CONFIGEN: A tool for managing configuration options

This paper introduces CONFIGEN, a tool that helps modularizing software. CONFIGEN allows the developer to select a set of elementary components for his software through an interactive interface. Configuration files for use by C/assembly code and Makefiles are then automatically generated, and we successfully used it as a helper tool for complex system software refactoring. CONFIGEN is based on propositional logic, and its implementation faces hard theoretical problems.Comment: In Proceedings LoCoCo 2010, arXiv:1007.083

Paravirtualizing Linux in a real-time hypervisor

International audienceThis paper describes a new hypervisor built to run Linux in a virtual machine. This hypervisor is built inside Anaxagoros, a real-time microkernel designed to execute safely hard real-time and non real-time tasks. This allows the execution of hard real-time tasks in parallel with Linux virtual machines without interfering with the execution of the real-time tasks. We implemented this hypervisor and compared performances with other virtualization techniques. Our hypervisor does not yet provide high performance but gives correct results and we believe the design is solid enough to guarantee solid performances with its future implementation

An Approach for Verifying Concurrent C Programs

International audienceAs software system and its complexity are fast growing, software correctness becomes more and more a crucial issue. We address the problem of verifying functional properties of real-time operating system (microkernel) implemented with C. We present a work-in-progress approach for formally specifying and verifying concurrent C programs directly based on the semantics of C. The basis of this approach is to automatically translate a C code into a TLA+ specification which can be checked by the TLC model checker. We define a set of translation rules and implement it in a tool (C2TLA+) that automatically translates C code into a TLA+ specification. Generated specifications can be integrated with manually written specifications that provide primitives that cannot be expressed in C, or that provide abstract versions of the generated specifications to address the state-explosion problem

Interprocedural Shape Analysis Using Separation Logic-based Transformer Summaries

International audienceShape analyses aim at inferring semantic invariants related to the data-structures that programs manipulate. To achieve that, they typically abstract the set of reachable states. By contrast, abstractions for transformation relations between input states and output states not only provide a finer description of program executions but also enable the composition of the effect of program fragments so as to make the analysis modular. However, few logics can efficiently capture such transformation relations. In this paper, we propose to use connectors inspired by separation logic to describe memory state transformations and to represent procedure summaries. Based on this abstraction, we design a top-down interprocedural analysis using shape transformation relations as procedure summaries. Finally, we report on implementation and evaluation

Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine

Inline assembly is still a common practice in low-level C programming, typically for efficiency reasons or for accessing specific hardware resources. Such embedded assembly codes in the GNU syntax (supported by major compilers such as GCC, Clang and ICC) have an interface specifying how the assembly codes interact with the C environment. For simplicity reasons, the compiler treats GNU inline assembly codes as blackboxes and relies only on their interface to correctly glue them into the compiled C code. Therefore, the adequacy between the assembly chunk and its interface (named compliance) is of primary importance, as such compliance issues can lead to subtle and hard-to-find bugs. We propose RUSTInA, the first automated technique for formally checking inline assembly compliance, with the extra ability to propose (proven) patches and (optimization) refinements in certain cases. RUSTInA is based on an original formalization of the inline assembly compliance problem together with novel dedicated algorithms. Our prototype has been evaluated on 202 Debian packages with inline assembly (2656 chunks), finding 2183 issues in 85 packages -- 986 significant issues in 54 packages (including major projects such as ffmpeg or ALSA), and proposing patches for 92% of them. Currently, 38 patches have already been accepted (solving 156 significant issues), with positive feedback from development teams

C2TLA+ : Traduction automatique du code C vers TLA+

National audienceNous nous intéressons dans ce papier à l'automatisation de la traduction d'un code source C vers un modèle écrit dans le langage de spécification TLA+. Nous proposons alors un outil C2TLA+ pour automatiser le passage d'un code source C vers un modèle écrit dans un langage combinant une logique temporelle avec une logique des actions afin qu'il soit vérifié par le model-checker TLC. Ce papier illustre les règles de représentation et de traduction utilisées pour passer d'une implémentation à une spécification TLA+

SSA translation is an abstract interpretation

the 50th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2023), 15 to 21 January 2023, Boston (MA) USAInternational audienceStatic single assignment (SSA) form is a popular intermediate representation that helps implement useful static analyses, including global value numbering (GVN), sparse dataflow analyses, or SMT-based abstract interpretation or model checking. However, the precision of the SSA translation itself depends on static analyses, and a priori static analysis is even indispensable in the case of low-level input languages like machine code. To solve this chicken-and-egg problem, we propose to turn the SSA translation into a standard static analysis based on abstract interpretation. This allows the SSA translation to be combined with other static analyses in a single pass, taking advantage of the fact that it is more precise to combine analyses than applying passes in sequence. We illustrate the practicality of these results by writing a simple dataflow analysis that performs SSA translation, optimistic global value numbering, sparse conditional constant propagation, and loop-invariant code motion in a single small pass; and by presenting a multi-language static analyzer for both C and machine code that uses the SSA abstract domain as its main intermediate representation

Intégration de systèmes hétérogènes en termes de niveaux de sécurité

This thesis studies design and implementation principles to execute tasks of different criticity levels onto the same computer. Additionally, some of these tasks may have hard real-time constraints. This requires to prove that tasks will get enough resources to execute properly, through the use of predictible and still simple allocation policies. Moreover, ensuring that critical tasks will execute correctly in presence of faults is needed. In particular, providing guarantees on resource allocation should be possible. At last, the system should be easily adaptable to different situations. This thesis tackles these issues through a design proposal for a highly secure and extensible system, which is also independent of resource allocation policies. This is accomplished in particular by systematic use of resource lending, which allows to account for resources independently of protection domains. This approach avoids partitionning resources into pools, simplifying the global allocation problem and deleting every waste of resources. We demonstrate that this approach is feasible using a prototype implementation. This methodology dramatically simplifies resource allocation, but implies additional constraints when writing shared services (e.g. device drivers). In particular, specific new synchronization problems occur. Original mechanisms to solve these problems are proposed, and a methodology that helps writing these shared services.Cette thèse étudie les principes de mise en oeuvre pour l'exécution sur un même ordinateur, de tâches de niveaux de criticité différents, et dont certaines peuvent avoir des contraintes temps réel dur. Les difficultés pour réaliser ces objectifs forment trois catégories. Il faut d'abord prouver que les tâches disposeront d'assez de ressources pour s'exécuter; il doit être ainsi possible d'avoir des politiques d'allocations et d'ordonnancement sûres, prévisibles et simples. Il faut également apporter des garanties de sécurité pour s'assurer que les tâches critiques s'exécuteront correctement en présence de défaillances ou malveillances. Enfin, le système doit pouvoir être réutilisé dans une variété de situations. Cette thèse propose de s'attaquer au problème par la conception d'un système hautement sécurisé, extensible, et qui soit indépendant des politiques d'allocation de ressources. Cela est notamment accompli par le prêt de ressource, qui permet de décompter les ressources indépendamment des domaines de protection. Cette approche évite d'avoir à partitionner les ressources, ce qui simplifie le problème global de l'allocation et permet de ne pas gâcher de ressources. Les problèmes de type inversion de priorité, famine ou dénis de service sont supprimés à la racine. Nous démontrons la faisabilité de cette approche è l'aide d'un prototype, Anaxagoros. La démarche que nous proposons simplifie drastiquement l'allocation des ressources mais implique des contraintes dans l'écriture de services partagés (comme les pilotes de périphériques). Les principales difficultés consistent en des contraintes de synchronisation supplémentaires. Nous proposons des mécanismes originaux et efficaces pour résoudre les problèmes de concurrence et synchronisation, et une méthodologie générale pour faciliter l'écriture sécurisée de ces services partagés

Evaluation à un an d'une méthode de sevrage tabagique en groupe associant thérapie d'inspiration cognitivo-comportementale et subtitution nicotinique

POITIERS-BU Médecine pharmacie (861942103) / SudocPARIS-BIUM (751062103) / SudocSudocFranceF