Shuvendu Lahiri Kenneth McMillan Rahul Sharma Chris Hawblitzel Differential Assertion Checking.

Slides:



Advertisements
Similar presentations
Complete Structure class Date {class Date { private :private : // private data and functions// private data and functions public :public : // public data.
Advertisements

#include void main() { float x = 1.66, y = 1.75; printf(%f%f,ceil(x), floor(y)); }
Continuation of chapter 6…. Nested while loop A while loop used within another while loop is called nested while loop. Q. An illustration to generate.
Recursive Descent Technique CMSC 331. UMBC 2 The Header /* This program matches the following A -> B { '|' B } B -> C { '&' C } C -> D { '^' D } D ->
For(int i = 1; i
STRING AN EXAMPLE OF REFERENCE DATA TYPE. 2 Primitive Data Types  The eight Java primitive data types are:  byte  short  int  long  float  double.
Buffer Overflow Prabhaker Mateti Wright State University.
void count_down (int count) { for(i=count; i>1; i--) printf(" %d\t", count); } printf("A%d\n", count); if(count>1) count_down(count-1); printf("B%d\n",
SFTW241 Group A4 Presentation of Grouping Process.
Introduction to Assembly language
2003 Michigan Technological University March 19, Steven Seidel Department of Computer Science Michigan Technological University
Templated Functions. Overloading vs Templating  Overloaded functions allow multiple functions with the same name.
Pointer to Structure. Structure variable can be access using pointers int a=10,*p; Here p  is an integer type pointer variable, p can hold the address.
Shuvendu Lahiri Kenneth McMillan Rahul Sharma Chris Hawblitzel Differential Assertion Checking.
C++ Basics March 10th. A C++ program //if necessary include headers //#include void main() { //variable declaration //read values input from user //computation.
Chapter Fourteen Strings Revisited. Strings A string is an array of characters A string is a pointer to a sequence of characters A string is a complete.
Array_strcpy void array_strcpy(char dest[], char src[]) { int i = 0; while (src[i] != '\0') { dest[i] = src[i]; i++; } dest[i] = '\0'; }
Sort the given string, without using string handling functions.
Lecture # 21 Chapter 6 Uptill 6.4. Type System A type system is a collection of rules for assigning type expressions to the various parts of the program.
SymDiff: Leveraging Program Verification for Comparing Programs Shuvendu Lahiri Research in Software Engineering (RiSE), Microsoft Research, Redmond Contributors:
1 Class Vehicle #include #define N 10../.. 2 Class Vehicle class vehicle { public: float speed; char colour[N+1]; char make[N+1];
Tinaliah, S. Kom.. * * * * * * * * * * * * * * * * * #include using namespace std; void main () { for (int i = 1; i
Union, bitfield, typedef, enum union nama_u{ }; union nama_u{ struct nama_s byte; }; enum{ }; Tipedef var BYTE.
Triana Elizabeth, S.Kom. #include using namespace std; void main () { for (int i = 1; i
By Senem Kumova Metin 1 POINTERS + ARRAYS + STRINGS REVIEW.
Stack buffer overflow.
Passing arguments by value void func (int x) { x = 4; }... int a = 10;... func(a); cout
13 June mpiJava. Related projects mpiJava (Syracuse) JavaMPI (Getov et al, Westminster) JMPI (MPI Software Technology) MPIJ.
Pointers and Arrays C and Data Structures Baojian Hua
Tutorial #8 Summer strings #include int main() { char str1[] = {‘h’,’e’,’l’,’l’,’o’}; char str[] = {‘h’,’e’,’l’,’l’,’o’,’\0’}; char p[] = ”hello”;
Pointers Example Use int main() { int *x; int y; int z; y = 10; x = &y; y = 11; *x = 12; z = 15; x = &z; *x = 5; z = 8; printf(“%d %d %d\n”, *x, y, z);
Introduction to Programming Strings. 2 Introduction  Until now  We have seen strings in cout  Our old definition: string is a set of char between “”
Data Type string #include // C++ String class string str1, str2; // Default constructor cin >> str1 >> str2; cout
Rahul Sharma Joint work with Aditya Nori (MSR India) and Alex Aiken (Stanford)
Lecturer : Sakuni Sellapperuma. Introduction An array is a container object that holds a fixed number of values of a single type. The length of an array.
Differential and cross-version program verification Shuvendu Lahiri Research in Software Engineering (RiSE), Microsoft Research, Redmond, WA USA Halmstad.
Chapter 14 Memory API Chien-Chung Shen CIS, UD
Lecture 8 Using casts, Strings and WordUtil. Agenda Generating random numbers Casts – Casting a double into an int – Casting an int into a char – Casting.
Lecture 6 C++ Programming Arne Kutzner Hanyang University / Seoul Korea.
One-dimensional arrays and strings: Chapter 6, Slide 1 The concept of array - an extension of the basic model of memory:
CS 1430: Programming in C++ 1. Data Type string #include // C++ String class string str1, str2; // Default constructor cin >> str1 >> str2; cout
Chapter 15 Strings as Character Arrays
1 MIPS Assembly Language Programming CDA 3101 Discussion Section 04.
1 Advanced Programming Examples Output. Show the exact output produced by the following code segment. char[,] pic = new char[6,6]; for (int i = 0; i
Print Row Function void PrintRow(float x[ ][4],int i) { int j; for(j=0;j
Advanced UNIX programming Fall 2002 Instructor: Ashok Srinivasan Lecture 17 Acknowledgements: The syllabus and power point presentations are modified versions.
Int fact (int n) { If (n == 0) return 1; else return n * fact (n – 1); } 5 void main () { Int Sum; : Sum = fact (5); : } Factorial Program Using Recursion.
Checking character case class characterCase { public static void main (String arg[]) { char c = ‘A’; if (isUpperCase(c)) { System.out.println(c + “ is.
Java Programming Language Lecture27- An Introduction.
Differential program verification: Verifying properties of differences (instead of programs) Shuvendu Lahiri Research in Software Engineering (RiSE), Microsoft.
SymDiff: A differential program verifier
C++ Arrays.
Introduction to Programming and the C Language
Too Much Milk With Locks
Too Much Milk With Locks
Stack buffer overflow.
Too Much Milk With Locks
Key Difference between Manual Testing and Model Checking
Multidimensional Arrays
Default Arguments.
Dynamic Memory A whole heap of fun….
class PrintOnetoTen { public static void main(String args[]) {
Chien-Chung Shen CIS/UD
C++ Pointers and Strings
Function Overloading.
The Stack.
Too Much Milk With Locks
Structures in c By Anand George.
C++ Pointers and Strings
Instructor: Mainak Chaudhuri
Presentation transcript:

Shuvendu Lahiri Kenneth McMillan Rahul Sharma Chris Hawblitzel Differential Assertion Checking

Assertion Checking void strcopy (char* dst, char*src, int size) { int i=0; for(;i<size-1 && *src; i++) *dst++ = *src++; *dst = 0; } assert(Valid(x)) before every *x

Assertion Checking is Hard void strcopy (char* dst, char*src, int size) { int i=0; for(;i<size-1 && *src; i++) *dst++ = *src++; *dst = 0; }

Correctness -> Relative Correctness Practical and useful

Relative Correctnesss (Bug) void strcopy_buggy (char* dst, char*src, int size) { int i = 0; for(;*src && i<size-1; i++) *dst++ = *src++; *dst = 0; } void strcopy_correct (char* dst, char*src, int size) { int i = 0; for(;i<size-1 && *src; i++) *dst++ = *src++; *dst = 0; } CEX: size=0, src =0, dst= some valid location

Relative Correctness (Proof) void strcopy_correct (char* dst, char*src, int size) { int i=0; for(;i<size-1 && *src; i++) *dst++ = *src++; *dtmp = 0; } void strcopy_buggy (char* dst, char*src, int size) { int i=0; for(;*src && i<size-1; i++) *dst++ = *src++; *dst = 0; } No need to constrain the inputs Invariants: src.1=src.2, dst.1=dst.2, size.1=size.2, i.1=i.2

Differential Assertion Checking

main1 main2 n1n2 bool ok1; bool ok2; ok1:=ok1 && b assert b ok2:=ok2 && b assert b main1main2 n1n2 ok1:=ok2:=true; assert ok1=>ok2

proc f1(x1): r1 modifies g1 { s1; L1: w1 := call h1(e1); t1 } proc f2(x2): r2 modifies g2 { s2; L2: w2 := call h2(e2); t2 } Composed Program

Main Result Holds even in the presence of loops and recursion

Implementation Workflow Verifying bug fixes Filtering alarms P1P2.bpl P1.bpl P2.bpl annotated P1P2.bpl SMT SymDiff Houdini Z3 Boogie

Verifying Bug Fixes Did a fix inadvertently introduce new bugs Verisec suite: “snippets of open source programs which contain buffer overflow vulnerabilities, as well as corresponding patched versions.” Relative buffer overflow checking Examples include apache, madwifi, sendmail, …

Example int main_patched() { … fb := 0; while(c1=read()!=EOF) { fbuf[fb] = c1; fb++; if(fb >= MAX) fb = 0; } … } int main_buggy() { … fb := 0; while(c1=read()!=EOF) { fbuf[fb] = c1; fb++; } … } Buffer Overflow Invariant: fb.2<=fb.1

Filtering Warnings

WDK results

Related Work Joshi et al. ‘12: Differential errors for bounded programs Relative properties of approx. program transformations (Carbin et al. ‘12, ‘13) No automatic tool for checking these Equivalence checking: Translation validation, validating program refactorings Product programs (Barthe et al. ‘11, Pnueli et al. ‘08)

Conclusion A new form of relative correctness, from assertions Complementary to equivalence and refinement A modular composition procedure Enables decomposition of the proof Use off-the-shelf verifiers for differential checking Implementation inside SymDiff for automated proofs Future work: inference techniques, further evaluation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.