15 research outputs found
IST Austria Thesis
In this thesis we present a computer-aided programming approach to concurrency. Our approach helps the programmer by automatically fixing concurrency-related bugs, i.e. bugs that occur when the program is executed using an aggressive preemptive scheduler, but not when using a non-preemptive (cooperative) scheduler. Bugs are program behaviours that are incorrect w.r.t. a specification. We consider both user-provided explicit specifications in the form of assertion
statements in the code as well as an implicit specification. The implicit specification is inferred from the non-preemptive behaviour. Let us consider sequences of calls that the program makes to an external interface. The implicit specification requires that any such sequence produced under a preemptive scheduler should be included in the set of sequences produced under a non-preemptive scheduler. We consider several semantics-preserving fixes that go beyond atomic sections typically explored in the synchronisation synthesis literature. Our synthesis is able to place locks, barriers and wait-signal statements and last, but not least reorder independent statements. The latter may be useful if a thread is released to early, e.g., before some initialisation is completed. We guarantee that our synthesis does not introduce deadlocks and that the synchronisation inserted is optimal w.r.t. a given objective function. We dub our solution trace-based synchronisation synthesis and it is loosely based on counterexample-guided inductive synthesis (CEGIS). The synthesis works by discovering a trace that is incorrect w.r.t. the specification and identifying ordering constraints crucial to trigger the specification violation. Synchronisation may be placed immediately (greedy approach) or delayed until all incorrect traces are found (non-greedy approach). For the non-greedy approach we construct a set of global constraints over synchronisation placements. Each model of the global constraints set corresponds to a correctness-ensuring synchronisation placement. The placement that is optimal w.r.t. the given objective function is chosen as the synchronisation solution. We evaluate our approach on a number of realistic (albeit simplified) Linux device-driver
benchmarks. The benchmarks are versions of the drivers with known concurrency-related bugs. For the experiments with an explicit specification we added assertions that would detect the bugs in the experiments. Device drivers lend themselves to implicit specification, where the device and the operating system are the external interfaces. Our experiments demonstrate that our synthesis method is precise and efficient. We implemented objective functions for coarse-grained and fine-grained locking and observed that different synchronisation placements are produced for our experiments, favouring e.g. a minimal number of synchronisation operations or maximum concurrency
Regression-free Synthesis for Concurrency
While fixing concurrency bugs, program repair algorithms may introduce new
concurrency bugs. We present an algorithm that avoids such regressions. The
solution space is given by a set of program transformations we consider in for
repair process. These include reordering of instructions within a thread and
inserting atomic sections. The new algorithm learns a constraint on the space
of candidate solutions, from both positive examples (error-free traces) and
counterexamples (error traces). From each counterexample, the algorithm learns
a constraint necessary to remove the errors. From each positive examples, it
learns a constraint that is necessary in order to prevent the repair from
turning the trace into an error trace. We implemented the algorithm and
evaluated it on simplified Linux device drivers with known bugs.Comment: for source code see https://github.com/thorstent/ConRepai
Attribute Repair for Threat Prevention
We propose a model-based procedure for preventing security
threats using formal models. We encode system models and threats as
satisfiability modulo theory (SMT) formulas. This model allows us to ask
security questions as satisfiability queries. We formulate threat preven-
tion as an optimization problem over the same formulas. The outcome
of our threat prevention procedure is a suggestion of model attribute
repair that eliminates threats. We implement our approach using the
state-of-the-art Z3 SMT solver and interface it with the threat analysis
tool THREATGET. We demonstrate the value of our procedure in two
case studies from automotive and smart home domains
Threat Repair with Optimization Modulo Theories
We propose a model-based procedure for automatically preventing security
threats using formal models. We encode system models and potential threats as
satisfiability modulo theory (SMT) formulas. This model allows us to ask
security questions as satisfiability queries. We formulate threat prevention as
an optimization problem over the same formulas. The outcome of our threat
prevention procedure is a suggestion of model attribute repair that eliminates
threats. Whenever threat prevention fails, we automatically explain why the
threat happens. We implement our approach using the state-of-the-art Z3 SMT
solver and interface it with the threat analysis tool THREATGET. We demonstrate
the value of our procedure in two case studies from automotive and smart home
domains, including an industrial-strength example
Automatically verifying typing constraints for a data processing language
Abstract. In this paper we present a new technique for automatically verifying typing constraints in the setting of a first-order data processing language with refinement types and dynamic type-tests. We achieve this by translating programs into a standard while language and then using a general-purpose verification tool. Our translation generates assertions in the while program that faithfully represent the sophisticated typing constraints in the original program. We use a generic verification condition generator together with an SMT solver to prove statically that these assertions succeed in all executions. We formalise our translation algorithm using an interactive theorem prover and provide a machine-checkable proof of its soundness. We provide a prototype implementation using Boogie and Z3 that can already be used to efficiently verify a large number of test programs.