Static Analysis of Run-Time Errors in Embedded Real-Time Parallel C Programs

We present a static analysis by Abstract Interpretation to check for run-time errors in parallel and multi-threaded C programs. Following our work on Astr\'ee, we focus on embedded critical programs without recursion nor dynamic memory allocation, but extend the analysis to a static set of threads communicating implicitly through a shared memory and explicitly using a finite set of mutual exclusion locks, and scheduled according to a real-time scheduling policy and fixed priorities. Our method is thread-modular. It is based on a slightly modified non-parallel analysis that, when analyzing a thread, applies and enriches an abstract set of thread interferences. An iterator then re-analyzes each thread in turn until interferences stabilize. We prove the soundness of our method with respect to the sequential consistency semantics, but also with respect to a reasonable weakly consistent memory semantics. We also show how to take into account mutual exclusion and thread priorities through a partitioning over an abstraction of the scheduler state. We present preliminary experimental results analyzing an industrial program with our prototype, Th\'es\'ee, and demonstrate the scalability of our approach

Secrecy capacity of a class of orthogonal relay eavesdropper channels

The secrecy capacity of relay channels with orthogonal components is studied in the presence of an additional passive eavesdropper node. The relay and destination receive signals from the source on two orthogonal channels such that the destination also receives transmissions from the relay on its channel. The eavesdropper can overhear either one or both of the orthogonal channels. Inner and outer bounds on the secrecy capacity are developed for both the discrete memoryless and the Gaussian channel models. For the discrete memoryless case, the secrecy capacity is shown to be achieved by a partial decode-and-forward (PDF) scheme when the eavesdropper can overhear only one of the two orthogonal channels. Two new outer bounds are presented for the Gaussian model using recent capacity results for a Gaussian multi-antenna point-to-point channel with a multi-antenna eavesdropper. The outer bounds are shown to be tight for two sub-classes of channels. The first sub-class is one in which the source and relay are clustered and the and the eavesdropper receives signals only on the channel from the source and the relay to the destination, for which the PDF strategy is optimal. The second is a sub-class in which the source does not transmit to the relay, for which a noise-forwarding strategy is optimal.Comment: Submitted to Eurasip Journal on Wireless Communications and Networking special issue on Wireless physical layer security, Dec. 2008, Revised Jun. 200

Droit du travail

Résumé éditeur : Cet ouvrage est destiné aux étudiants qui poursuivent un cursus juridique et particulièrement l\u27enseignement de droit du travail dispensé pendant les deux semestres de la troisième année de licence en droit. Il s\u27adresse également à tous les juristes et praticiens de cette passionnante matière. Après une introduction présentant le droit du travail (formation, caractères, sources) et soulignant le rôle de l\u27État, l\u27ouvrage se divise en deux parties. La première partie traite de l\u27entreprise : son organisation sociale, ses structures, les pouvoirs et contre-pouvoirs qui s\u27y manifestent, y compris le statut protecteur des représentants des travailleurs (Sous-partie I) ; puis, l\u27entrée du salarié dans l\u27entreprise, et donc les contrats intégrant le salarié dans celle-ci, ainsi que les changements affectant la relation de travail ainsi constituée (Sous-partie II) ; enfin, l\u27ouvrage s\u27intéresse à la sortie du salarié de l\u27entreprise (droit commun, licenciement pour motif économique, autres modes de rupture dont la rupture conventionnelle issue de la loi du 25 juin 2008, suites de la rupture) (Sous-partie III). La seconde partie est consacrée au travail : statut légal de la détermination collective des conditions de travail (questions essentielles relatives à la dignité dans le travail et à la lutte contre les discriminations, aux conditions et à l\u27organisation du travail) (Sous-partie I) ; détermination collective des conditions de travail (étude du partenaire syndical, du droit de la négociation collective à la lumière de la loi du 20 août 2008 et des conflits collectifs) (Sous-partie II). S\u27appuyant sur les textes recodifiés et sur la jurisprudence la plus récente, cet ouvrage tente de répondre aux questions essentielles de la réflexion doctrinale et bénéficie de l\u27expérience variée de ses auteurs (ancien conseiller à la Chambre sociale de la Cour de cassation, universitaire, ancien inspecteur du travail)

A Static Analyzer for Large Safety-Critical Software

We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization, the symbolic manipulation of expressions to improve the precision of abstract transfer functions, the octagon, ellipsoid, and decision tree abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds, delayed) and the automatic determination of the parameters (parametrized packing)

Polyhedral Analysis using Parametric Objectives

The abstract domain of polyhedra lies at the heart of many program analysis techniques. However, its operations can be expensive, precluding their application to polyhedra that involve many variables. This paper describes a new approach to computing polyhedral domain operations. The core of this approach is an algorithm to calculate variable elimination (projection) based on parametric linear programming. The algorithm enumerates only non-redundant inequalities of the projection space, hence permits anytime approximation of the output

Abstract Interpretation with Unfoldings

We present and evaluate a technique for computing path-sensitive interference conditions during abstract interpretation of concurrent programs. In lieu of fixed point computation, we use prime event structures to compactly represent causal dependence and interference between sequences of transformers. Our main contribution is an unfolding algorithm that uses a new notion of independence to avoid redundant transformer application, thread-local fixed points to reduce the size of the unfolding, and a novel cutoff criterion based on subsumption to guarantee termination of the analysis. Our experiments show that the abstract unfolding produces an order of magnitude fewer false alarms than a mature abstract interpreter, while being several orders of magnitude faster than solver-based tools that have the same precision.Comment: Extended version of the paper (with the same title and authors) to appear at CAV 201

A Logical Product Approach to Zonotope Intersection

We define and study a new abstract domain which is a fine-grained combination of zonotopes with polyhedric domains such as the interval, octagon, linear templates or polyhedron domain. While abstract transfer functions are still rather inexpensive and accurate even for interpreting non-linear computations, we are able to also interpret tests (i.e. intersections) efficiently. This fixes a known drawback of zonotopic methods, as used for reachability analysis for hybrid sys- tems as well as for invariant generation in abstract interpretation: intersection of zonotopes are not always zonotopes, and there is not even a best zonotopic over-approximation of the intersection. We describe some examples and an im- plementation of our method in the APRON library, and discuss some further in- teresting combinations of zonotopes with non-linear or non-convex domains such as quadratic templates and maxplus polyhedra

Logahedra: A new weakly relational domain

Weakly relational numeric domains express restricted classes of linear inequalities that strike a balance between what can be described and what can be efficiently computed. Popular weakly relational domains such as bounded differences and octagons have found application in model checking and abstract interpretation. This paper introduces logahedra, which are more expressiveness than octagons, but less expressive than arbitrary systems of two variable per inequality constraints. Logahedra allow coefficients of inequalities to be powers of two whilst retaining many of the desirable algorithmic properties of octagons

Interval Slopes as Numerical Abstract Domain for Floating-Point Variables

The design of embedded control systems is mainly done with model-based tools such as Matlab/Simulink. Numerical simulation is the central technique of development and verification of such tools. Floating-point arithmetic, that is well-known to only provide approximated results, is omnipresent in this activity. In order to validate the behaviors of numerical simulations using abstract interpretation-based static analysis, we present, theoretically and with experiments, a new partially relational abstract domain dedicated to floating-point variables. It comes from interval expansion of non-linear functions using slopes and it is able to mimic all the behaviors of the floating-point arithmetic. Hence it is adapted to prove the absence of run-time errors or to analyze the numerical precision of embedded control systems

Speeding up the constraint-based method in difference logic

"The final publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-40970-2_18"Over the years the constraint-based method has been successfully applied to a wide range of problems in program analysis, from invariant generation to termination and non-termination proving. Quite often the semantics of the program under study as well as the properties to be generated belong to difference logic, i.e., the fragment of linear arithmetic where atoms are inequalities of the form u v = k. However, so far constraint-based techniques have not exploited this fact: in general, Farkas’ Lemma is used to produce the constraints over template unknowns, which leads to non-linear SMT problems. Based on classical results of graph theory, in this paper we propose new encodings for generating these constraints when program semantics and templates belong to difference logic. Thanks to this approach, instead of a heavyweight non-linear arithmetic solver, a much cheaper SMT solver for difference logic or linear integer arithmetic can be employed for solving the resulting constraints. We present encouraging experimental results that show the high impact of the proposed techniques on the performance of the VeryMax verification systemPeer ReviewedPostprint (author's final draft