69 research outputs found
Generating inductive shape predicates for runtime checking and formal verification
© Springer Nature Switzerland AG 2018. Knowing the shapes of dynamic data structures is key when formally reasoning about pointer programs. While modern shape analysis tools employ symbolic execution and machine learning to infer shapes, they often assume well-structured C code or programs written in an idealised language. In contrast, our Data Structure Investigator (DSI) tool for program comprehension analyses concrete executions and handles even C programs with complex coding styles. Our current research on memory safety develops ways for DSI to synthesise inductive shape predicates in separation logic. In the context of trusted computing, we investigate how the inferred predicates can be employed to generate runtime checks for securely communicating dynamic data structures across trust boundaries. We also explore to what extent these predicates, together with additional information extracted by DSI, can be used within general program verifiers such as VeriFast. This paper accompanies a talk at the ISoLA 2018 track “A Broader View on Verification: From Static to Runtime and Back”. It introduces DSI, highlights the above use cases, and sketches our approach for synthesising inductive shape predicates.status: publishe
Myocardial Infarction after Long-Term Treatment with a Tyrosine Kinase Inhibitor (TKI) with Anti-VEGF Receptor Activity
TKIs including anti-VEGF receptor activity have been approved for the treatment of patients with radioiodine resistant thyroid carcinomas. For lenvatinib arterial thromboembolic events are listed as adverse events of special interest with lenvatinib. In the phase III study, arterial thromboembolic events were reported in 3% of lenvatinib-treated patients and 1% in the placebo group. Most of the patients had predisposing factors. Only one myocardial infarct was reported in the lenvatinib phase III study. We report a 73-year-old female patient with metastatic thyroid papillary carcinoma who was treated with total thyroidectomy. The operation was followed by four radioiodine therapies over a period of 6 years. At 6 years she developed lung metastasis without radioiodine uptake, one solitary liver metastasis and one solitary right renal metastasis. One year after the first diagnosis of radioiodine resistant lung metastasis the lung metastasis showed progression according to RECIST criteria. This treatment was resulting in prolonged partial response with disappearance of a hepatic and renal metastasis. A myocardial infarction occurred after 39 months of lenvatinib treatment resulting in implantation of 3 stents and a two chamber pacemaker. The treatment was discontinued. Except for well controlled hypertension there were neither predisposing diseases like diabetes nor symptoms of cardiac ischemia on exertion. However, the family history for cardiovascular diseases was positive for cardiac infarction reported for one brother. Another brother was treated for hypertension and the patient’s mother suffered from a cerebral infarction at the age of 60. While only one myocardial infarct was reported in the lenvatinib phase III study with 392 patients this case suggests that long-term treatment with lenvatinib may be associated with an increased risk for myocardial infarct also in patients with no predisposing diseases except well controlled hypertension and positive family history for cardiovascular diseases.Peer Reviewe
Learning assertions to verify linked-list programs
C programs that manipulate list-based dynamic data structures remain a
challenging target for static verification. In this paper we employ the
dynamic analysis of dsOli to locate and identify data structure operations in a
program, and then use this information to automatically annotate that program with assertions in
separation logic. These annotations comprise candidate pre/post-conditions
and loop invariants suitable to statically verify memory safety with the
verification tool VeriFast. By using both textbook and real-world examples
on our prototype implementation, we show that the generated assertions are
often discharged automatically. Even when this is not the case, candidate
invariants are of great help to the verification engineer, significantly
reducing the manual verification effort.status: publishe
Poster: Identifying dynamic data structures in malware
As the complexity of malware grows, so does the necessity of
employing program structuring mechanisms during development. While control flow structuring is often obfuscated, the
dynamic data structures employed by the program are typically untouched. We report on work in progress that exploits
this weakness to identify dynamic data structures present in
malware samples for the purposes of aiding reverse engineering and constructing malware signatures, which may be
employed for malware classification.
Using a prototype implementation, which combines the
type recovery tool Howard and the identification tool Data
Structure Investigator (DSI), we analyze data structures in
Carberp and AgoBot malware. Identifying their data structures illustrates a challenging problem. To tackle this, we
propose a new type recovery for binaries based on machine
learning, which uses Howard's types to guide the search and
DSI's memory abstraction for hypothesis evaluation.status: publishe
- …