using llvm in a
play

Using LLVM in a Model Checking Workflow Gyula Sallai 2018 European - PowerPoint PPT Presentation

Jan 19, 2023 •147 likes •325 views

Using LLVM in a Model Checking Workflow Gyula Sallai 2018 European LLVM Developers Meeting Introduction Motivation Embedded software systems o Usually written in C (Red Green) Confidence in correctness? Formal Formal model

  1. Using LLVM in a Model Checking Workflow Gyula Sallai 2018 European LLVM Developers Meeting

  2. Introduction

  3. Motivation  Embedded software systems o Usually written in C ¬ (Red ∧ Green)  Confidence in correctness? Formal Formal model property Model checking OK Counterexample 3

  4. Software model checking  Automatic transformation from source code C code erroneous state Program model not reachable Model checking OK Counterexample  Model checking is computationally hard o Undecidable in general o Model size/complexity must be reduced 4

  5. LLVM for model checking  LLVM IR as a language frontend? o Language-agnostic o Optimization infrastructure  Using LLVM IR for model checking theta framework 1 C Formal LLVM IR C++ model … optimizations Verification backend 1 https://github.com/ftsrg/theta 5

  6. Transformation to formal models

  7. Formal model for computer programs  Control flow automata (CFA) int i = 0; int sum = 0; while (i < 11) { sum = sum + i; i = i + 1; } assert(i == 11);  error: failing assertions 7

  8. LLVM IR to formal models  Gap between the IR and formal models o Designed for compilation  designed for theorem provers  LLVM IR has more expressive power o SSA, ϕ -nodes  transformation rules o Pointers  theory of arrays, integer addresses o Global variables  promotion to locals o Procedure calls  function inlining 8

  9. 9 LLVM IR to formal models CFG CFA bb0: 1 x 0 = call read() havoc x 0 br (incr, bb1, bb2) 2 assume not incr assume incr bb1: bb2: 3 5 x 2 = x 0 - 1 x 1 = x 0 + 1 x 1 := x 0 + 1 x 2 := x 0 - 1 4 6 bb3: x 4 := x 1 x 4 := x 2 x 4 = ϕ ({x 1 , bb1}, {x 2 , bb2}) 7 ... 9

  10. Optimization algorithms

  11. Optimizations  Need to be configurable  Optimizations in LLVM o Constant propagation, dead code elimination o Function inlining  Other transformations o Global variables to locals o Program slicing 11

  12. Program slicing  Slice: subprogram, which produces the same output and assigns the same values to a set of variables as the original program. 0: int i = 0; 0: int i = 0; 1: int x = 0; 1: int x = 0; 2: while (i < 11) { 2: while (i < 11) { 3: x = x + i; 3: x = x + i; 4: i = i + 1; 4: i = i + 1; } } 5: assert(i != 0); 5: assert(i != 0); Criterion: value of i at statement 5 12

  13. Evaluation

  14. Evaluation  SV-Comp: Competition on Software Verification 1 o Verification tasks written in C  Program categories o locks : locking mechanisms o eca: event-driven systems o ssh: ssh protocol 1 https://sv-comp.sosy-lab.org/2016/ 14

  15. Evaluation *Opt: with optimizations *Slice: with slicing Model Vars Locs VarsOpt LocsOpt #Slice VarSlice LocsSlice Many small slices 10 locks10 55 236 52 231 5.5 27 14 locks14 75 324 72 319 5.5 26.5 Some reduction with optimizations, more with 1 eca1 1104 2937 976 2870 614 1908 slicing 1 eca2 1040 2854 892 2778 590 1936 1 eca3 3269 10719 2781 10325 2408 9050 Significant reduction 1 ssh1 196 693 174 648 109 394 16

  16. Summary  Software model checking C code error is not CFA reachable Model checking  LLVM IR-based model checking OK Counterexample o Transformation to formal models o Configurable optimizations o Program slicing  Future work o Improved pointer support o New slicing methods (heuristics...) 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LLVM IR and the IoT Dvid Juhsz david.juhasz@imsystech.com 4/2/2018 1 FOSDEM 2018 LLVM

LLVM IR and the IoT Dvid Juhsz david.juhasz@imsystech.com 4/2/2018 1 FOSDEM 2018 LLVM

A unique processor architecture meeting LLVM IR and the IoT Dvid Juhsz david.juhasz@imsystech.com 4/2/2018 1 FOSDEM 2018 LLVM devroom Compiling with LLVM High-Level Programming Language LLVM LLVM Front-end LLVM Assembly / IR LLVM

434 views • 22 slides
Porting LLVM to a new OS Kai Nacke 31 January 2016 LLVM devroom @ FOSDEM16 Porting LLVM

Porting LLVM to a new OS Kai Nacke 31 January 2016 LLVM devroom @ FOSDEM16 Porting LLVM

Porting LLVM to a new OS Kai Nacke 31 January 2016 LLVM devroom @ FOSDEM16 Porting LLVM There are two possible goals Run LLVM tools on OS Generate code for OS / CPU architecture Mission is to run LLVM on previously unsupported

603 views • 11 slides
The Many Faces of Instrumentation: Debugging and Better Performance using LLVM in HPC What are

The Many Faces of Instrumentation: Debugging and Better Performance using LLVM in HPC What are

The Many Faces of Instrumentation: Debugging and Better Performance using LLVM in HPC What are LLVM, Clang, and Flang? How is LLVM Being Improved for HPC. What Facilities for Tooling Exist in LLVM? Opportunities for the Future!

572 views • 38 slides
LLVM/Clang Mouna Abidi &amp; Manel Grichi 1 Plan What is LLVM? How will you be using it?

LLVM/Clang Mouna Abidi &amp; Manel Grichi 1 Plan What is LLVM? How will you be using it?

LLVM/Clang Mouna Abidi &amp; Manel Grichi 1 Plan What is LLVM? How will you be using it? LLVM Architecture Compiler Simple case study Conclusion 2 What is LLVM? Low Level Virtual Machine Modern Compiler

1.34k views • 19 slides
LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan

LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan

LLVM Binutils BoF 2019 EuroLLVM Developers' Meeting James Henderson (SN Systems) Jordan Rupprecht (Google) Introduction LLVM binary utilities (aka binutils) include: llvm-readobj/llvm-readelf llvm-objdump llvm-objcopy

352 views • 8 slides
Building, Testing and Debugging a Simple out-of-tree LLVM Pass October 29, 2015, LLVM

Building, Testing and Debugging a Simple out-of-tree LLVM Pass October 29, 2015, LLVM

Building, Testing and Debugging a Simple out-of-tree LLVM Pass October 29, 2015, LLVM Developers Meeting LLVM 3.7 Resources https://github.com/quarkslab/ llvm-dev-meeting-tutorial-2015 1 Instruction Booklet a = b + c a = b

794 views • 62 slides
LLVM Simone Campanoni simonec@eecs.northwestern.edu Problems with Canvas? Problems with slides?

LLVM Simone Campanoni simonec@eecs.northwestern.edu Problems with Canvas? Problems with slides?

LLVM Simone Campanoni simonec@eecs.northwestern.edu Problems with Canvas? Problems with slides? Any problems? Outline Introduction to LLVM CAT steps Hacking LLVM LLVM LLVM is a great, hackable compiler for C/C++ languages

1.68k views • 44 slides
Wring an LLVM Pass: 101 LLVM 2019 tutorial Andrzej Warzyski arm October 2019 Andrzejs

Wring an LLVM Pass: 101 LLVM 2019 tutorial Andrzej Warzyski arm October 2019 Andrzejs

Wring an LLVM Pass: 101 LLVM 2019 tutorial Andrzej Warzyski arm October 2019 Andrzejs Background arm DOWNSTREAMlldb SciComp Highlander LLVM Dev Meeng 2019 2 / 39 Overview LLVM pass development crash course Focus on

635 views • 39 slides
LLVM Passes Nick Sumner (see also https://github.com/nsumner/llvm-demo) Matt Dwyer (see also

LLVM Passes Nick Sumner (see also https://github.com/nsumner/llvm-demo) Matt Dwyer (see also

LLVM Passes Nick Sumner (see also https://github.com/nsumner/llvm-demo) Matt Dwyer (see also https://github.com/matthewbdwyer/tipc/) Where Can You Get Info? The online documentation is extensive: LLVM Programmers Manual LLVM

553 views • 37 slides
llvm.mix multi-stage compiler-assisted specializer generator built on LLVM Eugene Sharygin 1

llvm.mix multi-stage compiler-assisted specializer generator built on LLVM Eugene Sharygin 1

llvm.mix multi-stage compiler-assisted specializer generator built on LLVM Eugene Sharygin 1 February 3, 2019 1 eush77@gmail.com Introduction llvm.mix Binding-Time Analysis Dynamic Control Examples Summary Interpreters and Compilers

1.33k views • 62 slides
Introduction to the LLVM Compiler System Chris Lattner llvm.org Architect November 4, 2008

Introduction to the LLVM Compiler System Chris Lattner llvm.org Architect November 4, 2008

Introduction to the LLVM Compiler System Chris Lattner llvm.org Architect November 4, 2008 ACAT08 - Erice, Sicily What is the LLVM Project? Collection of industrial strength compiler technology Optimizer and Code Generator

1.29k views • 55 slides
LLVM Numerics Improvements Michael C. Berg, Apple LLVM Developers Meeting, Brussels,

LLVM Numerics Improvements Michael C. Berg, Apple LLVM Developers Meeting, Brussels,

LLVM Numerics Improvements Michael C. Berg, Apple LLVM Developers Meeting, Brussels, Belgium, April 2019 1 Agenda Handling Numerics via Flags Current LLVM Numerics Models How Unsafe Changes Behavior Mixed Mode

714 views • 43 slides
LLVM Coroutines Bringing resumable functions to LLVM LLVM Dev Meeting 2016 Gor Nishanov

LLVM Coroutines Bringing resumable functions to LLVM LLVM Dev Meeting 2016 Gor Nishanov

LLVM Coroutines Bringing resumable functions to LLVM LLVM Dev Meeting 2016 Gor Nishanov (@GorNishanov) 1 Microsoft Visual C++ Team Coroutines Subroutine A Coroutine C Subroutine A Subroutine B C start B start Introduced

1.31k views • 71 slides
Debugging With LLVM A quick introducon to LLDB and LLVM sanizers Graham Hunter, Andrzej

Debugging With LLVM A quick introducon to LLDB and LLVM sanizers Graham Hunter, Andrzej

Debugging With LLVM A quick introducon to LLDB and LLVM sanizers Graham Hunter, Andrzej Warzyski Arm February 2020 Our Background Compiler engineers at Arm Arm Compiler For Linux Downstream and upstream LLVM Based in

913 views • 28 slides
Autovectorization with LLVM Hal Finkel April 12, 2012 The LLVM Compiler Infrastructure 2012

Autovectorization with LLVM Hal Finkel April 12, 2012 The LLVM Compiler Infrastructure 2012

Autovectorization with LLVM Hal Finkel April 12, 2012 The LLVM Compiler Infrastructure 2012 European Conference Hal Finkel (Argonne National Laboratory) Autovectorization with LLVM April 12, 2012 1 / 29 1 Introduction 2 Basic-Block

426 views • 29 slides
LLVM Auto-Vectorization Past Present Future Renato Golin www.linaro.org LLVM

LLVM Auto-Vectorization Past Present Future Renato Golin www.linaro.org LLVM

LLVM Auto-Vectorization Past Present Future Renato Golin www.linaro.org LLVM Auto-Vectorization Plan: What is auto-vectorization? Short-history of the LLVM vectorizer What do we support today, and an overview of how it works

386 views • 22 slides
Effects of globalization: inequality and social dimension Giovanni Marin Department of

Effects of globalization: inequality and social dimension Giovanni Marin Department of

Effects of globalization: inequality and social dimension Giovanni Marin Department of Economics, Society, Politics Universit degli Studi di Urbino Carlo Bo References for this lecture BBGV Chapter 14 Paragraphs 14.5, 14.6

1.85k views • 23 slides
Estimating the robustness to asynchronism for cellular automata models Nazim Fats ENS LYON

Estimating the robustness to asynchronism for cellular automata models Nazim Fats ENS LYON

Cellular Automata Workshop Gdansk September 2005 Estimating the robustness to asynchronism for cellular automata models Nazim Fats ENS LYON Laboratoire de linformatique du paralllisme Modles de calcul et complexit

637 views • 28 slides
Yes 56% 12.9 Has the benefit of the service to the severe and enduring Service User group been

Yes 56% 12.9 Has the benefit of the service to the severe and enduring Service User group been

12.6 Are Staff in your service Trained in Recovery orientated competencies &amp; principles ? Yes 56% 12.9 Has the benefit of the service to the severe and enduring Service User group been evaluated ? Yes 42% as at Jan 2011 Vision Online

607 views • 25 slides
CPo.~ SlApport- : J\J\AAAeLJ ~da.~0Y\&quot;) I C.recl~ts : Sc..hClV)\.(-e lJ 'I:bk&quot; .) .

CPo.~ SlApport- : J\J\AAAeLJ ~da.~0Y\&quot;) I C.recl~ts : Sc..hClV)\.(-e lJ 'I:bk&quot; .) .

~M Leif\Ster LA. o~ ~\o-~aw CPo.~ SlApport- : J\J\AAAeLJ ~da.~0Y\&quot;) I C.recl~ts : Sc..hClV)\.(-e lJ 'I:bk&quot; .) . - - R.ob:A. J &amp;-ezJ 0 -- --- - - - --- - - - - - - PLAN O. Mobl~inv~CM fr:rr CQ,{-e~es ~ (VeA )(

401 views • 16 slides
14 January 2020, 9 Bedford Row (Extradition Group) Overview slides Overview of chronology

14 January 2020, 9 Bedford Row (Extradition Group) Overview slides Overview of chronology

Extradition, Brexit, Interpol and the General Election 14 January 2020, 9 Bedford Row (Extradition Group) Overview slides Overview of chronology 31/01/2020 Exit day / Treaties cease to apply to UK 31/01/2020 to 31/12/2020

611 views • 10 slides
Multiplying a Vector By a Scalar MCV4U: Calculus &amp; Vectors Compare the two vectors, u and

Multiplying a Vector By a Scalar MCV4U: Calculus &amp; Vectors Compare the two vectors, u and

g e o m e t r i c v e c t o r s g e o m e t r i c v e c t o r s Multiplying a Vector By a Scalar MCV4U: Calculus &amp; Vectors Compare the two vectors, u and v . Multiplying Vectors By Scalars J. Garvin u and v have the same

365 views • 4 slides
THE EUROPEAN COURT OF AUDITORS Procurement in European funded pre-accession projects Public

THE EUROPEAN COURT OF AUDITORS Procurement in European funded pre-accession projects Public

THE EUROPEAN COURT OF AUDITORS Procurement in European funded pre-accession projects Public procurement seminar Lisbon 14 Oct 2010 afasdfa European Court of Auditors 12, rue Alcide De Gasperi L - 1615 LUXEMBOURG Tel.: +352 4398-1 Fax: +352

299 views • 11 slides
2016.06.03 /

2016.06.03 /

2016.06.03 / : - , (2008- ) - (NCsoft) (2006-2008) -

897 views • 61 slides

More recommend