from array domains to abstract interpretation under store
play

From Array Domains to Abstract Interpretation Under - PowerPoint PPT Presentation

Feb 15, 2024 •246 likes •759 views

From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models Thibault Suzanne, Antoine Min Static Analysis: 23rd International Symposium, SAS 2016 September, 2016, Edinburgh, UK Pirmin Schmid Seminar Software

  1. From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models Thibault Suzanne, Antoine Miné Static Analysis: 23rd International Symposium, SAS 2016 September, 2016, Edinburgh, UK Pirmin Schmid Seminar Software Engineering December 7, 2016 1

  2. De quoi s’agit-il? • New abstract interpretation of concurrent programs • Setting: Weak memory consistency • Model: store-buffer (FIFO) of infinite size • including theoretical model, proof and working implementation (OCaml) 2

  3. Memory models in Hardware and Languages • Strong consistency core 0 core 1 core 2 core 3 cache(s) cache(s) cache(s) cache(s) shared cache(s) RAM 4

  4. Memory models in Hardware and Languages • Weak consistency core 0 core 1 core 2 core 3 cache(s) cache(s) cache(s) cache(s) shared cache(s) RAM 5

  5. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) core 0 core 1 Array buffer FIFO pipeline shared memory 6

  6. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 2: Y = 2 3: shared memory (X=0; Y=0) 7

  7. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) core 0 core 1 initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3: shared memory 8

  8. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3: shared memory 9

  9. Memory models in Hardware and Languages • Weak consistency. TSO: total store ordering (x86) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 Y = 2 1b: ? flush 2: Y = 2 X = 1 2b: ? flush 3: shared memory 10

  10. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 2b: ? flush 3: shared memory 11

  11. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 1 2b: ? flush 3: shared memory 12

  12. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 1 2 2b: ? flush 3: shared memory 13

  13. Memory models in Hardware and Languages • Weak consistency. PSO: partial store ordering (ARM) What can it see? core 0 core 1 initial, shared X=0; Y=0 1: X = 1 X: Y: 1b: ? flush 2: Y = 2 1 2 2b: ? flush 3: fence 4: shared memory 14

  14. Verification: Model checkers • Promela / spin • Scyther: crypto protocols • Limitation: only finite state space • State space explosion 15

  15. Verification: Abstract interpretation. SC 16

  16. Verification: Abstract interpretation. Dan et al. 17

  17. Verification: Abstract interpretation. This study 18

  18. Comparison buffer size n ∞ m Model Checker ----- state size ∞ Dan et al. This study 19

  19. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 20

  20. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 21

  21. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 22

  22. PSO model: concrete domain thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 23

  23. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 24

  24. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 25

  25. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 =e z 12 x 21 y 21 x 22 z 22 x 31 y 31 x 32 z 32 x 41 x 51 shared: x mem , y mem , z mem 26

  26. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 x 32 z 32 x 41 x 51 shared: x mem , y mem , z mem 27

  27. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 x 32 z 32 x 41 x 51 shared: x mem , y mem , z mem 28

  28. PSO model: concrete semantics thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 x 22 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 29

  29. Abstraction: handling ∞ • Key insight: summarize and partition. 𝛽 "#$ : thread 1 thread 2 x 11 y 11 x 12 z 12 x 21 y 21 z 22 x 31 y 31 z 32 x 41 x 51 shared: x mem , y mem , z mem 32

  30. Abstraction: handling ∞ • Key insight: summarize and partition. 𝛽 "#$ : thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 shared: x mem , y mem , z mem 33

  31. Abstraction: handling ∞ • Key insight: summarize and partition. 𝛽 "#$ : thread 1 thread 2 x 11 y 11 x 12 z 12 ∞ solved x bot1 y bot1 z bot2 cost: loosing precision shared: x mem , y mem , z mem 34

  32. Abstraction: partial buffer state information thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 shared: x mem , y mem , z mem 35

  33. Abstraction: partial buffer state information thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 2 steps: 1) summarize 2) resolve partition shared: x mem , y mem , z mem 36

  34. Abstract transformers 37

  35. Abstract transformers on partitions {.} 38

  36. Abstract transformers on partitions {.} 39

  37. Abstract transformers [[.]] using the {.} 40

  38. Abstraction: partial buffer state information thread 1 thread 2 x 11 y 11 x 12 z 12 x bot1 y bot1 z bot2 2 steps: 1) summarize 2) resolve partition shared: x mem , y mem , z mem 41

  39. My own code example 42

  40. Result PSO 43

  41. My own code example with fences 44

  42. Result with fences 45

  43. Code example from paper 46

  44. Benchmark 47

  45. Benchmark 48

  46. Benchmark 49

  47. Benchmark 50

  48. Benchmark 51

  49. Discussion • Good things • Limitations • Suggested improvements 52

  50. Acknowledgment • Thibault Suzanne for the VM with the working analyzer • Andrei Dan for interesting discussion 53

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation The Verification Grand Challenge - Abstract interpretation is a mathematical theory of - - and Abstract Interpretation sound approximation of properties of formal sys- tems (including program specifications, semantics,

422 views • 10 slides
TreeKs: a Functor to Make Abstract Numerical Domains Scalable Research Internship, advised by

TreeKs: a Functor to Make Abstract Numerical Domains Scalable Research Internship, advised by

TreeKs: a Functor to Make Abstract Numerical Domains Scalable Research Internship, advised by Antoine Min e Ecole normale sup erieure, Paris, team Abstraction Mehdi Bouaziz Motivation and context Abstract interpretation is a formal

466 views • 31 slides
Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an abstract interpretation (AI)? Given: A complete join semi-lattice D . This is the abstract semantic domain. A monotonic

297 views • 25 slides
Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in this file were taken from the tutorial slides that Patrick Cousot used in VMCAI05 Abstract Interpretation A theory of sound approximation of

946 views • 92 slides
Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Motivation (1 mn) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Abstract interpretation, reminder (10 mn) . . . . . . . . . . . . . . . . . . 6 Applications of abstract interpretation (2 mn) . . . . . . . . .

876 views • 16 slides
Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e Ecole normale sup erieure, Paris year 20152016 Course 12 20 May 2016 Course 12 Abstract Interpretation III Antoine Min e p. 1 / 60

706 views • 67 slides
A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta Dipartimento di Informatica - Universit di Pisa 19/09/2012 - ITCTCS 2012 Outline 1 Type and Effect Systems 2 Abstract Interpretation 3

762 views • 24 slides
Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Just-In-Time compilation Study setup Abstract interpretation Correctness proof Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile Bastian March 7, 2018 Slides: https://tiny.tobast.fr/m2-absint-slides

445 views • 16 slides
A Practical Construction for Decomposing Numerical Abstract Domains Gagandeep Singh Markus

A Practical Construction for Decomposing Numerical Abstract Domains Gagandeep Singh Markus

A Practical Construction for Decomposing Numerical Abstract Domains Gagandeep Singh Markus Pschel Martin Vechev Department of Computer Science 1 Numerical abstract domains ( ) Cost and Numerical Domain

572 views • 19 slides
30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a 20 minute talk I gave at the 30 Years of Abstract Interpretation Workshop in San Francisco, California, USA on January 9, 2008. The subsections

196 views • 9 slides
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the class Automatically verify partial correctness of programs like the following using abstract interpretation. Void Init(int* A, int n) { for (i := 0;

908 views • 62 slides
Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer, Jan Reineke Advanced Lecture, Winter 2014/15 Abstract Interpretation Semantics-based approach to program analysis Framework to develop

487 views • 33 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John Gallagher 12 1 Roskilde University 2 IMDEA Software Institute, Madrid CP meets CAV Turun, Turkey John Gallagher Constraints in Abstract Model

375 views • 16 slides
4/18/16 Review 2D array exercise Lab 5 is now available.

4/18/16 Review 2D array exercise Lab 5 is now available.

4/18/16 Review 2D array exercise Lab 5 is now available. Find the average of each column of the 2D array int [][] ages; Store the averages in a

375 views • 4 slides
Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45 rue dUlm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot IFIP WCC Topical day on Abstract Interpretation P.

1.95k views • 183 slides
Town of Burlington Department of Public Works Planning Board Informational Presentation Weston

Town of Burlington Department of Public Works Planning Board Informational Presentation Weston

Town of Burlington Department of Public Works Planning Board Informational Presentation Weston & Sampson January 05, 2012 Meadow Road / Middlesex Turnpike Site | 3.4 Acres 1 Acre Environm ental Resources Map Wetlands Limits

536 views • 20 slides
Ami Z Zota, Sc ScD, M MS Founder and Director, Agents of Change in Environmental Health

Ami Z Zota, Sc ScD, M MS Founder and Director, Agents of Change in Environmental Health

Ami Z Zota, Sc ScD, M MS Founder and Director, Agents of Change in Environmental Health Associate Professor, George Washington University Milken School of Public Health https://www.agentsofchangeineh.com/ Image credit: Raya Hudhud My work

469 views • 10 slides
Brief History of Title 1 in Solanco Federal Program z z Formula Grant What is Title 1?

Brief History of Title 1 in Solanco Federal Program z z Formula Grant What is Title 1?

z Brief History of Title 1 in Solanco Federal Program z z Formula Grant What is Title 1? Distributes $ to states, who deliver to districts based on census poor Districts distribute $ to schools based on poverty rates (we use free and

216 views • 8 slides
A to Z in a Small District Introduction Who I am Where I come from Why I tell

A to Z in a Small District Introduction Who I am Where I come from Why I tell

Educator Effectiveness from A to Z in a Small District Introduction Who I am Where I come from Why I tell our story My assumptions Our Results Certified Staff 200 positions Classified Staff 120 positions

458 views • 26 slides
FUELING PERFORMANCE NUTRITION FOR ATHLETES EN ENDURANCE E S SPEED EED H HYDRATION P

FUELING PERFORMANCE NUTRITION FOR ATHLETES EN ENDURANCE E S SPEED EED H HYDRATION P

FUELING PERFORMANCE NUTRITION FOR ATHLETES EN ENDURANCE E S SPEED EED H HYDRATION P PER ERFORMANCE E STREN ENGT GTH RECOV COVERY Visit us a t www.Co a c hRo b b .c o m I am sleeping like a baby 2 nd day in a row, something

729 views • 44 slides
Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya

Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya

Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya Kizhvatov 2 Russian State University for the Humanities, Moscow, Russia

811 views • 54 slides
Combining Distant and Partial Supervision for Relation Extraction Gabor Angeli , Julie Tibshirani,

Combining Distant and Partial Supervision for Relation Extraction Gabor Angeli , Julie Tibshirani,

Combining Distant and Partial Supervision for Relation Extraction Gabor Angeli , Julie Tibshirani, Jean Y. Wu, Christopher D. Manning Stanford University October 28, 2014 Angeli, Tibshirani, Wu, Manning (Stanford) Combining Distant and Partial

960 views • 78 slides
A meshless method for the Reissner-Mindlin plate equations based on a stabilized mixed weak form

A meshless method for the Reissner-Mindlin plate equations based on a stabilized mixed weak form

A meshless method for the Reissner-Mindlin plate equations based on a stabilized mixed weak form using maximum-entropy basis functions J.S. Hale*, P.M. Baiz 11th September 2012 J.S. Hale 1 Mixed MaxEnt Method for Plates - ECCOMAS 2012

781 views • 29 slides

More recommend