contracts as a support to static analysis of open systems
play

Contracts as a support to static analysis of open systems Work in - PowerPoint PPT Presentation

May 13, 2023 •261 likes •465 views

Introduction Information flow example W CET example Contracts as a support to static analysis of open systems Work in progress Nadia Bel Hadj Aissa Dorina Ghindici Gilles Grimaud Isabelle Simplot-Ryl INRIA/LIFL/Univ. Lille 1 FLACOS07 1

  1. Introduction Information flow example W CET example Contracts as a support to static analysis of open systems Work in progress Nadia Bel Hadj Aissa Dorina Ghindici Gilles Grimaud Isabelle Simplot-Ryl INRIA/LIFL/Univ. Lille 1 FLACOS’07 1 / 13

  2. Introduction Information flow example W CET example Static Analysis ◮ Family of techniques used to analyse program behaviors and deduce program properties ◮ The precision of the result depends on the precision of starting hypotheses. For example: ◮ Precision of the abstract domains ◮ Restriction of the input domains 1 void m1 (int a) { 2 int v; 1 int m2 (int a) { 3 2 if (a > 100) if (a == 1) 4 3 v = m2 (a); return 0; 5 4 else if (a == 0) 6 5 v = m2(a%2); return 2; 7 6 m2(a); return m3 (a); 8 7 ... } 9 } FLACOS’07 2 / 13

  3. Introduction Information flow example W CET example Open Object-Oriented world Object-Oriented ◮ Virtual invocations ➠ not possible to decide which code will be executed ◮ Except in particular cases ◮ Exact types computation ◮ Extra-knowledge: call graph, class hierarchy (context-sensitive analysis, complete graph unfolding) Open ◮ New sub-classes ◮ New calling contexts for old methods ➠ may change the hypotheses under which the analysis has been done Object-Oriented + Open ➠ Highly dynamic FLACOS’07 3 / 13

  4. Introduction Information flow example W CET example Proposition Idea Compositional analysis of methods based on the notion of contract Major interests: ◮ To analyse a method when the called methods are not available ➠ dynamic loading ◮ To use contracts when loading a new method: ◮ New code must respect required contracts ➠ already established properties still hold ◮ New code uses contracts of old code ➠ No need to re-analyse old code in new context FLACOS’07 4 / 13

  5. Introduction Information flow example W CET example Proposition Idea Compositional analysis of methods based on the notion of contract Major interests: ◮ To analyse a method when the called methods are not available ➠ dynamic loading ◮ To use contracts when loading a new method: ◮ New code must respect required contracts ➠ already established properties still hold ◮ New code uses contracts of old code ➠ No need to re-analyse old code in new context FLACOS’07 4 / 13

  6. Introduction Information flow example W CET example Proposition Idea Compositional analysis of methods based on the notion of contract Major interests: ◮ To analyse a method when the called methods are not available ➠ dynamic loading ◮ To use contracts when loading a new method: ◮ New code must respect required contracts ➠ already established properties still hold ◮ New code uses contracts of old code ➠ No need to re-analyse old code in new context FLACOS’07 4 / 13

  7. Introduction Information flow example W CET example Proposition Idea Compositional analysis of methods based on the notion of contract Major interests: ◮ To analyse a method when the called methods are not available ➠ dynamic loading ◮ To use contracts when loading a new method: ◮ New code must respect required contracts ➠ already established properties still hold ◮ New code uses contracts of old code ➠ No need to re-analyse old code in new context FLACOS’07 4 / 13

  8. Introduction Information flow example W CET example Principle checks contracts of overwritten methods 2 void m1{ 3 adds new contracts/ … updates m2(); 1 … requires/generates m3(); 1 … Contracts requires/generates } FLACOS’07 5 / 13

  9. Introduction Information flow example W CET example Information flow i o Goal P ◮ To detect ”illegal” flows between data i o ◮ To prove non-interference Usual solutions ◮ Well typed program ➠ secure ◮ Powerfull but problems for open systems, extensible, dynamical updates, multi-applications sharing code, different security policies applied to shared code, . . . Proposition: Dependency calculus ◮ Computes the ”links” between data accessed by a method ◮ Results can be exploited a posteriori ◮ Contracts make the analysis compositional FLACOS’07 6 / 13

  10. Introduction Information flow example W CET example Contracts for dependency calculus What? The method signature is enriched with dependency informations Guaranty: The method does not produce more dependencies than announced in its contract if used methods respects their own contracts How? The method contract is computed (or verified) by abstract interpretation of the method code, contracts of called methods are used in the abstract semantics rule ( V , u n :: · · · :: u 0 :: s , DPG ) C m invoke m ( V , ret :: s , DPG ⊕C m ) ◮ No need to re-analize called code ◮ No need to know the complete class hierarchy FLACOS’07 7 / 13

  11. Introduction Information flow example W CET example Contracts for dependency calculus What? The method signature is enriched with dependency informations Guaranty: The method does not produce more dependencies than announced in its contract if used methods respects their own contracts How? The method contract is computed (or verified) by abstract interpretation of the method code, contracts of called methods are used in the abstract semantics rule ( V , u n :: · · · :: u 0 :: s , DPG ) C m invoke m ( V , ret :: s , DPG ⊕C m ) ◮ No need to re-analize called code ◮ No need to know the complete class hierarchy FLACOS’07 7 / 13

  12. Introduction Information flow example W CET example Contracts management Inheritance ◮ Contracts of new methods must be compatible with the contracts of overwritten methods and interface contracts (Lattice structure) ➠ When analyzing a call to a method m of an object o , the static type of o can be used to find the contract of m Missing contracts in the base ◮ Given by the user: ◮ For native methodes ➠ trusted base ◮ For conceptions reasons ➠ verified when the code arrives ◮ Not available ◮ Set to the greatest element of the lattice ➠ respected by any forthcoming contract ◮ We are not able to infer the missing contracts yet FLACOS’07 8 / 13

  13. Introduction Information flow example W CET example W CET in a few words Prediction of the worst case execution time of a program ◮ Intra-method analysis ◮ Estimation of execution time of basic blocks ◮ Bound of the number of iterations ◮ . . . ◮ Inter-method analysis: end-to-end timing behavior ◮ Usually: for each method invocation, the algorithm is called recursively. The W CET calculus is propagated from the leaves of the call graph to the root ◮ For polymorphic calls C’ ⊑ C W ( C ′ . m ) W CET ( C . m ) = Max ◮ RT contracts: for each method W CET ( m ) ≤ deadline ( m ) FLACOS’07 9 / 13

  14. Introduction Information flow example W CET example W CET in a few words Class L Class P f() m() 25 ms public void f (P o) { Class X Class Z … O .m(); … m() 46 ms } Class Y m() 210 ms FLACOS’07 9 / 13

  15. Introduction Information flow example W CET example W CET in a few words Prediction of the worst case execution time of a program ◮ Intra-method analysis ◮ estimation of single execution time ◮ bound of the number of iterations ◮ . . . ◮ Inter-method analysis: end-to-end timing behavior ◮ In closed world: for each method invocation, the algorithm is called recursively. The W CET calculus is propagated from the leaves of the call graph to the root ◮ For polymorphic calls C’ ⊑ C W ( C ′ . m ) W CET ( C . m ) = Max ◮ RT contracts: for each method W CET ( m ) ≤ deadline ( m ) FLACOS’07 9 / 13

  16. Introduction Information flow example W CET example Example void A() { if (exp) We are able to infer contracts statement; for forthcoming methods ! else B(); } W ( A ) = W ( if ) + W ( exp ) + Max ( W ( statement ) , W CET ( B )) deadline ( A ) ≥ W ( A ) ≥ W ( if ) + W ( exp ) + Max ( W ( statement ) , W CET ( B )) ◮ If deadline ( A ) < W ( if ) + W ( exp ) + W ( statement ) then A is not valid ◮ Otherwise the contract Cst ≥ W CET ( B ) where Cst = deadline ( A ) − W ( if ) − W ( exp ) is added to the contract repository FLACOS’07 10 / 13

  17. Introduction Information flow example W CET example Example void A() { if (exp) We are able to infer contracts statement; for forthcoming methods ! else B(); } W ( A ) = W ( if ) + W ( exp ) + Max ( W ( statement ) , W CET ( B )) deadline ( A ) ≥ W ( A ) ≥ W ( if ) + W ( exp ) + Max ( W ( statement ) , W CET ( B )) ◮ If deadline ( A ) < W ( if ) + W ( exp ) + W ( statement ) then A is not valid ◮ Otherwise the contract Cst ≥ W CET ( B ) where Cst = deadline ( A ) − W ( if ) − W ( exp ) is added to the contract repository FLACOS’07 10 / 13

  18. Introduction Information flow example W CET example Contract management Contract repository ◮ Already computed W CET of methods ◮ Deadlines of methods ◮ Contracts for forthcoming methods A new method C . m ◮ Must verify W ( C . m ) ≤ Min C ⊑ C ′ W CET ( C ′ . m ) ◮ Must verify all pending contracts that imply C . m ◮ No need to solve equation ➠ only replace the unknown by the value of W ( C . m ) and check the result ◮ When contracts have several unknowns ➠ first in is right Reduction of the repository ◮ Contracts for the same method can be reduced keeping the Min of deadlines FLACOS’07 11 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Declarative Static Analysis of Smart Contracts securify.ch Quentin Hibon Blockchain Security

Declarative Static Analysis of Smart Contracts securify.ch Quentin Hibon Blockchain Security

Declarative Static Analysis of Smart Contracts securify.ch Quentin Hibon Blockchain Security Engineer, ChainSecurity Smart Contract Bugs in the News Low-level Code High-level languages Solidity Vyper compilation Low-level code

306 views • 28 slides
Static execution-time analysis CPU speed model Bounds on Static (Sub)program code exec time

Static execution-time analysis CPU speed model Bounds on Static (Sub)program code exec time

Tid rum Static Execution Time Analysis Niklas Holsti Space Systems Finland Ltd (now) Tidorum Ltd(to be) Overview Area of interest Current state Work in progress What to do next 1 bo Akademi, ES lab, 2003-10-03 Tid rum

466 views • 12 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

861 views • 68 slides
Notes for State of the Art Report on Type Systems and Static Analysis for Distributed Programming

Notes for State of the Art Report on Type Systems and Static Analysis for Distributed Programming

Notes for State of the Art Report on Type Systems and Static Analysis for Distributed Programming Languages J. Rathke Mikado meeting Lisbon, June 2002 p.1/7 Introduction Why use typed languages? What is typed static analysis?

118 views • 7 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

488 views • 37 slides
Static Analysis of Embedded Systems Xavier R IVAL rival@di.ens.fr Outline Case study

Static Analysis of Embedded Systems Xavier R IVAL rival@di.ens.fr Outline Case study

Static Analysis of Embedded Systems Xavier R IVAL rival@di.ens.fr Outline Case study Certification of embedded softwares Demo Static Analysisof Embedded Systems p.2/12 Ariane 5 Flight 501 Ariane 5: sattelite launcher

825 views • 12 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
Systems Biology (2) Networks: Representation &amp; static analysis David Gilbert

Systems Biology (2) Networks: Representation &amp; static analysis David Gilbert

Systems Biology (2) Networks: Representation &amp; static analysis David Gilbert Bioinformatics Research Centre www.brc.dcs.gla.ac.uk Department of Computing Science, University of Glasgow Module outline Putting it all together -

1.07k views • 86 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
&quot;Systemized&quot; Static Analysis Harry Xu University of California, Los Angeles Overview

&quot;Systemized&quot; Static Analysis Harry Xu University of California, Los Angeles Overview

&quot;Systemized&quot; Static Analysis Harry Xu University of California, Los Angeles Overview of My Work Systems PL 2 Static Analysis: Has the Problem Been Solved? Academia Industry Hundreds of papers published in Less than a dozen

724 views • 47 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that Martin Steffen IfI UiO Spring 2014 Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on progress/interest

2.15k views • 194 slides
Ethereum: State of Knowledge and Research Perspectives Motivation Technical overview Open

Ethereum: State of Knowledge and Research Perspectives Motivation Technical overview Open

Ethereum: State of Knowledge and Research Perspectives Sergei Tikhomirov Ethereum: State of Knowledge and Research Perspectives Motivation Technical overview Open problems Cryptography Consensus Sergei Tikhomirov Scalability Privacy

587 views • 26 slides
ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student (Computer Architecture and Technology

ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student (Computer Architecture and Technology

and some thoughts around their application Javier Lpez-Gmez 8th April 2019 Computer Science and Engineering Department, University Carlos III of Madrid ADDING SUPPORT FOR C++ CONTRACTS TO CLANG A CS PhD. student (Computer Architecture

418 views • 39 slides
Pseudo-random graphs and bit probe schemes with one-sided error Andrei Romashchenko CNRS, LIF de

Pseudo-random graphs and bit probe schemes with one-sided error Andrei Romashchenko CNRS, LIF de

Pseudo-random graphs and bit probe schemes with one-sided error Andrei Romashchenko CNRS, LIF de Marseille &amp; IITP of RAS (Moscow) CSR 2011, June 14 Andrei Romashchenko (CNRS &amp; IITP) Pseudo-random graphs &amp; bit probe CSR 2011, June

831 views • 51 slides
Lecture 16: Randomized Computation Arijit Bishnu 22.04.2010 Introduction Probabilistic Turing

Lecture 16: Randomized Computation Arijit Bishnu 22.04.2010 Introduction Probabilistic Turing

Introduction Probabilistic Turing Machine and the class BPP One-Sided and Zero-Sided Error Error Reduction for BPP Relation Lecture 16: Randomized Computation Arijit Bishnu 22.04.2010 Introduction Probabilistic Turing Machine and the class BPP

867 views • 48 slides
Thank you for joining this webinar on the Open Networks Standard Flexibility Contract. We

Thank you for joining this webinar on the Open Networks Standard Flexibility Contract. We

Thank you for joining this webinar on the Open Networks Standard Flexibility Contract. We will start this webinar at 14:03. If you are unable to play the audio through your device, you can dial in by calling 020 3478 5289 and using access

176 views • 13 slides
Debugging Objects &amp; Graphics What debugging includes The object of objects Two

Debugging Objects &amp; Graphics What debugging includes The object of objects Two

As you arrive: 1. Start up your computer and plug it in Plus in-class time 2. Log into Angel and go to CSSE 120 working on these 3. Do the Attendance Widget the PIN is on the board concepts, continued 4. Go to the course Schedule Page

528 views • 28 slides
Scotia Capital Financials Summit Colleen Johnston Chief Financial Officer September 16, 2009 TD

Scotia Capital Financials Summit Colleen Johnston Chief Financial Officer September 16, 2009 TD

Scotia Capital Financials Summit Colleen Johnston Chief Financial Officer September 16, 2009 TD Bank Financial Group Caution regarding Caution regarding forward-looking statements forward-looking statements From time to time, the Bank makes

437 views • 10 slides
Goals for Today Learning Objective: Understand challenges in Static/Dynamic Binary

Goals for Today Learning Objective: Understand challenges in Static/Dynamic Binary

Goals for Today Learning Objective: Understand challenges in Static/Dynamic Binary Translation Announcements, etc: Midterm debrief forthcoming on Friday MP2 extension: now due on March 23rd Reminder : Please put away devices

684 views • 12 slides

More recommend