Bit level types for high level reasoning

Conference Paper · January 2006with17 Reads
DOI: 10.1145/1181775.1181791 · Source: DBLP
Conference: Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2006, Portland, Oregon, USA, November 5-11, 2006
Bitwise operations are commonly used in low-level systems code to access multiple data fields that have been packed into a single word. Program analysis tools that reason about such programs must model the semantics of bitwise opera- tions precisely in order to capture program control and data flow through these operations. We present a type system for subword data structures that explitictly tracks the flow of bit values in the program and identifies consecutive sections of bits as logical entities manipulated atomically by the pro- grammer. Our type inference algorithm tags each integer value of the program with a bitvector type that identifies the data layout at the subword level. These types are used in a translation phase to remove bitwise operations from the pro- gram, thereby allowing verification engines to avoid the ex- pensive low-level reasoning required for analyzing bitvector operations. We have used a software model checker to check properties of translated versions of a Linux device driver and a memory protection system. The resulting verifica- tion runs could prove many more properties than the naive model checker that did not reason about bitvectors, and could prove properties much faster than a model checker that did reason about bitvectors. We have also applied our bitvector type inference algorithm to generate program doc- umentation for a virtual memory subsystem of an OS kernel. While we have applied the type system mainly for program understanding and verification, bitvector types also have ap- plications to better variable ordering heuristics in boolean model checking and memory optimizations in compilers for embedded software.
    • Bit-level Type Inference. We applied DSOLVE to verify an implementation of a graph-based algorithm for inferring bit-level types from the bit-level operations of a C program [12]. The bit-level types are represented as a sequence of blocks, each of which is represented as a node in a graph.
    [Show abstract] [Hide abstract] ABSTRACT: We present a refinement type-based approach for the static verification of complex data structure invariants. Our approach is based on the observation that complex data structures are typically fashioned from two elements: recursion (e.g., lists and trees), and maps (e.g., arrays and hash tables). We introduce two novel type-based mechanisms targeted towards these elements: recursive refinements and polymorphic refinements. These mechanisms automate the challenging work of generalizing and instantiating rich universal invariants by piggybacking simple refinement predicates on top of types, and carefully dividing the labor of analysis between the type system and an SMT solver. Further, the mechanisms permit the use of the abstract interpretation framework of liquid type inference to automatically synthesize complex invariants from simple logical qualifiers, thereby almost completely automating the verification. We have implemented our approach in dsolve, which uses liquid types to verify ocaml programs. We present experiments that show that our type-based approach reduces the manual annotation required to verify complex properties like sortedness, balancedness, binary-search-ordering, and acyclicity by more than an order of magnitude.
    Conference Paper · May 2009
Conference Paper
January 2006
Even if it is understood that Prolog execution environ- ment performs dynamic type checking on data being pro- cessed, it is often unclear how implementation of the lan- guage internally represents the information used to verify the type compatibility. In this paper we describe a Prolog tag encoding mechanism used in the Logic Virtual Machine (LVM) implementation of Prolog. The LVM is a Prolog... [Show full abstract]
August 2014
Embodiments of apparatuses, methods, and systems for controlling virtual machines based on performance counters are disclosed. In one embodiment, an apparatus includes an event counter, a comparator, and virtualization control logic. The event counter is to keep an event count based on the number of occurrences of an event. The comparator is to determine whether the event count has reached a... [Show full abstract]
November 2013
Virtual machines are managed by obtaining software hierarchy information of a current virtual machine to be installed. Then logical memory assigned to the current virtual machine is divided into a private part and a shared part based at least in part upon existing software hierarchy information of at least one virtual machine already installed and the software hierarchy information of the... [Show full abstract]
Discover more