symbiotic with cpachecker
play

Symbiotic with CPAchecker Marek Chalupa, Masaryk University Brno - PowerPoint PPT Presentation

Dec 19, 2023 •414 likes •778 views

Symbiotic with CPAchecker Marek Chalupa, Masaryk University Brno October 2, 2019 4th International Workshop on CPAchecker Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for (

  1. Symbiotic with CPAchecker Marek Chalupa, Masaryk University Brno October 2, 2019 4th International Workshop on CPAchecker

  2. Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for ( int k = 0; k < 1000; ++k) { /* some code that does not touch x */ } } } if (x > 0) __VERIFIER_error(); } 1 / 17

  3. Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for ( int k = 0; k < 1000; ++k) { /* some code that does not touch x */ } } } if (x > 0) __VERIFIER_error(); } 1 / 17

  4. Motivation int main( void ) { int x = 10; for ( int i = 0; i < 1000; ++i) { for ( int j = 0; j < 1000; ++j) { for ( int k = 0; k < 1000; ++k) { /* some code that does not touch x */ } } } if (x > 0) __VERIFIER_error(); } 1 / 17

  5. Outline • Symbiotic • What is Symbiotic? • How it works? • CPAchecker in Symbiotic • How is it integrated? • Some results. 2 / 17

  6. Symbiotic

  7. What is Symbiotic? • Framework for generating code fitted to verification. 3 / 17

  8. What is Symbiotic? • Framework for generating code fitted to verification. • It employs: • code instrumentation (combined with static analyses), • program slicing, • (compiler) optimizations. 3 / 17

  9. What is Symbiotic? • Framework for generating code fitted to verification. • It employs: • code instrumentation (combined with static analyses), • program slicing, • (compiler) optimizations. • It is highly modular. • Internally works with LLVM. 3 / 17

  10. What is Symbiotic? • Framework for generating code fitted to verification. • It employs: • code instrumentation (combined with static analyses), • program slicing, • (compiler) optimizations. • It is highly modular. • Internally works with LLVM. • Integrates several verification tools that can be seamlessly run on the generated code. 3 / 17

  11. Symbiotic – schema compilation .prp .c .c .c clang instrumentation optimizations verification slicing KLEE , CPAchecker , ... optimizations symbiotic-verify symbiotic-cc 4 / 17

  12. Instrumentation Instrumentation inserts auxiliary code to the analyzed program. • Symbiotic has a configurable instrumentation module • Configuration in JSON 5 / 17

  13. Instrumentation Instrumentation inserts auxiliary code to the analyzed program. • Symbiotic has a configurable instrumentation module • Configuration in JSON • It can use results of static analyses to prevent redundant code injection • Can run in several stages, passing information from former to later stages 5 / 17

  14. Instrumentation Instrumentation inserts auxiliary code to the analyzed program. • Symbiotic has a configurable instrumentation module • Configuration in JSON • It can use results of static analyses to prevent redundant code injection • Can run in several stages, passing information from former to later stages • Restriction: can insert only calls to functions at this moment 5 / 17

  15. Instrumentation – example 1. %p = alloca i32* call check pointer(%p, 8) 2. store null to %p 3. %addr = call malloc(20) call check pointer(%p, 8) 4. store %addr to %p call check free(%addr) 5. call free(%addr); call check pointer(%p, 8) 6. %tmp = load %p call check pointer(%tmp, 4) 7. store i32 1 to %tmp 6 / 17

  16. Instrumentation – example 1. %p = alloca i32* 2. store null to %p 3. %addr = call malloc(20) 4. store %addr to %p 5. call free(%addr); 6. %tmp = load %p call check pointer(%tmp, 4) 7. store i32 1 to %tmp 6 / 17

  17. Program slicing Program slicing removes instructions of a program that are irrelevant to a specified ”behavior” of the program. • The behavior is specified by slicing criterion < V , l > • V is a set of variables • l is a program location • meaning: preserve the value of variables in V at location l (and the reachability o f l ) during any execution of the program • Slicing criteria are (in our settings) error locations 7 / 17

  18. Program slicing – how it works? • Compute dependencies between instructions. • We say that instruction A depends on instruction B if: • instruction A uses values generated by instruction B, or • instruction A is not executed if we go some other way at (branching) B. • Slicing: keep only the instructions on which the error (transitively) depends. 8 / 17

  19. Program slicing – how it works? data dependence • Compute dependencies between instructions. • We say that instruction A depends on instruction B if: • instruction A uses values generated by instruction B, or • instruction A is not executed if we go some other way at (branching) B. • Slicing: keep only the instructions on which the error (transitively) depends. 8 / 17

  20. Program slicing – how it works? data dependence • Compute dependencies between instructions. • We say that instruction A depends on instruction B if: • instruction A uses values generated by instruction B, or • instruction A is not executed if we go some other way at (branching) B. • Slicing: keep only the instructions on which the error (transitively) depends. control dependence 8 / 17

  21. Program Slicing – example int zeroing( char *buf, size_t size) { int n = input(); for ( int i = 0; i < n; ++i) { assert(i < size && "Out␣of␣bounds"); buf[i] = 0; } return 0; } 9 / 17

  22. Program Slicing – example int zeroing( char *buf, size_t size) { int n = input(); for ( int i = 0; i < n; ++i) { assert(i < size && "Out␣of␣bounds"); buf[i] = 0; } return 0; } 9 / 17

  23. Once the code is generated... Once the code is generated, we can • Do nothing... (output the generated LLVM) • Generate C from it and output it ( llvm2c tool) • Pass it to a verification engine (as LLVM or C, according to the verifier) 10 / 17

  24. Once the code is generated... Once the code is generated, we can • Do nothing... (output the generated LLVM) • Generate C from it and output it ( llvm2c tool) • Pass it to a verification engine (as LLVM or C, according to the verifier) So Symbiotic can be viewed as a • C to LLVM compiler, • C to C transformer, • verification tool for C language 10 / 17

  25. Verification engines • Verification tools are integrated into Symbiotic by extending benchexec tool-info modules • The extension adds methods for: • specifying the required LLVM version • (optional) setting the environment • (optional) hooks that run before or after compilation/instrumentation/slicing/verification 11 / 17

  26. Verification engines • Verification tools are integrated into Symbiotic by extending benchexec tool-info modules • The extension adds methods for: • specifying the required LLVM version • (optional) setting the environment • (optional) hooks that run before or after compilation/instrumentation/slicing/verification • So far we have integrated KLEE, CPAchecker, DIVINE, SMACK, and SeaHorn • experimental support for CBMC, UltimateAutomizer, and IKOS 11 / 17

  27. Symbiotic – Limits. • No C++ (exceptions). • Symbiotic still does not scale to large programs. • The current bottle-neck is data-dependence analysis in slicer 12 / 17

  28. Symbiotic with CPAchecker

  29. CPAchecker integration into Symbiotic • CPAchecker has LLVM backend • Parses LLVM and creates a CFA over C language • Missing a support for some floats-related constructs • Missing a support for some global initializers 13 / 17

  30. CPAchecker integration into Symbiotic • CPAchecker has LLVM backend • Parses LLVM and creates a CFA over C language • Missing a support for some floats-related constructs • Missing a support for some global initializers • We can use also the C backend directly • Symbiotic can use llvm2c to generate C from the LLVM • The default option (as of a few weeks ago :) 13 / 17

  31. CPAchecker integration into Symbiotic • CPAchecker has LLVM backend • Parses LLVM and creates a CFA over C language • Missing a support for some floats-related constructs • Missing a support for some global initializers • We can use also the C backend directly • Symbiotic can use llvm2c to generate C from the LLVM • The default option (as of a few weeks ago :) • We use the SV-COMP’19 configuration ( -svcomp19 ) by default 13 / 17

  32. CPAchecker in Symbiotic • Symbiotic + llvm2c + CPAchecker (with the C backend) now works better then Symbiotic + CPAchecker (LLVM backend) • However, ”pure” CPAchecker still works better then Symbiotic+CPAchecker 14 / 17

  33. Experiments on ReachSafety category No slicing (LLVM bcknd) No Slicing (llvm2c) Slicing (LLVM bcknd) Slicing (llvm2c) Pure CPAchecker CPU time [s] 10 1 0 500 1000 1500 2000 2500 3000 n-th fastest benchmark 15 / 17

  34. Experiments with LLVM backend 1000 No slicing 800 Slicing CPU time [s] CPAchecker 600 400 200 0 1000 No slicing 800 Slicing CPU time [s] 600 KLEE 400 200 0 0 500 1000 1500 2000 n-th fastest benchmark 16 / 17

  35. Summary • Symbiotic is a framework that generates optimized (LLVM or C) code for verification • It is highly modular • It integrates several verification tools, including CPAchecker https://github.com/staticafi/symbiotic 17 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And

Symbiotic EDA Suite www.symbioticeda.com Symbiotic EDA We build Open Source EDA Tools And offer commercial versions of those tools with additional functionality and support Symbiotic EDA Suite We specialize in Formal

851 views • 31 slides
Value Creation in Symbiotic Innovation Value Creation in Symbiotic Innovation Ecosystems

Value Creation in Symbiotic Innovation Value Creation in Symbiotic Innovation Ecosystems

Value Creation in Symbiotic Innovation Value Creation in Symbiotic Innovation Ecosystems Ecosystems Ilkka Tuomi Aalto University and Meaning Processing ilkka.tuomi@ . meaningprocessing.com I. Tuomi 9 November 2015 page: 1 The New New

423 views • 9 slides
On Using Symbiotic Relationship to Repel Network Flooding Defense

On Using Symbiotic Relationship to Repel Network Flooding Defense

On Using Symbiotic Relationship to Repel Network Flooding Defense draft-haddad-mipshop-netflood-defense-00 What is a Symbiotic Relationship (SR)? An SR is a unidirectional cryptographic relation between two nodes or between one

377 views • 6 slides
Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics

Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics

Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics University of Passau September 23, 2016 Gernot Zorneck Implementing PDR in CPAchecker September 23, 2016 1 / 24 Outline Introduction 1

1.19k views • 39 slides
in Short-Term Interactions: a User Study Francesco Riccio and Andrea Vanzo PhD students December

in Short-Term Interactions: a User Study Francesco Riccio and Andrea Vanzo PhD students December

Enabling Symbiotic Autonomy in Short-Term Interactions: a User Study Francesco Riccio and Andrea Vanzo PhD students December 16 th 2015 Background Rosenthal, 2010 Coradeschi, 2006 Symbiotic Autonomy Background Symbiotic Autonomy

701 views • 17 slides
Relationships in Nature Predation Competition Symbiotic Predation An interaction in which

Relationships in Nature Predation Competition Symbiotic Predation An interaction in which

Relationships in Nature Predation Competition Symbiotic Predation An interaction in which one organism kills another for food Ex: green tree python eats a mouse C ompetition The struggle between organisms to survive as

412 views • 18 slides
Development Opportunities With Non-Traditional Partners Saturday, March 13 th , 2010 What is a

Development Opportunities With Non-Traditional Partners Saturday, March 13 th , 2010 What is a

Development Opportunities With Non-Traditional Partners Saturday, March 13 th , 2010 What is a Non-Traditional Partner? Commensal Symbiotic Parasitic The Symbiotic Relationships What is a Non-Traditional Partner? Commensal Symbiotic

596 views • 23 slides
Toward understanding the symbiotic role of microbial communities in human biology Ma ra Glo

Toward understanding the symbiotic role of microbial communities in human biology Ma ra Glo

Toward understanding the symbiotic role of microbial communities in human biology Ma ra Glo ria Do mng ue z-Be llo NYU Sc ho o l o f Me dic ine First picture of Earth from the surface of Mars NASAs Curiosity rover, Jan 31 st

656 views • 64 slides
MEDICINE MEDICINE AND THE AND THE MEDIA MEDIA A SYMBIOTIC RELATIONSHIP? Corey Hebert, MD

MEDICINE MEDICINE AND THE AND THE MEDIA MEDIA A SYMBIOTIC RELATIONSHIP? Corey Hebert, MD

MEDICINE MEDICINE AND THE AND THE MEDIA MEDIA A SYMBIOTIC RELATIONSHIP? Corey Hebert, MD Chief Med. Editor WDSU-NBC Medical Director, LSRD Asst. Prof Pediatrics, LSU Health Sciences Center HOW MANY OF YOU WATCHED THE TODAY SHOW THIS

425 views • 39 slides
Towards a Palestinian Program for symbiotic hybrid systems for the water sector Presented By:

Towards a Palestinian Program for symbiotic hybrid systems for the water sector Presented By:

27/04/19 UPWSP 5 th Conference Towards Integration In Fields of Water and Energy Towards a Palestinian Program for symbiotic hybrid systems for the water sector Presented By: Prof. Corinne DUBOIS April, 2019 Towards a Palestinian

252 views • 13 slides
Project Trellis &amp; nextpnr FOSS Tools for ECP5 FPGAs David Shah @fpga_dave Symbiotic EDA ||

Project Trellis &amp; nextpnr FOSS Tools for ECP5 FPGAs David Shah @fpga_dave Symbiotic EDA ||

Project Trellis &amp; nextpnr FOSS Tools for ECP5 FPGAs David Shah @fpga_dave Symbiotic EDA || Imperial College London 1 FPGA? Programmable digital logic Typical basic elements are look-up-tables and D- flipflops; connected by

269 views • 25 slides
SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA

SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA

SymbiYosys Formal Hardware Verification with OpenSource Tools Clifford Wolf Symbiotic EDA Yosys, Yosys-SMTBMC, SymbiYosys Yosys FOSS Verilog Synthesis tool and more highly flexible, customizable using scripts Formal

600 views • 35 slides
Symbiotic Simulation and its Application to Complex Adaptive Systems Stephen John Turner

Symbiotic Simulation and its Application to Complex Adaptive Systems Stephen John Turner

Symbiotic Simulation and its Application to Complex Adaptive Systems Stephen John Turner Parallel &amp; Distributed Computing Centre Nanyang Technological University Singapore Parallel Distributed Com puting Centre Outline of Talk

883 views • 38 slides
A Light-Weight Approach for Verifying Multi-Threaded Programs with CPAchecker ThreadingCPA Dirk

A Light-Weight Approach for Verifying Multi-Threaded Programs with CPAchecker ThreadingCPA Dirk

A Light-Weight Approach for Verifying Multi-Threaded Programs with CPAchecker ThreadingCPA Dirk Beyer 1 Karlheinz Friedberger 2 1 LMU Munich, Germany 2 University of Passau, Germany Dirk Beyer, Karlheinz Friedberger ThreadingCPA Multi-Threaded

414 views • 22 slides
CLIC a Component Model Symbiotic with Smalltalk N. Bouraqadi and L. Fabresse Ecole des Mines de

CLIC a Component Model Symbiotic with Smalltalk N. Bouraqadi and L. Fabresse Ecole des Mines de

CLIC! + CLIC a Component Model Symbiotic with Smalltalk N. Bouraqadi and L. Fabresse Ecole des Mines de Douai http://vst.ensm-douai.fr/Clic 2 Software Engineering Virtuous Circle Programming Language N. Bouraqadi &amp; L. Fabresse -

805 views • 35 slides
The nextpnr FOSS FPGA place-and-route tool Clifford Wolf Symbiotic EDA FOSS FPGA PnR VPR

The nextpnr FOSS FPGA place-and-route tool Clifford Wolf Symbiotic EDA FOSS FPGA PnR VPR

The nextpnr FOSS FPGA place-and-route tool Clifford Wolf Symbiotic EDA FOSS FPGA PnR VPR (Versatile Place-and-Route) Over 20 years old (1997). Timing driven. Portable. Focuses more on architecture exploration via architecture XML

489 views • 20 slides
Visual Object Recognition Computational Models and Neurophysiological Mechanisms Neurobiology

Visual Object Recognition Computational Models and Neurophysiological Mechanisms Neurobiology

Visual Object Recognition Computational Models and Neurophysiological Mechanisms Neurobiology 130/230. Harvard College/GSAS 78454 Web site : http://tinyurl.com/visionclass Class notes, Class slides, Readings Assignments Location: Biolabs

243 views • 8 slides
Visual Object Recognition Computational Models and Neurophysiological Mechanisms Neurobiology

Visual Object Recognition Computational Models and Neurophysiological Mechanisms Neurobiology

Visual Object Recognition Computational Models and Neurophysiological Mechanisms Neurobiology 130/230. Harvard College/GSAS 78454 Web site : http://tinyurl.com/visionclass Class notes, Class slides, Readings Assignments Location: Biolabs

428 views • 6 slides
Drones Still Going Open Source Julien BERAUD October 12th 2016 - Embedded Linux Conference Europe

Drones Still Going Open Source Julien BERAUD October 12th 2016 - Embedded Linux Conference Europe

Drones Still Going Open Source Julien BERAUD October 12th 2016 - Embedded Linux Conference Europe Berlin Drones Still Going Open Source 1 / 31 Introduction ArduPilot on Parrot Bebop 2 Parrot Disco and C.H.U.C.K Software Architecture for

1.1k views • 74 slides
Friends and relatives of BS(1,2) The role and importance of the many variations and constructions

Friends and relatives of BS(1,2) The role and importance of the many variations and constructions

Friends and relatives of BS(1,2) The role and importance of the many variations and constructions based on this familiar group C F Miller III (Chuck Miller) University of Melbourne GAGTA - May 2013 C Miller (Melbourne) Friends and relatives

397 views • 19 slides
Most English Morphology is Concatenative write+[s], drive+[z],... book+[s], tune+[z],...

Most English Morphology is Concatenative write+[s], drive+[z],... book+[s], tune+[z],...

Most English Morphology is Concatenative write+[s], drive+[z],... book+[s], tune+[z],... pre+vent, re+do, un+tie,... walk+[t], pave+[d],... 1 / 31 Nonconcatenative Morphology: Morphological Vowel Mutation swim swam swum

579 views • 31 slides
Reading Barlow, H. B. and W. R. Levick (1965) The mechanism of directionally selective units in

Reading Barlow, H. B. and W. R. Levick (1965) The mechanism of directionally selective units in

11/20/2011 L. 48 Visual Processing for Motion in Flies and Mammals Fri. November 18, 2011 Carl Hopkins Reading Barlow, H. B. and W. R. Levick (1965) The mechanism of directionally selective units in rabbits retina. J. Physiol.

460 views • 16 slides
Early Vision and Visual System Development Dr. James A. Bednar jbednar@inf.ed.ac.uk

Early Vision and Visual System Development Dr. James A. Bednar jbednar@inf.ed.ac.uk

Early Vision and Visual System Development Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar CNV Spring 2015: Vision background 1 Studying the visual system (1) The visual system can be (and is) studied using

939 views • 64 slides
Learning to Branch in MILP Solvers Maxime Gasse, Didier Chetelat, Laurent Charlin, Andrea Lodi

Learning to Branch in MILP Solvers Maxime Gasse, Didier Chetelat, Laurent Charlin, Andrea Lodi

Learning to Branch in MILP Solvers Maxime Gasse, Didier Chetelat, Laurent Charlin, Andrea Lodi maxime.gasse@polymtl.ca TTI-C Workshop on Automated Algorithm Design Chicago, August 7-9th 2019 1/32 Overview The Branching Problem The Graph

640 views • 35 slides

More recommend