Testing static analyzers with randomly generated programs

ManuscriptStatic analyzers should be correct. We used the random C-program generator Csmith, initially intended to test C compilers, to test parts of the Frama-C static analysis platform. Although Frama-C was already relatively mature at that point, fifty bugs were found and fixed during the process, in the front-end (AST elaboration and type-checking) and in the value analysis, constant propagation and slicing plug-ins. Several bugs were also found in Csmith, even though it had been extensively tested and had been used to find numerous bugs in compilers

Fan-C, a Frama-C plug-in for data flow verification

International audienceDO-178B compliant avionics development processes must both define the data and control flows of embedded software at design level, and verify flows are faithfully implemented in the source code. This verification is traditionally performed during dedicated code reviews, but such intellectual activities are costly and error-prone, especially for large and complex software. In this paper, we present the Fan-C plug-in, developed by Airbus on top of the abstract-interpretation-based value and dataflow analyses of the Frama-C platform, in order to automate this verification activity for C avionics software. We therefore describe the Airbus context, the Frama-C platform, its value analysis and related plug-ins, the Fan-C plug-in, and discuss analysis results and ongoing industrial deployment and qualification activities

Machine-checked proofs for cryptographic standards indifferentiability of SPONGE and secure high-assurance implementations of SHA-3

We present a high-assurance and high-speed implementation of the SHA-3 hash function. Our implementation is written in the Jasmin programming language, and is formally verified for functional correctness, provable security and timing attack resistance in the EasyCrypt proof assistant. Our implementation is the first to achieve simultaneously the four desirable properties (efficiency, correctness, provable security, and side-channel protection) for a non-trivial cryptographic primitive.Concretely, our mechanized proofs show that: 1) the SHA-3 hash function is indifferentiable from a random oracle, and thus is resistant against collision, first and second preimage attacks; 2) the SHA-3 hash function is correctly implemented by a vectorized x86 implementation. Furthermore, the implementation is provably protected against timing attacks in an idealized model of timing leaks. The proofs include new EasyCrypt libraries of independent interest for programmable random oracles and modular indifferentiability proofs.This work received support from the National Institute of Standards and Technologies under agreement number 60NANB15D248.This work was partially supported by Office of Naval Research under projects N00014-12-1-0914, N00014-15-1-2750 and N00014-19-1-2292.This work was partially funded by national funds via the Portuguese Foundation for Science and Technology (FCT) in the context of project PTDC/CCI-INF/31698/2017. Manuel Barbosa was supported by grant SFRH/BSAB/143018/2018 awarded by the FCT.This work was supported in part by the National Science Foundation under grant number 1801564.This work was supported in part by the FutureTPM project of the Horizon 2020 Framework Programme of the European Union, under GA number 779391.This work was supported by the ANR Scrypt project, grant number ANR-18-CE25-0014.This work was supported by the ANR TECAP project, grant number ANR-17-CE39-0004-01

Ajout de synchronisme dans les langages fonctionnels fortement typés

PARIS-BIUSJ-Thèses (751052125) / SudocPARIS-BIUSJ-Mathématiques rech (751052111) / SudocSudocFranceF

Result graphs for an abstract interpretation-based static analyzer

International audienceTIS-Analyzer is a static analysis platform based on Frama-C. It integrates C analyzers in a plugin architecture and can be used to soundly detect undened behaviors in C programs. The plugins communicate with each other to increase their precision. The Value analysis plugin uses dataow analysis to produce a sound representation of the memory state at each control point of the program. Its abstract domain allows to represent disjunctions of non-relational value states. Further plugins then use this information to conduct derived analyses (operational inputs, dependencies...) However, the disjunctions alone are not sucient: they do not allow the derived analyses to know which disjuncts of the representation of an abstract state can be reached from each disjunct of the state at the previous statement. We present a representation of the end result of the Value analysis as a graph that renes the program's control ow graph. In this result graph, each separate non-relational abstract state occurring at a particular statement is represented as a distinct node. We argue that this representation is what derived analyses should work on by default. It is also a way to formalize the Value analysis in terms of abstract interpretation. Finally, result graphs are suited for human review and allow users to nd the root cause of alarms raised by the analysis. When implemented naively, the propagation of the disjunctions of abstract states requires a quadratic number of potentially costly inclusion tests between abstract states. We present an ecient algorithm that takes advantage of the hash-consed representation of abstract states as Patricia trees to reduce the cost of testing the inclusion of a state in a set of states to amortized constant time. We also justify the correctness of this algorithm in a more general setting

Lightweight Typed Customizable Unmarshaling

International audience1. Abstract The contribution of this work is threefold. First, we offer an OCaml unmarshaling algorithm that uses a lightweight type-directed de-scription of the expected structure of data to make consistency checks. The second contribution is the opportunity to specify func-tions to be systematically applied on values as they are being un-marshaled. Our third contribution is a type-safe layer for these functions and for the unmarshaling algorithm itself. 2. Description The standard OCaml unmarshaling function is input value: in channel → α. The aforementioned first contribution is a function descr input val with type in channel → descr → α. One value of type descr that can be passed as second argu-ment is Abstract, and then the behavior is exactly identical to input value. The programmer can provide as much information as (s)he wants for the additional consistency checks. For instance, (s)he can pass the value (t array Abstract) to specify that the value being read is an array of undescribed values. Our unmar-shaling algorithm maintains a cursor into the structure description, allowing it to know what the current loaded value should look like

Optimal Inverse Projection of Floating-Point Addition

International audienceIn a setting where we have intervals for the values of floating-point variables x, a, and b, we are interested in improving these intervals when the floating-point equality $x ⊕ a =$b holds. This problem is common in constraint propagation, and called the inverse projection of the addition. It also appears in abstract interpretation for the analysis of programs containing IEEE 754 operations. We propose floating-point theorems that provide optimal bounds for all the intervals. Fast loop-free algorithms compute these optimal bounds using only floating-point computations at the target precision