page 1 5/2/2007 kestrel technology llc a tutorial on abstract interpretation as the theoretical...
TRANSCRIPT
![Page 1: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/1.jpg)
Page 15/2/2007 Kestrel Technology LLC
A Tutorial on Abstract Interpretation as the Theoretical Foundation of
CodeHawk
Arnaud Venet
Kestrel Technology
Please see Notes View for annotations.
![Page 2: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/2.jpg)
Page 25/2/2007 Kestrel Technology LLC
Static Analysis
CodeStatic
AnalysisTool
Parameters
Listof
defects
• Confirmed property violations
• Indeterminates (possible violations)
![Page 3: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/3.jpg)
Page 35/2/2007 Kestrel Technology LLC
Can we find all defects?
• Classic undecidability results in Computer Science apply (halting problem)
• We require soundness (no defects are missed)– A conservative approach is acceptable
• Abstract Interpretation is the enabling theory in CodeHawk– Sound– Tunably precise– Scalable– “Generatively general”
![Page 4: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/4.jpg)
Page 45/2/2007 Kestrel Technology LLC
Intuition
SWDefects
All lines in the code
Abstract Interpretation
![Page 5: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/5.jpg)
Page 55/2/2007 Kestrel Technology LLC
Abstract Interpretation
• Computes an envelope of all data in the program
• Mathematical assurance• Static analyzers based on Abstract
interpretation are difficult to engineer• KT’s expertise: building scalable and effective
abstract interpreters
![Page 6: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/6.jpg)
Page 65/2/2007 Kestrel Technology LLC
Properties vs. defects
• An application might be free of programming language defects but not carry the desired property– resource issues (memory, execution time)– separation– range of output data
• Abstract Interpretation can address application-specific of properties as well as language defects
![Page 7: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/7.jpg)
Page 75/2/2007 Kestrel Technology LLC
Objectives
• Go over a detailed example– Understand how the technology works
• Achievements and challenges in the engineering of abstract interpreters– What it means to build an analyzer based on
Abstract Interpretation
![Page 8: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/8.jpg)
Page 85/2/2007 Kestrel Technology LLC
Detailed example
![Page 9: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/9.jpg)
Page 95/2/2007 Kestrel Technology LLC
Buffer overflow
for(i = 0; i < 10; i++) {
if(message[i].kind == SHORT_CMD)
allocate_space (channel, 1000);
else
allocate_space (channel, 2000);
}
Can we exceed the channel’s buffer capacity?
![Page 10: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/10.jpg)
Page 105/2/2007 Kestrel Technology LLC
Control Flow Graph
i = 0
i < 10 ?
i++
message[i].kind == SHORT_CMD ?
allocate_space (channel, 2000)
allocate_space(channel, 1000)
stop
![Page 11: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/11.jpg)
Page 115/2/2007 Kestrel Technology LLC
i = 0
i < 10 ?
i++
message[i].kind == SHORT_CMD ?
allocate_space (channel, 2000)
allocate_space (channel, 1000)
stop
i = 0
i < 10 ?
i++
message[i].kind == SHORT_CMD ?
allocate_space (channel, 2000)
allocate_space (channel, 1000)
stop
Analytic model of the code
i < 10 ?
i = 0
i++
M = M + 2000M = M + 1000
stop
M = 0
![Page 12: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/12.jpg)
Page 125/2/2007 Kestrel Technology LLC
Analysis process intuition
• We mimic the execution of the program• We collect all possible data values for all
variables for all possible traces
![Page 13: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/13.jpg)
Page 135/2/2007 Kestrel Technology LLC
Analyzing the model
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 14: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/14.jpg)
Page 145/2/2007 Kestrel Technology LLC
Initially
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 15: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/15.jpg)
Page 155/2/2007 Kestrel Technology LLC
Loop initialization
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 16: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/16.jpg)
Page 165/2/2007 Kestrel Technology LLC
Loop entry
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 17: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/17.jpg)
Page 175/2/2007 Kestrel Technology LLC
Analyzing a branching (1)
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 18: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/18.jpg)
Page 185/2/2007 Kestrel Technology LLC
Analyzing a branching (2)
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
i
M
?
![Page 19: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/19.jpg)
Page 195/2/2007 Kestrel Technology LLC
Accumulating all possible values
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 20: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/20.jpg)
Page 205/2/2007 Kestrel Technology LLC
Abstraction of point clouds
• We want the analysis to terminate in reasonable time
• We need a tractable representation of point clouds in arbitrary dimensions
• Abstract Interpretation offers a broad choice of such representations
• Example: convex polyhedra– Compute the convex hull of a point cloud
![Page 21: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/21.jpg)
Page 215/2/2007 Kestrel Technology LLC
Analyzing a branching
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
i
M
![Page 22: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/22.jpg)
Page 225/2/2007 Kestrel Technology LLC
Convex hull
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 23: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/23.jpg)
Page 235/2/2007 Kestrel Technology LLC
Iterating the loop analysis
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++ i
M
i
M
![Page 24: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/24.jpg)
Page 245/2/2007 Kestrel Technology LLC
Building the loop invariant
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 25: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/25.jpg)
Page 255/2/2007 Kestrel Technology LLC
Analyzing a branching
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 26: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/26.jpg)
Page 265/2/2007 Kestrel Technology LLC
Analyzing a branching
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
i
M
![Page 27: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/27.jpg)
Page 275/2/2007 Kestrel Technology LLC
Convex hull
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 28: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/28.jpg)
Page 285/2/2007 Kestrel Technology LLC
Building the loop invariant
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++ i
M
i
M
![Page 29: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/29.jpg)
Page 295/2/2007 Kestrel Technology LLC
Keeping iterating…
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 30: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/30.jpg)
Page 305/2/2007 Kestrel Technology LLC
Passing to the limit
• We want this iterative process to end at some point
• We need to converge when analyzing loops• After some iteration steps, we use a widening
operation at loop entry to enforce convergence
![Page 31: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/31.jpg)
Page 315/2/2007 Kestrel Technology LLC
Widening
• Let a1, a2, …an, … be a sequence of polyhedra, then the sequence– w1 = a1
– wn+1 = wn an+1
is ultimately stationary
• The widening is a join operation i.e.,
a a b & b a b
![Page 32: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/32.jpg)
Page 325/2/2007 Kestrel Technology LLC
Widening for intervals
• [a, b] [c, d] =[if c < a then - else a, if b < d then + else b]
• Example:
[10, 20] [11, 30] = [10, +]
![Page 33: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/33.jpg)
Page 335/2/2007 Kestrel Technology LLC
Widening for polyhedra
• We eliminate the faces of the computed convex envelope that are not stable
• Convergence is reached in at most N steps where N is the number of faces of the polyhedron at loop entry
![Page 34: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/34.jpg)
Page 345/2/2007 Kestrel Technology LLC
Widening
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++ i
M
i
M
![Page 35: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/35.jpg)
Page 355/2/2007 Kestrel Technology LLC
After widening
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
![Page 36: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/36.jpg)
Page 365/2/2007 Kestrel Technology LLC
Detecting convergence
• Abstract iteration sequence– F1 = P (initial polyhedron)
– Fn+1 = Fn if S(Fn) Fn
Fn S(Fn) otherwise
where S is the semantic transformer associated to
the loop body
• Theorem: if there exists N such that FN+1 FN, then Fn = FN for n > N.
![Page 37: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/37.jpg)
Page 375/2/2007 Kestrel Technology LLC
Convergence
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
The computation has converged
![Page 38: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/38.jpg)
Page 385/2/2007 Kestrel Technology LLC
We are not done yet…
• The analyzer has just proven that
1000 * i ≤ M ≤ 2000 * i• But we have lost all information about the termination
condition 0 ≤ i ≤ 10• Since we have obtained an envelope of all possible
values of the variables, if we run the computation again we still get such an envelope
• The point is that this new envelope can be smaller• This refinement step is called narrowing
![Page 39: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/39.jpg)
Page 395/2/2007 Kestrel Technology LLC
Refinement
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
M
i
i
M
9
![Page 40: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/40.jpg)
Page 405/2/2007 Kestrel Technology LLC
Analyzing a branching
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
i
M
9 i
i
M
9
![Page 41: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/41.jpg)
Page 415/2/2007 Kestrel Technology LLC
Convex hull
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
i
M
9
![Page 42: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/42.jpg)
Page 425/2/2007 Kestrel Technology LLC
Back to loop entry
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++ i
M
i
M
101
![Page 43: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/43.jpg)
Page 435/2/2007 Kestrel Technology LLC
Narrowing
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++i
M
10
M
i
![Page 44: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/44.jpg)
Page 445/2/2007 Kestrel Technology LLC
Refined loop invariant
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
M
i10
![Page 45: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/45.jpg)
Page 455/2/2007 Kestrel Technology LLC
Invariant at loop exit
i = 0
i < 10 ?
M = M + 2000M = M + 1000
M = 0
stop
i++
M
i10
20,000
10,000
i 10
![Page 46: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/46.jpg)
Page 465/2/2007 Kestrel Technology LLC
[ ]
Interpretation of the results
5,000 15,000 25,00010,000 20,000
Space allocated in the buffer
Buffer size:
Certain buffer overflow
Possible buffer overflow
No buffer overflow
![Page 47: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/47.jpg)
Page 475/2/2007 Kestrel Technology LLC
Achievements and challenges
![Page 48: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/48.jpg)
Page 485/2/2007 Kestrel Technology LLC
Assured static analyzers for NASA
• C Global Surveyor: verified array bound compliance for NASA mission-critical software– Mars Exploration Rovers: 550K LOC– Deep Space 1: 280K LOC– Mars Path Finder: 140K LOC
• Pointer analysis: – International Space Station payload software (major
bug found)
![Page 49: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/49.jpg)
Page 495/2/2007 Kestrel Technology LLC
What we observe
• No scalable, precise, and general-purpose abstract interpreter
• PolySpace:– Handles all kinds of runtime errors– Decent precision (<20% indeterminates)– Doesn’t scale (topped out at 40K LOC)
• Customization is the key– Specialized for a property or a class of applications– Manually crafted by experts
![Page 50: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/50.jpg)
Page 505/2/2007 Kestrel Technology LLC
CodeHawk™
• Abstract Interpretation development platform/ static analyzer generator
• Automated generation of customized static analyzers– Leverage from pre-built analyzers– Directly tunable by the end-user
![Page 51: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/51.jpg)
Page 515/2/2007 Kestrel Technology LLC
Where CodeHawk stands
Application:• architecture• environment• input range• usage protocol• …
Abstract Interpretation:• application independent• abstract model• algorithms difficult to implement• needs a lot of expertise
Co
deH
awk
![Page 52: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/52.jpg)
Page 525/2/2007 Kestrel Technology LLC
Recent Applications
• Malware detection– Customized analyzers for specific kinds of malware– Naturally resistant to complex obfuscating transformations– Evaluated on DoD-supplied test case
• Library/Component analysis– Proof of absence of buffer overflow in OpenSSH’s dynamic
buffer library
• Shared variables– Protection policies for shared variables– Evaluated on a code from a large DoD prime contractor
![Page 53: Page 1 5/2/2007 Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk Arnaud Venet Kestrel Technology](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f395503460f94c55d95/html5/thumbnails/53.jpg)
Page 535/2/2007 Kestrel Technology LLC
Conclusions
• Promising and proven technology– key distinction for assurance: no false negatives– can verify application properties as well as detect
defects– can be tailored for various domains (e.g., malware)
• Not a silver bullet..rather a bullet generator– each modeled domain offers leverage– required expertise for broad use must still be
reduced