Results 1 - 10
of
143
Automatic discovery and quantification of information leaks
- IN: IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2009
"... Information-flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. We present the first automatic method for information-flow analysis that discovers what information is leaked and computes its comprehensive quantitative interpr ..."
Abstract
-
Cited by 72 (9 self)
- Add to MetaCart
(Show Context)
Information-flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. We present the first automatic method for information-flow analysis that discovers what information is leaked and computes its comprehensive quantitative interpretation. The leaked information is characterized by an equivalence relation on secret artifacts, and is represented by a logical assertion over the corresponding program variables. Our measurement procedure computes the number of discovered equivalence classes and their sizes. This provides a basis for computing a set of quantitative properties, which includes all established information-theoretic measures in quantitative information-flow. Our method exploits an inherent connection between formal models of qualitative information-flow and program verification techniques. We provide an implementation of our method that builds upon existing tools for program verification and information-theoretic analysis. Our experimental evaluation indicates the practical applicability of the presented method.
Fluid Updates: Beyond Strong vs. Weak Updates
"... We describe a symbolic heap abstraction that unifies reasoning about arrays, pointers, and scalars, and we define a fluid update operation on this symbolic heap that relaxes the dichotomy between strong and weak updates. Our technique is fully automatic, does not suffer from the kind of state-spac ..."
Abstract
-
Cited by 36 (12 self)
- Add to MetaCart
We describe a symbolic heap abstraction that unifies reasoning about arrays, pointers, and scalars, and we define a fluid update operation on this symbolic heap that relaxes the dichotomy between strong and weak updates. Our technique is fully automatic, does not suffer from the kind of state-space explosion problem partition-based approaches are prone to, and can naturally express properties that hold for non-contiguous array elements. We demonstrate the effectiveness of this technique by evaluating it on challenging array benchmarks and by automatically verifying buffer accesses and dereferences in five Unix Coreutils applications with no annotations or false alarms.
A Quick Tour of the VeriFast Program Verifier
- In: APLAS. Ed. by
, 2010
"... Abstract. This paper describes the main features of VeriFast, a sound and modular program verifier for C and Java. VeriFast takes as input a number of source files annotated with method contracts written in sep-aration logic, inductive data type and fixpoint definitions, lemma func-tions and proof s ..."
Abstract
-
Cited by 33 (6 self)
- Add to MetaCart
(Show Context)
Abstract. This paper describes the main features of VeriFast, a sound and modular program verifier for C and Java. VeriFast takes as input a number of source files annotated with method contracts written in sep-aration logic, inductive data type and fixpoint definitions, lemma func-tions and proof steps. The verifier checks that (1) the program does not perform illegal operations such as dividing by zero or illegal memory ac-cesses and (2) that the assumptions described in method contracts hold in each execution. Although VeriFast supports specifying and verifying deep data structure properties, it provides an interactive verification experience as verifica-tion times are consistently low and errors can be diagnosed using its symbolic debugger. VeriFast and a large number of example programs are available online at:
Automatic Numeric Abstractions for Heap-Manipulating Programs
, 2010
"... We present a logic for relating heap-manipulating programs to numeric abstractions. These numeric abstractions are expressed as simple imperative programs over integer variables and have the property that termination and safety of the numeric program ensures termination and safety of the original, h ..."
Abstract
-
Cited by 32 (2 self)
- Add to MetaCart
(Show Context)
We present a logic for relating heap-manipulating programs to numeric abstractions. These numeric abstractions are expressed as simple imperative programs over integer variables and have the property that termination and safety of the numeric program ensures termination and safety of the original, heap-manipulating program. We have implemented an automated version of this abstraction process and present experimental results for programs involving a variety of data structures.
Detecting Inefficiently-Used Containers to Avoid Bloat
- ACM SIGPLAN 2010 CONFERENCE ON PROGRAMMING LANGUAGE DESIGN AND IMPLEMENTATION
, 2010
"... Runtime bloat degrades significantly the performance and scalability of software systems. An important source of bloat is the inefficient use of containers. It is expensive to create inefficiently-used containers and to invoke their associated methods, as this may ultimately execute large volumes of ..."
Abstract
-
Cited by 26 (12 self)
- Add to MetaCart
(Show Context)
Runtime bloat degrades significantly the performance and scalability of software systems. An important source of bloat is the inefficient use of containers. It is expensive to create inefficiently-used containers and to invoke their associated methods, as this may ultimately execute large volumes of code, with call stacks dozens deep, and allocate many temporary objects. This paper presents practical static and dynamic tools that can find inappropriate use of containers in Java programs. At the core of these tools is a base static analysis that identifies, for each container, the objects that are added to this container and the key statements (i.e., heap loads and stores) that achieve the semantics of common container operations such as ADD and GET. The static tool finds problematic uses of containers by considering the nesting relationships among the loops where these semantics-achieving statements
Automating Separation Logic Using SMT
"... Separation logic (SL) has gained widespread popularity because of its ability to succinctly express complex invariants of a program’s heap configurations. Several specialized provers have been developed for decidable SL fragments. However, these provers cannot be easily extended or combined with s ..."
Abstract
-
Cited by 22 (1 self)
- Add to MetaCart
(Show Context)
Separation logic (SL) has gained widespread popularity because of its ability to succinctly express complex invariants of a program’s heap configurations. Several specialized provers have been developed for decidable SL fragments. However, these provers cannot be easily extended or combined with solvers for other theories that are important in program verification, e.g., linear arithmetic. In this paper, we present a reduction of decidable SL fragments to a decidable first-order theory that fits well into the satisfiability modulo theories (SMT) framework. We show how to use this reduction to automate satisfiability, entailment, frame inference, and abduction problems for separation logic using SMT solvers. Our approach provides a simple method of integrating separation logic into existing verification tools that provide SMT backends, and an elegant way of combining SL fragments with other decidable first-order theories. We implemented this approach in a verification tool and applied it to heap-manipulating programs whose verification involves reasoning in theory combinations.
Implicit Dynamic Frames
, 2011
"... An important, challenging problem in the verification of imperative programs with shared, mutable state is the frame problem in the presence of data abstraction. That is, one must be able to specify and verify upper bounds on the set of memory locations a method can read and write without exposing t ..."
Abstract
-
Cited by 20 (6 self)
- Add to MetaCart
An important, challenging problem in the verification of imperative programs with shared, mutable state is the frame problem in the presence of data abstraction. That is, one must be able to specify and verify upper bounds on the set of memory locations a method can read and write without exposing that method’s implementation. Separation logic is now widely considered the most promising solution to this problem. However, unlike conventional verification approaches, separation logic assertions cannot mention heap-dependent expressions from the host programming language such as method calls familiar to many developers. Moreover, separation logic-based verifiers are often based on symbolic execution. These symbolic execution-based verifiers typically do not support non-separating conjunction, and some of them rely on the developer to explicitly fold and unfold predicate definitions. Furthermore, several researchers have wondered whether it is possible to use verification condition generation and standard first-order provers instead of symbolic execution to automatically verify conformance with a separation logic specification. In this paper, we propose a variant of separation logic, called implicit dynamic frames, that supports heap-dependent expressions inside assertions. Conformance with an implicit dynamic frames specification can be checked by proving validity of a number of first-order verification conditions. To show that these verification
Precise and Compact Modular Procedure Summaries for Heap Manipulating Programs
- In PLDI
, 2011
"... We present a strictly bottom-up, summary-based, and precise heap analysis targeted for program verification that performs strong up-dates to heap locations at call sites. We first present a theory of heap decompositions that forms the basis of our approach; we then de-scribe a full analysis algorith ..."
Abstract
-
Cited by 19 (5 self)
- Add to MetaCart
(Show Context)
We present a strictly bottom-up, summary-based, and precise heap analysis targeted for program verification that performs strong up-dates to heap locations at call sites. We first present a theory of heap decompositions that forms the basis of our approach; we then de-scribe a full analysis algorithm that is fully symbolic and efficient. We demonstrate the precision and scalability of our approach for verification of real C and C++ programs.
Undecidability of propositional separation logic and its neighbours
"... Separation logic has proven an adequate formalism for the analysis of programs that manipulate memory (in the form of pointers, heaps, stacks, etc.). In this paper, we consider the purely propositional fragment of separation logic, as well as a number of closely related substructural logical systems ..."
Abstract
-
Cited by 18 (7 self)
- Add to MetaCart
Separation logic has proven an adequate formalism for the analysis of programs that manipulate memory (in the form of pointers, heaps, stacks, etc.). In this paper, we consider the purely propositional fragment of separation logic, as well as a number of closely related substructural logical systems. We show that, surprisingly, all of these propositional logics are undecidable. In particular, we solve an open problem by establishing the undecidability of Boolean BI. 1
