preventing arithmetic overflows in alloy
play

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic - PowerPoint PPT Presentation

Oct 03, 2022 •1.29k likes •2.03k views

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson (aleks@csail.mit.edu) (dnj@csail.mit.edu) Software Design Group Massachusetts Institute of Technology Cambridge, MA International Conference of Alloy, ASM, B, VDM,

  1. Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson (aleks@csail.mit.edu) (dnj@csail.mit.edu) Software Design Group Massachusetts Institute of Technology Cambridge, MA International Conference of Alloy, ASM, B, VDM, and Z Users Pisa, Italy, June 2012 1

  2. Checking Prim’s Algorithm C Prim’s algorithm for finding A 8 7 minimum spanning tree in a graph 5 B 5 7 9 15 E D 8 9 6 11 F G

  3. Checking Prim’s Algorithm C Prim’s algorithm for finding A 8 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 15 E D D 8 9 6 11 F G 2

  4. Checking Prim’s Algorithm C Prim’s algorithm for finding A 8 7 minimum spanning tree in a graph 5 5 B 5 select an arbitrary node to start with 7 9 9 15 15 find edges from selected to unselected nodes E D D 8 9 6 6 11 F G 2

  5. Checking Prim’s Algorithm C Prim’s algorithm for finding A A 8 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 15 find edges from selected to unselected nodes E D D 8 9 select the edge with the smallest weight 6 11 F G 2

  6. Checking Prim’s Algorithm C Prim’s algorithm for finding A A 8 7 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 9 15 15 find edges from selected to unselected nodes E D D 8 9 select the edge with the smallest weight 6 6 11 F G repeat until all nodes have been selected 2

  7. Checking Prim’s Algorithm C Prim’s algorithm for finding A A 8 7 minimum spanning tree in a graph 5 B 5 select an arbitrary node to start with 7 9 15 find edges from selected to unselected nodes E D D 8 9 select the edge with the smallest weight 6 11 F F G repeat until all nodes have been selected 2

  8. Checking Prim’s Algorithm C C Prim’s algorithm for finding A A 8 7 minimum spanning tree in a graph 5 B B 5 select an arbitrary node to start with 7 9 15 find edges from selected to unselected nodes E E D D 8 9 select the edge with the smallest weight 6 11 F F G G repeat until all nodes have been selected 2

  9. Checking Prim’s Algorithm C C A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } 2

  10. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } 2

  11. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } 2

  12. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } 2

  13. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { no edges: set Edge { spanningTree[edges] ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  14. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { counterexample: leftSum = -5; rightSum = 24 no edges: set Edge { spanningTree[edges] ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  15. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { counterexample: leftSum = -5; rightSum = 24 no edges: set Edge { spanningTree[edges] and ( sum e: edges | e.weight) > 0 ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  16. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { counterexample: leftSum = 2; rightSum = 28 no edges: set Edge { spanningTree[edges] and ( sum e: edges | e.weight) > 0 ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  17. Checking Prim’s Algorithm open util/ordering[Time] C C sig Time {} A A 8 7 sig Node {} sig Edge { 5 B B 5 weight: Int , 7 9 nodes: set Node, 15 E E chosen: set Time D D 8 9 } { 6 11 weight >= 0 && #nodes = 2 F F G G } fact prim { /* model of execution of Prim’s algorithm */ } pred spanningTree(edges: set Edges) { /* checks whether a given set of edges forms a spanning tree */ } /* no set of edges is a spanning tree with a smaller total weight than the one returned by Prim’s algorithm */ smallest: check { causes arithmetic overflows! no edges: set Edge { spanningTree[edges] and ( sum e: edges | e.weight) > 0 ( sum e: edges | e.weight) < ( sum e: chosen.last | e.weight)}} 2

  18. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 3

  19. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy 3

  20. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy consequences of the bounded analysis not sound with respect to proof → if no counterexample is found, one may still exist in a larger scope 3

  21. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy consequences of the bounded analysis not sound with respect to proof → if no counterexample is found, one may still exist in a larger scope not sound w.r.t. counterexamples when integers are used → arithmetic operations can overflow ⇒ spurious counterexamples 3

  22. Soundness of Alloy reason for overflows wraparound semantics for arithmetic operations Int = {-4, -3, ..., 2, 3} � ⇒ 3 + 1 = -4 alloy first order relational modeling language the alloy analyzer fully automated, bounded model finder for alloy consequences of the bounded analysis not sound with respect to proof → if no counterexample is found, one may still exist in a larger scope not sound w.r.t. counterexamples when integers are used → arithmetic operations can overflow ⇒ spurious counterexamples sound w.r.t. counterexamples if no integers are used → i.e., if a counterexample is found, the property does not hold → reason : relational operators are closed under finite universe 3

  23. Goal & Approach goal eliminate spurious counterexamples caused by overflows → makes the analyzer sound w.r.t. to counterexamples 4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz Daniel Pallos Fridman Alarcio Martins Vieira Technology Center - CBMM - Brazil Overview Motivation Master Alloy Design

537 views • 18 slides
Dealing with arithmetic overflows in the polyhedral model Bruno Cuervo Parrino Julien Narboux

Dealing with arithmetic overflows in the polyhedral model Bruno Cuervo Parrino Julien Narboux

Dealing with arithmetic overflows in the polyhedral model Bruno Cuervo Parrino Julien Narboux Eric Violard Nicolas Magaud Universit e de Strasbourg - INRIA Camus IMPACT 2012, Paris Julien Narboux (UdS) IMPACT 2012, Paris 1 / 30

535 views • 30 slides
An Overview of the Alloy Language &amp; Analyzer Slides contain some modified content from the

An Overview of the Alloy Language &amp; Analyzer Slides contain some modified content from the

An Overview of the Alloy Language &amp; Analyzer Slides contain some modified content from the Alloy Tutorial by G. Dennis &amp; R. Seater (see alloy.mit.edu) Alloy Lecture 1 1 What is Alloy? A formal language and analyzer based on Z

329 views • 6 slides
Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive Applications Alloy Zinc Automotive Applications Anti-Vibration Components Door Hinges Fasteners Brake Calipers Fluid Delivery Tubes Alkaline

317 views • 18 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a

ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a

ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a solution provider and a manufacturing company for windows openings, shutters, rapid action doors and projection screens. The company came into existence

570 views • 19 slides
Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy April 30 &amp; May 1, 2018. Cambridge, MA Alloys widespread applications Program verification Design modeling and analysis PO POL Mo MonA

220 views • 21 slides
Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Principles Of Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary Arithmetic Same basic methodology as decimal arithmetic Important to know number representation Unsigned Signed

704 views • 11 slides
Capabilities Metal Alloy and Rare Earth Alloy Manufacture Inert Atmosphere Grinding Atomizing

Capabilities Metal Alloy and Rare Earth Alloy Manufacture Inert Atmosphere Grinding Atomizing

Capabilities Metal Alloy and Rare Earth Alloy Manufacture Inert Atmosphere Grinding Atomizing Vacuum Induction Melting Vacuum Annealing Hydriding Metal Alloys Ingots and Powder Hydrogen S torage Magnets Batteries Additive

393 views • 11 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1 Buffer Overflows One of the most common vulnerabili@es in soEware Programming languages commonly associated with buffer overflows including

199 views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1 Buffer Overflows One of the most common vulnerabiliCes in soGware Programming languages commonly associated with buffer overflows including

195 views • 17 slides
Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit Performs most processor operations Control signal predicates addition subtraction logic operations shifting (w / or w / o sign extension) Figure:

205 views • 8 slides
Alloy Modeling Language meets SMT-LIB Forrest Cinelli, Kyle McCormick, Dan Dougherty WPI NSF

Alloy Modeling Language meets SMT-LIB Forrest Cinelli, Kyle McCormick, Dan Dougherty WPI NSF

Alloy Modeling Language meets SMT-LIB Forrest Cinelli, Kyle McCormick, Dan Dougherty WPI NSF Support 1408745 and 1714431 April 30 2018 1 / 11 Plan Talk about relationship between Alloy Language and SMT-LIB Want to raise questions to

237 views • 13 slides
Alloy Intro Trimble &amp; Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

Alloy Intro Trimble &amp; Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

2018 IGNSS Conference | Michael Bruno | Trimble Inc Alloy Intro Trimble &amp; Authorized Trimble Dealer Only Trimble RTN Overview RTN Software Trimble Pivot Platform RTN Hardware Trimble Alloy GNSS Receiver Zephyr 3 Antennas GNSS Field Users

317 views • 10 slides
Aluminium Niobium A Foundry and Master Alloy Manufacturers Perspective 1 Norton

Aluminium Niobium A Foundry and Master Alloy Manufacturers Perspective 1 Norton

Aluminium Niobium A Foundry and Master Alloy Manufacturers Perspective 1 Norton Aluminium Foundry &amp; Master Alloy Manufacturer A presentation at the Charles Hatchett Seminar 13 th July 2016 Background UKs leading

377 views • 21 slides
C M S A N D L H C R E P O R T A L L E X P E R I M E N T E R S M E E T I N G F E R M I L A B J U

C M S A N D L H C R E P O R T A L L E X P E R I M E N T E R S M E E T I N G F E R M I L A B J U

C M S L H C R E P O R T C M S A N D L H C R E P O R T A L L E X P E R I M E N T E R S M E E T I N G F E R M I L A B J U LY 9 , 2 0 1 8 Javier Duarte Fermilab 1 L H C &amp; C M S S C H E D U L E LHC performing a complex program

474 views • 14 slides
Towards a Static Check of FMUs in VDM-SL Nick Battle, Casper Thule, Cludio Gomes, Hugo Daniel

Towards a Static Check of FMUs in VDM-SL Nick Battle, Casper Thule, Cludio Gomes, Hugo Daniel

Towards a Static Check of FMUs in VDM-SL Nick Battle, Casper Thule, Cludio Gomes, Hugo Daniel Macedo 17 th Overture Workshop, Oct 2019 Work Outline VDM-SL model of FMI static semantics (configuration) Builds on 2016 work by Mirran, Peter

158 views • 13 slides
Building a System-Identified FMU in VDM Michael Dono and Ken Pierce Overture Workshop, Porto, Oct

Building a System-Identified FMU in VDM Michael Dono and Ken Pierce Overture Workshop, Porto, Oct

Building a System-Identified FMU in VDM Michael Dono and Ken Pierce Overture Workshop, Porto, Oct 2019 From Newcastle. For the world. Building a System-Identified FMU in VDM Overview Introduction What is system identification?

404 views • 11 slides
Windows Kernel Trap Handler and NTVDM Vulnerabilities Case Study Mateusz &quot;j00ru&quot;

Windows Kernel Trap Handler and NTVDM Vulnerabilities Case Study Mateusz &quot;j00ru&quot;

Windows Kernel Trap Handler and NTVDM Vulnerabilities Case Study Mateusz &quot;j00ru&quot; Jurczyk ZeroNights 2013 E.0x03 Moscow, Russia Introduction Mateusz j00ru Jurczyk Information Security Engineer @ Extremely into Windows

1.11k views • 110 slides
Nontraditional Notions of Polynomial Ordering with Computational Applications Steve Hussung

Nontraditional Notions of Polynomial Ordering with Computational Applications Steve Hussung

Intro Potential Theoretic Background Convex Bodies, Orderings WAMS, Discrete Sequences Nontraditional Notions of Polynomial Ordering with Computational Applications Steve Hussung Indiana University Bloomington Midwestern Workshop on

801 views • 47 slides
Semiexclusive production of vector mesons in proton-proton collisions with electromagnetic

Semiexclusive production of vector mesons in proton-proton collisions with electromagnetic

ANNA CISEK Semiexclusive production of vector mesons in proton-proton collisions with electromagnetic dissociation of protons Anna Cisek University of Rzeszow MESON 2018 - 15 th International Workshop on Meson Physics Krakw, 7-12 June 2018

422 views • 18 slides
Strategic Term Rewriting and Its Application to a VDM-SL to SQL Conversion Review Outline

Strategic Term Rewriting and Its Application to a VDM-SL to SQL Conversion Review Outline

Strategic Term Rewriting and Its Application to a VDM-SL to SQL Conversion Review Outline Goal of the paper Algebraic design by calculation VooDooM model Conclusions and future work Goal of the paper Convert datatypes in

357 views • 14 slides
Decoding the nature of Dark Matter at current and future experiments Alexander Belyaev

Decoding the nature of Dark Matter at current and future experiments Alexander Belyaev

Decoding the nature of Dark Matter at current and future experiments Alexander Belyaev Southampton University &amp; Rutherford Appleton Laboratory June 10 , 2020, Particle Physics Seminar Alexander Belyaev Decoding the nature of DM 1 Why

917 views • 77 slides

More recommend