144,798 research outputs found
A Framework for Verification and Debugging of Resource Usage Properties
We present a framework for (static) verification of general resource usage program properties. The framework extends the criteria of correctness as the conformance of a program to a specification expressing non-functional global properties, such as upper and lower bounds on execution time, memory, energy, or user defined resources, given as functions on input data sizes. A given specification can include both lower and upper bound resource usage functions, i.e., it can express intervals where the resource usage is supposed to be included in. We have defined an abstract semantics for resource usage properties and operations to compare the (approximated) intended semantics of a program (i.e., the specification) with approximated semantics inferred by static analysis. These operations include the comparison of arithmetic functions (e.g., polynomial, exponential or logarithmic functions). A novel aspect of our framework is that the static checking of assertions generates answers that include conditions under which a given specification can be proved or disproved. For example, these conditions can express intervals of input data sizes such that a given specification can be proved for some intervals but disproved for others. We have implemented our techniques within the Ciao/CiaoPP system in a natural way, so that the novel resource usage verification blends in with the CiaoPP framework that unifies static verification and static debugging (as well as run-time verification and unit testing)
Interval-based Resource Usage Verification by Translation into Horn Clauses and an Application to Energy Consumption
Many applications require conformance with specifications that constrain the
use of resources, such as execution time, energy, bandwidth, etc. We have
presented a configurable framework for static resource usage verification where
specifications can include lower and upper bound, data size-dependent resource
usage functions. To statically check such specifications, our framework infers
the same type of resource usage functions, which safely approximate the actual
resource usage of the program, and compares them against the specification. We
review how this framework supports several languages and compilation output
formats by translating them to an intermediate representation based on Horn
clauses and using the configurability of the framework to describe the resource
semantics of the input language. We provide a more detailed formalization and
extend the framework so that both resource usage specification and
analysis/verification output can include preconditions expressing intervals for
the input data sizes for which assertions are applicable, proved, or disproved.
Most importantly, we also extend the classes of functions that can be checked.
We provide results from an implementation within the Ciao/CiaoPP framework, and
report on a tool built by instantiating this framework for the verification of
energy consumption specifications for imperative/embedded programs. This paper
is under consideration for publication in Theory and Practice of Logic
Programming (TPLP).Comment: Under consideration for publication in Theory and Practice of Logic
Programming (TPLP
I2PA, U-prove, and Idemix: An Evaluation of Memory Usage and Computing Time Efficiency in an IoT Context
The Internet of Things (IoT), in spite of its innumerable advantages, brings
many challenges namely issues about users' privacy preservation and constraints
about lightweight cryptography. Lightweight cryptography is of capital
importance since IoT devices are qualified to be resource-constrained. To
address these challenges, several Attribute-Based Credentials (ABC) schemes
have been designed including I2PA, U-prove, and Idemix. Even though these
schemes have very strong cryptographic bases, their performance in
resource-constrained devices is a question that deserves special attention.
This paper aims to conduct a performance evaluation of these schemes on
issuance and verification protocols regarding memory usage and computing time.
Recorded results show that both I2PA and U-prove present very interesting
results regarding memory usage and computing time while Idemix presents very
low performance with regard to computing time
Interval-based resource usage verification: Formalization and prototype
In an increasing number of applications (e.g., in embedded,
real-time, or mobile systems) it is important or even essential to ensure conformance with respect to a specification expressing resource usages, such as execution time, memory, energy, or user-defined resources. In previous work we have presented a novel framework for data size-aware, static resource usage verification. Specifications can include both lower and upper bound resource usage functions. In order to statically check such specifications, both upper- and lower-bound resource usage functions (on input data sizes) approximating the actual resource usage of the program which are automatically inferred and compared against the specification. The outcome of the static checking of assertions can express intervals for the input data sizes such that a given specification can be proved for some intervals but disproved for others. After an overview of the approach in this paper we provide a number of novel contributions: we present a full formalization, and we report on and provide results from an implementation within the Ciao/CiaoPP framework (which provides a general, unified platform for static and run-time verification, as well as unit testing). We also generalize the checking of assertions to allow preconditions expressing intervals within which the input data size of a program is supposed to lie (i.e., intervals for which each assertion is applicable), and we extend the class of resource usage functions that can be checked
Towards Energy Consumption Verification via Static Analysis
In this paper we leverage an existing general framework for resource usage
verification and specialize it for verifying energy consumption specifications
of embedded programs. Such specifications can include both lower and upper
bounds on energy usage, and they can express intervals within which energy
usage is to be certified to be within such bounds. The bounds of the intervals
can be given in general as functions on input data sizes. Our verification
system can prove whether such energy usage specifications are met or not. It
can also infer the particular conditions under which the specifications hold.
To this end, these conditions are also expressed as intervals of functions of
input data sizes, such that a given specification can be proved for some
intervals but disproved for others. The specifications themselves can also
include preconditions expressing intervals for input data sizes. We report on a
prototype implementation of our approach within the CiaoPP system for the XC
language and XS1-L architecture, and illustrate with an example how embedded
software developers can use this tool, and in particular for determining values
for program parameters that ensure meeting a given energy budget while
minimizing the loss in quality of service.Comment: Presented at HIP3ES, 2015 (arXiv: 1501.03064
Gradual Verification for Smart Contracts
Blockchains facilitate secure resource transactions through smart contracts,
yet these digital agreements are prone to vulnerabilities, particularly when
interacting with external contracts, leading to substantial monetary losses.
Traditional verification techniques fall short in providing comprehensive
security assurances, especially against re-entrancy attacks, due to the
unavailable implementations of external contracts. This paper introduces an
incremental approach: gradual verification. We combine static and dynamic
verification techniques to enhance security, guarantee soundness and
flexibility, and optimize resource usage in smart contract interactions. By
implementing a prototype for gradually verifying Algorand smart contracts via
the pyTEAL language, we demonstrate the effectiveness of our approach,
contributing to the safe and efficient execution of smart contracts
Resource bounds analysis.
We present a generic analysis that infers both upper and lower bounds on the usage that a program makes of a set of user-definable resources. The inferred bounds will in general be functions of input data sizes. A resource in our approach is a quite general, user-defined notion which associates a basic cost function with elementary operations.
The analysis then derives the related (upper- and lower- bound) cost functions for all procedures in the program. We also present an assertion language which is used to define both such resources and resource-related properties that the system can then check based on the results of the analysis. We have performed some experiments with some concrete resource-related properties such as execution steps, bits sent or received by an application, number of arithmetic operations performed, number of calls to a procedure, number of transactions, etc. presenting the resource usage functions inferred and the times taken to
perform the analysis. Applications of our analysis include resource consumption verification and debugging (including for mobile code), resource control in parallel/distributed computing, and resource-oriented specialization
Abstract Interpretation-based verification/certification in the ciaoPP system
CiaoPP is the abstract interpretation-based preprocessor of
the Ciao multi-paradigm (Constraint) Logic Programming system. It uses modular, incremental abstract interpretation as a fundamental tool to obtain information about programs. In CiaoPP, the semantic approximations thus produced have been applied to perform high- and low-level optimizations during program compilation, including transformations such as múltiple abstract specialization, parallelization, partial evaluation, resource usage control, and program verification. More recently, novel and promising applications of such semantic approximations are
being applied in the more general context of program development such as program verification. In this work, we describe our extensión of the system to incorpórate Abstraction-Carrying Code (ACC), a novel approach to mobile code safety. ACC follows the standard strategy of associating safety certificates to programs, originally proposed in Proof Carrying- Code. A distinguishing feature of ACC is that we use an abstraction (or abstract model) of the program computed by standard static analyzers as a certifícate. The validity of the abstraction on the consumer side is checked in a single-pass by a very efficient and specialized abstractinterpreter. We have implemented and benchmarked ACC within CiaoPP. The experimental results show that the checking phase is indeed faster than the proof generation phase, and that the sizes of certificates are reasonable. Moreover, the preprocessor is based on compile-time (and run-time) tools for the certification of CLP programs with resource consumption assurances
- …