Succinct Representations for Abstract Interpretation

Abstract interpretation techniques can be made more precise by distinguishing paths inside loops, at the expense of possibly exponential complexity. SMT-solving techniques and sparse representations of paths and sets of paths avoid this pitfall. We improve previously proposed techniques for guided static analysis and the generation of disjunctive invariants by combining them with techniques for succinct representations of paths and symbolic representations for transitions based on static single assignment. Because of the non-monotonicity of the results of abstract interpretation with widening operators, it is difficult to conclude that some abstraction is more precise than another based on theoretical local precision results. We thus conducted extensive comparisons between our new techniques and previous ones, on a variety of open-source packages.Comment: Static analysis symposium (SAS), Deauville : France (2012

Static Analysis of Run-Time Errors in Embedded Real-Time Parallel C Programs

We present a static analysis by Abstract Interpretation to check for run-time errors in parallel and multi-threaded C programs. Following our work on Astr\'ee, we focus on embedded critical programs without recursion nor dynamic memory allocation, but extend the analysis to a static set of threads communicating implicitly through a shared memory and explicitly using a finite set of mutual exclusion locks, and scheduled according to a real-time scheduling policy and fixed priorities. Our method is thread-modular. It is based on a slightly modified non-parallel analysis that, when analyzing a thread, applies and enriches an abstract set of thread interferences. An iterator then re-analyzes each thread in turn until interferences stabilize. We prove the soundness of our method with respect to the sequential consistency semantics, but also with respect to a reasonable weakly consistent memory semantics. We also show how to take into account mutual exclusion and thread priorities through a partitioning over an abstraction of the scheduler state. We present preliminary experimental results analyzing an industrial program with our prototype, Th\'es\'ee, and demonstrate the scalability of our approach

Enhancing the Guidance of the Intentional Model "MAP": Graph Theory Application

The MAP model was introduced in information system engineering in order to model processes on a flexible way. The intentional level of this model helps an engineer to execute a process with a strong relationship to the situation of the project at hand. In the literature, attempts for having a practical use of maps are not numerous. Our aim is to enhance the guidance mechanisms of the process execution by reusing graph algorithms. After clarifying the existing relationship between graphs and maps, we improve the MAP model by adding qualitative criteria. We then offer a way to express maps with graphs and propose to use Graph theory algorithms to offer an automatic guidance of the map. We illustrate our proposal by an example and discuss its limitations.Comment: 9 page

Security Toolbox for Detecting Novel and Sophisticated Android Malware

This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The adversarial challenge ("Red") teams in the DARPA APAC program are tasked with designing sophisticated malware to test the bounds of malware detection technology being developed by the research and development ("Blue") teams. Our research group, a Blue team in the DARPA APAC program, proposed a "human-in-the-loop program analysis" approach to detect malware given the source or Java bytecode for an Android app. Our malware detection apparatus consists of two components: a general-purpose program analysis platform called Atlas, and a Security Toolbox built on the Atlas platform. This paper describes the major design goals, the Toolbox components to achieve the goals, and the workflow for auditing Android apps. The accompanying video (http://youtu.be/WhcoAX3HiNU) illustrates features of the Toolbox through a live audit.Comment: 4 pages, 1 listing, 2 figure

Development and evaluation of methods for control and modelling of multiple-input multiple-output systems

In control, a common type of system is the multiple-input multiple-output (MIMO) system, where the same input may affect multiple outputs, or conversely, the same output is affected by multiple inputs. In this thesis two methods for controlling MIMO systems are examined, namely linear quadratic Gaussian (LQG) control and decentralized control, and some of the difficulties associated with them.One difficulty when implementing decentralized control is to decide which inputs should control which outputs, also called the input-output pairing problem. There are multiple ways to solve this problem, among them using gramian based measures, which include the Hankel interaction index array, the participation matrix and the Σ2 method.\ua0 These methods take into account system dynamics as opposed to many other methods which only consider the steady-state system. However, the gramian based methods have issues with input and output scaling. Generally, this is handled by scaling all inputs and outputs to have equal range. However, in this thesis it is demonstrated how this can cause an incorrect pairing. Furthermore, this thesis examines other methods of scaling the gramian based measures, using either row or column sums, or by utilizing the Sinkhorn-Knopp algorithm. It is shown that there are considerable benefits to be gained from the alternative scaling of the gramian based measures, especially when using the Sinkhorn-Knopp algorithm. The use of this method also has the advantage that the results are completely independent of the original scaling of the inputs and outputs.An expansion to the decentralized control structure is the sparse control, in which a decentralized controller is expanded to include feed-forward or MIMO blocks. In this thesis we explore how to best use the gramian based measures to find sparse control structures, and propose a method which demonstrates considerable improvement compared to existing methods of sparse control structure design.A prerequisite to implementing control configuration methods is an understanding of the processes in question. In this thesis we examine the pulp refining process and design both static and dynamic models for pulp and paper properties such as shives width, fiber length and tensile index, and various available inputs. We demonstrate that utilizing internal variables (primarily consistencies) estimated from temperature measurements yields improved results compared to using solely measured variables. The measurement data from the refiners is noisy, sometimes sparse and generally irregularly sampled. This thesis discusses the challenges posed by these constraints and how they can be resolved.\ua0\ua0 An alternative way to control a MIMO system is to implement an LQG controller, which yields a single control structure for the entire system using a state based controller. It has been proposed that LQG control can be an effective control scheme to be used on networked control systems with wireless channels. These channels have a tendency to be unreliable with packet delays and packet losses. This thesis examines how to implement an LQG controller over such unreliable communication channels, and derives the optimal controller minimizing the cost function expressed in actuated controls.When new methods of control system design and analysis are introduced in the control engineering field, it is important to compare the new results with existing methods. Often this requires application of the methods on examples, and for this purpose benchmark processes are introduced. However, in many areas of control engineering research the number of examples are relatively few, in particular when MIMO systems are considered. For a thorough assessment of a method, however, as large number of relevant models as possible should be used. As a remedy, a framework has been developed for generating linear MIMO models based on predefined system properties, such as model type, size, stability, time constants, delays etc. This MIMO generator, which is presented in this thesis, is demonstrated by using it to evaluate the previously described scaling methods for the gramian based pairing methods