ens
play

ENS Pierre-Gilles de Gennes, Gabriel Lipp- mann, Louis Nel, - PowerPoint PPT Presentation

Dec 13, 2023 •206 likes •364 views

cole Normale Suprieure (ENS) Challenges in Abstract Interpretation for Software Safety Patrick Cousot cole normale suprieure, Paris, France cousot ens fr www.di.ens.fr/~cousot Franco-Japanese Workshop on Security Keio University,

  1. École Normale Supérieure (ENS) Challenges in Abstract Interpretation for Software Safety Patrick Cousot École normale supérieure, Paris, France cousot ens fr www.di.ens.fr/~cousot Franco-Japanese Workshop on Security Keio University, Mita Campus, September 5–7, 2005 — 1 — — 3 — Normale Sup. (ENS) A few former students: Évariste Galois, Louis Pasteur, . . . ; No- bel prizes: Claude Cohen-Tannoudji, ENS Pierre-Gilles de Gennes, Gabriel Lipp- mann, Louis Néel, Jean-Baptiste Per- rin, Paul Sabatier, . . . ; Fields Medal holders: Laurent Schwartz, Jean- Pierre Serre (1 st Abel Prize), René Thom, Alain Connes, Pierre-Louis Lions, Jean-Christophe Yoccoz, Laurent Lafforgue; Fictious mathematicians: Nico- las Bourbaki; Philosophers: Henri Bergson (Nobel Prize), Louis Althusser, Si- mone de Beauvoir, Emile Auguste Chartier “Alain”, Raymond Aron, Jean-Paul Sartre, Maurice Merleau-Ponty, Michel Foucault, Jacques Derrida, Bernard- Henri Lévy. . . ; Politicians: Jean Jaurès, Léon Blum, Édouard Herriot, Georges Pompidou, Alain Juppé, Laurent Fabius, Léopold Sédar Senghor,. . . ; Sociolo- gists: Émile Durkheim, Pierre Bourdieu, . . . ; Writers: Romain Rolland (Nobel Prize), Jean Giraudoux, Charles Péguy, Julien Gracq, . . . ; Franco-Japanese Workshop on Security — 2 — ľ P. Cousot September 5–7, 2005 — 4 — ľ P. Cousot

  2. The software safety challenge for next 10 years - Present-day software engineering is almost exclusively - - manual, with very few automated tools; State of Practice - Trust and confidence in specifications and software can - - in Software Engineering no longer be entirely based on the development process (e.g. DO178B in aerospace software); - In complement, quality assurance must be ensured by - - new design, modeling, checking, verification and certi- fication tools based on the product itself. — 7 — — 5 — An example among many others (Matlab code) » h=get(gca,’children’); Abstract Interpretation apple.awt.EventQueueExceptionHandler Caught Throwable : java.lang.ArrayIndexOutOfBoundsException: 2 >= 2 java.lang.ArrayIndexOutOfBoundsException: 2 >= 2 at java.util.Vector.elementAt(Vector.java:431) at com.mathworks.mde.help.IndexItem.getFilename(IndexItem.java:100) at com.mathworks.mde.help.Index.getFilenameForLocation(Index.java:706) at com.mathworks.mde.help.Index.access$3100(Index.java:29) at com.mathworks.mde.help.Index$IndexMouseMotionAdapter.mouseMoved(Index.java:768) at java.awt.AWTEventMulticaster.mouseMoved(AWTEventMulticaster.java:272) at java.awt.AWTEventMulticaster.mouseMoved(AWTEventMulticaster.java:271) at java.awt.Component.processMouseMotionEvent(Component.java:5211) at javax.swing.JComponent.processMouseMotionEvent(JComponent.java:2779) at com.mathworks.mwswing.MJTable.processMouseMotionEvent(MJTable.java:725) at java.awt.Component.processEvent(Component.java:4967) at java.awt.Container.processEvent(Container.java:1613) at java.awt.Component.dispatchEventImpl(Component.java:3681) at java.awt.Container.dispatchEventImpl(Container.java:1671) at java.awt.Component.dispatchEvent(Component.java:3543) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3527) Reference at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3255) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3172) [POPL ’77] P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of at java.awt.Container.dispatchEventImpl(Container.java:1657) programs by construction or approximation of fixpoints. In 4 th ACM POPL . at java.awt.Window.dispatchEventImpl(Window.java:1606) at java.awt.Component.dispatchEvent(Component.java:3543) [Thesis ’78] P. Cousot. Méthodes itératives de construction et d’approximation de points fixes d’opérateurs at java.awt.EventQueue.dispatchEvent(EventQueue.java:456) at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:234) monotones sur un treillis, analyse sémantique de programmes. Thèse ès sci. math. Grenoble, march 1978. at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:184) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:178) P. Cousot & R. Cousot. Systematic design of program analysis frameworks. In 6 th ACM POPL . [POPL ’79] at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:170) at java.awt.EventDispatchThread.run(EventDispatchThread.java:100) » Franco-Japanese Workshop on Security — 6 — ľ P. Cousot September 5–7, 2005 — 8 — ľ P. Cousot

  3. Syntax of programs States X variables X 2 X Values of given type: T types T 2 T V � T � : values of type T 2 T E arithmetic expressions E 2 E def = f z 2 Z j min _ int » z » max _ int g V � int � B boolean expressions B 2 B D ::= T X ; Program states ˚ � P � 1 : T X ; D 0 j C ::= X = E ; commands C 2 C def ˚ � D C � = ˚ � D � while B C 0 j def if B C 0 else C 00 ˚ � T X ; � = f X g 7! V � T � j def { C 1 . . . C n } , ( n – 0) j ˚ � T X ; D � = ( f X g 7! V � T � ) [ ˚ � D � P ::= D C program P 2 P — 9 — — 11 — Postcondition semantics Concrete Semantic Domain of Programs x ( t ) Concrete semantic domain for reachability properties: def sets of states D � P � = } ( ˚ � P � ) R i.e. program properties where „ is implication, ; is false, ��������� ������������ [ is disjunction. S � P � R 1 States  2 ˚ � P � of a program P map program variables X to their values  ( X ) Franco-Japanese Workshop on Security — 10 — ľ P. Cousot September 5–7, 2005 — 12 — ľ P. Cousot t

  4. Concrete Reachability Semantics of Programs Reduced Product of Abstract Domains def To combine abstractions = f  [ X E � E �  ] j  2 R \ dom ( E ) g S � X = E ; � R ‚ 1 ‚ 2 hD ] hD ] def def ` ` ` ` ` ` 1 ; v 1 i and hD ; „i ` hD ; „i ` 2 ; v 2 i  [ X v ]( X ) = v;  [ X v ]( Y ) =  ( Y ) ` ` ! ` ` ! ¸ 1 ¸ 2 def S � if B C 0 � R = S � C 0 � ( B � B � R ) [ B � : B � R the reduced product is def def = f  2 R \ dom ( B ) j B holds in  g B � B � R ¸ ( X ) = ufh x; y i j X „ ‚ 1 ( X ) ^ X „ ‚ 2 ( X ) g def S � if B C 0 else C 00 � R = S � C 0 � ( B � B � R ) [ S � C 00 � ( B � : B � R ) def such that v = v 1 ˆ v 2 and „ def S � while B C 0 � R ; – X . R [ S � C 0 � ( B � B � X ) = let W = lfp ‚ 1 ˆ ‚ 2 ` ` ` ` ` ` ` hD ; „i ` h ¸ ( D ) ; vi ` ` ` ` `! ` ! in ( B � : B � W ) ¸ def S � fg � R = R def Example: x 2 [1 ; 9] ^ x mod 2 = 0 reduces to x 2 [2 ; 8] ^ = S � C n � ‹ : : : ‹ S � C 1 � S � f C 1 : : : C n g � R n > 0 x mod 2 = 0 def (uninitialized variables) S � D C � R = S � C � ( ˚ � D � ) Not computable (undecidability). — 15 — — 13 — Approximate Fixpoint Abstraction Abstract Semantic Domain of Programs Abstract domain ♯ ♯ ♯ F F ♯ F ♯ F ♯ F ⊥ hD ] � P � ; v ; ? ; ti Approximation relation ⊑ such that: ‚ hD ] � P � ; vi ` ` ` ` hD ; „i ` ` `! ` ! ¸ F F F ] F ⊥ hence hD ] � P � ; v ; ? ; ti is a complete lattice such that F F Concrete domain F ? = ¸ ( ; ) and t X = ¸ ( [ ‚ ( X )) F ‹ ‚ v ‚ ‹ F ] ) lfp F v ‚ ( lfp F ] ) Franco-Japanese Workshop on Security — 14 — ľ P. Cousot September 5–7, 2005 — 16 — ľ P. Cousot

  5. Abstract Reachability Semantics of Programs Abstract Semantics with Convergence Acceleration 2 def def S ] � X = E ; � R S ] � X = E ; � R = ¸ ( f  [ X E � E �  ] j  2 ‚ ( R ) \ dom ( E ) g ) = ¸ ( f  [ X E � E �  ] j  2 ‚ ( R ) \ dom ( E ) g ) def def S ] � if B C 0 � R = S ] � C 0 � ( B ] � B � R ) t B ] � : B � R S ] � if B C 0 � R = S ] � C 0 � ( B ] � B � R ) t B ] � : B � R def def B ] � B � R B ] � B � R = ¸ ( f  2 ‚ ( R ) \ dom ( B ) j B holds in  g ) = ¸ ( f  2 ‚ ( R ) \ dom ( B ) j B holds in  g ) S ] � if B C 0 else C 00 � R def = S ] � C 0 � ( B ] � B � R ) t S ] � C 00 � ( B ] � : B � R ) S ] � if B C 0 else C 00 � R def = S ] � C 0 � ( B ] � B � R ) t S ] � C 00 � ( B ] � : B � R ) v def def = let F ] = – X . let Y = R t S ] � C 0 � ( B ] � B � X ) S ] � while B C 0 � R ? – X . R t S ] � C 0 � ( B ] � B � X ) S ] � while B C 0 � R = let W = lfp � in if Y v X then X else X in ( B ] � : B � W ) Y v ? F ] in ( B ] � : B � W ) def and W = lfp S ] � fg � R = R def S ] � fg � R def S ] � f C 1 : : : C n g � R = S ] � C n � ‹ : : : ‹ S ] � C 1 � = R n > 0 def S ] � f C 1 : : : C n g � R = S ] � C n � ‹ : : : ‹ S ] � C 1 � def S ] � D C � R = S ] � C � ( > ) n > 0 (uninitialized variables) def S ] � D C � R = S ] � C � ( > ) (uninitialized variables) — 17 — Convergence Acceleration with Widening — 19 — ♯ ▽ Abstract domain F ♯ F ▽ ♯ F ▽ ♯ ♯ F Applications of Abstract Interpretation ⊥ Approximation relation ⊑ F F F ] F ⊥ F F Concrete domain F 2 Note: F ] not monotonic! Franco-Japanese Workshop on Security — 18 — ľ P. Cousot September 5–7, 2005 — 20 — ľ P. Cousot

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Early Twentieth-Century Fiction e20fic19.blogs.rutgers.edu Prof. Andrew Goldstone

Early Twentieth-Century Fiction e20fic19.blogs.rutgers.edu Prof. Andrew Goldstone

Early Twentieth-Century Fiction e20fic19.blogs.rutgers.edu Prof. Andrew Goldstone (andrew.goldstone@rutgers.edu) Office hours: Murray 019, Thursdays 11:301:30 or by appointment October 17, 2019. Sayers (1). review: Faulkner form and

255 views • 24 slides
Are poor people less intelligent than rich people? The point of view of two French sociologists

Are poor people less intelligent than rich people? The point of view of two French sociologists

Are poor people less intelligent than rich people? The point of view of two French sociologists The education system in France: -> free for all Grandes coles = top schools in Science and Business Med school, law school also

180 views • 14 slides
Niall Cunningham Fiona Devine Sam Friedman Daniel Laurison Lisa McKenzie Andrew Miles Helene

Niall Cunningham Fiona Devine Sam Friedman Daniel Laurison Lisa McKenzie Andrew Miles Helene

Mike Savage Niall Cunningham Fiona Devine Sam Friedman Daniel Laurison Lisa McKenzie Andrew Miles Helene Snee Paul Wakeling Capitals Approach to Class BBC approached Mike Savage in 2009 to conduct web survey of class in conjunction

864 views • 36 slides
Welcome to the GHCF 2014 Annual General Meeting Gabriola Health Care Foundation 2014 Annual

Welcome to the GHCF 2014 Annual General Meeting Gabriola Health Care Foundation 2014 Annual

Welcome to the GHCF 2014 Annual General Meeting Gabriola Health Care Foundation 2014 Annual General Meeting 2 Agenda - GHCF Chair: Chuck Connor Acting Secretary: Mike Phillips Call to order Quorum Adoption of agenda

705 views • 34 slides
TD TDDD89 2018 2018 Academic Writing Pamela Vang IEI facksprk What is academic writing?

TD TDDD89 2018 2018 Academic Writing Pamela Vang IEI facksprk What is academic writing?

TD TDDD89 2018 2018 Academic Writing Pamela Vang IEI facksprk What is academic writing? COMMUNICATION Includes: Written courses assignments essays, written material for presentations, reports, etc. bachelors , masters,

1.78k views • 88 slides
Forces and Motion Click on the topic to go to that section Motion Motion Graphs of Motion

Forces and Motion Click on the topic to go to that section Motion Motion Graphs of Motion

Slide 1 / 159 Slide 2 / 159 8th Grade Forces 2015-10-27 www.njctl.org Slide 3 / 159 Slide 4 / 159 Forces and Motion Click on the topic to go to that section Motion Motion Graphs of Motion Forces Newton's Laws of Motion

580 views • 27 slides
The Attention Economy What is the attention economy? A business model where you (as the

The Attention Economy What is the attention economy? A business model where you (as the

The Attention Economy What is the attention economy? A business model where you (as the company) want to hold the users attention as much as possible. Attention is treat like a scarce resource What are ethical issues that have emerged

170 views • 3 slides
Regularization Regularization is a general approach to add a complexity parameter to a

Regularization Regularization is a general approach to add a complexity parameter to a

Regularization Regularization is a general approach to add a complexity parameter to a learning algorithm. Requires that the model parameters be continuous. (i.e., Regression OK, IAML: Regularization and Ridge Regression Decision trees

204 views • 3 slides
Bishops Stortford Bowling Club 22 Matches representing Club B Bowls Men: Top Club,

Bishops Stortford Bowling Club 22 Matches representing Club B Bowls Men: Top Club,

Bowls England (National) Hertfordshire Bowls (County) EHBA (Men) EHDWBA EHBL Bishops Stortford Bowling Club 22 Matches representing Club B Bowls Men: Top Club, Club Two 4s England Women: Top Club County Men: Team

197 views • 4 slides
Specification of Dynamic Strategy Switching Soumya Paul Joint work with R. Ramanujam and S. Simon

Specification of Dynamic Strategy Switching Soumya Paul Joint work with R. Ramanujam and S. Simon

Specification of Dynamic Strategy Switching Soumya Paul Joint work with R. Ramanujam and S. Simon The Institute of Mathematical Sciences Taramani, Chennai - 600 113 January 8, 2009 Soumya Paul Joint work with R. Ramanujam and S. Simon (The

1.7k views • 144 slides
Math 1710 Class 11 Normal Approximation Accurate Prop CLT Dr. Allen Back Failure Picture A

Math 1710 Class 11 Normal Approximation Accurate Prop CLT Dr. Allen Back Failure Picture A

Math 1710 Class 11 V1cu Normal Approximation Making Math 1710 Class 11 Normal Approximation Accurate Prop CLT Dr. Allen Back Failure Picture A Random Variable Problem Sep. 19, 2016 CLT Suppose 70% approve the President . . . Math

766 views • 66 slides
Update in Hospital Medicine 2016 VS. Brad Sharpe, MD UCSF Division of Hospital Medicine Update

Update in Hospital Medicine 2016 VS. Brad Sharpe, MD UCSF Division of Hospital Medicine Update

6/20/2016 Update in Hospital Medicine 2016 VS. Brad Sharpe, MD UCSF Division of Hospital Medicine Update in Hospital Medicine Update in Hospital Medicine 2016 Update in Hospital Medicine 2015 Updated literature Chose articles based on

489 views • 24 slides
15-112 Fundamentals of Programming Week 2 - Lecture 1: Strings part 2 + Monte Carlo method May

15-112 Fundamentals of Programming Week 2 - Lecture 1: Strings part 2 + Monte Carlo method May

15-112 Fundamentals of Programming Week 2 - Lecture 1: Strings part 2 + Monte Carlo method May 23, 2016 Plan for today Wrap up strings Monte Carlo simulation String literals string literal x = #FeelTheBern single-quotes x =

888 views • 46 slides
Outline 0024 Spring 2010 10 :: 2 Recall 0024 Spring 2010 10 ::

Outline 0024 Spring 2010 10 :: 2 Recall 0024 Spring 2010 10 ::

Outline 0024 Spring 2010 10 :: 2 Recall 0024 Spring 2010 10 :: 3 0024 Spring 2010 10 :: 4 0024 Spring 2010 10 :: 5 Dekker: core classes class Insist { private

579 views • 41 slides
Student Responsibilities Mat 2170 Reminder: EXAM next Thursday, 4/24, at 7:00 pm Picnic is

Student Responsibilities Mat 2170 Reminder: EXAM next Thursday, 4/24, at 7:00 pm Picnic is

Student Responsibilities Mat 2170 Reminder: EXAM next Thursday, 4/24, at 7:00 pm Picnic is Tuesday, 4/22 - get signed up. The ArrayList Class Reading: Textbook, Chapter 11.8, The ArrayList class Lab 13, utilizing the ArrayList class

247 views • 7 slides
Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can crash OS wants to be your friend Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

548 views • 17 slides
SSA in Scheme Static single assignment (SSA) : assignment conversion (boxing),

SSA in Scheme Static single assignment (SSA) : assignment conversion (boxing),

SSA in Scheme Static single assignment (SSA) : assignment conversion (boxing), alpha-renaming/alphatization, and administrative normal form (ANF) Roadmap Our compiler projects will target the LLVM backend. This will take us two

680 views • 23 slides
Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz

Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz

Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz http://www.batchgeo.com Remote Sandboxing? Students' interpreters g r a d e . r k t 1 6 0 0 t i m e s ? Students' interpreters g r a d e

446 views • 15 slides
Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com

Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com

Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com $ ps -eo pid,user,comm 1 root /sbin/init 2 root [kthreadd] ... 1468 message+ dbus-daemon --system --fork 1749 root

725 views • 38 slides
Implementing Method Type Specialisation In Dotty T Outline What is specialisation?

Implementing Method Type Specialisation In Dotty T Outline What is specialisation?

Author Alexandre Sikiaridis Masters Student - EPFL Supervised by Dmitry Petrashko Martin Odersky Method Type Specialisation in Dotty Implementing Method Type Specialisation In Dotty T Outline What is specialisation? Method

371 views • 25 slides
How to Sign with White-Boxed AES Latincrypt 2019 Marc Fischlin joint work with Helene Haagh

How to Sign with White-Boxed AES Latincrypt 2019 Marc Fischlin joint work with Helene Haagh

How to Sign with White-Boxed AES Latincrypt 2019 Marc Fischlin joint work with Helene Haagh 13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Obfuscation unintelligible but functionally equivalent obfuscator program

523 views • 26 slides
Value Types Objectives Discuss concept of value types efficiency memory management

Value Types Objectives Discuss concept of value types efficiency memory management

Value Types Objectives Discuss concept of value types efficiency memory management value semantics boxing unboxing simple types Introduce struct value type definition use advantages

615 views • 26 slides
Generics Akim Demaille, Etienne Renault, Roland Levillain March 29, 2020 TYLA Generics March

Generics Akim Demaille, Etienne Renault, Roland Levillain March 29, 2020 TYLA Generics March

Generics Akim Demaille, Etienne Renault, Roland Levillain March 29, 2020 TYLA Generics March 29, 2020 1 / 54 Table of Contents Some definitions 1 Some history 2 Some Paradigms 3 TYLA Generics March 29, 2020 2 / 54 Problem Statement

1.54k views • 116 slides
Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Object Oriented Software Development Naufal F. Setiawan School of Computing and Information Systems University of Melbourne Workshop 2 (All images from Wikimedia Commons) Object Oriented Software

494 views • 18 slides

More recommend