373 research outputs found
Refinement Type Inference via Horn Constraint Optimization
We propose a novel method for inferring refinement types of higher-order
functional programs. The main advantage of the proposed method is that it can
infer maximally preferred (i.e., Pareto optimal) refinement types with respect
to a user-specified preference order. The flexible optimization of refinement
types enabled by the proposed method paves the way for interesting
applications, such as inferring most-general characterization of inputs for
which a given program satisfies (or violates) a given safety (or termination)
property. Our method reduces such a type optimization problem to a Horn
constraint optimization problem by using a new refinement type system that can
flexibly reason about non-determinism in programs. Our method then solves the
constraint optimization problem by repeatedly improving a current solution
until convergence via template-based invariant generation. We have implemented
a prototype inference system based on our method, and obtained promising
results in preliminary experiments.Comment: 19 page
Isolation Without Taxation: {N}ear-Zero-Cost Transitions for {WebAssembly} and {SFI}
Software sandboxing or software-based fault isolation (SFI) is a lightweight
approach to building secure systems out of untrusted components. Mozilla, for
example, uses SFI to harden the Firefox browser by sandboxing third-party
libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate
untrusted tenants on their edge clouds. While there have been significant
efforts to optimize and verify SFI enforcement, context switching in SFI
systems remains largely unexplored: almost all SFI systems use
\emph{heavyweight transitions} that are not only error-prone but incur
significant performance overhead from saving, clearing, and restoring registers
when context switching. We identify a set of \emph{zero-cost conditions} that
characterize when sandboxed code has sufficient structured to guarantee
security via lightweight \emph{zero-cost} transitions (simple function calls).
We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions,
eliminating the undue performance tax on systems that rely on Lucet for
sandboxing (e.g., we speed up image and font rendering in Firefox by up to
29.7\% and 10\% respectively). To remove the Lucet compiler and its correct
implementation of the Wasm specification from the trusted computing base, we
(1) develop a \emph{static binary verifier}, VeriZero, which (in seconds)
checks that binaries produced by Lucet satisfy our zero-cost conditions, and
(2) prove the soundness of VeriZero by developing a logical relation that
captures when a compiled Wasm function is semantically well-behaved with
respect to our zero-cost conditions. Finally, we show that our model is useful
beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that
uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our
zero-cost conditions; our prototype performs on-par with the state-of-the-art
Native Client SFI system
Flow- and context-sensitive points-to analysis using generalized points-to graphs
© Springer-Verlag GmbH Germany 2016. Bottom-up interprocedural methods of program analysis construct summary flow functions for procedures to capture the effect of their calls and have been used effectively for many analyses. However, these methods seem computationally expensive for flow- and context- sensitive points-to analysis (FCPA) which requires modelling unknown locations accessed indirectly through pointers. Such accesses are com- monly handled by using placeholders to explicate unknown locations or by using multiple call-specific summary flow functions. We generalize the concept of points-to relations by using the counts of indirection levels leaving the unknown locations implicit. This allows us to create sum- mary flow functions in the form of generalized points-to graphs (GPGs) without the need of placeholders. By design, GPGs represent both mem- ory (in terms of classical points-to facts) and memory transformers (in terms of generalized points-to facts). We perform FCPA by progressively reducing generalized points-to facts to classical points-to facts. GPGs distinguish between may and must pointer updates thereby facilitating strong updates within calling contexts. The size of GPGs is linearly bounded by the number of variables and is independent of the number of statements. Empirical measurements on SPEC benchmarks show that GPGs are indeed compact in spite of large procedure sizes. This allows us to scale FCPA to 158 kLoC using GPGs (compared to 35 kLoC reported by liveness-based FCPA). Thus GPGs hold a promise of efficiency and scalability for FCPA without compro- mising precision
Automatic Abstraction in SMT-Based Unbounded Software Model Checking
Software model checkers based on under-approximations and SMT solvers are
very successful at verifying safety (i.e. reachability) properties. They
combine two key ideas -- (a) "concreteness": a counterexample in an
under-approximation is a counterexample in the original program as well, and
(b) "generalization": a proof of safety of an under-approximation, produced by
an SMT solver, are generalizable to proofs of safety of the original program.
In this paper, we present a combination of "automatic abstraction" with the
under-approximation-driven framework. We explore two iterative approaches for
obtaining and refining abstractions -- "proof based" and "counterexample based"
-- and show how they can be combined into a unified algorithm. To the best of
our knowledge, this is the first application of Proof-Based Abstraction,
primarily used to verify hardware, to Software Verification. We have
implemented a prototype of the framework using Z3, and evaluate it on many
benchmarks from the Software Verification Competition. We show experimentally
that our combination is quite effective on hard instances.Comment: Extended version of a paper in the proceedings of CAV 201
Tumor-Derived Granulocyte-Macrophage Colony-Stimulating Factor Regulates Myeloid Inflammation and T Cell Immunity in Pancreatic Cancer
SummaryCancer-associated inflammation is thought to be a barrier to immune surveillance, particularly in pancreatic ductal adenocarcinoma (PDA). Gr-1+ CD11b+ cells are a key feature of cancer inflammation in PDA, but remain poorly understood. Using a genetically engineered mouse model of PDA, we show that tumor-derived granulocyte-macrophage colony-stimulating factor (GM-CSF) is necessary and sufficient to drive the development of Gr-1+ CD11b+ cells that suppressed antigen-specific T cells. In vivo, abrogation of tumor-derived GM-CSF inhibited the recruitment of Gr-1+ CD11b+ cells to the tumor microenvironment and blocked tumor development—a finding that was dependent on CD8+ T cells. In humans, PDA tumor cells prominently expressed GM-CSF in vivo. Thus, tumor-derived GM-CSF is an important regulator of inflammation and immune suppression within the tumor microenvironment
Preplant 1,3-D treatments test well for perennial crop nurseries, but challenges remain
Preplant fumigation with methyl bromide commonly is used in open-field perennial crop nurseries in California for control of plant-parasitic nematodes, pathogens and weeds. Because this fumigant is being phased out, alternatives are needed to ensure the productivity of the perennial crop nursery industry as well as the ornamental, orchard and vineyard production systems that depend on clean planting stock. As part of the USDA Area-Wide Pest Management Program for Integrated Methyl Bromide Alternatives, several perennial crop nursery projects were conducted in California from 2007 to 2011 to test and demonstrate registered alternative fumigants and application techniques that maximize performance and minimize environmental impacts. The project was designed to evaluate shank application and soil surface sealing methods intended to reduce aboveground emission and improve soil performance of 1,3-dichloropropene, a leading methyl bromide alternative for nurseries. In these garden rose and tree nursery experiments, 1,3-dichloropropene treatments performed well regardless of application techniques. In this article, we highlight recent research and discuss the significance and remaining challenges for adoption of methyl bromide alternatives in this unique nursery stock production system
Scale‐dependent strategies for coexistence of mesocarnivores in human‐dominated landscapes
publishedVersio
A simple abstraction of arrays and maps by program translation
We present an approach for the static analysis of programs handling arrays,
with a Galois connection between the semantics of the array program and
semantics of purely scalar operations. The simplest way to implement it is by
automatic, syntactic transformation of the array program into a scalar program
followed analysis of the scalar program with any static analysis technique
(abstract interpretation, acceleration, predicate abstraction,.. .). The
scalars invariants thus obtained are translated back onto the original program
as universally quantified array invariants. We illustrate our approach on a
variety of examples, leading to the " Dutch flag " algorithm
- …