the pointer assertion logic engine
play

The Pointer Assertion Logic Engine [PLDI 01] Anders M ller - PowerPoint PPT Presentation

Jun 09, 2023 •31 likes •371 views

The Pointer Assertion Logic Engine [PLDI 01] Anders M ller Michael I. Schwartzbach Presented by K. Vikram Cornell University Introduction Pointer manipulation is hard Find bugs, optimize code General Approach Model

  1. The Pointer Assertion Logic Engine [PLDI ’01] Anders M φ ller Michael I. Schwartzbach Presented by K. Vikram Cornell University

  2. Introduction • Pointer manipulation is hard – Find bugs, optimize code • General Approach – Model the heap, including records & pointers – Describe properties in an assertion lang. – Verify correctness

  3. The Objective • Pointer Verification • Check for – Type errors – Memory errors – Data structure invariant violations • Safety critical data-type implementations Some slides have been adapted from a talk by Anders M φ ller

  4. Motivation • Standard type-checking not enough – Tree ≡ List – Avoiding memory errors • Verify an abstract data type

  5. Graph Types • Regular Types – T → v(a 1 : T 1 , …, a n : T n ) • Graph Types – T → v(… a i : T i … a j : T j [R] …) – data fields + routing fields (R) – backbone (ST) + other pointers – functionally dependent • Doubly linked-list, trees with parent pointers, threaded trees, red-black trees, etc.

  6. Routing Expressions • Regular Expressions • ⇓ a - move down along a • ↑ - move along parent • - verify presence at root • $ - verify presence at leaf • T:v – verify type and variant • Well-formedness

  7. Examples • List with first and last pointers H → (first: L, last: L[ ⇓ first ⇓ tail * $ ↑ ) L → (head: Int, tail: L) → () • Doubly-linked cyclic list D → (next: D, prev: D[ ↑ + ^ ⇓ next* $] → (next: D[ ↑ * ] , prev: D[ ↑ + ^]

  8. Monadic Second Order Logic • Quantification done over predicates and terms • Unary predicates • Most expressive logic that is practically decidable • Decidable using tree automata

  9. Pointer Assertion Logic • Monadic 2 nd order – Over records, pointers and booleans • Specify – Structural invariants – Pre- and post- conditions – Invariants and assertions

  10. Methodology • Verify a single ADT at a time • Data structures as graph types • Programs in a restricted language • Annotations in Pointer Assertion Logic – properties of the store (assertions) – invariants • Encode in monadic 2 nd order logic • Use a standard tool (MONA)

  11. Comparison with shape analysis • Goals similar – approach different • fixpoint iterations over store model vs. encoding of program in logic • Similar precision and speed • Use of loop invariants/assertions • Need to specify operational semantics • Restriction to graph types • Generation of counter-examples

  12. Routing Expressions • Slightly generalized • ptr <routingexp> ptr • Up – x^T.p • A general formula can be embedded

  13. Example data structure • Binary tree with pointers to root

  14. Another Example

  15. Example Program

  16. Details… • Store Model • Graph Types • Abstract Programming Language • Program Annotations

  17. The Programming Language

  18. The Programming Language

  19. The Programming Language

  20. Program Annotations • Monadic 2 nd order Logic on graph types • Quantification over heap records – Individual elements, sets of elements • Formulas* used for – Constraining destinations of pointers – Invariants in loops and procedure calls – Pre- and post- conditions – Assert and split statements

  21. Monadic 2L on finite trees • Φ ::= ¬ Φ | Φ ∨ Φ | Φ ∧ Φ | Φ ⇒ Φ | Φ ⇔ Φ | ∀ 1 x. Φ | ∃ 1 x. Φ | ∀ 2 x. Φ | ∃ 2 x. Φ | t = t | t ∈ T | T = T | T ⊆ T | … (formulas) • T ::= X | T ∪ T | T ∩ T | T \ T | ∅ (set terms) • t ::= x | t.left | t.right | t.up (position terms)

  22. Program Annotations

  23. Program Annotations

  24. A More Involved Example • Threaded Trees – Pointer to successor in post-order traversal

  25. The Fix Procedure

  26. Annotations Precondition to fix ALMOSTPOST Predicate

  27. Hoare Triples • {P} S {Q} • P = pre-conditions (boolean predicate) • Q = post-conditions ( -do- ) • S = program • Standard tools available

  28. Verification with Hoare Logic • Split program into Hoare triples “property stm” • Use PAL as assertion language • Cut-points – beginning/end of procedure and while bodies – split statements – graph types valid only at cut-points

  29. Verification with Hoare Logic • Hoare Triple – property stm • stm is without loops, procedure calls • Use transduction to simulate statements • Update store predicates (11 kinds) • Interface for querying the store

  30. Advantages over earlier tools • Can handle temporary violations – Overriding pointer directives – Allow different constraints at different points – Use property instead of formula • Modular and thus, scalable

  31. MONA • Reduces formulas to tree automata • Deduces validity or generates counter- examples

  32. Evaluation • As fast as previous tools • Very few intractable examples in practice • Found a null-pointer dereference in a bubblesort example

  33. Evaluation

  34. Finally • Questions • Comments • Praise/Criticism • Thank you!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

Fachgebiet Rechnersysteme Technische Universitt Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 1 8. Assertion-Based Design and Assertion Languages 3 Fachgebiet Rechnersysteme 8. Assertion Based Design

815 views • 13 slides
An Assertion-Based Program Logic for Probabilistic Programs Gilles Barthe, Thomas Espitau, Marco

An Assertion-Based Program Logic for Probabilistic Programs Gilles Barthe, Thomas Espitau, Marco

An Assertion-Based Program Logic for Probabilistic Programs Gilles Barthe, Thomas Espitau, Marco Gaboardi, Benjamin Grgoire, Justin Hsu, and Pierre-Yves Strub 1 Randomized algorithms are everywhere! 2 Complex programs 3 Complex proofs 4

738 views • 50 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion-Based Design and Assertion Languages 1 Fachgebiet Rechnersysteme 8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1 Assertion-Based Design 8.2 Introduction to ITL 8.3 Introduction to SVA

856 views • 51 slides
Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an

Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an

Pointer arithmetic arrays only arrays only Pointer arithmetic Can add or subtract an integer as long as result is still within the bounds of the array Can subtract a pointer from another pointer iff both point to

140 views • 9 slides
Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer

Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer

Pointer Basics Lecture 13 COP 3014 Fall 2019 November 7, 2019 What is a Pointer? A pointer is a variable that stores a memory address. Pointers are used to store the addresses of other variables or memory items. Pointers are very

742 views • 23 slides
Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist, Health &amp; Wellbeing Service From Newcastle. For the world. What is assertion? Assertiveness enables us to act in our own best interests, to stand up

368 views • 16 slides
Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents What is a Dangling Pointer? Code Injection Object Overriding Demonstrations Remediation Summary Q&amp;A 2 What is a

543 views • 28 slides
Pointers The Pointer Defined int *x; Read as: declare x as a pointer to a 32-bit integer

Pointers The Pointer Defined int *x; Read as: declare x as a pointer to a 32-bit integer

Pointers The Pointer Defined int *x; Read as: declare x as a pointer to a 32-bit integer Interpretation: declare x as a variable on the stack that holds the numeric address of the location in memory at which are 32 bits that we intend

359 views • 15 slides
Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective

Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective

Separation Logics for Pointer Programs James Brotherston Lorentz Center Workshop on Effective Verification of Pointer Programs Monday 13th May, 2019 1/ 28 Part I Introduction to separation logic 2/ 28 Introduction Verification of imperative

758 views • 28 slides
HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Nobuhiro Torata, Kyushu University

HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Nobuhiro Torata, Kyushu University

The 5 th ATS at Fukuoka HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Nobuhiro Torata, Kyushu University Hospital. 2 HD-SCR: High Definition Streaming Combined Remote conference system Concepts of New system Hi quality HD image

108 views • 7 slides
HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Chairpersons: Ti-Chaung Chiang, National

HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Chairpersons: Ti-Chaung Chiang, National

Medical WG Technology session APAN 32 nd meeting at New Delhi HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Chairpersons: Ti-Chaung Chiang, National Taiwan University Torata N and Cao Duc Minh, Kyushu University Hospital. 1 HD-SCR:

347 views • 10 slides
Pointers and Memory 1 Pointer values Pointer values are memory addresses

Pointers and Memory 1 Pointer values Pointer values are memory addresses

Pointers and Memory 1 Pointer values Pointer values are memory addresses Think of them as a kind of integer values The first byte of memory is 0, the next 1, and so on A pointer p can hold the address of a memory

1.01k views • 31 slides
FAT POINTERS Arjun Menon IIT Madras What is a Fat Pointer? METADATA ADDRESS PTR Typically

FAT POINTERS Arjun Menon IIT Madras What is a Fat Pointer? METADATA ADDRESS PTR Typically

FAT POINTERS Arjun Menon IIT Madras What is a Fat Pointer? METADATA ADDRESS PTR Typically metadata contains the base and bounds of the pointer which is essentially the valid accessible memory region by the pointer if(

511 views • 49 slides
Introduction to Logic Programming in Prolog 1 / 39 Outline Programming paradigms Logic

Introduction to Logic Programming in Prolog 1 / 39 Outline Programming paradigms Logic

Introduction to Logic Programming in Prolog 1 / 39 Outline Programming paradigms Logic programming basics Introduction to Prolog Predicates, queries, and rules Understanding the query engine Goal search and unification Structuring recursive

881 views • 39 slides
CS 161 Intro to CS I Pointers 1 Introduc2on

CS 161 Intro to CS I Pointers 1 Introduc2on

CS 161 Intro to CS I Pointers 1 Introduc2on Defini2on Pointer is the address of a variable in memory 3AE17 3AE37 3AE57

490 views • 14 slides
C Programming for Engineers Pointers ICEN 360 Spring 2017 Prof. Dola Saha 1 Pointers

C Programming for Engineers Pointers ICEN 360 Spring 2017 Prof. Dola Saha 1 Pointers

C Programming for Engineers Pointers ICEN 360 Spring 2017 Prof. Dola Saha 1 Pointers Pointers are variables whose values are memory addresses . A variable name directly references a value, and a pointer indirectly references a value.

730 views • 29 slides
CS103 Unit 6 - Pointers Mark Redekopp 2 Why Pointers Scenario: You write a paper and

CS103 Unit 6 - Pointers Mark Redekopp 2 Why Pointers Scenario: You write a paper and

1 CS103 Unit 6 - Pointers Mark Redekopp 2 Why Pointers Scenario: You write a paper and include a lot of large images. You can send the document as an attachment in the e-mail or upload it as a Google doc and simply e- mail the URL.

1.58k views • 80 slides
Indexing with local features, Bag of words models Thursday, Oct 29 Kristen Grauman UT-Austin

Indexing with local features, Bag of words models Thursday, Oct 29 Kristen Grauman UT-Austin

10/29/2009 Indexing with local features, Bag of words models Thursday, Oct 29 Kristen Grauman UT-Austin Last time Interest point detection Harris corner detector Laplacian of Gaussian, automatic scale selection 1 10/29/2009

671 views • 39 slides
Generic Pointers Generic Data Structures 1 /************ Implementation ***********/ Stacks

Generic Pointers Generic Data Structures 1 /************ Implementation ***********/ Stacks

Generic Pointers Generic Data Structures 1 /************ Implementation ***********/ Stacks typedef struct list_node list; struct list_node { string data; list* next; }; We defined stacks of strings typedef struct stack_header stack;

497 views • 37 slides
Basic Pointers CSCI 112: Programming in C What the #$@# is a pointer? Pointers are variables

Basic Pointers CSCI 112: Programming in C What the #$@# is a pointer? Pointers are variables

Basic Pointers CSCI 112: Programming in C What the #$@# is a pointer? Pointers are variables Instead of holding values, they hold the address of another variable. They point to where that other variable is stored. Some new syntax A

511 views • 23 slides
Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging

Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging

CS 240 Stage 2 Hardware-Software Interface Memory addressing, C language, pointers Assertions, debugging Machine code, assembly language, program translation Control flow Procedures, stacks Data layout, security, linking and loading Program,

822 views • 29 slides
Announcement Final exam C++: Smart Pointers Tuesday, May 20 th 2:45 4:45pm

Announcement Final exam C++: Smart Pointers Tuesday, May 20 th 2:45 4:45pm

Announcement Final exam C++: Smart Pointers Tuesday, May 20 th 2:45 4:45pm Rm 70-1620 Announcement Speaking of Exams For those taking SE1 in the fall There will be no exam this week Now a studio course

446 views • 6 slides

More recommend