local reasoning about the presence of bugs incorrectness
play

Local Reasoning about the Presence of Bugs: Incorrectness Separation - PowerPoint PPT Presentation

Oct 15, 2023 •105 likes •1.03k views

Local Reasoning about the Presence of Bugs: Incorrectness Separation Logic (ISL) Azalea Raad 1,2 Josh Berdine 3 Hoang-Hai Dang 2 Derek Dreyer 2 Peter OHearn 3,4 Jules Villard 3 1 Imperial College London 2 Max Planck Institute for Software

  1. Local Reasoning about the Presence of Bugs: Incorrectness Separation Logic (ISL) Azalea Raad 1,2 Josh Berdine 3 Hoang-Hai Dang 2 Derek Dreyer 2 Peter O’Hearn 3,4 Jules Villard 3 1 Imperial College London 2 Max Planck Institute for Software Systems (MPI-SWS) 3 Facebook London 4 University College London azalea@imperial.ac.uk SoundAndComplete.org @azalearaad

  2. State of the Art: Correctness ❖ Lots of work on local reasoning for proving correctness ➡ Prove the absence of bugs ➡ Over-approximate reasoning � 2

  3. State of the Art: Correctness ❖ Lots of work on local reasoning for proving correctness ➡ Prove the absence of bugs ➡ Over-approximate reasoning ➡ Compositionality in code ⇒ reasoning about incomplete components in resources accessed ⇒ spatial locality � 2

  4. State of the Art: Correctness ❖ Lots of work on local reasoning for proving correctness ➡ Prove the absence of bugs ➡ Over-approximate reasoning ➡ Compositionality in code ⇒ reasoning about incomplete components in resources accessed ⇒ spatial locality ➡ Scalability to large teams and codebases � 2

  5. State of the Art: Bug Catching ❖ Lots of work on bug catching ➡ Prove the presence of bugs ➡ E.g. symbolic model checking, symbolic execution for testing ➡ Under-approximate reasoning � 3

  6. State of the Art: Bug Catching ❖ Lots of work on bug catching ➡ Prove the presence of bugs ➡ E.g. symbolic model checking, symbolic execution for testing ➡ Under-approximate reasoning ❖ Based on global reasoning � 3

  7. State of the Art: Bug Catching ❖ Lots of work on bug catching ➡ Prove the presence of bugs ➡ E.g. symbolic model checking, symbolic execution for testing ➡ Under-approximate reasoning ❖ Based on global reasoning ❖ Exceptions using local reasoning ➡ e.g. Infer � 3

  8. State of the Art: Bug Catching ❖ Lots of work on bug catching ➡ Prove the presence of bugs ➡ E.g. symbolic model checking, symbolic execution for testing ➡ Under-approximate reasoning ❖ Based on global reasoning ❖ Exceptions using local reasoning ➡ e.g. Infer ➡ Using correctness -based compositional analysis � 3

  9. State of the Art: Bug Catching ❖ Lots of work on bug catching ➡ Prove the presence of bugs ➡ E.g. symbolic model checking, symbolic execution for testing ➡ Under-approximate reasoning Incorrectness Logic (O’Hearn) ❖ Based on global reasoning Formal Foundations ❖ Exceptions using local reasoning for ➡ e.g. Infer Bug Catching ➡ Using correctness -based compositional analysis � 3

  10. Incorrectness Logic (IL) {p} C {q} Hoare triples � 4

  11. Incorrectness Logic (IL) {p} C {q} Hoare triples For all states s in p if running C on s terminates in s’ , then s’ is in q � 4

  12. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff For all states s in p if running C on s terminates in s’ , then s’ is in q � 4

  13. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff For all states s in p if running C on s terminates in s’ , then s’ is in q post(C)p q ⊆ � 4

  14. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff For all states s in p if running C on s terminates in s’ , then s’ is in q post(C)p q ⊇ � 4

  15. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff For all states s in p if running C on s terminates in s’ , then s’ is in q [p] C [q] post(C)p q iff ⊇ � 4

  16. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff For all states s in p if running C on s terminates in s’ , then s’ is in q [p] C [q] Incorrectness post(C)p q iff ⊇ triples � 4

  17. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff For all states s in p if running C on s terminates in s’ , then s’ is in q [p] C [q] Incorrectness post(C)p q iff ⊇ triples For all states s in q s can be reached by running C on some s’ in p � 4

  18. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff � 5

  19. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff q over-approximates post(C)p � 5

  20. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff q over-approximates post(C)p post(C)p q � 5

  21. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff q over-approximates post(C)p post(C)p q true positive � 5

  22. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff q over-approximates post(C)p post(C)p false positive q true positive � 5

  23. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff q over-approximates post(C)p post(C)p false positive q true positive [p] C [q] Incorrectness post(C)p q iff ⊇ triples q under-approximates post(C)p � 5

  24. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff q over-approximates post(C)p post(C)p false positive q true positive [p] C [q] Incorrectness post(C)p q iff ⊇ triples q under-approximates post(C)p q true positive post(C)p � 5

  25. Incorrectness Logic (IL) {p} C {q} post(C)p ⊆ q Hoare triples iff q over-approximates post(C)p post(C)p false positive q true positive [p] C [q] Incorrectness post(C)p q iff ⊇ triples q under-approximates post(C)p q false negative true positive post(C)p � 5

  26. Incorrectness Logic (IL) [p] C [ 𝜁 : q] 𝜁 : exit condition ok: normal execution er : erroneous execution � 6

  27. Incorrectness Logic (IL) [p] C [ 𝜁 : q] 𝜁 : exit condition ok: normal execution er : erroneous execution [y=v] x:=y [ok: x=y=v] � 6

  28. Incorrectness Logic (IL) [p] C [ 𝜁 : q] 𝜁 : exit condition ok: normal execution er : erroneous execution [y=v] x:=y [ok: x=y=v] [p] error( ) [er: p] � 6

  29. Incorrectness Logic (IL) [p] C [ 𝜁 : q] post(C, 𝜁 )p ⊇ q iff Equivalent Definition (reachability) ∀ s ∈ q. ∃ s’ ∈ p. (s’,s) ∈ [C] 𝜁 [p] C [ 𝜁 : q] iff � 7

  30. Incorrectness Logic: Summary + Under-approximate analogue of Hoare Logic + Formal foundation for bug catching � 8

  31. Incorrectness Logic: Summary + Under-approximate analogue of Hoare Logic + Formal foundation for bug catching — Global reasoning: non-compositional (as in original Hoare Logic) — Cannot target memory safety bugs (e.g. use-after-free) � 8

  32. Incorrectness Logic: Summary + Under-approximate analogue of Hoare Logic + Formal foundation for bug catching Our Solution — Global reasoning: non-compositional (as in original Hoare Logic) — Cannot target memory safety bugs (e.g. use-after-free) Incorrectness Separation Logic � 8

  33. Contributions � 9

  34. Contributions ❖ Incorrectness Separation Logic (ISL) ➡ IL + SL for compositional bug catching � 9

  35. Contributions ❖ Incorrectness Separation Logic (ISL) ➡ IL + SL for compositional bug catching ➡ Under-approximate analogue of SL ➡ Targets memory safety bugs (e.g. use-after-free) ➡ Scalable : inspired by Facebook Pulse � 9

  36. Contributions ❖ Incorrectness Separation Logic (ISL) ➡ IL + SL for compositional bug catching ➡ Under-approximate analogue of SL ➡ Targets memory safety bugs (e.g. use-after-free) ➡ Scalable : inspired by Facebook Pulse ❖ Combining IL+SL: not straightforward ➡ invalid frame rule! � 9

  37. Contributions ❖ Incorrectness Separation Logic (ISL) ➡ IL + SL for compositional bug catching ➡ Under-approximate analogue of SL ➡ Targets memory safety bugs (e.g. use-after-free) ➡ Scalable : inspired by Facebook Pulse ❖ Combining IL+SL: not straightforward ➡ invalid frame rule! ❖ Fix: a monotonic model for frame preservation � 9

  38. Contributions ❖ Incorrectness Separation Logic (ISL) ➡ IL + SL for compositional bug catching ➡ Under-approximate analogue of SL ➡ Targets memory safety bugs (e.g. use-after-free) ➡ Scalable : inspired by Facebook Pulse ❖ Combining IL+SL: not straightforward ➡ invalid frame rule! ❖ Fix: a monotonic model for frame preservation ❖ Recovering the footprint property for completeness � 9

  39. Contributions ❖ Incorrectness Separation Logic (ISL) ➡ IL + SL for compositional bug catching ➡ Under-approximate analogue of SL ➡ Targets memory safety bugs (e.g. use-after-free) ➡ Scalable : inspired by Facebook Pulse ❖ Combining IL+SL: not straightforward ➡ invalid frame rule! ❖ Fix: a monotonic model for frame preservation ❖ Recovering the footprint property for completeness ❖ ISL-based analysis ➡ No-false-positives theorem: All bugs found are true bugs � 9

  40. Contributions ❖ Incorrectness Separation Logic (ISL) ➡ IL + SL for compositional bug catching ➡ Under-approximate analogue of SL This talk ➡ Targets memory safety bugs (e.g. use-after-free) ➡ Scalable : inspired by Facebook Pulse ❖ Combining IL+SL: not straightforward ➡ invalid frame rule! ❖ Fix: a monotonic model for frame preservation ❖ Recovering the footprint property for completeness ❖ ISL-based analysis ➡ No-false-positives theorem: All bugs found are true bugs � 9

  41. What Is Separation Logic (SL)? SL : Local & compositional reasoning via ownership & separation ☛ ideal for heap-manipulating programs with aliasing � 10

  42. What Is Separation Logic (SL)? SL : Local & compositional reasoning via ownership & separation ☛ ideal for heap-manipulating programs with aliasing [x]:= 1; [y]:= 2; [z]:= 3; � 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fortran 90 Arrays Fortran 90 Arrays Program testing can be used to show the presence of bugs

Fortran 90 Arrays Fortran 90 Arrays Program testing can be used to show the presence of bugs

Fortran 90 Arrays Fortran 90 Arrays Program testing can be used to show the presence of bugs Program testing can be used to show the presence of bugs, but never to show their absence Edsger W. Dijkstra 1 Fall 2010 The DIMENSION Attribute: 1/6

916 views • 43 slides
Thread Synchronization: the presence of bugs Foundations not their absence! Properties

Thread Synchronization: the presence of bugs Foundations not their absence! Properties

Edsger s perspective Testing can only prove Thread Synchronization: the presence of bugs Foundations not their absence! Properties Safety properties Nothing bad happens Property: a predicate that is evaluated over a run of the

568 views • 9 slides
Reasoning about Programs (and bugs) A brief interlude on specifications, assertions, and

Reasoning about Programs (and bugs) A brief interlude on specifications, assertions, and

Reasoning about Programs (and bugs) A brief interlude on specifications, assertions, and debugging Largely based on material from University of Washington CSE 331 Good programs, broken programs? Goal: program works (does not fail) Need:

540 views • 32 slides
Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs Facts on Debugging Software bugs are

840 views • 63 slides
Towards Reasoning in the presence of code of unknown provenance - or, trust and risk in

Towards Reasoning in the presence of code of unknown provenance - or, trust and risk in

Towards Reasoning in the presence of code of unknown provenance - or, trust and risk in an open world - Sophia Drossopoulou (Imperial), James Noble (Victoria University Wellington), Toby Murray (NICTA), Mark S. Miller (Google)

386 views • 38 slides
Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
Reasoning about Programs Need: definition of works/correct : a specification (and bugs) But

Reasoning about Programs Need: definition of works/correct : a specification (and bugs) But

Good programs, broken programs? Goal: program works (does not fail) Reasoning about Programs Need: definition of works/correct : a specification (and bugs) But programs fail all the time. Why? A brief interlude on 1. Misuse of your code:

86 views • 8 slides
Factor Presence Nexus for State and Local Taxes: Meeting the Challenges of Developing State

Factor Presence Nexus for State and Local Taxes: Meeting the Challenges of Developing State

FOR LIVE POGRAM ONLY Factor Presence Nexus for State and Local Taxes: Meeting the Challenges of Developing State Standards Navigating Economic Presence Tests and Other Emerging Nexus Trends in Gross Receipts, Income and Sales & Use Tax

1.59k views • 121 slides
BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on blood They are reddish-brown in colour An adult bed bug is approximately the size of an apple seed An egg is approximately the size of a

163 views • 15 slides
Reasoning about Disclosure in Data Integration in the Presence of Source Constraints DIG Seminar

Reasoning about Disclosure in Data Integration in the Presence of Source Constraints DIG Seminar

Reasoning about Disclosure in Data Integration in the Presence of Source Constraints DIG Seminar 21/11/19 Michael Benedikt Pierre Bourhis Louis Jachiet Micha el Thomazo Louis JACHIET 1 / 32 Motivations Louis JACHIET 2 / 32

1.29k views • 99 slides
How I Learned to Stop Worrying & Love the Bug How To Write Tests Cannot prove there are no

How I Learned to Stop Worrying & Love the Bug How To Write Tests Cannot prove there are no

Picture Courtesy of: Dr. Sarah Ford (a.k.a. Mrs. Matthew Hertz) How I Learned to Stop Worrying & Love the Bug How To Write Tests Cannot prove there are no bugs Can only show no bugs exist on those tests Testing shows the presence , not

717 views • 49 slides
1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

What is a bug? Formally, a software defect A Bugs life SUT fails to perform to spec SUT causes something else to fail SUT functions, but does not satisfy Finding and Managing Bugs usability criteria CSE 403 If the

643 views • 3 slides
Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Testing Lucene and Solr with various JVMs: Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org http://www.thetaphi.de, http://blog.thetaphi.de @ThetaPh1 SD DataSolutions GmbH , Wtjenstr. 49, 28213

1.13k views • 71 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Local tableaux for reasoning in distributed description logics a Luciano Serafini 1 and Andrei

Local tableaux for reasoning in distributed description logics a Luciano Serafini 1 and Andrei

DDL reasoning L. Serafini & A. Tamilinr Local tableaux for reasoning in distributed description logics a Luciano Serafini 1 and Andrei Tamilin 2 1 IRST, Trento, Italy 2 University of Trento, Italy DL workshop 2004 a Alex Borgida, and

466 views • 25 slides
CHAPTER-4 1 LOGIC AND REASONING ! Knowledge and ! Reasoning in Knowledge- Reasoning Based

CHAPTER-4 1 LOGIC AND REASONING ! Knowledge and ! Reasoning in Knowledge- Reasoning Based

CHAPTER-4 1 LOGIC AND REASONING ! Knowledge and ! Reasoning in Knowledge- Reasoning Based Systems ! syntax and semantics ! shallow and deep reasoning ! validity and satisfiability ! forward and backward ! logic languages chaining ! alternative

616 views • 23 slides
Awareness and forgetting of facts and agents Hans van Ditmarsch University of Sevilla, Spain

Awareness and forgetting of facts and agents Hans van Ditmarsch University of Sevilla, Spain

Awareness and forgetting of facts and agents Hans van Ditmarsch University of Sevilla, Spain & University of Otago, New Zealand Email: hans@cs.otago.ac.nz Tim French University of Western Australia, Perth, Australia Email:

601 views • 22 slides
linguistic evidence Alexei Sokirko, Evgeniy Soloviev, Yandex Overview Introduction: search

linguistic evidence Alexei Sokirko, Evgeniy Soloviev, Yandex Overview Introduction: search

Query expansion based on linguistic evidence Alexei Sokirko, Evgeniy Soloviev, Yandex Overview Introduction: search engine linguistics, synonymy relation, query terms The overall design of query expansion, general features

802 views • 64 slides
So you think you have all the data? Causes and consequences of selection bias David J. Hand

So you think you have all the data? Causes and consequences of selection bias David J. Hand

So you think you have all the data? Causes and consequences of selection bias David J. Hand Imperial College London and Winton Capital Management 16 th September 2016 1 BACKGROUND The promise of big data: Out with every theory of human behavior,

402 views • 38 slides
[1] The Field The Field: Introduction to complex numbers Solutions to x 2 = 1? Mathematicians

[1] The Field The Field: Introduction to complex numbers Solutions to x 2 = 1? Mathematicians

[1] The Field The Field: Introduction to complex numbers Solutions to x 2 = 1? Mathematicians invented i to be one solution Guest Week: Bill Amend (excerpt, http://xkcd.com/824 ) Can use i to solve other equations, e.g.: x 2 = 9 Solution is

389 views • 36 slides
GNUstep-based Desktop Goals Modularity Project and Document oriented Facilitate workflow

GNUstep-based Desktop Goals Modularity Project and Document oriented Facilitate workflow

GNUstep-based Desktop Goals Modularity Project and Document oriented Facilitate workflow Communication / Sharing Focus on ergonomy and usability The Plan First versions: provides frameworks/programming utilities. Release desktop/environment

355 views • 14 slides
Disclosure The Future of Sleep Medicine I have nothing to disclose. Allan I. Pack, M.B.Ch.B.,

Disclosure The Future of Sleep Medicine I have nothing to disclose. Allan I. Pack, M.B.Ch.B.,

Disclosure The Future of Sleep Medicine I have nothing to disclose. Allan I. Pack, M.B.Ch.B., Ph.D. The John Miclot Professor of Medicine Division of Sleep Medicine/Department of Medicine Center for Sleep and Circadian Neurobiology

193 views • 7 slides
Simulating Baboon Behavior using Stata Phil Ender UCLA Statistical Consulting Group (Ret) Stata

Simulating Baboon Behavior using Stata Phil Ender UCLA Statistical Consulting Group (Ret) Stata

Simulating Baboon Behavior using Stata Phil Ender UCLA Statistical Consulting Group (Ret) Stata Conference - July 2019 Phil Ender Simulating Baboon Behavior using Stata Preface Note Since this presentation is rather different from my usual

771 views • 30 slides
Concurrency, Races & Synchronization CS 450: Operating Systems Michael Lee

Concurrency, Races & Synchronization CS 450: Operating Systems Michael Lee

Concurrency, Races & Synchronization CS 450: Operating Systems Michael Lee <lee@iit.edu> Computer Science Science Agenda - Concurrency: what, why, how - Problems due to concurrency - Locks & Locking strategies - Concurrent

1.75k views • 158 slides

More recommend