Bounded Verification of Multi-threaded Programs via Lazy Sequentialization

2022 ◽  
Vol 44 (1) ◽  
pp. 1-50
Author(s):  
Omar Inverso ◽  
Ermenegildo Tomasco ◽  
Bernd Fischer ◽  
Salvatore La Torre ◽  
Gennaro Parlato

Bounded verification techniques such as bounded model checking (BMC) have successfully been used for many practical program analysis problems, but concurrency still poses a challenge. Here, we describe a new approach to BMC of sequentially consistent imperative programs that use POSIX threads. We first translate the multi-threaded program into a nondeterministic sequential program that preserves reachability for all round-robin schedules with a given bound on the number of rounds. We then reuse existing high-performance BMC tools as backends for the sequential verification problem. Our translation is carefully designed to introduce very small memory overheads and very few sources of nondeterminism, so it produces tight SAT/SMT formulae, and is thus very effective in practice: Our Lazy-CSeq tool implementing this translation for the C programming language won several gold and silver medals in the concurrency category of the Software Verification Competitions (SV-COMP) 2014–2021 and was able to find errors in programs where all other techniques (including testing) failed. In this article, we give a detailed description of our translation and prove its correctness, sketch its implementation using the CSeq framework, and report on a detailed evaluation and comparison of our approach.

2020 ◽  
Vol 10 (21) ◽  
pp. 7853
Author(s):  
Henrich Lauko ◽  
Martina Olliaro ◽  
Agostino Cortesi ◽  
Petr Roc̆kai

Data type abstraction plays a crucial role in software verification. In this paper, we introduce a domain for abstracting strings in the C programming language, where strings are managed as null-terminated arrays of characters. The new domain M-String is parametrized on an index (bound) domain and a character domain. By means of these different constituent domains, M-Strings captures shape information on the array structure as well as value information on the characters occurring in the string. By tuning these two parameters, M-String can be easily tailored for specific verification tasks, balancing precision against complexity. The concrete and the abstract semantics of basic operations on strings are carefully formalized, and soundness proofs are fully detailed. Moreover, for a selection of functions contained in the standard C library, we provide the semantics for character access and update, enabling an automatic lifting of arbitrary string-manipulating code into our new domain. An implementation of abstract operations is provided within a tool that automatically lifts existing programs into the M-String domain along with an explicit-state model checker. The accuracy of the proposed domain is experimentally evaluated on real-case test programs, showing that M-String can efficiently detect real-world bugs as well as to prove that program does not contain them after they are fixed.


Electronics ◽  
2019 ◽  
Vol 8 (9) ◽  
pp. 1057
Author(s):  
Gianpiero Cabodi ◽  
Paolo Camurati ◽  
Fabrizio Finocchiaro ◽  
Danilo Vendraminetto

Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and they do not exploit any software vulnerabilities. Moreover, they violate all security assumptions ensured by standard security procedures, (e.g., address space isolation), and, as a result, every security mechanism built upon these guarantees. These vulnerabilities allow the attacker to retrieve leaked data without accessing the secret directly. Indeed, they make use of covert channels, which are mechanisms of hidden communication that convey sensitive information without any visible information flow between the malicious party and the victim. The root cause of this type of side-channel attacks lies within the speculative and out-of-order execution of modern high-performance microarchitectures. Since modern processors are hard to verify with standard formal verification techniques, we present a methodology that shows how to transform a realistic model of a speculative and out-of-order processor into an abstract one. Following related formal verification approaches, we simplify the model under consideration by abstraction and refinement steps. We also present an approach to formally verify the abstract model using a standard model checker. The theoretical flow, reliant on established formal verification results, is introduced and a sketch of proof is provided for soundness and correctness. Finally, we demonstrate the feasibility of our approach, by applying it on a pipelined DLX RISC-inspired processor architecture. We show preliminary experimental results to support our claim, performing Bounded Model-Checking with a state-of-the-art model checker.


2017 ◽  
Vol 4 (1) ◽  
pp. 38-55 ◽  
Author(s):  
Bapuji Rao ◽  
Brojo Kishore Mishra

This paper introduces a new approach of clustering of text documents based on a set of words using graph mining techniques. The proposed approach clusters (groups) those text documents having searched successfully for the given set of words from a set of given text documents. The document-word relation can be represented as a bi-partite graph. All the clustering of text documents is represented as sub-graphs. Further, the paper proposes an algorithm for clustering of text documents for a given set of words. It is an automated system and requires minimal human interaction for the clustering of text documents. The algorithm has been implemented using C++ programming language and observed satisfactory results.


10.29007/q58t ◽  
2018 ◽  
Author(s):  
Stephan Falke ◽  
Carsten Sinz ◽  
Florian Merz

The theory of arrays is widely used in order to model main memory in program analysis, software verification, bounded model checking, symbolic execution, etc. Nonetheless, the basic theory as introduced by McCarthy is not expressive enough for important practical cases since it only supports array updates at single locations. In programs, the memory is often modified using functions such as memset or memcpy/memmove, which modify a user-specified range of locations whose size might not be known statically. In this paper we present an extension of the theory of arrays with set and copy operations which make it possible to reason about such functions. We also discuss further applications of the theory.


Author(s):  
Е.Е. Таратута

Основной мотивацией для данной статьи послужила растущая популярность реконфигурируемых ПЛИС (программируемых логических интегральных схем) в области высокопроизводительных вычислений, а также необходимость исследовать особенности написания эффективных программ с использованием инструмента Altera SDK for OpenCL, позволяющего писать приложения для ПЛИС с помощью языка программирования Си++ и стандарта OpenCL. В статье рассмотрены особенности программной модели OpenCL и представлено исследование производительности и особенностей различных реализаций фильтра Собеля с использованием указанного инструмента. The main motivation is the growing popularity of reconfigurable FPGAs in the field of high-performance computing as well as the need to study the features of writing efficient software using the Altera SDK for OpenCL tool, which allows one to implement applications for FPGA using the C++ programming language and the OpenCL standard. The paper discusses the features of the OpenCL software model and presents a study of the performance and features of various Sobel filter implementations using the mentioned tool.


1992 ◽  
Vol 57 (1) ◽  
pp. 33-45
Author(s):  
Vladimír Jakuš

A new approach to theoretical evaluation of the Gibbs free energy of solvation was applied for estimation of retention data in high-performance liquid chromatography on reversed phases (RP-HPLC). Simple and improved models of stationary and mobile phases in RP-HPLC were employed. Statistically significant correlations between the calculated and experimental data were obtained for a heterogeneous series of twelve compounds.


Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Shushan Arakelyan ◽  
Sima Arasteh ◽  
Christophe Hauser ◽  
Erik Kline ◽  
Aram Galstyan

AbstractTackling binary program analysis problems has traditionally implied manually defining rules and heuristics, a tedious and time consuming task for human analysts. In order to improve automation and scalability, we propose an alternative direction based on distributed representations of binary programs with applicability to a number of downstream tasks. We introduce Bin2vec, a new approach leveraging Graph Convolutional Networks (GCN) along with computational program graphs in order to learn a high dimensional representation of binary executable programs. We demonstrate the versatility of this approach by using our representations to solve two semantically different binary analysis tasks – functional algorithm classification and vulnerability discovery. We compare the proposed approach to our own strong baseline as well as published results, and demonstrate improvement over state-of-the-art methods for both tasks. We evaluated Bin2vec on 49191 binaries for the functional algorithm classification task, and on 30 different CWE-IDs including at least 100 CVE entries each for the vulnerability discovery task. We set a new state-of-the-art result by reducing the classification error by 40% compared to the source-code based inst2vec approach, while working on binary code. For almost every vulnerability class in our dataset, our prediction accuracy is over 80% (and over 90% in multiple classes).


2021 ◽  
Vol 17 ◽  
pp. 100352
Author(s):  
S.-J. Wang ◽  
M. Sawatzki ◽  
H. Kleemann ◽  
I. Lashkov ◽  
D. Wolf ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document