Model checking boot code from AWS data centers

© 2020, The Author(s). This paper describes our experience with symbolic model checking in an industrial setting. We have proved that the initial boot code running in data centers at Amazon Web Services is memory safe, an essential step in establishing the security of any data center. Standard static analysis tools cannot be easily used on boot code without modification owing to issues not commonly found in higher-level code, including memory-mapped device interfaces, byte-level memory access, and linker scripts. This paper describes automated solutions to these issues and their implementation in the C Bounded Model Checker (CBMC). CBMC is now the first source-level static analysis tool to extract the memory layout described in a linker script for use in its analysis

Bounded Model Checking of Industrial Code

Abstract: Bounded Model Checking(BMC) is an effective and precise static analysis technique that reduces program verification to satisfiability (SAT) solving. However, with a few exceptions, BMC is not actively used in software industry, especially, when compared to dynamic analysis techniques such as fuzzing, or light-weight formal static analysis. This thesis describes our experience of applying BMC to industrial code using a novel BMC tool SEABMC. We present three contributions: First, a case study of (re)verifying the aws-c-common library from AWS using SEABMC and KLEE. This study explores the methodology from the perspective of three research questions: (a) can proof artifacts be used across verification tools; (b) are there bugs in verified code; and (c) can specifications be improved. To study these questions, we port the verification tasks for aws-c-common library to SEAHORN and KLEE. We show the benefits of using compiler semantics and cross-checking specifications with different verification techniques, and call for standardizing proof library extensions to increase specification reuse. Second, a description of SEABMC - a novel BMC engine for SEAHORN. We start with a custom IR (called SEA-IR) that explicitly purifies all memory operations by explicating dependencies between them. We then run program transformations and allow for generating many different styles of verification conditions. To support memory safety checking, we extend our base approach with fat pointers and shadow bits of memory to keep track of metadata, such as the size of a pointed-to object. To evaluate SEABMC, we use the aws-c-common library from AWS as a benchmark and compare with CBMC, SMACK, and KLEE. We show that SEABMC is capable of providing an order of magnitude improvement compared with state-of-the-art. Third, a case study of extending SEABMC to work with Rust - a young systems programming language. We ask three research questions: (a) can SEABMC be used to verify Rust programs easily; (b) can the specification style of aws-c-common be applied successfully to Rust programs; and (c) can verification become more efficient when using higher level language information. We answer these questions by verifying aspects of the Rust standard library using SEAURCHIN, an extension of SEABMC for Rust

Monitoring and mitigation of the sound effects of hydrocarbon exploration activities on marine mammal populations

Offshore Exploration and Production (E&P) activities, such as seismic surveys and drilling, generate sound that can affect marine mammals in different ways. These effects range from permanent or temporary auditory impacts to disturbance or behavioral changes, and communication masking. Depending on the intensity and duration of these effects, and without implementation of appropriate mitigation measures, this can result in population-level consequences. The overarching objective of this study was to advance the protection of marine mammals during the implementation of E&P activities through the following themes: (1) enhancement of the state of knowledge of risk management, (2) efficacy of mitigation, (3) advanced monitoring technology, (4) implementation of advanced industry monitoring and mitigation measures and (5) measurement of heretofore unassessed E&P activities. In this study several marine mammal monitoring and mitigation programs associated with E&P projects are presented to further advance these themes. Topics being addressed include the use of autonomous camera systems for aerial monitoring of a narwhal population, long-term photo-identification studies of western gray whales to better understand site fidelity to their summer feeding grounds, mitigation of gray whales’ behavioral responses to a seismic survey near these feeding grounds and use of Passive Acoustic Monitoring to characterize seismic pulses and drilling activity as well as marine mammal presence in remote arctic areas. A synthesis of the main findings is provided that includes identification of future research needs. Conclusions and specific recommendations are made that will contribute to our ability to assess and mitigate risks of E&P sound to marine mammals

Theory and Implementation of Software Bounded Model Checking

This thesis provides a detailed overview of the theory of software bounded model checking (SBMC) and its implementation in LLBMC, which is based on the LLVM compiler framework. The whole process from a C program to an SMT formula is described in detail. Furthermore, a theory of dynamic memory allocation is introduced which allows modelling C\u27s memory model with high precision. Finally, it is shown that LLBMC\u27s approach to software bounded model checking performs well compared to competing tools

Study of new vector-control algorithms for 3-phase inverters used in renewable agents connected to the low-voltage utility grid with disturbances

[ESP] La demanda de energía eléctrica se ha ido incrementando a través de los años debido al desarrollo que han tenido el sector industrial y de transporte, sumándose además el aumento de la población mundial y el desarrollo de nuevas tecnologías que requieren mayor cantidad de energía. Por ello, y con el propósito de generar la energía eléctrica necesaria para suplir a estos sectores, el consumo de combustible ha presentado un aumento significativo. Así, la energía consumida en el año 2010 fue de unos 153,000 TWh y se prevé que para el año 2020 esta cifra ascienda a 184,000 TWh, siendo la mayor parte de esta energía proveniente de combustibles fósiles, aunque el futuro de esta tendencia es incierto. Además, la población mundial se está concienciando cada vez más de los efectos negativos medioambientales que está provocando el llamado “efecto invernadero” y, como consecuencia, se están creando una serie de políticas energéticas con el fin de reducir la generación de gases y partículas contaminantes. Una alternativa para reducir la dependencia de los combustibles fósiles y, a la vez, reducir las emisiones de los gases tóxicos causantes del efecto invernadero, es el uso de fuentes de energías renovables como la solar fotovoltaica y la eólica, así como el uso de pilas de combustibles para almacenamiento de energía, todas ellas a instalar en el mix energético. En este sentido, los nuevos agentes renovables que se conecten a la red eléctrica trifásica de baja tensión deben controlarse adecuadamente y cumpliendo con las legislaciones energéticas vigentes. En este sentido, deben diseñarse nuevas y sofisticadas estrategias de control con el propósito de controlar adecuadamente las corrientes de línea de los inversores de conexión a red utilizados en los agentes renovables cuando existan perturbaciones en la red eléctrica de baja tensión, tales como las variaciones de su frecuencia nominal, los desequilibrios en las tensiones trifásicas y la presencia de contaminación armónica de baja frecuencia. Por todo lo anteriormente mencionado, esta tesis está enfocada en el estudio de varios algoritmos de control y sincronización utilizados en inversores en fuente de tensión (VSI) para conexión a red que operan como los acondicionadores de potencia para los sistemas renovables. Los estudios realizados se aplican a un sistema fotovoltaico, pero pueden extenderse a cualquier tipo de agente renovable utilizado en un sistema de Generación Distribuida. [ENG] Throughout decades, the electric power demand has been rising due to the growth of the industrial sector and transportation, and the development of new technologies that require more energy together with the increase of the global population have led to a higher fuel demand needed for the electric energy generation. The global energy consumption in 2010 was 153,000 TWh and it is expected an increment to 184,600 TWh by 2020, the majority provided by fossil fuels, although the future of these trend is uncertain. Besides, greenhouse effect is causing environmental changes that concern mankind and the creation of new energetic policies is a fact. An alternative for reducing the fossil fuel dependence and the reduction of the greenhouse gas emission is the use of clean and infinite renewable energy sources such as photovoltaic, wind, as well as fuel cells for energy storage, which have been installed in the energetic mix. In this context, new renewable agents are connected to the 3-phase utility grid and must be properly controlled according to power electrical legislations. For this, new and sophisticated control algorithms are to be designed in order to control properly the line currents of the grid-connected inverter when variations of the nominal frequency, voltage unbalances and low-order harmonics are present in the 3-phase utility grid voltage. This thesis is focused in the study of several control and synchronization algorithms used in grid-connected Voltage Source Inverters (VSI) working as the power conditioner circuits for renewable energy systems. The study of these algorithms is carried out using a grid-connected photovoltaic system, but they can be extended to any renewable agent in any distributed generation system.Universidad Politécnica de Cartagen

Geophysical techniques for urban environment monitoring

The research activities conducted in this thesis contributes, through the application of geophysical techniques, to the mitigation of seismic risk with the twofold objective of studying the interaction between the urban subsoil and the overlying-built heritage and carrying out a modal characterisation of a strategic infrastructure. The former objective was pursued by producing a map of the double soil-structure resonance levels of the Matera urban area, while the latter was achieved by setting up and applying an innovative multi-methodological geophysical approach on the Gravina Bridge. As part of the first study, I performed 230 single-station ambient seismic noise measurements on the main lithologies (134) and on the main typology of buildings (96) in reinforced concrete (RC) and unreinforced load-bearing masonry buildings (URM) of the Matera urban area. The ambient seismic noise recorded on the soil 12 min time duration and on buildings 14 min time duration was recorded with a compact digital seismometer and processed using a non-reference site method, the Horizontal-to-vertical noise spectral ratio technique, HVNSR. The measurements taken on the ground and buildings allowed the resonance frequencies and relative amplitudes of the fundamental peaks of the soil and the first elastic frequency of vibration of the buildings to be estimated. A deterministic interpolator (Inverse Distance Weight, IDW) was used in GIS environment to derive the iso-frequency and iso-amplitude maps of the urban area by using as variables the resonance frequencies and amplitudes of the soil HV ratios. A linear period-to-height relationship for the buildings was derived from the experimental results, allowing the fundamental elastic frequency to be estimated for all buildings in the study area. An intersection approach between soil and building frequency bands was used for the first time to derive a map of double soil-structure resonance levels in the linear elastic domain for the whole urban area. Matera represents an important case study since the elastic frequency of vibration for most of the buildings is quite close to that of the foundation soils. In the study area, 21% of the buildings show a high susceptibility to the effect of double soil-building resonance, 63% of the buildings could be characterised by a medium level of double resonance, while 16% could exhibit a zero or very low resonance level. The proposed approach also makes it possible to locate the areas of the city characterised by these different levels of double resonance. Therefore, the first part of the thesis work provided a contribution in assessing the soil – structure interaction effect (SSI, influence of built structures in modifying the ground motion during earthquake shaking) between urban soil and all the overlying buildings in the city of Matera by characterising all the foundation soils of the urban area and all the overlying buildings. A geo-database, the CLARA WebGIS portal (available at this link: https://smartcities-matera-clara.imaa.cnr.it/), for storing and sharing the data and results collected during my PhD activity has been implemented with 488 pre-existing geological, geotechnical, geophysical data. CLARA WebGIS is the first useful tool for predicting which and how many buildings could suffer higher damage due to the double soil-building resonance effect and is the first open geo-platform that shares the results of the double soil-building resonance from experimental data for an entire urban area. CLARA WebGIS addresses a wide range of end-users (local administrations, engineers, geologists, etc.) as support for the implementation of seismic risk mitigation strategies in terms of urban planning, seismic retrofit, and post-earthquake crisis management. The knowledge of the spatial distribution of the site effects (modifications of the ground motions due to changes in the shallow geological layers) in terms of amplification effect, the primary characteristics of buildings, and of soil-building resonance levels estimations, a three-part objective have been achieved: (i) through CLARA's WebGIS every citizen is aware of the characteristics of buildings and foundation soils, so this knowledge makes each individual citizen more resilient to the effects of a seismic event; (ii) preventing the potential losses in economic and social terms; (iii) reducing recovering phase time to facilitate the return of the urban system to equilibrium pre-existing conditions. A deepening of this first study was made by specialising the linear period-height relationship derived from the experimental results as a function of the construction typology and foundation soil for unreinforced load-bearing masonry buildings (URM) founded on rigid soil (Gravina calcarenite characterised by flat HVNSR curves). This relationship is more representative of the condition of a fixed-base masonry building. Variations in the dynamic response of masonry buildings due to soil-foundation-structure interaction at urban scale can be evaluated by simplified analytical approaches based on the traditional compliant-base oscillator model and on simplified assumptions about the geometry and mechanical properties of the soil and foundations. The experimental period-height relationship for URM buildings founded on Gravina calcarenite were integrated in a simplified analytical procedure extended to complex and more realistic stratified soils and irregular foundation geometry. The modified simplified procedure were applied at an urban scale to predict the fundamental period of seven masonry buildings studied in the historic centre of Matera, for which all soil and structural data necessary for the analytical model were available. The comparison of the fundamental periods obtained with the three approaches, traditional, simplified-modified, and experimental, shown that the adoption of the simplified-modified approach significantly improved the agreement between the experimental and analytical periods. This part of the thesis work therefore appears promising to encourage an extended application of the analytical and experimental techniques to other historic urban area characterised by similar characteristics of the built heritage and soil stratification. In the second study of the thesis, has been implemented a multi-methodological approach that allowed to estimate the main modal parameters of the Gravina bridge by analysing short duration ambient noise signals (less than two hours) recorded by low-cost and non-invasive sensors and by performing dynamic tests. The Gravina is an arch bridge located on outcropping limestone in the city of Matera and spans 144 m along a steel-concrete deck suspended by two tubular steel arches. Ambient seismic noise was recorded using two acquisition configurations on the deck and inside the arch. The noise signal data were processed by applying: the standard spectral analysis (FFT), to examine frequencies and energy content distribution, a spectral ratio method with reference station, the Standard Spectral Ratio (SSR) technique, to check and validate eigenfrequencies, the Operational Modal Analysis (OMA) technique, i.e., the Frequency Domain Decomposition (FDD) method, to derive eigenfrequencies and mode shapes, and a seismic interferometric method, the Ambient Noise Deconvolution Interferometry (ANDI), to derive the propagation velocity of ambient noise in the infrastructure. Six eigenfrequencies have been estimated on the deck. The examination of the energy content distribution played a key role for the interpretation of the mode shapes. The variation of the eigenfrequencies of the infrastructure with the seasons as a function of temperature (°C) were monitored: the frequency variations are less than 5% and the behaviour of the structure do not exhibit degradation since the Gravina Bridge is a newly constructed road infrastructure. Deconvolution interferometry has been applied on the ambient noise signals recorded on the deck deriving the wave propagation velocity on the infrastructure. The results presented showed that the ANDI method is sensitive to the distribution of infrastructure stiffness. The multi-methodological approach used in this part of the thesis is promising for (i) evaluating the behaviour of standard structure like buildings and critical infrastructure like a bridge at different scales (global and local), (ii) examining variation of eigenfrequencies, mode shapes and ambient noise waves propagation velocities as a result of aging, degradation, and/or occurrence of potential damage, (iii) controlling and validating outcomes comparing the results obtained from different techniques, (iv) supporting at an early stage as a quick, non-invasive, low-cost tool applied without either diverting, blocking the traffic flow, or stopping the infrastructure service

Expressive and Efficient Memory Representation for Bounded Model Checking of C programs

Ensuring memory safety in programs has been an important yet difficult topic of research. Most static analysis approaches rely on the theory of arrays to model memory access. The limitation of the theory of arrays in terms of scalability and compatibility with SAT/SMT solvers is well-known, and there has been many attempts at optimizing either the theory itself or memory encodings based on theory of arrays. In this thesis, we demonstrate that existing arrays-based memory encodings miss potential optimization opportunities by omitting language specific properties such as alignment and pointer arithmetic in C. We present SeaM, a new memory representation for C programs built around a more expressive First-order Theory: the Theory of Memory. We show that by preserving more C language specific rules and properties, the Theory of Memory allows for more thorough optimization methods during eager rewriting of sequences of stores. We introduce two such optimization methods in this thesis. First, we over-approximate pointer comparison with an abstract interpretation-like approach called AddressRangeMap. Second, we compress sequences of stores with Store-Map for faster address offset look-ups. The new memory representation is implemented in SeaBmc, a new BMC tool for LLVM. We evaluate our approach on real-world bounded model checking tasks from the aws-c-common library and Sv-Comp benchmarks and compare it against two existing memory representations in SeaBmc. Our results show that SeaM outperforms the theory of array based representation and is comparable with the λ based representation

Advances in Image Processing, Analysis and Recognition Technology

For many decades, researchers have been trying to make computers’ analysis of images as effective as the system of human vision is. For this purpose, many algorithms and systems have previously been created. The whole process covers various stages, including image processing, representation and recognition. The results of this work can be applied to many computer-assisted areas of everyday life. They improve particular activities and provide handy tools, which are sometimes only for entertainment, but quite often, they significantly increase our safety. In fact, the practical implementation of image processing algorithms is particularly wide. Moreover, the rapid growth of computational complexity and computer efficiency has allowed for the development of more sophisticated and effective algorithms and tools. Although significant progress has been made so far, many issues still remain, resulting in the need for the development of novel approaches