455 research outputs found
Electrical modeling of the photoelectric effect induced by a pulsed laser applied to an SRAM cell
International audienceThis abstract presents an electrical model of an SRAM cell exposed to a pulsed Photoelectrical Laser Stimulation (PLS), based on our past model of MOS transistor under laser illumination. The validity of our model is assessed by the very good correlation obtained between measurements and electrical simulation. These simulations are capable to explain some specific points. For example, in theory, a SRAM cell under PLS have four sensitive areas. But in measurements only three areas were revealed. A hypothesis was presented in this paper and confirm by electrical simulation. The specific topology of the cell masks one sensitive area. Therefore the electrical model could be used as a tool of characterization of a CMOS circuits under PLS
Electrical model of an NMOS body biased structure in triple-well technology under photoelectric laser stimulation
International audienceâ This study is driven by the need to optimize failure analysis methodologies based on laser/silicon interactions with an integrated circuit using a triple-well process. It is therefore mandatory to understand the behavior of elementary devices to laser illumination, in order to model and predict the behavior of more complex circuits. This paper presents measurements of the photoelectric currents induced by a pulsed-laser on an NMOS transistor in triple-well Psubstrate/DeepNwell/Pwell structure dedicated to low power body biasing techniques. This evaluation compares the triple-well structure to a classical Psubstrate-only structure of an NMOS transistor. It reveals the possible activation change of the bipolar transistors. Based on these experimental measurements, an electrical model is proposed that makes it possible to simulate the effects induced by photoelectric laser stimulation
Succinct Representations for Abstract Interpretation
Abstract interpretation techniques can be made more precise by distinguishing
paths inside loops, at the expense of possibly exponential complexity.
SMT-solving techniques and sparse representations of paths and sets of paths
avoid this pitfall. We improve previously proposed techniques for guided static
analysis and the generation of disjunctive invariants by combining them with
techniques for succinct representations of paths and symbolic representations
for transitions based on static single assignment. Because of the
non-monotonicity of the results of abstract interpretation with widening
operators, it is difficult to conclude that some abstraction is more precise
than another based on theoretical local precision results. We thus conducted
extensive comparisons between our new techniques and previous ones, on a
variety of open-source packages.Comment: Static analysis symposium (SAS), Deauville : France (2012
Laser Fault Injection into SRAM cells: Picosecond versus Nanosecond pulses
International audienceâLaser fault injection into SRAM cells is a widely used technique to perform fault attacks. In previous works, Roscian and Sarafianos studied the relations between the layout of the cell, its different laser-sensitive areas and their associated fault model using 50 ns duration laser pulses. In this paper, we report similar experiments carried out using shorter laser pulses (30 ps duration instead of 50 ns). Laser-sensitive areas that did not appear at 50 ns were observed. Additionally, these experiments confirmed the validity of the bit-set/bit-reset fault model over the bit-flip one. We also propose an upgrade of the simulation model they used to take into account laser pulses in the picosecond range. Finally, we performed additional laser fault injection experiments on the RAM memory of a microcontroller to validate the previous results
A Simplex-Based Extension of Fourier-Motzkin for Solving Linear Integer Arithmetic
International audienceThis paper describes a novel decision procedure for quantifier-free linear integer arithmetic. Standard techniques usually relax the initial problem to the rational domain and then proceed either by projection (e.g. Omega-Test) or by branching/cutting methods (branch-and-bound, branch-and-cut, Gomory cuts). Our approach tries to bridge the gap between the two techniques: it interleaves an exhaustive search for a model with bounds inference. These bounds are computed provided an oracle capable of finding constant positive linear combinations of affine forms. We also show how to design an efficient oracle based on the Simplex procedure. Our algorithm is proved sound, complete, and terminating and is implemented in the Alt-Ergo theorem prover. Experimental results are promising and show that our approach is competitive with state-of-the-art SMT solvers
A Reduction from Unbounded Linear Mixed Arithmetic Problems into Bounded Problems
We present a combination of the Mixed-Echelon-Hermite transformation and the
Double-Bounded Reduction for systems of linear mixed arithmetic that preserve
satisfiability and can be computed in polynomial time. Together, the two
transformations turn any system of linear mixed constraints into a bounded
system, i.e., a system for which termination can be achieved easily. Existing
approaches for linear mixed arithmetic, e.g., branch-and-bound and cuts from
proofs, only explore a finite search space after application of our two
transformations. Instead of generating a priori bounds for the variables, e.g.,
as suggested by Papadimitriou, unbounded variables are eliminated through the
two transformations. The transformations orient themselves on the structure of
an input system instead of computing a priori (over-)approximations out of the
available constants. Experiments provide further evidence to the efficiency of
the transformations in practice. We also present a polynomial method for
converting certificates of (un)satisfiability from the transformed to the
original system
New results on rewrite-based satisfiability procedures
Program analysis and verification require decision procedures to reason on
theories of data structures. Many problems can be reduced to the satisfiability
of sets of ground literals in theory T. If a sound and complete inference
system for first-order logic is guaranteed to terminate on T-satisfiability
problems, any theorem-proving strategy with that system and a fair search plan
is a T-satisfiability procedure. We prove termination of a rewrite-based
first-order engine on the theories of records, integer offsets, integer offsets
modulo and lists. We give a modularity theorem stating sufficient conditions
for termination on a combinations of theories, given termination on each. The
above theories, as well as others, satisfy these conditions. We introduce
several sets of benchmarks on these theories and their combinations, including
both parametric synthetic benchmarks to test scalability, and real-world
problems to test performances on huge sets of literals. We compare the
rewrite-based theorem prover E with the validity checkers CVC and CVC Lite.
Contrary to the folklore that a general-purpose prover cannot compete with
reasoners with built-in theories, the experiments are overall favorable to the
theorem prover, showing that not only the rewriting approach is elegant and
conceptually simple, but has important practical implications.Comment: To appear in the ACM Transactions on Computational Logic, 49 page
solc-verify: A Modular Verifier for Solidity Smart Contracts
We present solc-verify, a source-level verification tool for Ethereum smart
contracts. Solc-verify takes smart contracts written in Solidity and discharges
verification conditions using modular program analysis and SMT solvers. Built
on top of the Solidity compiler, solc-verify reasons at the level of the
contract source code, as opposed to the more common approaches that operate at
the level of Ethereum bytecode. This enables solc-verify to effectively reason
about high-level contract properties while modeling low-level language
semantics precisely. The contract properties, such as contract invariants, loop
invariants, and function pre- and post-conditions, can be provided as
annotations in the code by the developer. This enables automated, yet
user-friendly formal verification for smart contracts. We demonstrate
solc-verify by examining real-world examples where our tool can effectively
find bugs and prove correctness of non-trivial properties with minimal user
effort.Comment: Authors' manuscript. Published in S. Chakraborty and J. A. Navas
(Eds.): VSTTE 2019, LNCS 12031, 2020. The final publication is available at
Springer via https://doi.org/10.1007/978-3-030-41600-3_1
Square root and division elimination in PVS
International audienceIn this paper we present a new strategy for PVS that imple- ments a square root and division elimination in order to use automatic arithmetic strategies that were not able to deal with these operations in the ï°rst place. This strategy relies on a PVS formalization of the square root and division elimination and deep embedding of PVS expressions inside PVS. Therefore using computational reï°ection and symbolic com- putation we are able to automatically transform expressions into division and square root free ones before using these decision procedures
Formalising the Continuous/Discrete Modeling Step
Formally capturing the transition from a continuous model to a discrete model
is investigated using model based refinement techniques. A very simple model
for stopping (eg. of a train) is developed in both the continuous and discrete
domains. The difference between the two is quantified using generic results
from ODE theory, and these estimates can be compared with the exact solutions.
Such results do not fit well into a conventional model based refinement
framework; however they can be accommodated into a model based retrenchment.
The retrenchment is described, and the way it can interface to refinement
development on both the continuous and discrete sides is outlined. The approach
is compared to what can be achieved using hybrid systems techniques.Comment: In Proceedings Refine 2011, arXiv:1106.348
- âŠ