Cascade 2.0. C static analysis tool with an SMT backend. Wei Wang, Clark Barrett, Thomas Wies
|
|
- Lillian Bradford
- 6 years ago
- Views:
Transcription
1 Cascade 2.0 C static analysis tool with an SMT backend Wei Wang, Clark Barrett, Thomas Wies
2 htt://cascade.cims.nyu.edu Overview Memory models Flat memory model Burstall memory model Partition memory model Exerimental results Related works Conclusion 2
3 htt://cascade.cims.nyu.edu Cascade is designed to find bugs, esecially memory-related ones, in lowlevel C rograms Proerties checked: Built-in roerties: Invalid memory access: memory access at invalid addresses Invalid memory allocation: if the reuested size of malloc exceeds the size of memory Invalid memory free: free memory via a ointer not returned from malloc User secified roerties 3
4 htt://cascade.cims.nyu.edu Control File C code AST Verification Target Symbolic Executor Verification Reort Abstract Memory Model Abstract Theorem Prover CVC4 Z3 4
5 htt://cascade.cims.nyu.edu Control File C code AST Verification Target Symbolic Executor Verification Reort Abstract Memory Model Abstract Theorem Prover CVC4 Z3 5
6 htt://cascade.cims.nyu.edu Control File C code AST Verification Target Symbolic Executor Verification Reort Abstract Memory Model Abstract Theorem Prover Flat Model Partition Model CVC4 Z3 Burstall Model 6
7 htt://cascade.cims.nyu.edu Overview Memory models Flat memory model Burstall memory model Partition memory model Exerimental results Related works Conclusion 7
8 htt://cascade.cims.nyu.edu Flat memory model The entire memory is treated as a single flat array Naturally suorts C features, including tye-unsafe oerations ointer arithmetic ointer casts union tyes Limitation: scalability 8
9 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); // invalid } & & memory 9
10 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } & & memory 10
11 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) disjoint(a, b) := a + n size[a] b b + n size[b] a non-overflow(a) := a a + n size[a] & & memory 11
12 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) disjoint(a, b) := a + n size[a] b b + n size[b] a non-overflow(a) := a a + n size[a] disjoint(&, ) disjoint(&, &) disjoint(&, ) disjoint(, &) disjoint(, ) disjoint(&, ) non-overflow(&) non-overflow() non-overflow(&) non-overflow() & & memory 12
13 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) disjoint(a, b) := a + n size[a] b b + n size[b] a non-overflow(a) := a a + n size[a] disjoint(&, ) disjoint(&, &) disjoint(&, ) disjoint(, &) disjoint(, ) disjoint(&, ) non-overflow(&) non-overflow() non-overflow(&) non-overflow() & & memory 13
14 htt://cascade.cims.nyu.edu Flat memory model The entire memory is treated as a single flat array Naturally suorts C features, including tye-unsafe oerations ointer arithmetic ointer casts union tyes Limitation: scalability Unordered mode #clauses = O(n 2 ), n is the number of memory blocks 14
15 htt://cascade.cims.nyu.edu Flat memory model The entire memory is treated as a single flat array Naturally suorts C features, including tye-unsafe oerations ointer arithmetic ointer casts union tyes Limitation: scalability Unordered mode #clauses = O(n 2 ), n is the number of memory blocks Ordered mode 15
16 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) & & memory 16
17 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) & & Bottom To Stack à memory ß Hea 17
18 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) below(a, b) := a + n size[a] b non-overflow(a) := a a + n size[a] below(&, &) below(&, ) below(, ) non-overflow() & & Bottom To Stack à memory ß Hea 18
19 htt://cascade.cims.nyu.edu Flat memory model The entire memory is treated as a single flat array Naturally suorts C features, including tye-unsafe oerations ointer arithmetic ointer casts union tyes Limitation: scalability Unordered mode #clauses = O(n 2 ), n is the number of memory blocks Ordered mode #clauses = O(n), n is the number of memory blocks 19
20 htt://cascade.cims.nyu.edu Flat memory model The entire memory is treated as a single flat array Naturally suorts C features, including tye-unsafe oerations ointer arithmetic ointer casts union tyes Limitation: scalability Unordered mode #clauses = O(n 2 ), n is the number of memory blocks Ordered mode #clauses = O(n), n is the number of memory blocks Unsound! 20
21 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void baz() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); assert( > ); // valid } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) & & Bottom To Stack à memory ß Hea 21
22 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void baz() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); assert( > ); // valid ERROR! } & & size sizeof(int*) sizeof(long*) sizeof(int) sizeof(long) & & Bottom To Stack à memory ß Hea 22
23 htt://cascade.cims.nyu.edu Ordered mode vs. Unordered mode 23 NECLA static analysis benchmarks
24 htt://cascade.cims.nyu.edu Overview Memory models Flat memory model Burstall memory model Partition memory model Exerimental results Related Work Conclusion 24
25 htt://cascade.cims.nyu.edu Burstall memory model The memory is slit into disjoint arrays according to tyes Field-sensitive: each struct field is also a uniue tye Assumtions: Objects with distinct tyes won t overla Different fields within a structure won t overla More scalable Only reason about disjointness among objects with the same tye 25
26 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } memory int long int * long * 26
27 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } int memory long int * & long * & 27
28 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void bar() { int * = (int *)malloc(sizeof(int)); assume(!= NULL); long * = (long *)malloc(sizeof(long)); assume(!= NULL); * = 2; * = 4; assert(* == 2); } int memory non-overflow() non-overflow() non-overflow(&) non-overflow(&) long int * & long * & 28
29 htt://cascade.cims.nyu.edu Burstall memory model The memory is slit into disjoint arrays according to tyes Assumtions: Objects with distinct tyes won t overla Different fields within a structure won t overla More scalable Only reason about disjointness among objects with the same tye Limitation: doesn t suort tye-unsafe oerations 29
30 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); è * = 4; = (int *); // ointer cast * = 2; assert(*!= 4); } memory int long 4 int * & long * & 30
31 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); * = 4; è = (int *); // ointer cast * = 2; assert(*!= 4); } memory int long 4 int * & long * & 31
32 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); * = 4; = (int *); // ointer cast è * = 2; assert(*!= 4); } int long 2 4 memory int * & long * & 32
33 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); * = 4; = (int *); // ointer cast * = 2; è assert(*!= 4); // invalid ERROR! } int long 2 4 memory int * & long * & 33
34 htt://cascade.cims.nyu.edu Flat Burstall CBMC LLBMC ESBMC LAV KLEE VCC 1.0 Havoc Corral Caduceus 34
35 htt://cascade.cims.nyu.edu Cascade Memory Models Flat memory model Burstall memory model Partition memory model Exerimental results Related works Conclusion 35
36 htt://cascade.cims.nyu.edu Motivation: a new memory model that easily scales u suorts tye-unsafe C oerations 36
37 htt://cascade.cims.nyu.edu Motivation: a new memory model that easily scales u slit suorts tye-unsafe C oerations 37
38 htt://cascade.cims.nyu.edu Motivation: a new memory model that easily scales u slit suorts tye-unsafe C oerations a new way to slit 38
39 htt://cascade.cims.nyu.edu Motivation: a new memory model that easily scales u slit suorts tye-unsafe C oerations a new way to slit Aroach: Slits the memory according to the alias information Each maximal set of locations that may alias is groued into one array Uses ointer analysis to comute the alias information 39
40 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); * = 4; = (int *); // ointer alias * = 2; assert(*!= 4); } & & 40
41 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { è assume(!= NULL!= NULL); * = 4; = (int *); // ointer alias * = 2; assert(*!= 4); } memory & & & (, ) & 41
42 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); è * = 4; = (int *); // ointer alias * = 2; assert(*!= 4); } memory & & & (, ) 4 & 42
43 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); * = 4; è = (int *); // ointer alias * = 2; assert(*!= 4); } memory & & & & (, ) 4 43
44 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); * = 4; = (int *); // ointer alias è * = 2; assert(*!= 4); } memory & & & & (, ) 2 44
45 htt://cascade.cims.nyu.edu #define NULL (void *) 0 void ux(long *, int *) { assume(!= NULL!= NULL); * = 4; = (int *); // ointer alias * = 2; è assert(*!= 4); // valid } memory & & & & (, ) 2 45
46 htt://cascade.cims.nyu.edu Partition memory model Pre-rocessing Emloys Steensgaards unification-based ointer analysis Finds all the alias grous of ointers The memory is slit into multile arrays according to alias grous #arrays is bounded by #variables in the source code Scoe-sensitive otimization often destroys the arrays that contain variables no longer valid in current scoe Alies to both unordered and ordered modes 46
47 htt://cascade.cims.nyu.edu Overview Memory models Flat memory model Burstall memory model Partition memory model Exerimental results Related works Conclusion 47
48 htt://cascade.cims.nyu.edu Partition model vs. Flat model (unordered) 48 NECLA static analysis benchmarks
49 htt://cascade.cims.nyu.edu Partition model vs. Flat model (ordered) 49 NECLA static analysis benchmarks
50 htt://cascade.cims.nyu.edu Partition model vs. Burstall model 50 NECLA static analysis benchmarks
51 htt://cascade.cims.nyu.edu Overview Memory models Flat memory model Burstall memory model Partition memory model Exerimental results Related works Conclusion 51
52 htt://cascade.cims.nyu.edu SMACK [Rakamarić and Hu, 09] Tye unification strategy Uses Burstall model as initial memory model For tye-unsafe oerations, unifies the tyes involved Frama-C [P. Cuo, et al. 12] Suorts multile memory models: Hoare, store(burstall), and runtime(flat) Otimization: mixed model of Hoare (non-ointers) and Flat (ointers) VCC [Cohen, et al. 09] A tyed memory model for C Maintains a set of valid ointers that oint to disjoint regions Switch between Flat and Burstall models, for tye-unsafe oerations 52
53 htt://cascade.cims.nyu.edu Overview Memory models Flat memory model Burstall memory model Partition memory model Exerimental results Related works Conclusion 53
54 htt://cascade.cims.nyu.edu Cascade 2.0 Suorts multile memory models to balance the tradeoff between efficiency and recision Flat model (unordered and ordered modes) Burstall model Partition model (default) Future work To use more recise ointer analysis algorithms to get more fine-grained artition To suort rocedure contracts that enable local reasoning 54
Partitioned Memory Models for Program Analysis
Partitioned Memory Models for Program Analysis Wei Wang 1 Clark Barrett 2 Thomas Wies 3 1 Google 2 Stanford University 3 New York University January 13, 2017 Wei Wang Partitioned Memory Models January
More informationA Context-Sensitive Memory Model for Verification of C/C++ Programs
A Context-Sensitive Memory Model for Verification of C/C++ Programs Arie Gurfinkel and Jorge A. Navas University of Waterloo and SRI International SAS 17, August 30th, 2017 Gurfinkel and Navas (UWaterloo/SRI)
More informationStorage Allocation CSE 143. Pointers, Arrays, and Dynamic Storage Allocation. Pointer Variables. Pointers: Review. Pointers and Types
CSE 143 Pointers, Arrays, and Dynamic Storage Allocation [Chater 4,. 148-157, 172-177] Storage Allocation Storage (memory) is a linear array of cells (bytes) Objects of different tyes often reuire differing
More information14. Memory API. Operating System: Three Easy Pieces
14. Memory API Oerating System: Three Easy Pieces 1 Memory API: malloc() #include void* malloc(size_t size) Allocate a memory region on the hea. w Argument size_t size : size of the memory block(in
More informationPartitioned Memory Models for Program Analysis
Partitioned Memory Models for Program Analysis Wei Wang 1, Clark Barrett 2, and Thomas Wies 1 1 New York University 2 Stanford University Abstract. Scalability is a key challenge in static analysis. For
More informationSimple example. Analysis of programs with pointers. Points-to relation. Program model. Points-to graph. Ordering on points-to relation
Simle eamle Analsis of rograms with ointers := 5 tr := @ *tr := 9 := rogram S1 S2 S3 S4 deendences What are the deendences in this rogram? Problem: just looking at variable names will not give ou the correct
More informationAn Efficient Coding Method for Coding Region-of-Interest Locations in AVS2
An Efficient Coding Method for Coding Region-of-Interest Locations in AVS2 Mingliang Chen 1, Weiyao Lin 1*, Xiaozhen Zheng 2 1 Deartment of Electronic Engineering, Shanghai Jiao Tong University, China
More informationPointer Analysis. What is Points-to Analysis? Outline. What is Points-to Analysis? What is Points-to Analysis? What is Pointer Analysis? Rupesh Nasre.
Pointer Analysis What is? Ruesh Nasre. CS6843 Analysis IIT Madras Jan 2016 = a; if ( == *) { } else { } a oints to x 4 Outline What is? Introduction Pointer analysis as a DFA rolem Design decisions analysis,
More informationMEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING Herbert Rocha, Raimundo Barreto,
More informationWho. Winter Compiler Construction Generic compiler structure. Mailing list and forum. IC compiler. How
Winter 2007-2008 Comiler Construction 0368-3133 Mooly Sagiv and Roman Manevich School of Comuter Science Tel-Aviv University Who Roman Manevich Schreiber Oen-sace (basement) Tel: 640-5358 rumster@ost.tau.ac.il
More informationLinear Data Structure Linked List
. Definition. Reresenting List in C. Imlementing the oerations a. Inserting a node b. Deleting a node c. List Traversal. Linked imlementation of Stack 5. Linked imlementation of Queue 6. Circular List
More informationShuigeng Zhou. May 18, 2016 School of Computer Science Fudan University
Query Processing Shuigeng Zhou May 18, 2016 School of Comuter Science Fudan University Overview Outline Measures of Query Cost Selection Oeration Sorting Join Oeration Other Oerations Evaluation of Exressions
More informationThe Spatial Skyline Queries
Coffee sho The Satial Skyline Queries Mehdi Sharifzadeh and Cyrus Shahabi VLDB 006 Presented by Ali Khodaei Coffee sho Three friends Coffee sho Three friends Don t choose this lace is closer to each three
More informationIdentity-sensitive Points-to Analysis for the Dynamic Behavior of JavaScript Objects
Identity-sensitive Points-to Analysis for the Dynamic Behavior of JavaScrit Objects Shiyi Wei and Barbara G. Ryder Deartment of Comuter Science, Virginia Tech, Blacksburg, VA, USA. {wei,ryder}@cs.vt.edu
More informationCS 1613 Lecture 24. Figure 1. Program p01.
Consider a rogram that is required to find all values larger than the average in a list of integers. The list is stored in a file. The rogram must read and store the list to fulfill its requirement. The
More informationsearch(i): Returns an element in the data structure associated with key i
CS161 Lecture 7 inary Search Trees Scribes: Ilan Goodman, Vishnu Sundaresan (2015), Date: October 17, 2017 Virginia Williams (2016), and Wilbur Yang (2016), G. Valiant Adated From Virginia Williams lecture
More informationLecture06: Pointers 4/1/2013
Lecture06: Pointers 4/1/2013 Slides modified from Yin Lou, Cornell CS2022: Introduction to C 1 Pointers A ointer is a variable that contains the (memory) address of another variable What is a memory address?
More informationExample: Runtime Memory Allocation: Example: Dynamical Memory Allocation: Some Comments: Allocate and free dynamic memory
Runtime Memory Allocation: Examle: All external and static variables Global systemcontrol Suose we want to design a rogram for handling student information: tyedef struct { All dynamically allocated variables
More informationHeap Arrays and Linked Lists. Steven R. Bagley
Heap Arrays and Linked Lists Steven R. Bagley Recap Data is stored in variables Can be accessed by the variable name Or in an array, accessed by name and index Variables and arrays have a type Create our
More informationEfficient Parallel Hierarchical Clustering
Efficient Parallel Hierarchical Clustering Manoranjan Dash 1,SimonaPetrutiu, and Peter Scheuermann 1 Deartment of Information Systems, School of Comuter Engineering, Nanyang Technological University, Singaore
More informationEfficient Processing of Top-k Dominating Queries on Multi-Dimensional Data
Efficient Processing of To-k Dominating Queries on Multi-Dimensional Data Man Lung Yiu Deartment of Comuter Science Aalborg University DK-922 Aalborg, Denmark mly@cs.aau.dk Nikos Mamoulis Deartment of
More informationESBMC 1.22 (Competition Contribution) Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer
ESBMC 1.22 (Competition Contribution) Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer ESBMC: SMT-based BMC of single- and multi-threaded software exploits SMT solvers and their
More informationOptimizing Dynamic Memory Management!
Otimizing Dynamic Memory Management! 1 Goals of this Lecture! Hel you learn about:" Details of K&R hea mgr" Hea mgr otimizations related to Assignment #6" Faster free() via doubly-linked list, redundant
More informationPrivacy Preserving Moving KNN Queries
Privacy Preserving Moving KNN Queries arxiv:4.76v [cs.db] 4 Ar Tanzima Hashem Lars Kulik Rui Zhang National ICT Australia, Deartment of Comuter Science and Software Engineering University of Melbourne,
More informationAnnouncements. assign0 due tonight. Labs start this week. No late submissions. Very helpful for assign1
Announcements assign due tonight No late submissions Labs start this week Very helpful for assign1 Goals for Today Pointer operators Allocating memory in the heap malloc and free Arrays and pointer arithmetic
More information15. Address Translation
15. Address Translation Oerating System: Three Easy Pieces AOS@UC 1 Memory Virtualizing with Efficiency and Control Memory virtualizing takes a similar strategy known as limited direct execution(lde) for
More informationMulticast in Wormhole-Switched Torus Networks using Edge-Disjoint Spanning Trees 1
Multicast in Wormhole-Switched Torus Networks using Edge-Disjoint Sanning Trees 1 Honge Wang y and Douglas M. Blough z y Myricom Inc., 325 N. Santa Anita Ave., Arcadia, CA 916, z School of Electrical and
More information! A data structure representing a list. ! A series of nodes chained together in sequence. ! A separate pointer (the head) points to the first
Ch. 17: Linked Lists 17.1 Introduction to Linked Lists! A data structure reresenting a list! A series of nodes chained together in sequence CS 2308 Sring 2015 Jill Seaman - Each node oints to one other
More informationPointers (1A) Young Won Lim 12/4/17
Pointers (1A) Coyright (c) 2010-2017 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version
More informationPointers and Memory Allocation p. 1. Brooklyn College. Michael Lampis. CISC 3130 Notes. Pointers and Memory Allocation
Pointers and Memory Allocation CISC 3130 Notes Michael Lamis mlamis@cs.ntua.gr Brooklyn College Pointers and Memory Allocation. 1 int x; Pointers x Pointers and Memory Allocation. 2 Pointers int x; int
More information10. Parallel Methods for Data Sorting
10. Parallel Methods for Data Sorting 10. Parallel Methods for Data Sorting... 1 10.1. Parallelizing Princiles... 10.. Scaling Parallel Comutations... 10.3. Bubble Sort...3 10.3.1. Sequential Algorithm...3
More informationLecture 20 Pointer Analysis
Lecture 20 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis (Slide content courtesy of Greg Steffan, U. of Toronto) 15-745:
More informationUsing Standard AADL for COMPASS
Using Standard AADL for COMPASS (noll@cs.rwth-aachen.de) AADL Standards Meeting Aachen, Germany; July 5 8, 06 Overview Introduction SLIM Language Udates COMPASS Develoment Roadma Fault Injections Parametric
More informationIn Java we have the keyword null, which is the value of an uninitialized reference type
+ More on Pointers + Null pointers In Java we have the keyword null, which is the value of an uninitialized reference type In C we sometimes use NULL, but its just a macro for the integer 0 Pointers are
More informationSubmission. Verifying Properties Using Sequential ATPG
Verifying Proerties Using Sequential ATPG Jacob A. Abraham and Vivekananda M. Vedula Comuter Engineering Research Center The University of Texas at Austin Austin, TX 78712 jaa, vivek @cerc.utexas.edu Daniel
More informationVERIFYING CONCURRENT C PROGRAMS WITH VCC, BOOGIE AND Z3
VERIFYING CONCURRENT C PROGRAMS WITH VCC, BOOGIE AND Z3 VCC VCC stands for Verifying C Compiler developed in cooperation between RiSE group at MSR Redmond and EMIC a sound C verifier supporting: concurrency
More informationThe Low-Level Bounded Model Checker LLBMC
The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Carsten Sinz Stephan Falke Florian Merz October 7, 2010 VERIFICATION MEETS ALGORITHM ENGINEERING KIT University of the State of
More informationTo appear in IEEE TKDE Title: Efficient Skyline and Top-k Retrieval in Subspaces Keywords: Skyline, Top-k, Subspace, B-tree
To aear in IEEE TKDE Title: Efficient Skyline and To-k Retrieval in Subsaces Keywords: Skyline, To-k, Subsace, B-tree Contact Author: Yufei Tao (taoyf@cse.cuhk.edu.hk) Deartment of Comuter Science and
More informationAn Indexing Framework for Structured P2P Systems
An Indexing Framework for Structured P2P Systems Adina Crainiceanu Prakash Linga Ashwin Machanavajjhala Johannes Gehrke Carl Lagoze Jayavel Shanmugasundaram Deartment of Comuter Science, Cornell University
More informationApplications of Pointers (1A) Young Won Lim 3/31/18
(1A) Coyright (c) 2010-2018 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version ublished
More informationEquality-Based Translation Validator for LLVM
Equality-Based Translation Validator for LLVM Michael Ste, Ross Tate, and Sorin Lerner University of California, San Diego {mste,rtate,lerner@cs.ucsd.edu Abstract. We udated our Peggy tool, reviously resented
More informationSource-to-Source Code Generation Based on Pattern Matching and Dynamic Programming
Source-to-Source Code Generation Based on Pattern Matching and Dynamic Programming Weimin Chen, Volker Turau TR-93-047 August, 1993 Abstract This aer introduces a new technique for source-to-source code
More informationCross products. p 2 p. p p1 p2. p 1. Line segments The convex combination of two distinct points p1 ( x1, such that for some real number with 0 1,
CHAPTER 33 Comutational Geometry Is the branch of comuter science that studies algorithms for solving geometric roblems. Has alications in many fields, including comuter grahics robotics, VLSI design comuter
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationHeap Arrays. Steven R. Bagley
Heap Arrays Steven R. Bagley Recap Data is stored in variables Can be accessed by the variable name Or in an array, accessed by name and index a[42] = 35; Variables and arrays have a type int, char, double,
More informationCMPE-013/L. Introduction to C Programming
CMPE-013/L Introduction to C Programming Gabriel Hugh Elkaim Winter 2015 and memory Pointer/array equivalency Pointer arithmetic and the stack and strings Arrays of ointers 1 Syntax tye *trname; How to
More informationData Types (cont.) Subset. subtype in Ada. Powerset. set of in Pascal. implementations. CSE 3302 Programming Languages 10/1/2007
CSE 3302 Programming Languages Data Types (cont.) Chengkai Li Fall 2007 Subset U = { v v satisfies certain conditions and v V} Ada subtype Example 1 type Digit_Type is range 0..9; subtype IntDigit_Type
More informationSingle character type identification
Single character tye identification Yefeng Zheng*, Changsong Liu, Xiaoqing Ding Deartment of Electronic Engineering, Tsinghua University Beijing 100084, P.R. China ABSTRACT Different character recognition
More information6. Mechanism: Limited Direct Execution
6. Mechanism: Limited Direct Execution Oerating System: Three Easy Pieces AOS@UC 1 How to efficiently virtualize the CPU with control? The OS needs to share the hysical CPU by time sharing. Issue w Performance:
More informationA Survey on Formal Verification Techniques for Safety-Critical Systems-on-Chip
electronics Review A Survey on Formal Verification Techniques for Safety-Critical Systems-on-Chi Tomás Grimm 1, * ID, Djones Lettnin 2 and Michael Hübner 1 1 Chair of Embedded Systems for Information Technology,
More information33. Event-based Concurrency
33. Event-based Concurrency Oerating System: Three Easy Pieces AOS@UC 1 Event-based Concurrency A different style of concurrent rogramming without threads w Used in GUI-based alications, some tyes of internet
More informationDefinition. Pointers. Outline. Why pointers? Definition. Memory Organization Overview. by Ziad Kobti. Definition. Pointers enable programmers to:
Pointers by Ziad Kobti Deinition When you declare a variable o any tye, say: int = ; The system will automatically allocated the required memory sace in a seciic location (tained by the system) to store
More informationApplications of Pointers (1A) Young Won Lim 4/11/18
(1A) Coyright (c) 2010-2018 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version ublished
More informationLecture 14 Pointer Analysis
Lecture 14 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis [ALSU 12.4, 12.6-12.7] Phillip B. Gibbons 15-745: Pointer Analysis
More informationPointers (1A) Young Won Lim 10/18/17
Pointers (1A) Coyright (c) 2010-2013 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version
More informationClasses. Code Generation for Objects. Compiling Methods. Dynamic Dispatch. The Need for Dispatching CS412/CS413
Classes CS4/CS43 Introduction to Comilers Tim Teitelbaum Lecture : Imlementing Objects 8 March 5 Comonents ields/instance variables values ma dier rom object to object usuall mutable methods values shared
More informationData Representation and Storage
Data Representation and Storage Learning Objectives Define the following terms (with respect to C): Object Declaration Definition Alias Fundamental type Derived type Use size_t, ssize_t appropriately Use
More informationMulti-robot SLAM with Unknown Initial Correspondence: The Robot Rendezvous Case
Multi-robot SLAM with Unknown Initial Corresondence: The Robot Rendezvous Case Xun S. Zhou and Stergios I. Roumeliotis Deartment of Comuter Science & Engineering, University of Minnesota, Minneaolis, MN
More informationLecture 27. Pros and Cons of Pointers. Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis
Pros and Cons of Pointers Lecture 27 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis Many procedural languages have pointers
More informationRandomized algorithms: Two examples and Yao s Minimax Principle
Randomized algorithms: Two examles and Yao s Minimax Princile Maximum Satisfiability Consider the roblem Maximum Satisfiability (MAX-SAT). Bring your knowledge u-to-date on the Satisfiability roblem. Maximum
More informationContinuous Visible k Nearest Neighbor Query on Moving Objects
Continuous Visible k Nearest Neighbor Query on Moving Objects Yaniu Wang a, Rui Zhang b, Chuanfei Xu a, Jianzhong Qi b, Yu Gu a, Ge Yu a, a Deartment of Comuter Software and Theory, Northeastern University,
More informationJ. Parallel Distrib. Comput.
J. Parallel Distrib. Comut. 71 (2011) 288 301 Contents lists available at ScienceDirect J. Parallel Distrib. Comut. journal homeage: www.elsevier.com/locate/jdc Quality of security adatation in arallel
More informationMining Association rules with Dynamic and Collective Support Thresholds
Mining Association rules with Dynamic and Collective Suort Thresholds C S Kanimozhi Selvi and A Tamilarasi Abstract Mining association rules is an imortant task in data mining. It discovers the hidden,
More informationThe SMT-LIB 2 Standard: Overview and Proposed New Theories
1 / 23 The SMT-LIB 2 Standard: Overview and Proposed New Theories Philipp Rümmer Oxford University Computing Laboratory philr@comlab.ox.ac.uk Third Workshop on Formal and Automated Theorem Proving and
More informationProgram Verification (6EC version only)
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language
More informationS16-02, URL:
Self Introduction A/Prof ay Seng Chuan el: Email: scitaysc@nus.edu.sg Office: S-0, Dean s s Office at Level URL: htt://www.hysics.nus.edu.sg/~hytaysc I was a rogrammer from to. I have been working in NUS
More informationPointers (1A) Young Won Lim 10/23/17
Pointers (1A) Coyright (c) 2010-2013 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version
More informationThe Anubis Service. Paul Murray Internet Systems and Storage Laboratory HP Laboratories Bristol HPL June 8, 2005*
The Anubis Service Paul Murray Internet Systems and Storage Laboratory HP Laboratories Bristol HPL-2005-72 June 8, 2005* timed model, state monitoring, failure detection, network artition Anubis is a fully
More informationAUTOMATIC EXTRACTION OF BUILDING OUTLINE FROM HIGH RESOLUTION AERIAL IMAGERY
AUTOMATIC EXTRACTION OF BUILDING OUTLINE FROM HIGH RESOLUTION AERIAL IMAGERY Yandong Wang EagleView Technology Cor. 5 Methodist Hill Dr., Rochester, NY 1463, the United States yandong.wang@ictometry.com
More informationApplications of Pointers (1A) Young Won Lim 2/27/18
Alications of (1A) Coyright (c) 2010-2018 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later
More informationCS11001/CS11002 Programming and Data Structures (PDS) (Theory: 3-1-0) Allocating Space
CS11001/CS11002 Programming and Data Structures (PDS) (Theory: 3-1-0) Allocating Space Dynamic Memory Allocation All variables, arrays, structures and unions that we worked with so far are statically allocated,
More information10 File System Mass Storage Structure Mass Storage Systems Mass Storage Structure Mass Storage Structure FILE SYSTEM 1
10 File System 1 We will examine this chater in three subtitles: Mass Storage Systems OERATING SYSTEMS FILE SYSTEM 1 File System Interface File System Imlementation 10.1.1 Mass Storage Structure 3 2 10.1
More informationLecture 16 Pointer Analysis
Pros and Cons of Pointers Lecture 16 Pointer Analysis Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis Many procedural languages have pointers
More informationLecture 8: Orthogonal Range Searching
CPS234 Comutational Geometry Setember 22nd, 2005 Lecture 8: Orthogonal Range Searching Lecturer: Pankaj K. Agarwal Scribe: Mason F. Matthews 8.1 Range Searching The general roblem of range searching is
More informationSystem Assertions. Andreas Zeller
System Assertions Andreas Zeller System Invariants Some properties of a program must hold over the entire run: must not access data of other processes must handle mathematical exceptions must not exceed
More informationComplexity Issues on Designing Tridiagonal Solvers on 2-Dimensional Mesh Interconnection Networks
Journal of Comuting and Information Technology - CIT 8, 2000, 1, 1 12 1 Comlexity Issues on Designing Tridiagonal Solvers on 2-Dimensional Mesh Interconnection Networks Eunice E. Santos Deartment of Electrical
More informationData Representation and Storage. Some definitions (in C)
Data Representation and Storage Learning Objectives Define the following terms (with respect to C): Object Declaration Definition Alias Fundamental type Derived type Use pointer arithmetic correctly Explain
More informationPractical introduction to Frama-C (without Mathematical notations ;-) )
Practical introduction to Frama-C (without Mathematical notations ;-) ) David MENTRÉ Using content of Jochen Burghardt (Fraunhofer First), Virgile Prevosto (CEA), Julien Signoles
More informationApplications of Pointers (1A) Young Won Lim 3/21/18
(1A) Coyright (c) 2010-2018 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version ublished
More informationSMT-Based Bounded Model Checking for Embedded ANSI-C Software. Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva
SMT-Based Bounded Model Checking for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given
More informationApplications of Pointers (1A) Young Won Lim 3/14/18
(1A) Coyright (c) 2010-2018 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version ublished
More informationApplications of Pointers (1A) Young Won Lim 1/5/18
Alications of (1A) Coyright (c) 2010-2017 Young W. Lim. Permission is granted to coy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later
More informationSpace-efficient Region Filling in Raster Graphics
"The Visual Comuter: An International Journal of Comuter Grahics" (submitted July 13, 1992; revised December 7, 1992; acceted in Aril 16, 1993) Sace-efficient Region Filling in Raster Grahics Dominik Henrich
More informationDynamic Allocation in C
Dynamic Allocation in C C Pointers and Arrays 1 The previous examples involved only targets that were declared as local variables. For serious development, we must also be able to create variables dynamically,
More informationSage Document Management Version 17.1
Sage Document Management Version 17.1 User's Guide This is a ublication of Sage Software, Inc. 2017 The Sage Grou lc or its licensors. All rights reserved. Sage, Sage logos, and Sage roduct and service
More informationPointers, Dynamic Data, and Reference Types
Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation The new operator The delete operator Dynamic Memory Allocation for Arrays 1 C++ Data Types simple
More informationIntroduction to Parallel Algorithms
CS 1762 Fall, 2011 1 Introduction to Parallel Algorithms Introduction to Parallel Algorithms ECE 1762 Algorithms and Data Structures Fall Semester, 2011 1 Preliminaries Since the early 1990s, there has
More informationFrom Design to Production
From Design to Production An integrated approach Paolo Fabbri Senior Engineer 2014 The MathWorks, Inc. 1 Do you know what it is? Requirements System Test Functional Spec Integration Test Detailed Design
More informationFast Distributed Process Creation with the XMOS XS1 Architecture
Communicating Process Architectures 20 P.H. Welch et al. (Eds.) IOS Press, 20 c 20 The authors and IOS Press. All rights reserved. Fast Distributed Process Creation with the XMOS XS Architecture James
More informationRange Searching. Data structure for a set of objects (points, rectangles, polygons) for efficient range queries.
Range Searching Data structure for a set of objects (oints, rectangles, olygons) for efficient range queries. Y Q Deends on tye of objects and queries. Consider basic data structures with broad alicability.
More informationBOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH
BOOGIE A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH Presentation by Itsik Hefez Introduction Boogie is an intermediate verification language, intended as a layer on which
More informationCross products Line segments The convex combination of two distinct points p
CHAPTER Comutational Geometry Is the branch of comuter science that studies algorithms for solving geometric roblems. Has alications in many fields, including comuter grahics robotics, VLSI design comuter
More informationStatic Program Analysis Part 9 pointer analysis. Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University
Static Program Analysis Part 9 pointer analysis Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Agenda Introduction to points-to analysis Andersen s analysis Steensgaards s
More informationWhy. an intermediate language for deductive program verification
Why an intermediate language for deductive program verification Jean-Christophe Filliâtre CNRS Orsay, France AFM workshop Grenoble, June 27, 2009 Jean-Christophe Filliâtre Why tutorial AFM 09 1 / 56 Motivations
More informationThe Spatial Skyline Queries
The Satial Skyline Queries Mehdi Sharifzadeh Comuter Science Deartment University of Southern California Los Angeles, CA 90089-078 sharifza@usc.edu Cyrus Shahabi Comuter Science Deartment University of
More informationSensitivity Analysis for an Optimal Routing Policy in an Ad Hoc Wireless Network
1 Sensitivity Analysis for an Otimal Routing Policy in an Ad Hoc Wireless Network Tara Javidi and Demosthenis Teneketzis Deartment of Electrical Engineering and Comuter Science University of Michigan Ann
More informationarxiv: v1 [cs.dc] 13 Nov 2018
Task Grah Transformations for Latency Tolerance arxiv:1811.05077v1 [cs.dc] 13 Nov 2018 Victor Eijkhout November 14, 2018 Abstract The Integrative Model for Parallelism (IMP) derives a task grah from a
More informationBlind Separation of Permuted Alias Image Base on Four-phase-difference and Differential Evolution
Sensors & Transducers, Vol. 63, Issue, January 204,. 90-95 Sensors & Transducers 204 by IFSA Publishing, S. L. htt://www.sensorsortal.com lind Searation of Permuted Alias Image ase on Four-hase-difference
More informationA DEA-bases Approach for Multi-objective Design of Attribute Acceptance Sampling Plans
Available online at htt://ijdea.srbiau.ac.ir Int. J. Data Enveloment Analysis (ISSN 2345-458X) Vol.5, No.2, Year 2017 Article ID IJDEA-00422, 12 ages Research Article International Journal of Data Enveloment
More informationSPITFIRE: Scalable Parallel Algorithms for Test Set Partitioned Fault Simulation
To aear in IEEE VLSI Test Symosium, 1997 SITFIRE: Scalable arallel Algorithms for Test Set artitioned Fault Simulation Dili Krishnaswamy y Elizabeth M. Rudnick y Janak H. atel y rithviraj Banerjee z y
More information