44 research outputs found
CONFIGEN: A tool for managing configuration options
This paper introduces CONFIGEN, a tool that helps modularizing software.
CONFIGEN allows the developer to select a set of elementary components for his
software through an interactive interface. Configuration files for use by
C/assembly code and Makefiles are then automatically generated, and we
successfully used it as a helper tool for complex system software refactoring.
CONFIGEN is based on propositional logic, and its implementation faces hard
theoretical problems.Comment: In Proceedings LoCoCo 2010, arXiv:1007.083
Paravirtualizing Linux in a real-time hypervisor
International audienceThis paper describes a new hypervisor built to run Linux in a virtual machine. This hypervisor is built inside Anaxagoros, a real-time microkernel designed to execute safely hard real-time and non real-time tasks. This allows the execution of hard real-time tasks in parallel with Linux virtual machines without interfering with the execution of the real-time tasks. We implemented this hypervisor and compared performances with other virtualization techniques. Our hypervisor does not yet provide high performance but gives correct results and we believe the design is solid enough to guarantee solid performances with its future implementation
An Approach for Verifying Concurrent C Programs
International audienceAs software system and its complexity are fast growing, software correctness becomes more and more a crucial issue. We address the problem of verifying functional properties of real-time operating system (microkernel) implemented with C. We present a work-in-progress approach for formally specifying and verifying concurrent C programs directly based on the semantics of C. The basis of this approach is to automatically translate a C code into a TLA+ specification which can be checked by the TLC model checker. We define a set of translation rules and implement it in a tool (C2TLA+) that automatically translates C code into a TLA+ specification. Generated specifications can be integrated with manually written specifications that provide primitives that cannot be expressed in C, or that provide abstract versions of the generated specifications to address the state-explosion problem
Interprocedural Shape Analysis Using Separation Logic-based Transformer Summaries
International audienceShape analyses aim at inferring semantic invariants related to the data-structures that programs manipulate. To achieve that, they typically abstract the set of reachable states. By contrast, abstractions for transformation relations between input states and output states not only provide a finer description of program executions but also enable the composition of the effect of program fragments so as to make the analysis modular. However, few logics can efficiently capture such transformation relations. In this paper, we propose to use connectors inspired by separation logic to describe memory state transformations and to represent procedure summaries. Based on this abstraction, we design a top-down interprocedural analysis using shape transformation relations as procedure summaries. Finally, we report on implementation and evaluation
Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine
Inline assembly is still a common practice in low-level C programming,
typically for efficiency reasons or for accessing specific hardware resources.
Such embedded assembly codes in the GNU syntax (supported by major compilers
such as GCC, Clang and ICC) have an interface specifying how the assembly codes
interact with the C environment. For simplicity reasons, the compiler treats
GNU inline assembly codes as blackboxes and relies only on their interface to
correctly glue them into the compiled C code. Therefore, the adequacy between
the assembly chunk and its interface (named compliance) is of primary
importance, as such compliance issues can lead to subtle and hard-to-find bugs.
We propose RUSTInA, the first automated technique for formally checking inline
assembly compliance, with the extra ability to propose (proven) patches and
(optimization) refinements in certain cases. RUSTInA is based on an original
formalization of the inline assembly compliance problem together with novel
dedicated algorithms. Our prototype has been evaluated on 202 Debian packages
with inline assembly (2656 chunks), finding 2183 issues in 85 packages -- 986
significant issues in 54 packages (including major projects such as ffmpeg or
ALSA), and proposing patches for 92% of them. Currently, 38 patches have
already been accepted (solving 156 significant issues), with positive feedback
from development teams
C2TLA+ : Traduction automatique du code C vers TLA+
National audienceNous nous intéressons dans ce papier à l'automatisation de la traduction d'un code source C vers un modèle écrit dans le langage de spécification TLA+. Nous proposons alors un outil C2TLA+ pour automatiser le passage d'un code source C vers un modèle écrit dans un langage combinant une logique temporelle avec une logique des actions afin qu'il soit vérifié par le model-checker TLC. Ce papier illustre les règles de représentation et de traduction utilisées pour passer d'une implémentation à une spécification TLA+
Reverse template processing using abstract interpretation
International audienceTemplate languages transform tree-structured data into text. We study the reverse problem, transforming the template into a parser that returns all the tree-structured data that can produce a given text. Programs written in template languages are generally not injective (they have multiple preimages), not affine (some input variables can appear at several locations in the output), and erasing (they provide only a partial view of the source), which makes the problem challenging. We propose to solve this problem using concepts from abstract interpretation, like the denotational style of abstract semantics, soundness, exactness, or reduction, to reason about the precision and the recovery of all the preimages. This work shows that Abstract Interpretation is a very useful theory when reasoning about the reversal of non-injective programs
SSA translation is an abstract interpretation
the 50th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2023), 15 to 21 January 2023, Boston (MA) USAInternational audienceStatic single assignment (SSA) form is a popular intermediate representation that helps implement useful static analyses, including global value numbering (GVN), sparse dataflow analyses, or SMT-based abstract interpretation or model checking. However, the precision of the SSA translation itself depends on static analyses, and a priori static analysis is even indispensable in the case of low-level input languages like machine code. To solve this chicken-and-egg problem, we propose to turn the SSA translation into a standard static analysis based on abstract interpretation. This allows the SSA translation to be combined with other static analyses in a single pass, taking advantage of the fact that it is more precise to combine analyses than applying passes in sequence. We illustrate the practicality of these results by writing a simple dataflow analysis that performs SSA translation, optimistic global value numbering, sparse conditional constant propagation, and loop-invariant code motion in a single small pass; and by presenting a multi-language static analyzer for both C and machine code that uses the SSA abstract domain as its main intermediate representation
Intégration de systèmes hétérogènes en termes de niveaux de sécurité
This thesis studies design and implementation principles to execute tasks of different criticity levels onto the same computer. Additionally, some of these tasks may have hard real-time constraints. This requires to prove that tasks will get enough resources to execute properly, through the use of predictible and still simple allocation policies. Moreover, ensuring that critical tasks will execute correctly in presence of faults is needed. In particular, providing guarantees on resource allocation should be possible. At last, the system should be easily adaptable to different situations. This thesis tackles these issues through a design proposal for a highly secure and extensible system, which is also independent of resource allocation policies. This is accomplished in particular by systematic use of resource lending, which allows to account for resources independently of protection domains. This approach avoids partitionning resources into pools, simplifying the global allocation problem and deleting every waste of resources. We demonstrate that this approach is feasible using a prototype implementation. This methodology dramatically simplifies resource allocation, but implies additional constraints when writing shared services (e.g. device drivers). In particular, specific new synchronization problems occur. Original mechanisms to solve these problems are proposed, and a methodology that helps writing these shared services.Cette thèse étudie les principes de mise en oeuvre pour l'exécution sur un même ordinateur, de tâches de niveaux de criticité différents, et dont certaines peuvent avoir des contraintes temps réel dur. Les difficultés pour réaliser ces objectifs forment trois catégories. Il faut d'abord prouver que les tâches disposeront d'assez de ressources pour s'exécuter; il doit être ainsi possible d'avoir des politiques d'allocations et d'ordonnancement sûres, prévisibles et simples. Il faut également apporter des garanties de sécurité pour s'assurer que les tâches critiques s'exécuteront correctement en présence de défaillances ou malveillances. Enfin, le système doit pouvoir être réutilisé dans une variété de situations. Cette thèse propose de s'attaquer au problème par la conception d'un système hautement sécurisé, extensible, et qui soit indépendant des politiques d'allocation de ressources. Cela est notamment accompli par le prêt de ressource, qui permet de décompter les ressources indépendamment des domaines de protection. Cette approche évite d'avoir à partitionner les ressources, ce qui simplifie le problème global de l'allocation et permet de ne pas gâcher de ressources. Les problèmes de type inversion de priorité, famine ou dénis de service sont supprimés à la racine. Nous démontrons la faisabilité de cette approche è l'aide d'un prototype, Anaxagoros. La démarche que nous proposons simplifie drastiquement l'allocation des ressources mais implique des contraintes dans l'écriture de services partagés (comme les pilotes de périphériques). Les principales difficultés consistent en des contraintes de synchronisation supplémentaires. Nous proposons des mécanismes originaux et efficaces pour résoudre les problèmes de concurrence et synchronisation, et une méthodologie générale pour faciliter l'écriture sécurisée de ces services partagés