MemCAD, A Modular Abstract Domain for Reasoning on Memory States

Channel:
Microsoft Research
Subscribers:
344,000
Published on ● Video Link: https://www.youtube.com/watch?v=xb-dRG0Y9YU


Duration: 1:17:21
81 views
0

In this talk, we will present the MemCAD analyzer, which relies on a parametric abstract domain for the static analysis by abstract interpretation of programs which manipulate complex and dynamically allocated data-structures. We will set up the foundations for a family of static analyses to compute an over-approximation of the reachable states of programs using such structures, using modular abstractions, which can be adapted to wide families of programs. Our domain can be parameterized with a set of inductive definitions capturing a set of relevant data-structures and by the choice of an underlying numerical domain. Abstract values can be viewed either as graphs, or as formulas in a subset of separation logic extended with inductive definitions. We will describe the abstraction induced by this domain, and the main static analysis operators. In particular, we will consider the unfolding operator, which allows to refine in a local manner an abstract value, so as to allow precise algorithms for the computation of post-conditions. Then, we will discuss a set of join and widening operators, so as to guarantee the termination of our static analyses. In the second part of the talk, we will consider several applications of our static analysis. We will show how it can be adapted in order to treat in a precise way specific features of programs written in languages which allow low level memory operations, such as the C language. Then, we will focus on the analysis of programs with recursive procedures and we will introduce a powerful widening operator, which is able to infer accurate inductive definitions to be used to summarize the call-stack of a specific program together with the memory. Finally, the last part of this talk will focus on recent work to extend the analysis to embedded softwares, which use a custom allocation inside static blocks, and manages their own dynamic structures inside this scope. The reason for this programming pattern is that dynamic memory allocation should not be used in highly critical avionic softwares. It brings new issues for the verification of software by static analysis, which can be addressed using our modular abstraction.



Other Videos By Microsoft Research


2016-07-28Approximating the Expansion Profile and Almost Optimal Local Graph Clustering
2016-07-28Stochastic Dual Coordinate Ascent and its Proximal Extension for Regularized Loss Minimization
2016-07-28A Practical Approach to Reduce the Power Consumption of LCD Displays
2016-07-28CryptDB: Processing Queries on an Encrypted Database
2016-07-28Performing Time, Space and Light
2016-07-28Probabilistic Methods for Efficient Search & Statistical Learning in Extremely HighDimensional Data
2016-07-28Quantum Computation for Quantum Chemistry: Status, Challenges, and Prospects - Session 4
2016-07-28Quantum Computation for Quantum Chemistry: Status, Challenges, and Prospects - Session 2
2016-07-28Quantum Computation for Quantum Chemistry: Status, Challenges, and Prospects - Session 1
2016-07-28Bug Finding Techniques for Programs with Infinitely Many States
2016-07-28MemCAD, A Modular Abstract Domain for Reasoning on Memory States
2016-07-28Verifying the integrity of peripherals' firmware
2016-07-28Privacy, Audit and Accountability
2016-07-28One Mouse per Child
2016-07-28The Benefits Of Being Out Of Focus: Making the Most of Lens PSF
2016-07-28Algorithms for bipartite matching problems with connections to sparsification and streaming
2016-07-28MIMD on GPU
2016-07-28The Case for Continuous Time
2016-07-28Starfish: A MADDER and Self-tuning System for Big Data Analytics
2016-07-28Spatial Coding for Large-scale Partial-duplicate Image Search
2016-07-28Testing Atomicity of Composed Concurrent Operations & Automatic Fine-Grain Locking


Tags:
microsoft research