COAST : des réseaux de Petri à la planification assistée

COAST est un outil d'assistance à la planification militaire. Son architecture distribuée comprend un serveur constitué d'un moteur d'analyse de réseaux de Petri tandis que l'interface graphique fournie par le client permet de masquer l'utilisation des méthodes formelles. Les synchronisations entre tâches à planifier sont un aspect essentiel de COAST. Dans cet article, après une présentation générale de la problématique et de l'outil, nous décrivons les synchronisations, montrons comment elles sont modélisées et implantées

From PNML to counter systems for accelerating Petri Nets with FAST

We use the tool FAST to check parameterized safety properties on Petri nets with a large or infinite state space. Although this tool is not dedicated to Petri nets, it can be used for these as place/transition nets (and some of their extensions) are subcases of FASTinput model. The originality of the tool lies in the use of acceleration techniques in order to compute the exact reachability set for infinite systems. In this paper, we present the automatic transformation of Petri nets written in PNML (Petri Net Markup Language) into counter systems. Then, FAST provides a simple but very powerful language to express complex properties and check these

A Quantitative Flavour of Robust Reachability

Many software analysis techniques attempt to determine whether bugs are reachable, but for security purpose this is only part of the story as it does not indicate whether the bugs found could be easily triggered by an attacker. The recently introduced notion of robust reachability aims at filling this gap by distinguishing the input controlled by the attacker from those that are not. Yet, this qualitative notion may be too strong in practice, leaving apart bugs which are mostly but not fully replicable. We aim here at proposing a quantitative version of robust reachability, more flexible and still amenable to automation. We propose quantitative robustness, a metric expressing how easily an attacker can trigger a bug while taking into account that he can only influence part of the program input, together with a dedicated quantitative symbolic execution technique (QRSE). Interestingly, QRSE relies on a variant of model counting (namely, functional E-MAJSAT) unseen so far in formal verification, but which has been studied in AI domains such as Bayesian network, knowledge representation and probabilistic planning. Yet, the existing solving methods from these fields turn out to be unsatisfactory for formal verification purpose, leading us to propose a novel parametric method. These results have been implemented and evaluated over two security-relevant case studies, allowing to demonstrate the feasibility and relevance of our ideas

From PNML to counter systems for accelerating Petri Nets with FAST

We use the tool FAST to check parameterized safety properties on Petri nets with a large or infinite state space. Although this tool is not dedicated to Petri nets, it can be used for these as place/transition nets (and some of their extensions) are subcases of FASTinput model. The originality of the tool lies in the use of acceleration techniques in order to compute the exact reachability set for infinite systems. In this paper, we present the automatic transformation of Petri nets written in PNML (Petri Net Markup Language) into counter systems. Then, FAST provides a simple but very powerful language to express complex properties and check these

Get rid of inline assembly through verification-oriented lifting

Formal methods for software development have made great strides in the last two decades, to the point that their application in safety-critical embedded software is an undeniable success. Their extension to non-critical software is one of the notable forthcoming challenges. For example, C programmers regularly use inline assembly for low-level optimizations and system primitives. This usually results in driving state-of-the-art formal analyzers developed for C ineffective. We thus propose TInA, an automated, generic, trustable and verification-oriented lifting technique turning inline assembly into semantically equivalent C code, in order to take advantage of existing C analyzers. Extensive experiments on real-world C code with inline assembly (including GMP and ffmpeg) show the feasibility and benefits of TInA

Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine

Inline assembly is still a common practice in low-level C programming, typically for efficiency reasons or for accessing specific hardware resources. Such embedded assembly codes in the GNU syntax (supported by major compilers such as GCC, Clang and ICC) have an interface specifying how the assembly codes interact with the C environment. For simplicity reasons, the compiler treats GNU inline assembly codes as blackboxes and relies only on their interface to correctly glue them into the compiled C code. Therefore, the adequacy between the assembly chunk and its interface (named compliance) is of primary importance, as such compliance issues can lead to subtle and hard-to-find bugs. We propose RUSTInA, the first automated technique for formally checking inline assembly compliance, with the extra ability to propose (proven) patches and (optimization) refinements in certain cases. RUSTInA is based on an original formalization of the inline assembly compliance problem together with novel dedicated algorithms. Our prototype has been evaluated on 202 Debian packages with inline assembly (2656 chunks), finding 2183 issues in 85 packages -- 986 significant issues in 54 packages (including major projects such as ffmpeg or ALSA), and proposing patches for 92% of them. Currently, 38 patches have already been accepted (solving 156 significant issues), with positive feedback from development teams