104,896 research outputs found
The Meaning of Memory Safety
We give a rigorous characterization of what it means for a programming
language to be memory safe, capturing the intuition that memory safety supports
local reasoning about state. We formalize this principle in two ways. First, we
show how a small memory-safe language validates a noninterference property: a
program can neither affect nor be affected by unreachable parts of the state.
Second, we extend separation logic, a proof system for heap-manipulating
programs, with a memory-safe variant of its frame rule. The new rule is
stronger because it applies even when parts of the program are buggy or
malicious, but also weaker because it demands a stricter form of separation
between parts of the program state. We also consider a number of pragmatically
motivated variations on memory safety and the reasoning principles they
support. As an application of our characterization, we evaluate the security of
a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio
Independence and concurrent separation logic
A compositional Petri net-based semantics is given to a simple language
allowing pointer manipulation and parallelism. The model is then applied to
give a notion of validity to the judgements made by concurrent separation logic
that emphasizes the process-environment duality inherent in such rely-guarantee
reasoning. Soundness of the rules of concurrent separation logic with respect
to this definition of validity is shown. The independence information retained
by the Petri net model is then exploited to characterize the independence of
parallel processes enforced by the logic. This is shown to permit a refinement
operation capable of changing the granularity of atomic actions
Featherweight VeriFast
VeriFast is a leading research prototype tool for the sound modular
verification of safety and correctness properties of single-threaded and
multithreaded C and Java programs. It has been used as a vehicle for
exploration and validation of novel program verification techniques and for
industrial case studies; it has served well at a number of program verification
competitions; and it has been used for teaching by multiple teachers
independent of the authors. However, until now, while VeriFast's operation has
been described informally in a number of publications, and specific
verification techniques have been formalized, a clear and precise exposition of
how VeriFast works has not yet appeared. In this article we present for the
first time a formal definition and soundness proof of a core subset of the
VeriFast program verification approach. The exposition aims to be both
accessible and rigorous: the text is based on lecture notes for a graduate
course on program verification, and it is backed by an executable
machine-readable definition and machine-checked soundness proof in Coq
Heap Abstractions for Static Analysis
Heap data is potentially unbounded and seemingly arbitrary. As a consequence,
unlike stack and static memory, heap memory cannot be abstracted directly in
terms of a fixed set of source variable names appearing in the program being
analysed. This makes it an interesting topic of study and there is an abundance
of literature employing heap abstractions. Although most studies have addressed
similar concerns, their formulations and formalisms often seem dissimilar and
some times even unrelated. Thus, the insights gained in one description of heap
abstraction may not directly carry over to some other description. This survey
is a result of our quest for a unifying theme in the existing descriptions of
heap abstractions. In particular, our interest lies in the abstractions and not
in the algorithms that construct them.
In our search of a unified theme, we view a heap abstraction as consisting of
two features: a heap model to represent the heap memory and a summarization
technique for bounding the heap representation. We classify the models as
storeless, store based, and hybrid. We describe various summarization
techniques based on k-limiting, allocation sites, patterns, variables, other
generic instrumentation predicates, and higher-order logics. This approach
allows us to compare the insights of a large number of seemingly dissimilar
heap abstractions and also paves way for creating new abstractions by
mix-and-match of models and summarization techniques.Comment: 49 pages, 20 figure
Automating Deductive Verification for Weak-Memory Programs
Writing correct programs for weak memory models such as the C11 memory model
is challenging because of the weak consistency guarantees these models provide.
The first program logics for the verification of such programs have recently
been proposed, but their usage has been limited thus far to manual proofs.
Automating proofs in these logics via first-order solvers is non-trivial, due
to reasoning features such as higher-order assertions, modalities and rich
permission resources. In this paper, we provide the first implementation of a
weak memory program logic using existing deductive verification tools. We
tackle three recent program logics: Relaxed Separation Logic and two forms of
Fenced Separation Logic, and show how these can be encoded using the Viper
verification infrastructure. In doing so, we illustrate several novel encoding
techniques which could be employed for other logics. Our work is implemented,
and has been evaluated on examples from existing papers as well as the Facebook
open-source Folly library.Comment: Extended version of TACAS 2018 publicatio
Relational Parametricity and Separation Logic
Separation logic is a recent extension of Hoare logic for reasoning about
programs with references to shared mutable data structures. In this paper, we
provide a new interpretation of the logic for a programming language with
higher types. Our interpretation is based on Reynolds's relational
parametricity, and it provides a formal connection between separation logic and
data abstraction
Deductive Verification of Unmodified Linux Kernel Library Functions
This paper presents results from the development and evaluation of a
deductive verification benchmark consisting of 26 unmodified Linux kernel
library functions implementing conventional memory and string operations. The
formal contract of the functions was extracted from their source code and was
represented in the form of preconditions and postconditions. The correctness of
23 functions was completely proved using AstraVer toolset, although success for
11 functions was achieved using 2 new specification language constructs.
Another 2 functions were proved after a minor modification of their source
code, while the final one cannot be completely proved using the existing memory
model. The benchmark can be used for the testing and evaluation of deductive
verification tools and as a starting point for verifying other parts of the
Linux kernel.Comment: 18 pages, 2 tables, 6 listings. Accepted to ISoLA 2018 conference.
Evaluating Tools for Software Verification trac
HAPS Gateway Link in the 5850-7075 MHz and Coexistence with Fixed Satellite Service
Gateway link is essential to connect HAPS platform to terrestrial based networks. This crucial link is incorporated in HAPS fixed service spectrum allocation in considerably high frequencies, renders the link for more attenuations by atmospheric gases, and rain effects, especially when the regional climate is not favorable. However, under the agenda item 1.20 of World Radio Conference-2012 (WRC-12) new HAPS allocation in the 5850-7075 MHz band is proposed. Although, spectrum features are incomparably reliable, on the contrary, Fixed Satellite Service (FSS) uplink transmissions will have signal levels much higher than those in HAPS systems and have the potential for causing interference at the HAPS gateway receiver. In this article a key aspect of co-channel interference phenomena is investigated to facilitate optimum frequency sharing in the band in question. By proposing mitigation techniques and statistical method this generic prediction model enhances the capability of the HAPS spectrum sharing and provides flexibility in spectrum planning for different fixed services
- …