var ↦ ℘ ({-,0,+}) 9

  11. Let's Design an Analysis 4: x ∈ {0,+} 0: int x y; 4.T: N ∈ {-,+} 1: void safe_fun(int N) { 5.F: x ∈ {0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} N,y ∈ {-,0,+} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} UNSAFE : {100/x} Flow-sensitive results : loc ↦ (var ↦ ℘ ({-,0,+})) 10

  12. Let's Design an Analysis 4: N ∈ {-,+},x ∈ {0} 0: int x y; 4: N ∈ {0},x ∈ {+} 1: void safe_fun(int N) { 2: if (N ≠ 0) {x := 0;} N ∈ {-,+},y ∈ {-,0,+} 3: else {x := 1;} N ∈ {0},y ∈ {0,+} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} SAFE Path-sensitive results : loc ↦ ℘ (var ↦ ℘ ({-,0,+})) 11

  13. Let's Design an Analysis Property Program Value Abstraction ✓ 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct ? ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 13

  14. Let's Design an Analysis Property Program Value Abstraction ✓ ? x/0 safe_fun.js ℤ ⊑ {-,0,+} Implement Results Prove Correct ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 14

  15. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 15

  16. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 16

  17. Orthogonal Components Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct ? ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 17

  18. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis 18

  19. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis Challenge: Path and flow sensitivity are deeply integrated 18

  20. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis Challenge: Path and flow sensitivity are deeply integrated State-of-the-art: Redesign from scratch 18

  21. Orthogonal Components Problem: Isolate path and flow sensitivity in analysis Challenge: Path and flow sensitivity are deeply integrated State-of-the-art: Redesign from scratch Our Insight: Monads capture path and flow sensitivity 18

  22. Galois Transformers type ! (t) op x ← e ₁ ; e ₂ Monadic small-step interpreter op return(e) 19

  23. Galois Transformers type ! (t) op x ← e ₁ ; e ₂ Monadic small-step interpreter op return(e) + Monad Transformers FlowT[ 퓈 ] 19

  24. Galois Transformers type ! (t) op x ← e ₁ ; e ₂ Monadic small-step interpreter op return(e) + Monad Transformers FlowT[ 퓈 ] + α Galois Connections γ 19

  25. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof 20

  26. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters 20

  27. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters ✓ Implemented in Haskell and available on Github 20

  28. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters ✓ Implemented in Haskell and available on Github ✗ Not whole story for path-sensitivity refinement 20

  29. Galois Transformers ✓ Prototype flow insensitive, flow sensitive and path sensitive CFA—no change to code or proof ✓ End-to-end correctness proofs given parameters ✓ Implemented in Haskell and available on Github ✗ Not whole story for path-sensitivity refinement ✗ Somewhat naive fixpoint iteration strategies 20

  30. Orthogonal Components Property Program Value Abstraction 0: int x y; 1: void safe_fun(int N) { x/0 ℤ ⊑ {-,0,+} 2: if (N ≠ 0) {x := 0;} 3: else {x := 1;} 4: if (N ≠ 0) {y := 100/N;} 5: else {y := 100/x;}} Implement Results Prove Correct ✓ ✓ ? 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 21

  31. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 22

  32. Contributions Orthogonal Systematic Mechanized Components Design Proofs Abstracting Constructive Galois Definitional Galois Transformers 
 Interpreters 
 Connections 
 [OOPSLA’15] [draft] [ICFP’16] 23

  33. Systematic Design Property Program Value Abstraction x/0 ℤ ⊑ {-,0,+} Implement Results Prove Correct ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 24

  34. Systematic Design Property Program Value Abstraction ? x/0 safe_fun.js ℤ ⊑ {-,0,+} Implement Results Prove Correct ✗ ✗ 4: N ∈ {-,+},x ∈ {0} analyze : exp → results 4: N ∈ {0},x ∈ {+} analyze(x := æ) := ⟦ e ⟧ ∈ ⟦ analyze(e) ⟧ .. x .. æ .. N ∈ {-,+},y ∈ {-,0,+} analyze( IF( æ ){ e ₁ }{ e ₂ } ) := N ∈ {0},y ∈ {0,+} .. æ .. e ₁ .. e ₂ .. SAFE 24

  35. Systematic Design Problem: Turn interpreters into program analyzers 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Developing Fast, Mechanically-Verified Cryptographic Code Bryan Parno Carnegie Mellon University

Developing Fast, Mechanically-Verified Cryptographic Code Bryan Parno Carnegie Mellon University

Developing Fast, Mechanically-Verified Cryptographic Code Bryan Parno Carnegie Mellon University 1 The HTTPS Ecosystem is critical Services & Applications Edge cURL Skype Apache Nginx WebKit IIS Clients Servers HTTPS Ecosystem

1.17k views • 82 slides
SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM Liu Yang, Associate

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM Liu Yang, Associate

1 SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Securify Architecture Reasoning with Untrusted Components

418 views • 13 slides
Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Generic Programming and Library Development The Problems Presentation on Program Code Analyzers Dynamic and Static Tools May 18 th 2007 Examples of Tools Program Code Analyzers Agenda The Problem Dynamic and Static Tools

388 views • 13 slides
An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSuplec 2 19 January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong

251 views • 21 slides
New UPM analyzers & smart kits Power analyzers for energy control in industrial environment

New UPM analyzers & smart kits Power analyzers for energy control in industrial environment

New UPM analyzers & smart kits Power analyzers for energy control in industrial environment for CTs (UPM209 UPM309) for DIRECT connection up to 80A (UPM209) for ROGOWSKI coils (UPM209RGW UPM309RGW) 1 NEW UPM ANALYZERS UPM209 UPM309

260 views • 10 slides
Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September 28, 2015 Compositional program analysis P P Break program into parts P P Analyze each part P P Compose the results Incremental analysis

787 views • 62 slides
COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction) Mykola (Nikolaj) S. Nikitchenko Taras Shevchenko National University of Kyiv Linz, JKU, November 08-19, 2012 1 Contents Introduction

783 views • 40 slides
Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P areanu 2 Jos as 1 Technical University of Madrid, Spain 2 CMU-SV/NASA Ames, Moffett Field, CA, USA BYTECODE 2013 March 23, Rome, Italy Software

579 views • 33 slides
Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc Brockschmidt, Daniel Larraz, Albert Oliveras, Jos Miguel Rivero and Enric Rodrguez-Carbonell Universitat Politcnica de Catalunya - Barcelona Tech UCM

1.2k views • 96 slides
Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman Imperial Concurrency Workshop, July 2015 @miike Overview The C11 model is (arguably) broken: we omit problem features, most importantly no RLX.

544 views • 42 slides
A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston College g , g Andrew W. Appel, Princeton University Jan 8 2006 Jan 8, 2006 1 Mobile Code Security Protect trusted system against

561 views • 26 slides
Mechanically Stabilized Earth (MSE) Walls A Y R S T T H E C M Rajiv Goel, MD O S

Mechanically Stabilized Earth (MSE) Walls A Y R S T T H E C M Rajiv Goel, MD O S

E S Mechanically Stabilized Earth (MSE) Walls A Y R S T T H E C M Rajiv Goel, MD O S EARTHCON SYSTEMS (INDIA) PVT. LTD. N E S MECHAN ME HANICALLY ICALLY STAB TABIL ILIZ IZED ED EARTH RTH (MS MSE) E) A Y SYNO NONYMS

623 views • 46 slides
Showing a CakeML program is safe CakeML A verified implementation of ML Formally

Showing a CakeML program is safe CakeML A verified implementation of ML Formally

First steps towards a semantic type system for CakeML Hrutvik Kanabar 1 January 23, 2020 University of Kent 1 Supervised by Scott Owens. Supported by the UK Research Institute in Verified Trustworthy Software Systems (VeTSS). Showing a CakeML

425 views • 28 slides
Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Full functional verification Method: Come up with a complete specification of the program Prove the program

852 views • 52 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
MS Mass Analyzers Mass analyzers are analogous to optical monochromator Two main

MS Mass Analyzers Mass analyzers are analogous to optical monochromator Two main

CEE 772 Lecture #27 12/10/2014 Updated: 10 December 2014 Print version CEE 772: Instrumental Methods in Environmental Analysis Lecture #21 Mass Spectrometry: Mass Filters & Spectrometers (Skoog, Chapt. 20, pp.511 524 ) (Harris, Chapt.

522 views • 20 slides
Acknowledging & Promoting Your FVA Grant Contract Requirements Publicity & Press

Acknowledging & Promoting Your FVA Grant Contract Requirements Publicity & Press

2 0 1 9 - 2 0 2 0 F VA G R A N T S Acknowledging & Promoting Your FVA Grant Contract Requirements Publicity & Press Releases The FVA Logo Submitting Photos Contract Requirements for Acknowledgment Acknowledgment Required By

491 views • 30 slides
Negotiating an Operating Lease: Key Topics Luca Denora and Zara Machado Pillsbury Winthrop Shaw

Negotiating an Operating Lease: Key Topics Luca Denora and Zara Machado Pillsbury Winthrop Shaw

Negotiating an Operating Lease: Key Topics Luca Denora and Zara Machado Pillsbury Winthrop Shaw Pittman, Hong Kong Pillsbury Winthrop Shaw Pittman LLP The Aviation Industry: Flirting with leases Aircraft leases have become more and

487 views • 27 slides
Using MVC with Swing Components Jumping Ahead a Bit... Were going to cover a specific

Using MVC with Swing Components Jumping Ahead a Bit... Were going to cover a specific

Using MVC with Swing Components Jumping Ahead a Bit... Were going to cover a specific architectural approach to building UI components Model-View-Controller Classic architecture from Smalltalk 80 Model: data structures that

477 views • 15 slides
Bringing the Open Web & APIs to @robertnyman mobile devices with Firefox OS @robertnyman

Bringing the Open Web & APIs to @robertnyman mobile devices with Firefox OS @robertnyman

Bringing the Open Web & APIs to @robertnyman mobile devices with Firefox OS @robertnyman Mozilla is a global non- profit dedicated to putting you in control of your online experience and shaping the future of the Web for the public

1.06k views • 82 slides
The TEI toolkit Lou Burnard Consulting Sept 2018 1/20 What can you do with a TEI XML fjle? The

The TEI toolkit Lou Burnard Consulting Sept 2018 1/20 What can you do with a TEI XML fjle? The

The TEI toolkit Lou Burnard Consulting Sept 2018 1/20 What can you do with a TEI XML fjle? The TEI itself doesnt provide you with a toolbox, nor a single do-everything package The TEI claims to be an application-independent standard: it

733 views • 20 slides
Statistical Computing with Pathway Tools using RCyc Tomer Altman taltman1@stanford.edu

Statistical Computing with Pathway Tools using RCyc Tomer Altman taltman1@stanford.edu

Statistical Computing with Pathway Tools using RCyc Statistical Computing with Pathway Tools using RCyc Tomer Altman taltman1@stanford.edu Biomedical Informatics, Stanford University Statistical Computing with Pathway Tools using RCyc R &

247 views • 8 slides
Building a Community Building a Community around Ignite around Ignite @jamonholmgren

Building a Community Building a Community around Ignite around Ignite @jamonholmgren

Building a Community Building a Community around Ignite around Ignite @jamonholmgren @jamonholmgren I'm Jamon Holmgren I'm Jamon Holmgren B U I L D I N G A C O M M U N I T Y A R O U N D I G N I T E B U I L D I N G A C O M M U N I T Y

1.01k views • 66 slides
Atomic Modesetting for Drivers Daniel Vetter, Intel OTC 1 Anatomy of an Atomic Modeset 1. Build

Atomic Modesetting for Drivers Daniel Vetter, Intel OTC 1 Anatomy of an Atomic Modeset 1. Build

Atomic Modesetting for Drivers Daniel Vetter, Intel OTC 1 Anatomy of an Atomic Modeset 1. Build up new state 2. Compute derived state and check the update 3. Commit the new state to the hardware, possibly asynchronously 2 State Building

218 views • 19 slides

More recommend