2,768 research outputs found
Verifying and Synthesizing Constant-Resource Implementations with Types
We propose a novel type system for verifying that programs correctly
implement constant-resource behavior. Our type system extends recent work on
automatic amortized resource analysis (AARA), a set of techniques that
automatically derive provable upper bounds on the resource consumption of
programs. We devise new techniques that build on the potential method to
achieve compositionality, precision, and automation.
A strict global requirement that a program always maintains constant resource
usage is too restrictive for most practical applications. It is sufficient to
require that the program's resource behavior remain constant with respect to an
attacker who is only allowed to observe part of the program's state and
behavior. To account for this, our type system incorporates information flow
tracking into its resource analysis. This allows our system to certify programs
that need to violate the constant-time requirement in certain cases, as long as
doing so does not leak confidential information to attackers. We formalize this
guarantee by defining a new notion of resource-aware noninterference, and prove
that our system enforces it.
Finally, we show how our type inference algorithm can be used to synthesize a
constant-time implementation from one that cannot be verified as secure,
effectively repairing insecure programs automatically. We also show how a
second novel AARA system that computes lower bounds on resource usage can be
used to derive quantitative bounds on the amount of information that a program
leaks through its resource use. We implemented each of these systems in
Resource Aware ML, and show that it can be applied to verify constant-time
behavior in a number of applications including encryption and decryption
routines, database queries, and other resource-aware functionality.Comment: 30, IEEE S&P 201
SWATI: Synthesizing Wordlengths Automatically Using Testing and Induction
In this paper, we present an automated technique SWATI: Synthesizing
Wordlengths Automatically Using Testing and Induction, which uses a combination
of Nelder-Mead optimization based testing, and induction from examples to
automatically synthesize optimal fixedpoint implementation of numerical
routines. The design of numerical software is commonly done using
floating-point arithmetic in design-environments such as Matlab. However, these
designs are often implemented using fixed-point arithmetic for speed and
efficiency reasons especially in embedded systems. The fixed-point
implementation reduces implementation cost, provides better performance, and
reduces power consumption. The conversion from floating-point designs to
fixed-point code is subject to two opposing constraints: (i) the word-width of
fixed-point types must be minimized, and (ii) the outputs of the fixed-point
program must be accurate. In this paper, we propose a new solution to this
problem. Our technique takes the floating-point program, specified accuracy and
an implementation cost model and provides the fixed-point program with
specified accuracy and optimal implementation cost. We demonstrate the
effectiveness of our approach on a set of examples from the domain of automated
control, robotics and digital signal processing
Using ACL2 to Verify Loop Pipelining in Behavioral Synthesis
Behavioral synthesis involves compiling an Electronic System-Level (ESL)
design into its Register-Transfer Level (RTL) implementation. Loop pipelining
is one of the most critical and complex transformations employed in behavioral
synthesis. Certifying the loop pipelining algorithm is challenging because
there is a huge semantic gap between the input sequential design and the output
pipelined implementation making it infeasible to verify their equivalence with
automated sequential equivalence checking techniques. We discuss our ongoing
effort using ACL2 to certify loop pipelining transformation. The completion of
the proof is work in progress. However, some of the insights developed so far
may already be of value to the ACL2 community. In particular, we discuss the
key invariant we formalized, which is very different from that used in most
pipeline proofs. We discuss the needs for this invariant, its formalization in
ACL2, and our envisioned proof using the invariant. We also discuss some
trade-offs, challenges, and insights developed in course of the project.Comment: In Proceedings ACL2 2014, arXiv:1406.123
Differentially Testing Soundness and Precision of Program Analyzers
In the last decades, numerous program analyzers have been developed both by
academia and industry. Despite their abundance however, there is currently no
systematic way of comparing the effectiveness of different analyzers on
arbitrary code. In this paper, we present the first automated technique for
differentially testing soundness and precision of program analyzers. We used
our technique to compare six mature, state-of-the art analyzers on tens of
thousands of automatically generated benchmarks. Our technique detected
soundness and precision issues in most analyzers, and we evaluated the
implications of these issues to both designers and users of program analyzers
Work Analysis with Resource-Aware Session Types
While there exist several successful techniques for supporting programmers in
deriving static resource bounds for sequential code, analyzing the resource
usage of message-passing concurrent processes poses additional challenges. To
meet these challenges, this article presents an analysis for statically
deriving worst-case bounds on the total work performed by message-passing
processes. To decompose interacting processes into components that can be
analyzed in isolation, the analysis is based on novel resource-aware session
types, which describe protocols and resource contracts for inter-process
communication. A key innovation is that both messages and processes carry
potential to share and amortize cost while communicating. To symbolically
express resource usage in a setting without static data structures and
intrinsic sizes, resource contracts describe bounds that are functions of
interactions between processes. Resource-aware session types combine standard
binary session types and type-based amortized resource analysis in a linear
type system. This type system is formulated for a core session-type calculus of
the language SILL and proved sound with respect to a multiset-based operational
cost semantics that tracks the total number of messages that are exchanged in a
system. The effectiveness of the analysis is demonstrated by analyzing standard
examples from amortized analysis and the literature on session types and by a
comparative performance analysis of different concurrent programs implementing
the same interface.Comment: 25 pages, 2 pages of references, 11 pages of appendix, Accepted at
LICS 201
Assessing Self-Repair on FPGAs with Biologically Realistic Astrocyte-Neuron Networks
This paper presents a hardware based implementation of a biologically-faithful astrocyte-based selfrepairing mechanism for Spiking Neural Networks. Spiking Astrocyte-neuron Networks (SANNs) are a new computing paradigm which capture the key mechanisms of how the human brain performs repairs. Using SANN in hardware affords the potential for realizing computing architecture that can self-repair. This paper demonstrates that Spiking Astrocyte Neural Network (SANN) in hardware have a resilience to significant levels of faults. The key novelty of the paper resides in implementing an SANN on FPGAs using fixed-point representation and demonstrating graceful performance degradation to different levels of injected faults via its self-repair capability. A fixed-point implementation of astrocyte, neurons and tripartite synapses are presented and compared against previous hardware floating-point and Matlab software implementations of SANN. All results are obtained from the SANN FPGA implementation and show how the reduced fixedpoint representation can maintain the biologically-realistic repair capability
- …