This document summarizes a keynote presentation on timing analysis and testing. It discusses several topics:
- Timing analysis techniques including worst-case execution time analysis, detailed architectural modeling, and the Chronos timing analysis tool.
- Cache analysis including identifying thrashing scenarios, instrumenting assertions, and using symbolic execution to generate tests that expose cache performance issues.
- Applications to multi-core timing analysis, analyzing cache side channels, and generating tests or attack scenarios rather than just worst-case execution bounds.
The document advocates leveraging advances in constraint solving and symbolic execution to develop additional timing analysis applications beyond traditional worst-case execution time analysis.
Keynote in KLEE workshop on Symbolic Execution 2018
Systematic greybox fuzzing inspired by ideas from symbolic execution, work at NUS
Covers new usage of symbolic execution in automated program repair, work at NUS
The document discusses future directions for mobile software with a focus on energy and performance. Some key points:
- Energy and performance are not synonymous and energy measurements are needed to understand energy efficiency.
- Energy bugs and hotspots can be detected by analyzing energy consumption and hardware utilization traces. Refactoring code based on energy guidelines can help fix inefficiencies.
- User reviews and field failures related to battery drain can provide insights and be used to generate tests to localize defects.
- Emerging areas like drone disaster management may benefit from distributed energy management across tasks based on priority and a virtual marketplace model.
Professor Abhik Roychoudhury discusses automated program repair through his research project TSUNAMi. The key points discussed are:
1) TSUNAMi is a national research project in Singapore from 2015-2020 focused on developing trustworthy systems from untrusted components through techniques like vulnerability discovery, binary hardening, verification, and data protection.
2) Automated program repair aims to automatically detect and fix vulnerabilities in software. This involves techniques like syntactic and semantic repair as well as specification inference to understand intended program behavior.
3) Challenges in automated program repair include weak specifications of intended behavior, large search spaces for candidate patches, and limited applicability of existing techniques. Roychoud
The document summarizes information about program repair and semantic repair. It discusses how most software has bugs that are often not fixed for months after being reported. It then describes reasons for program repair including generating patches as better bug reports and automating simple one-line fixes. It notes challenges with repair like weak test cases and large search spaces. It proposes using specifications, dynamic invariants, or test-driven repair as correctness criteria. It characterizes general purpose repair using generate-and-test or specification inference and discusses associated technical challenges. Finally, it discusses interactive and semantics-based repair.
Keynote given at the Asia Pacific Software Engineering Conference (APSEC), December 2020, on Automated Program Repair technologies and their applications.
The document discusses several techniques for using symbolic execution for software debugging, including regression debugging, cause clue clauses, error invariants, and angelic debugging. Regression debugging involves comparing execution paths of a failing test case in a new buggy program version to paths in an older stable version to find differences that may indicate the root cause. Other techniques use symbolic execution to extract specifications from passing tests, internal program properties, or previous versions to infer the intended behavior and identify inconsistencies in a failing run.
Introductory talk given to PhD students starting research at NUS PhD open day 2020. Covers research in Computer Science, and some experience in research on trustworthy software systems.
This document summarizes an expert talk on fuzz testing and greybox fuzzing. It discusses various fuzz testing techniques like black-box, white-box, and greybox fuzzing. It explains the greybox fuzzing algorithm and how techniques like directed and structured fuzzing can enhance it. It also discusses applications of fuzzing like finding crashes and vulnerabilities, and integration into tools like OSS-Fuzz. Overall, the document outlines the state-of-the-art in fuzz testing and opportunities to improve greybox fuzzing through techniques inspired by symbolic execution and model checking.
Keynote in KLEE workshop on Symbolic Execution 2018
Systematic greybox fuzzing inspired by ideas from symbolic execution, work at NUS
Covers new usage of symbolic execution in automated program repair, work at NUS
The document discusses future directions for mobile software with a focus on energy and performance. Some key points:
- Energy and performance are not synonymous and energy measurements are needed to understand energy efficiency.
- Energy bugs and hotspots can be detected by analyzing energy consumption and hardware utilization traces. Refactoring code based on energy guidelines can help fix inefficiencies.
- User reviews and field failures related to battery drain can provide insights and be used to generate tests to localize defects.
- Emerging areas like drone disaster management may benefit from distributed energy management across tasks based on priority and a virtual marketplace model.
Professor Abhik Roychoudhury discusses automated program repair through his research project TSUNAMi. The key points discussed are:
1) TSUNAMi is a national research project in Singapore from 2015-2020 focused on developing trustworthy systems from untrusted components through techniques like vulnerability discovery, binary hardening, verification, and data protection.
2) Automated program repair aims to automatically detect and fix vulnerabilities in software. This involves techniques like syntactic and semantic repair as well as specification inference to understand intended program behavior.
3) Challenges in automated program repair include weak specifications of intended behavior, large search spaces for candidate patches, and limited applicability of existing techniques. Roychoud
The document summarizes information about program repair and semantic repair. It discusses how most software has bugs that are often not fixed for months after being reported. It then describes reasons for program repair including generating patches as better bug reports and automating simple one-line fixes. It notes challenges with repair like weak test cases and large search spaces. It proposes using specifications, dynamic invariants, or test-driven repair as correctness criteria. It characterizes general purpose repair using generate-and-test or specification inference and discusses associated technical challenges. Finally, it discusses interactive and semantics-based repair.
Keynote given at the Asia Pacific Software Engineering Conference (APSEC), December 2020, on Automated Program Repair technologies and their applications.
The document discusses several techniques for using symbolic execution for software debugging, including regression debugging, cause clue clauses, error invariants, and angelic debugging. Regression debugging involves comparing execution paths of a failing test case in a new buggy program version to paths in an older stable version to find differences that may indicate the root cause. Other techniques use symbolic execution to extract specifications from passing tests, internal program properties, or previous versions to infer the intended behavior and identify inconsistencies in a failing run.
Introductory talk given to PhD students starting research at NUS PhD open day 2020. Covers research in Computer Science, and some experience in research on trustworthy software systems.
This document summarizes an expert talk on fuzz testing and greybox fuzzing. It discusses various fuzz testing techniques like black-box, white-box, and greybox fuzzing. It explains the greybox fuzzing algorithm and how techniques like directed and structured fuzzing can enhance it. It also discusses applications of fuzzing like finding crashes and vulnerabilities, and integration into tools like OSS-Fuzz. Overall, the document outlines the state-of-the-art in fuzz testing and opportunities to improve greybox fuzzing through techniques inspired by symbolic execution and model checking.
Automated Program Repair, Distinguished lecture at MPI-SWSAbhik Roychoudhury
MPI-SWS Distinguished Lecture 2019. The talk focuses on fuzzing, symbolic execution as background technologies and compares their relative power. Then the use of such technologies for automated program repair is investigated.
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationSung Kim
This document discusses dynamic symbolic execution (DSE) for automatic test generation. It summarizes various techniques for automatic test generation such as random testing, combinatorial testing, search-based testing, and symbolic execution-based testing. It then describes DSE which performs symbolic execution dynamically along concrete program executions to leverage concrete executions while overcoming limitations of symbolic execution alone, such as issues with external library calls and complex constraints. The document also discusses challenges in DSE including imprecision due to semantic differences between symbolic and concrete representations, and path explosion due to the large number of possible paths in programs.
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
Automated program repair (APR) has extensively been developed by leveraging search-based techniques, in which fix ingredients are explored and identified in different granular- ities from a specific search space. State-of-the approaches often find fix ingredients by using mutation operators or leveraging manually-crafted templates. We argue that the fix ingredients can be searched in an online mode, leveraging code search techniques to find potentially-fixed versions of buggy code fragments from which repair actions can be extracted. In this study, we present an APR tool, LSRepair, that automatically explores code repositories to search for fix ingredients at the method-level granularity with three strategies of similar code search. Our preliminary evaluation shows that code search can drive a faster fix process (some bugs are fixed in a few seconds). LSRepair helps repair 19 bugs from the Defects4J benchmark successfully. We expect our approach to open new directions for fixing multiple-lines bugs.
This document discusses binary analysis for vulnerability detection. It describes research conducted at the National University of Singapore on binary analysis techniques like fuzz testing, comprehension, debugging, and patching. It outlines projects with DSO National Labs and the National Research Foundation of Singapore. The research aims to enhance capabilities in detecting vulnerabilities and securing software through automated binary analysis and techniques like fuzzing.
The document discusses trustworthy systems and trusted AI. It provides background on the Singapore Cybersecurity Consortium and its vision of trustworthy systems. It then summarizes ongoing work, including capabilities for security testing, formal verification of systems, and research on defending against Spectre attacks and fuzz testing. It also discusses model training and robustness, fuzzing for deep neural networks, and research on self-healing systems through specification inference and genetic programming.
The document discusses using algorithmic test generation to improve functional coverage in existing verification environments. It describes limitations of current constrained random stimuli generation techniques for complex designs. Algorithmic test generation uses rule graphs and action functions to efficiently target coverage goals without requiring extensive changes to verification environments. A case study shows algorithmic test generation achieved coverage goals over 600x faster than constrained random for an AXI bus bridge design while requiring minimal changes to the testbench.
- The document summarizes techniques for slicing object-oriented programs. It discusses static and dynamic slicing, and limitations of previous approaches.
- It proposes a new intermediate representation called the Object-Oriented System Dependence Graph (OSDG) to more precisely capture dependencies in object-oriented programs. The OSDG explicitly represents data members of objects.
- An edge-marking algorithm is presented for efficiently performing dynamic slicing of object-oriented programs using the OSDG. This avoids recomputing the entire slice after each statement.
Static analysis works for mission-critical systems, why not yours? Rogue Wave Software
Take a deep dive into the world of static code analysis (SCA) by immersing yourself into different analysis techniques, examples of the problems they find, and learning how SCA fits into various types of environments, from the developer desktop to the QA team. The goal is to provide a solid foundation for you to make the best decision for testing technology and process selection, including: Types of defects found by SCA;
Typical myths and barriers to adoption; and How SCA aligns to different testing maturity levels.
Symbolic Reasoning and Concrete Execution - Andrii Vozniuk Andrii Vozniuk
Higher-order test generation and symbolic execution with mixed concrete-symbolic solving are two approaches to dealing with imprecision caused by complex functions in test generation. Higher-order test generation models concretization symbolically using a higher-order logic and relies on validity proofs, while symbolic execution with mixed solving splits constraints into simple and complex parts, solves the simple part concretely, and uses those solutions to simplify the complex part, relying on standard constraint solving. Both approaches improve on dynamic test generation but are theoretical, sound but incomplete.
1. The document describes the syllabus for the VLSI Design Laboratory course for the academic year 2017-2018 at Erode Sengunthar Engineering College.
2. The syllabus includes experiments involving HDL-based design and simulation of basic components like counters and adders using FPGA tools. It also includes layout design and simulation of basic CMOS gates using CAD tools.
3. The listed experiments will be carried out in two cycles. Cycle 1 involves the implementation of components like adders, multipliers and counters on FPGA. Cycle 2 involves the design and simulation of CMOS gates using EDA tools and their layout using other CAD tools.
This document is an introduction to scikit-learn, an open-source machine learning library for Python. It discusses predictive modeling and how scikit-learn fits into this domain. The presentation covers the basics of machine learning and predictive modeling, provides an overview of scikit-learn including its API and development process, and demonstrates examples of using common algorithms like logistic regression, support vector machines, and random forests.
This document contains a data structures question paper from Anna University. It has two parts:
Part A contains 10 short answer questions covering topics like ADT, linked stacks, graph theory, algorithm analysis, binary search trees, and more.
Part B contains 5 long answer questions each worth 16 marks. Topics include algorithms for binary search, linear search, recursion, sorting, trees, graphs, files, and more. Students are required to write algorithms, analyze time complexity, and provide examples for each question.
VTU 1ST SEM PROGRAMMING IN C & DATA STRUCTURES SOLVED PAPERS OF JUNE-2015 & ...vtunotesbysree
The document contains solved question papers from June 2015 and December 2015 for Programming in C & Data Structures examinations. It includes questions ranging from basic C programming concepts like data types, operators, decision making and looping statements to more advanced topics such as arrays, strings, structures, files and pointers. For each question, the relevant concept is explained and examples are provided. Solutions for some programming problems involving simple calculations, palindrome checks and file handling are also presented.
(Costless) Software Abstractions for Parallel ArchitecturesJoel Falcou
Performing large, intensive or non-trivial computing on array like data structures is one of the most common task in scientific computing, video game development and other fields. This matter of fact is backed up by the large number of tools, languages and libraries to perform such tasks. If we restrict ourselves to C++ based solutions, more than a dozen such libraries exists from BLAS/LAPACK C++ binding to template meta-programming based Blitz++ or Eigen. If all of these libraries provide good performance or good abstraction, none of them seems to fit the need of so many different user types.
Moreover, as parallel system complexity grows, the need to maintain all those components quickly become unwieldy. This talk explores various software design techniques - like Generative Programming, MetaProgramming and Generic Programming - and their application to the implementation of a parallel computing librariy in such a way that:
- abstraction and expressiveness are maximized - cost over efficiency is minimized
We'll skim over various applications and see how they can benefit from such tools. We will conclude by discussing what lessons were learnt from this kind of implementation and how those lessons can translate into new directions for the language itself.
HDR Defence - Software Abstractions for Parallel ArchitecturesJoel Falcou
Performing large, intensive or non-trivial computing on array like data
structures is one of the most common task in scientific computing, video game
development and other fields. This matter of fact is backed up by the large number
of tools, languages and libraries to perform such tasks. If we restrict ourselves to
C++ based solutions, more than a dozen such libraries exists from BLAS/LAPACK
C++ binding to template meta-programming based Blitz++ or Eigen.
If all of these libraries provide good performance or good abstraction, none of
them seems to fit the need of so many different user types. Moreover, as parallel
system complexity grows, the need to maintain all those components quickly
become unwieldy. This thesis explores various software design techniques - like
Generative Programming, MetaProgramming and Generic Programming - and their
application to the implementation of various parallel computing libraries in such a
way that abstraction and expressiveness are maximized while efficiency overhead is
minimized.
Approaches and techniques for statically finding a multitude of issues in source code have been developed in the past. A core property of these approaches is that they are usually targeted towards finding only a very specific kind of issue and that the effort to develop such an analysis is significant. This strictly limits the number of kinds of issues that can be detected.
In this paper, we discuss a generic approach based on the detection of infeasible paths in code that can discover a wide range of code smells ranging from useless code that hinders comprehension to real bugs. Code issues are identified by calculating the difference between the control-flow graph that contains all technically possible edges and the corresponding graph recorded while performing a more precise analysis using abstract interpretation.
We have evaluated the approach using the Java Development Kit as well as the Qualitas Corpus (a curated collection of over 100 Java Applications) and were able to find thousands of issues across a wide range of categories.
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...Sangmin Park
Griffin is a technique that aims to improve the understanding of concurrency bugs by grouping suspicious memory access patterns from failing tests. It first performs fault localization to generate ranked lists of memory access patterns, then clusters related tests together based on similarity of patterns. Finally, it reconstructs bugs by clustering patterns based on call stack similarity and identifying suspicious methods and a bug graph.
The document describes designing and simulating various combinational circuits using Verilog HDL. It includes the design of an 8-bit adder, 4-bit multiplier, 3-to-8 address decoder, and 2-to-1 multiplexer. Verilog code and test benches are provided for each circuit. The circuits are simulated and waveforms are generated to verify the design and functionality.
Fast Insights to Optimized Vectorization and Memory Using Cache-aware Rooflin...Intel® Software
Integrated into Intel® Advisor, Cache-aware Roofline Modeling (CARM) provides insight into how an application behaves by helping to determine a) how optimally it works on a given hardware, b) the main factors that limit performance, c) if the workload is memory or compute-bound, and d) the right strategy to improve application performance.
Punit Shah is a graduate student at Arizona State University seeking an internship or co-op position in mixed signal circuit design and verification. He has strong academic experience in areas such as VLSI design, hardware design verification, computer architecture, and analog integrated circuits. Some of his academic projects include designing a memory controller, ALU components, a MIPS processor, and a 4x4 router for a NOC network. He implemented a pseudo LRU cache replacement policy and designed a two-stage op-amp. He is currently optimizing a darkroom compiler to enhance edge detection for computer vision applications.
Automated Program Repair, Distinguished lecture at MPI-SWSAbhik Roychoudhury
MPI-SWS Distinguished Lecture 2019. The talk focuses on fuzzing, symbolic execution as background technologies and compares their relative power. Then the use of such technologies for automated program repair is investigated.
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationSung Kim
This document discusses dynamic symbolic execution (DSE) for automatic test generation. It summarizes various techniques for automatic test generation such as random testing, combinatorial testing, search-based testing, and symbolic execution-based testing. It then describes DSE which performs symbolic execution dynamically along concrete program executions to leverage concrete executions while overcoming limitations of symbolic execution alone, such as issues with external library calls and complex constraints. The document also discusses challenges in DSE including imprecision due to semantic differences between symbolic and concrete representations, and path explosion due to the large number of possible paths in programs.
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
Automated program repair (APR) has extensively been developed by leveraging search-based techniques, in which fix ingredients are explored and identified in different granular- ities from a specific search space. State-of-the approaches often find fix ingredients by using mutation operators or leveraging manually-crafted templates. We argue that the fix ingredients can be searched in an online mode, leveraging code search techniques to find potentially-fixed versions of buggy code fragments from which repair actions can be extracted. In this study, we present an APR tool, LSRepair, that automatically explores code repositories to search for fix ingredients at the method-level granularity with three strategies of similar code search. Our preliminary evaluation shows that code search can drive a faster fix process (some bugs are fixed in a few seconds). LSRepair helps repair 19 bugs from the Defects4J benchmark successfully. We expect our approach to open new directions for fixing multiple-lines bugs.
This document discusses binary analysis for vulnerability detection. It describes research conducted at the National University of Singapore on binary analysis techniques like fuzz testing, comprehension, debugging, and patching. It outlines projects with DSO National Labs and the National Research Foundation of Singapore. The research aims to enhance capabilities in detecting vulnerabilities and securing software through automated binary analysis and techniques like fuzzing.
The document discusses trustworthy systems and trusted AI. It provides background on the Singapore Cybersecurity Consortium and its vision of trustworthy systems. It then summarizes ongoing work, including capabilities for security testing, formal verification of systems, and research on defending against Spectre attacks and fuzz testing. It also discusses model training and robustness, fuzzing for deep neural networks, and research on self-healing systems through specification inference and genetic programming.
The document discusses using algorithmic test generation to improve functional coverage in existing verification environments. It describes limitations of current constrained random stimuli generation techniques for complex designs. Algorithmic test generation uses rule graphs and action functions to efficiently target coverage goals without requiring extensive changes to verification environments. A case study shows algorithmic test generation achieved coverage goals over 600x faster than constrained random for an AXI bus bridge design while requiring minimal changes to the testbench.
- The document summarizes techniques for slicing object-oriented programs. It discusses static and dynamic slicing, and limitations of previous approaches.
- It proposes a new intermediate representation called the Object-Oriented System Dependence Graph (OSDG) to more precisely capture dependencies in object-oriented programs. The OSDG explicitly represents data members of objects.
- An edge-marking algorithm is presented for efficiently performing dynamic slicing of object-oriented programs using the OSDG. This avoids recomputing the entire slice after each statement.
Static analysis works for mission-critical systems, why not yours? Rogue Wave Software
Take a deep dive into the world of static code analysis (SCA) by immersing yourself into different analysis techniques, examples of the problems they find, and learning how SCA fits into various types of environments, from the developer desktop to the QA team. The goal is to provide a solid foundation for you to make the best decision for testing technology and process selection, including: Types of defects found by SCA;
Typical myths and barriers to adoption; and How SCA aligns to different testing maturity levels.
Symbolic Reasoning and Concrete Execution - Andrii Vozniuk Andrii Vozniuk
Higher-order test generation and symbolic execution with mixed concrete-symbolic solving are two approaches to dealing with imprecision caused by complex functions in test generation. Higher-order test generation models concretization symbolically using a higher-order logic and relies on validity proofs, while symbolic execution with mixed solving splits constraints into simple and complex parts, solves the simple part concretely, and uses those solutions to simplify the complex part, relying on standard constraint solving. Both approaches improve on dynamic test generation but are theoretical, sound but incomplete.
1. The document describes the syllabus for the VLSI Design Laboratory course for the academic year 2017-2018 at Erode Sengunthar Engineering College.
2. The syllabus includes experiments involving HDL-based design and simulation of basic components like counters and adders using FPGA tools. It also includes layout design and simulation of basic CMOS gates using CAD tools.
3. The listed experiments will be carried out in two cycles. Cycle 1 involves the implementation of components like adders, multipliers and counters on FPGA. Cycle 2 involves the design and simulation of CMOS gates using EDA tools and their layout using other CAD tools.
This document is an introduction to scikit-learn, an open-source machine learning library for Python. It discusses predictive modeling and how scikit-learn fits into this domain. The presentation covers the basics of machine learning and predictive modeling, provides an overview of scikit-learn including its API and development process, and demonstrates examples of using common algorithms like logistic regression, support vector machines, and random forests.
This document contains a data structures question paper from Anna University. It has two parts:
Part A contains 10 short answer questions covering topics like ADT, linked stacks, graph theory, algorithm analysis, binary search trees, and more.
Part B contains 5 long answer questions each worth 16 marks. Topics include algorithms for binary search, linear search, recursion, sorting, trees, graphs, files, and more. Students are required to write algorithms, analyze time complexity, and provide examples for each question.
VTU 1ST SEM PROGRAMMING IN C & DATA STRUCTURES SOLVED PAPERS OF JUNE-2015 & ...vtunotesbysree
The document contains solved question papers from June 2015 and December 2015 for Programming in C & Data Structures examinations. It includes questions ranging from basic C programming concepts like data types, operators, decision making and looping statements to more advanced topics such as arrays, strings, structures, files and pointers. For each question, the relevant concept is explained and examples are provided. Solutions for some programming problems involving simple calculations, palindrome checks and file handling are also presented.
(Costless) Software Abstractions for Parallel ArchitecturesJoel Falcou
Performing large, intensive or non-trivial computing on array like data structures is one of the most common task in scientific computing, video game development and other fields. This matter of fact is backed up by the large number of tools, languages and libraries to perform such tasks. If we restrict ourselves to C++ based solutions, more than a dozen such libraries exists from BLAS/LAPACK C++ binding to template meta-programming based Blitz++ or Eigen. If all of these libraries provide good performance or good abstraction, none of them seems to fit the need of so many different user types.
Moreover, as parallel system complexity grows, the need to maintain all those components quickly become unwieldy. This talk explores various software design techniques - like Generative Programming, MetaProgramming and Generic Programming - and their application to the implementation of a parallel computing librariy in such a way that:
- abstraction and expressiveness are maximized - cost over efficiency is minimized
We'll skim over various applications and see how they can benefit from such tools. We will conclude by discussing what lessons were learnt from this kind of implementation and how those lessons can translate into new directions for the language itself.
HDR Defence - Software Abstractions for Parallel ArchitecturesJoel Falcou
Performing large, intensive or non-trivial computing on array like data
structures is one of the most common task in scientific computing, video game
development and other fields. This matter of fact is backed up by the large number
of tools, languages and libraries to perform such tasks. If we restrict ourselves to
C++ based solutions, more than a dozen such libraries exists from BLAS/LAPACK
C++ binding to template meta-programming based Blitz++ or Eigen.
If all of these libraries provide good performance or good abstraction, none of
them seems to fit the need of so many different user types. Moreover, as parallel
system complexity grows, the need to maintain all those components quickly
become unwieldy. This thesis explores various software design techniques - like
Generative Programming, MetaProgramming and Generic Programming - and their
application to the implementation of various parallel computing libraries in such a
way that abstraction and expressiveness are maximized while efficiency overhead is
minimized.
Approaches and techniques for statically finding a multitude of issues in source code have been developed in the past. A core property of these approaches is that they are usually targeted towards finding only a very specific kind of issue and that the effort to develop such an analysis is significant. This strictly limits the number of kinds of issues that can be detected.
In this paper, we discuss a generic approach based on the detection of infeasible paths in code that can discover a wide range of code smells ranging from useless code that hinders comprehension to real bugs. Code issues are identified by calculating the difference between the control-flow graph that contains all technically possible edges and the corresponding graph recorded while performing a more precise analysis using abstract interpretation.
We have evaluated the approach using the Java Development Kit as well as the Qualitas Corpus (a curated collection of over 100 Java Applications) and were able to find thousands of issues across a wide range of categories.
Griffin: Grouping Suspicious Memory-Access Patterns to Improve Understanding...Sangmin Park
Griffin is a technique that aims to improve the understanding of concurrency bugs by grouping suspicious memory access patterns from failing tests. It first performs fault localization to generate ranked lists of memory access patterns, then clusters related tests together based on similarity of patterns. Finally, it reconstructs bugs by clustering patterns based on call stack similarity and identifying suspicious methods and a bug graph.
The document describes designing and simulating various combinational circuits using Verilog HDL. It includes the design of an 8-bit adder, 4-bit multiplier, 3-to-8 address decoder, and 2-to-1 multiplexer. Verilog code and test benches are provided for each circuit. The circuits are simulated and waveforms are generated to verify the design and functionality.
Fast Insights to Optimized Vectorization and Memory Using Cache-aware Rooflin...Intel® Software
Integrated into Intel® Advisor, Cache-aware Roofline Modeling (CARM) provides insight into how an application behaves by helping to determine a) how optimally it works on a given hardware, b) the main factors that limit performance, c) if the workload is memory or compute-bound, and d) the right strategy to improve application performance.
Punit Shah is a graduate student at Arizona State University seeking an internship or co-op position in mixed signal circuit design and verification. He has strong academic experience in areas such as VLSI design, hardware design verification, computer architecture, and analog integrated circuits. Some of his academic projects include designing a memory controller, ALU components, a MIPS processor, and a 4x4 router for a NOC network. He implemented a pseudo LRU cache replacement policy and designed a two-stage op-amp. He is currently optimizing a darkroom compiler to enhance edge detection for computer vision applications.
Punit Shah is an Electrical Engineering graduate student at Arizona State University seeking an internship or co-op position in mixed signal circuit design and verification. He has strong academic experience in areas such as VLSI design, hardware design verification, computer architecture, and analog integrated circuits. Some of his academic projects include designing a memory controller, ALU components, a MIPS processor, and a 4x4 router for a NOC network. He implemented a pseudo LRU cache replacement policy and designed a two-stage opamp.
Punit Shah is an Electrical Engineering graduate student at Arizona State University seeking an internship or co-op position in mixed signal circuit design and verification. He has strong academic experience in areas such as VLSI design, hardware design verification, computer architecture, and analog integrated circuits. Some of his academic projects include designing a memory controller, ALU components, a MIPS processor, and a 4x4 router for a NOC network. He implemented a pseudo LRU cache replacement policy and designed a two-stage opamp.
Inside LoLA - Experiences from building a state space tool for place transiti...Universität Rostock
LoLA is a state space tool for analyzing place/transition nets that was developed starting in 1998. It uses various reduction techniques like stubborn sets, symmetries, and linear algebra to combat state space explosion. LoLA has been applied to problems in areas like model checking, business process verification, and distributed systems. Its core data structures and algorithms keep processing costs low during operations like firing transitions and state space traversal.
Apache Hivemall is a scalable machine learning library for Apache Hive, Apache Spark, and Apache Pig.
Hivemall provides a number of machine learning functionalities across classification, regression, ensemble learning, and feature engineering through UDFs/UDAFs/UDTFs of Hive.
We have released the first Apache release (v0.5.0-incubating) on Mar 5, 2018 and the project plans to release v0.5.2 in Q2, 2018.
We will first give a quick walk-through of features, usages, what's new in v0.5.0, and future roadmaps of Apache Hivemall. Next, we will introduce Hivemall on Apache Spark in depth such as DataFrame integration and Spark 2.3 supports in Hivemall.
A High-Level Programming Approach for using FPGAs in HPC using Functional Des...waqarnabi
(1) The authors present an approach for using FPGAs in high-performance computing (HPC) that involves using functional descriptions, vector type-transformations, and cost-modeling. (2) Their approach uses type transformations to generate design variants from a functional program and develops an intermediate language and cost model. (3) The cost model provides fast, lightweight estimates of performance and resource usage for different design variants to enable automated design space exploration for FPGA-based HPC applications.
Practical RISC-V Random Test Generation using Constraint Programminged271828
A proof-of-concept random test generator for RISC-V ISA is presented. The test generator uses constraint programming for specification of relationships between instructions and operands. Example scenarios to cover basic instruction randomization, data hazards, and non-sharing are presented. The tool integrates the RISC-V instruction set simulator to enable the generation of self-checking tests. The tool is implemented in Python using a freely-available constraint solver library. A summary of problems encountered is provided and next steps are discussed.
This document discusses future directions for OpenSees. It outlines plans to release a Python interpreter for OpenSees in addition to the existing Tcl interpreter. It also discusses developing an integrated development environment called OpenSeesIDE that will include a file editor, interpreters and a 3D renderer. Finally, it describes a new organization called the SimCenter that will develop computational modeling and simulation applications using OpenSees, including applications for uncertainty quantification, performance based engineering and community resiliency.
Abstractions and Directives for Adapting Wavefront Algorithms to Future Archi...inside-BigData.com
In this deck from PASC18, Robert Searles from the University of Delaware presents: Abstractions and Directives for Adapting Wavefront Algorithms to Future Architectures.
"Architectures are rapidly evolving, and exascale machines are expected to offer billion-way concurrency. We need to rethink algorithms, languages and programming models among other components in order to migrate large scale applications and explore parallelism on these machines. Although directive-based programming models allow programmers to worry less about programming and more about science, expressing complex parallel patterns in these models can be a daunting task especially when the goal is to match the performance that the hardware platforms can offer. One such pattern is wavefront. This paper extensively studies a wavefront-based miniapplication for Denovo, a production code for nuclear reactor modeling.
We parallelize the Koch-Baker-Alcouffe (KBA) parallel-wavefront sweep algorithm in the main kernel of Minisweep (the miniapplication) using CUDA, OpenMP and OpenACC. Our OpenACC implementation running on NVIDIA's next-generation Volta GPU boasts an 85.06x speedup over serial code, which is larger than CUDA's 83.72x speedup over the same serial implementation. Our experimental platform includes SummitDev, an ORNL representative architecture of the upcoming Summit supercomputer. Our parallelization effort across platforms also motivated us to define an abstract parallelism model that is architecture independent, with a goal of creating software abstractions that can be used by applications employing the wavefront sweep motif."
Watch the video: https://wp.me/p3RLHQ-iPU
Read the Full Paper: https://doi.org/10.1145/3218176.3218228
and
https://pasc18.pasc-conference.org/
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Grow and Shrink - Dynamically Extending the Ruby VM StackKeitaSugiyama1
This document summarizes a presentation about dynamically extending the Ruby VM stack. It discusses two methods for extending the stacks - stretching and chaining. Stretching grows the stacks upwards when they reach the maximum size, while chaining implements the call stack as a linked list so only the internal stack needs growing. The implementation aims to make stack extensions safe and efficient for development by prohibiting access to old stacks and frequently triggering extensions for testing. Benchmarks show chaining has lower execution time than stretching but is still slower than the default implementation due to overhead from moving stacks and indirect access. Initial stack size has little effect on performance. The goal is to reduce memory usage through dynamic stack sizing.
Jean Jacob has over 7 years of experience in digital design and verification. He currently works at Texas Instruments verifying SAR ADCs, including developing testbenches and testcases to verify the digital controller and interface. Previously, he worked at LSI developing ARM-based processor subsystems, creating test plans and ensuring timing closure. He has a M.Tech from IIT Delhi and B.Tech from NIT Calicut.
Psydac is an open-source Python library for large-scale isogeometric analysis (IGA) simulations. It allows for rapid prototyping in Python while achieving high performance through code generation and optimization. Psydac uses the SymPDE domain specific language to describe weak formulations of partial differential equations. It then automatically generates optimized C/Fortran code for computationally intensive kernels using the Pyccel transpiler. This bridges the gap between prototyping codes in Python and production simulations, enabling both flexibility and high performance for large-scale scientific computing applications.
1) Callgraph analysis of ATLAS software identified clusters of heavily called functions that could benefit from inlining to reduce instruction counts. Inlining requires changes to code and use of link-time optimization with profile guidance.
2) Avoiding position independent code may improve performance but reduce code sharing. Static libraries could allow link-time optimization.
3) Tools like IgProf, SystemTap and perf events can profile memory and performance, but a visualizer is needed to analyze object-oriented software. Sampling branch records may improve basic block counts.
This presentation gives a small but concrete glimpse of reverse engineering and the overview of immunity Dbg is small as it is a practical thing the more you use it the more you will be familiar with it.
Synthesis & gate-level simulation is introduced. The key topics covered include basic concepts of logic synthesis using Design Compiler, including logic level optimization, mapping, boundary optimization, and static timing analysis. Simulation of the gate-level netlist generated after synthesis is also discussed. An example lab is outlined to synthesize a simple 8-bit microprocessor and simulate the gate-level netlist.
TiReX is a tiled regular expression matching architecture developed by researchers at Politecnico di Milano. It uses a customized instruction set architecture implemented on an FPGA to compile regular expressions into low-level instructions and execute them in parallel across multiple processor cores. Evaluation shows it can match regular expressions over 37 times faster than software and over 100 times faster than a desktop CPU. The multi-core design allows flexible matching of multiple regular expressions over data in parallel.
An integrated approach for designing and testing specific processorsVLSICS Design
This paper proposes a validation method for the des
ign of a CPU on which, in parallel with the
development of the CPU, it is also manually describ
ed a testbench that performs automated testing on t
he
instructions that are being described. The testbenc
h consists of the original program memory of the CP
U
and it is also coupled to the internal registers, P
ORTS, stack and other components related to the pro
ject.
The program memory sends the instructions requested
by the processor and checks the results of its
instructions, progressing or not with the tests. Th
e proposed method resulted in a CPU compatible with
the
instruction set and the CPU registers present into
the PIC16F628 microcontroller. In order to shows th
e
usability and success of the depuration method empl
oyed, this work shows that the CPU developed is
capable of running real programs generated by compi
lers existing on the market. The proposed CPU was
mapped in FPGA, and using Cadence tools, was synthe
sized on silicon.
Digital Security by Design: CHERI-RISC-V - Simon Moore, University of CambridgeKTN
This document summarizes several publications related to hardware contributions to academia involving efficient storage of tag bits in DRAM, efficient revocation of pointers for temporal safety using capability tags, and the CHERI ISA reference manual. It describes work on tagged memory, CHERIvoke for temporal safety enforcement, and the CHERI architecture including formal models, simulators, and test frameworks.
This document summarizes a talk given about the most influential paper award from ICSE2023 on program repair and auto-coding. It discusses:
1. The 2013 SemFix paper which introduced an automated repair method using symbolic execution, constraint solving, and program synthesis to generate patches without formal specifications.
2. How subsequent work incorporated learning and inference techniques to glean specifications from tests to guide repair when specifications were not available.
3. The impact of machine learning approaches on automated program repair, including learning from large code change datasets to predict edits, and opportunities for continued improvement in localization and accuracy.
Greybox fuzzing methods to find security vulnerabilities in software systems are discussed in this talk. We discuss how fuzz testing methods can be inspired by ideas from symbolic execution and model checking to go beyond conventional fuzzing methods, without sacrificing the efficiency of fuzzing.
Overview of Fuzz Testing and the latest advances in the field are discussed. Fuzz testing is a popular method to find security vulnerabilities in software systems.
This document summarizes a talk given by Prof. Abhik Roychoudhury about skills needed for a PhD. He discusses obvious skills like analyzing papers and identifying research trends. Less obvious skills include choosing impactful problems and determining if one has the right background. The least obvious skill is determining what constitutes a research contribution, which is qualitative rather than quantitative. The talk provides examples of different types of contributions and emphasizes choosing an interesting research area and topic, considering its relevance over time, potential for translation, and avoiding negative perceptions from the community.
The document summarizes Abhik Roychoudhury's presentation on automated program repair at the ISSTA Summer School 2019. It provides background on Roychoudhury as a professor at the National University of Singapore who works in program analysis and software security. It then outlines some of the key challenges in automated program repair, including the large search space, overfitting patches to test cases, and the scalability of repair techniques. Symbolic execution and random search are discussed as approaches to guiding the repair search process. Specific techniques like cause clue clauses for debugging and generating patch candidates by editing statements are also summarized.
This document discusses using symbolic reasoning and dynamic symbolic execution to help with program debugging, repair, and regression testing. It presents an approach where inputs are grouped based on producing the same symbolic output to more efficiently test programs and debug issues. Relevant slice conditions are computed to precisely capture input-output relationships and group related paths. This technique aims to find a notion of "similarity" between inputs and executions that is coarser than just considering program paths. The approach is demonstrated on example programs and shown to reduce debugging time compared to only considering program paths.
SEMFIX is a program repair technique that uses semantic analysis via symbolic execution. It takes a failing test suite as input, ranks suspicious statements using statistical fault localization, symbolically executes tests to extract specifications of suspicious statements, and uses program synthesis to generate fixes by solving constraints from symbolic execution. The technique aims to infer the intended meaning of code and automatically generate fixes without human guidance.
Why does P’ behave differently than P for input t?
Programmer: P' was changed to handle negative inputs correctly. It was not supposed to change behavior for non-negative inputs like t.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
7. CHRONOS
• OVERVIEW OF THE TOOL
• CHRONOS: A TIMING ANALYZER FOR EMBEDDED SOFTWARE
XIANFENG LI, YUN LIANG, TULIKA MITRA AND ABHIK ROYCHOUDHURY
SCIENCE OF COMPUTER PROGRAMMING, VOLUME 69, DECEMBER 2007.
• SCALABLE LIGHT-WEIGHT INFEASIBLE PATH DETECTION
• WITHIN AN ITERATION
• ACROSS LOOP ITERATIONS
• NOVEL MICRO-ARCHITECTURAL MODELING
• OUT-OF-ORDER PIPELINES
• BRANCH PREDICTION
• I-CACHE AND ITS INTERACTION WITH OTHER FEATURES
• D-CACHE WITH NOVEL MODELING
• UNIFIED MULTI-LEVEL CACHE AND CODE/DATA LAYOUT
IEEE ISORC 2018 Keynote 7
8. A VIEW OF TIMING ANALYSIS
IEEE ISORC 2018 Keynote 8
System-level
Efficient,
large designs
Program level
Bit more
expensive,
accurate
System-level and Program-level
techniques are somewhat disjoint.
Motivation:
Artifacts other than
WCET bounds
10. IEEE ISORC 2018 Keynote 10
DRAMCPU
CACHE
S
Caches have a significant impact on performance
Issues such as Cache Thrashing may hamper the performance gain due to
Caches
Caches are used to bridge the performance gap between
CPU and DRAM
CACHES: WHY ARE THEY NEEDED?
11. CACHE THRASHING: WHY IT IS BAD?
IEEE ISORC 2018 Keynote 11
Cache Thrashing occurs when a frequently used cache line
is replaced by another frequently used cache line
… as a result lots of cache misses
m3
m2m1
While(true){
if(x > 5){
// m1 accessed
}else{
// m2 accessed
}
// m3 accessed
}
Set
1
Set
2
Cache
m1 and m2 conflict in cache
may lead to thrashing ...
access to m3
results in
cache hit
after first
iteration
14. IEEE ISORC 2018 Keynote 14
Static
Analysis
Program
Cache
Configuration
Classification of
Memory Block
always hit (AH)
persistent (PS)
always miss (AM)
not classified (NC)
{m1,m2} maps to Cache Set 1
{m3} maps to Cache Set 2
STATIC ANALYSIS
15. IMPRECISION IN ABSTRACT
INTERPRETATION
IEEE ISORC 2018 Keynote
15
p1 p2
Cache state = C1 Cache state = C2
Joined Cache state = C3
a
b
b
x
Abstract
cache set
Abstract
cache set
youngyoung
b Joined cache statePath p1 or path p2?
Joined cache state loses information about path p1 and p2
16. MODEL CHECKING ALONE ?
• A PATH SENSITIVE SEARCH
• PATH SENSITIVE SEARCH IS EXPENSIVE – PATH
EXPLOSION
• WORSE, COMBINED WITH POSSIBLE CACHE STATES
IEEE ISORC 2018 Keynote
16
p1 p2
Cache state =
C1
Cache state =
C2
17. MODEL CHECKING ALONE ?
• A PATH-SENSITIVE SEARCH
• PATH SENSITIVE SEARCH IS EXPENSIVE – PATH
EXPLOSION
• WORSE, COMBINED WITH POSSIBLE CACHE STATES
IEEE ISORC 2018 Keynote
17
p1
p2
a
b
young b
x
Abstract LRU
cache set
young
a
b
Abstract LRU
cache set
young b
x
Abstract LRU
cache set
young
State Explosion
18. CACHE ANALYSIS
IEEE ISORC 2018 Keynote
18
Program
Pipeline
analysis
Branch predictor
modeling
WCET
of basic
blocks
constraints
Infeasible
path
constraints
Loop
bound
IPET
Micro architectural
modeling
Path analysis
Cache
analysis by
abstract
interpretation
Analysis
outcome
Refine by
Symbolic Exec
All checked
Timeout
Refinement by model checker can be terminated at any point
Model checker refinement steps are inherently parallel
Each model checker refinement step checks light assertion property
19. REFINEMENT (INTER-CORE)
IEEE ISORC 2018 Keynote
19
m
m
Task
Cache hit
start
exit
Conflictin
g task
Cache miss
m1
m2
m
cache
x < y
x == y
Infeasible
m1
m2
Spurious
≠m ≠m
young
20. REFINEMENT (INTER-CORE)
IEEE ISORC 2018 Keynote
20
m
m
Task
start
exit
Conflictin
g task
m1
m2
m
cache
x < y
x == y
Infeasible
m1
m2
C_m++
Increment
conflict
C_m++
Increment
conflict
assert (C_m <= 1)
Verified
m
A Cache Hit
young
21. REFINEMENT (WHY IT WORKS?)
IEEE ISORC 2018 Keynote
21
Path 2
Cache miss
m
m
Conflict to mm’
C_m++
Increment
conflict
assert (C_m <= 0)
Property
Does not
affect the
value of C_m
x < y
x == y
m’
m
22. EXTENSION USING SYMBOLIC
EXECUTION
IEEE ISORC 2018 Keynote
22
Conflictin
g task
m1
m2
x < y
x == y
m1
m2
C_m++
Increment
conflict
C_m++
Increment
conflict
assert (C_m <= 1)
x < y
constraint
solver
x = y x = y
x < y x ≥ y
x < y ˄ x = y
unknown
NO
assert (C_m <= 1)
satisfied
abort
25. A GENERIC FRAMEWORK
• THREE DIFFERENT ARCHITECTURAL/APPLICATION
SETTINGS
IEEE ISORC 2018 Keynote
26
Intra task
(WCET in single core)
High
priority
Low
priority
Inter task
(Cache Related
Preemption Delay
analysis)
cache cache L1 cache L1 cache
Shared L2
cache
Task in
Core 1
Task in
Core 2
Inter core
(WCET in multi-core)
Cache
conflict Cache
conflict
Cache
conflict
27. THE TALK
IEEE ISORC 2018 Keynote 28
Advances in
Functionality
checking
driven by
Constraint
solving
Timing
Analysis++
Symbolic Execution
Analysis of multi-
cores
Tests apart from
bounds
28. TEST GENERATION
IEEE ISORC 2018 Keynote 29
To develop a test generation framework which aims
to report all possible cache performance issues that
may exist in some program execution.
Test generator
Program
Cache
Configuration
Unique cache
performance issues
(each issue is reported
with a symbolic formula to
reach that issue)
29. DIFFERENT FROM PROFILING!
IEEE ISORC 2018 Keynote 30
Program
Profiling
Program
Cache Config.
Test Inputs
Performanc
e
Issues
Test generator
Program
Cache Config.
Test Inputs
Performanc
e
Issues
Symbolic
Formula
No guarantees
for
completeness
Vs
30. IEEE ISORC 2018 Keynote 31
We reduce the problem of testing cache
performance to an equivalent functionality testing
problem
Static Analysis
Instrumentation
Dynamic
Explore
Test Generate
P P’
Non-functional properties
encoded as assertions
Reduces the search
space for exploration
Explores the reduced
search space & generate
test cases
Test
Case
s
Stage I
Stage
II
KEY IDEA
31. IDENTIFYING THRASHING SCENARIOS
IEEE ISORC 2018 Keynote 32
Classification of
Memory Block
Extract memory
blocks potentially
involved
in Cache Thrashing
Set of Cache
Thrashing Scenarios
{{m1,m2}}
assume direct
mapped cache
Extract
always miss (AM)
not classified (NC)
For each cache set
32. IEEE ISORC 2018 Keynote 33
Encode each thrashing scenario as an assertion at appropriate
program location
Instrumentation
Thrashing
Sets
{{m1,m2}}
INSTRUMENTATION
33. GENERATING ASSERTIONS
IEEE ISORC 2018 Keynote 34
An assertion captures the property that
all memory blocks in a Thrashing Scenario are
evicted at least once between two consecutive
accesses
Unique cache conflicts between two
access (Cm )
Let , {{m1,m2}}
assert(Cm1 ≤ 0 V Cm2 ≤ 0)
Condition for staying in the cache
Cm ≤ associativity of cache - 1
34. IEEE ISORC 2018 Keynote 35
Exploration is performed to verify the validity of
Instrumented assertions
Instrumente
d Program
Instrumente
d
Assertions
<Ө,ф>
Where,Ө : thrashing scenario
Ф : symbolic formula on input that leads to
Ө
Validate
Deviate
Report
Exploration
DYNAMIC EXPLORATION
35. EXPLORATION USING GREEDY STRATEGY
IEEE ISORC 2018 Keynote 36
Use CDG to find a
path with
maximum
# of unchecked
assertions
Control
Dependence
Graph (CDG)
Unchecked
Assertions
New path
to explore
36. TEST GENERATION
IEEE ISORC 2018 Keynote 37
Results are generated in the format < Ө , Ф >
Where, Ө : thrashing scenario
Ф : symbolic formula on input that leads to
Ө
Any input which satisfy Ф will lead to cache
thrashing scenario Ө
37. IEEE ISORC 2018 Keynote 38
Cache analysis by
abstract
interpretation
Instrumentation
automatically adds
assertions to the
program
Report
violated
assertions
Explore a path
leading to
assertions
(symbolic
exec)
Test
Suite
Program
CHMC
(cache hit-
miss
classification)
Instrumente
d
Program
Assertion
violated in
Time Budget
/
All
instrumente
d assertions
violated
always hit (AH)
persistent (PS)
always miss (AM)
not classified (NC)
TEST GENERATION RECAP
39. EVALUATION
IEEE ISORC 2018 Keynote 40
Assertion Coverage
Thrashing Potential
Unique assertions checked * 100
= --------------------------------------------
Unique assertions instrumented
Unique assertions violated *
100
= ----------------------------------------
Unique assertions
instrumented
100 % coverage implies all unique assertions have been checked at least once
Gives an idea about the thrashing potential for a program, for a given cache
configuration
40. o PROGRAMS WITH LESSER NUMBER OF INPUT DEPENDENT
PATHS WERE EXPLORED FASTER
o FOR MOST EXPERIMENTS, ONLY A SMALL FRACTION OF
INSTRUMENTED ASSERTIONS WERE VIOLATED
o APPLICATIONS INCLUDE
o PROVIDE INPUTS TO SYSTEM LEVEL ANALYSIS?
o REWRITING THE PROGRAM
o CHOOSING CACHE CONFIGURATION FOR AN APPLICATION
o CACHE LOCKING STRATEGIES
IEEE ISORC 2018 Keynote 41
OBSERVATION
41. NOT PROFILING OR TESTING
IEEE ISORC 2018 Keynote 42
Testing
Functionality
(Symbolic
Execution)
Testing
Performance
Profiling
Not Sound or Complete
Sound & Complete
Partitioning I/P
Space
Requires manual effort
May have false positives
Automated
No False Positives
43. A VIEW OF TIMING ANALYSIS
IEEE ISORC 2018 Keynote 44
System-level
Efficient,
large designs
Program level
Bit more
expensive,
accurate
System-level and Program-level
techniques are somewhat disjoint.
Motivation:
Artifacts other than
WCET bounds
44. CACHE SIDE CHANNELS
load a[key]
load a[1]
load a[2]
Cache
Key = 0
load a[2]
a[0]
a[1]
a[2]
classified input (key) — key can be 0 or 1
MISS
Side-channel Leaks
45
IEEE ISORC 2018 Keynote 45
45. CACHE SIDE CHANNELS
load a[key]
load a[1]
load a[2]
Cache
Key = 1
load a[2]
a[1]
a[2]
classified input (key) — key can be 0 or 1
HIT
Side-channel Leaks
46
IEEE ISORC 2018 Keynote 46
46. CACHE SIDE CHANNELS
classified input (key) — key can be 0 or 1
Key = 1
HIT
load a[key]
load a[1]
load a[2]
Key = 0
MISS
🐞leak leak
load a[2]
load a[key]
load a[1]
load a[2]
load a[2]
IEEE ISORC 2018 Keynote 47
47. ANALYZING CACHE SIDE CHANNELS
• Symbolically track memory address
• Expose non-functional behavior (cache misses) as functionality
• Get inputs which show specific cache miss scenarios
load a[key]
load a[1]
load a[2]
a[key] ⋀ (key = 0 ⌵ key = 1)
a[1]
a[2]
load a[2] a[2]
classified input (key) — key can be 0 or 1
48
👿IEEE ISORC 2018 Keynote 48
49. A VIEW OF TIMING ANALYSIS
IEEE ISORC 2018 Keynote 50
System-level
Efficient,
large designs
Program level
Bit more
expensive,
accurate
System-level and Program-level
techniques are somewhat disjoint.
Motivation:
Artifacts other than
WCET bounds
Tests, Attack scenarios
50. IEEE ISORC 2018 Keynote 51
Advances in
Functionality
checking
driven by
Constraint
solving
Timing
Analysis++
Symbolic Execution
Analysis of multi-cores, Tests apart from
bounds
Attack scenarios
When WCET analysis tools were developed in real-time systems community, constraint solvers were not
mature.
Additional applications and analyses can be developed by leveraging constraint solving and symbolic
execution.
Editor's Notes
Since a program runs on a particular hardware, WCET analysis of a program consists of two crucial steps --- micro-architectural modeling; which analyzes the timing behavior of individual hardware components e.g. cache, pipeline, branch prediction and path analysis; which finds the longest feasible path in the program. In prior work, it has been argued that abstract interpretation for micro-architectural modeling and Integer Linear Programming for path analysis is a scalable technique for deriving WCET. An alternative solution is to use Model Checking. Let us first review, why model checking alone creates a difficulty in performing the individual analysis.
Let’s see carefully the source of imprecision in abstract interpretation.
Assume two different cache states c1 and c2 along path p1 and p2. At the control flow merge point (light), we obtain a single cache state c3 by abstract join operation.
For a more concrete example, assume two LRU cache sets along path p1 and p2 (as shown, highlight), both containing a memory block “b” at different position of the cache set. If we perform a must join operation, we get this cache set (as shown, light). For the time being, just ignore how this “must join” operation is performed. Important thing to note here is that we have a single joined cache state where memory block “b” cannot be distinguished whether it appears from path “p1” or path “p2” ---- a path insensitive analysis.
However, this also leads to the scalability of the analysis.
What happens if we would have used model checking for cache analysis?
It will not perform the join operation (light)
It split the merge point and do a path-sensitive flow analysis
No doubt that this approach is more precise
As we go through the example again, we can observe that memory block “b” can be distinguished depending on which path it appears (p1 or p2, light)
This approach, however, does not work in practice. As we can see clearly that the approach would generate exponential number of cache states, in the presence of many branch operations.
What do we do?
We apply abstract interpretation first to perform cache analysis and refine the cache analysis outcome by repeated model checking steps
Abstract interpretation based cache analysis has been shown to be very effective when integrating with other micro-architectural features. Important thing is to note that we do not change the outcome of AI based cache analysis --- what we give is just more precise than we get by only applying abstract interpretation.
Assume when the task is run in isolation, m results in a cache hit, as it is in the cache before being accessed. However, when the task is run with a conflicting task (either high priority or running in a different core), we may get a cache miss through analysis. This cache miss could be generated by at least two conflicting memory blocks m1 and m2 in the conflicting task. If m1 and m2 are accessed in an infeasible path of the conflicting task, we get a spurious cache miss.
The problem is solved similarly as in the intra-task case. Here, we run the model checker refinement on the conflicting task. As m1 and m2 are two conflicting memory blocks, the conflict count is incremented before accessing them. The property is checked at the end of the conflicting task, as we are verifying the conflicts generated by the entire conflicting task. We check a property to ensure that “m” would remain a cache hit even if run with the conflicting task. If m1 and m2 are accessed in an infeasible path, as shown, this property will be satisfied and we can say that “m” will not be evicted from the cache and will remain a cache hit.
An important feature of our refinement step is that it is much simpler than a full fledged cache analysis through model checking. Note that we check an assertion property involving variable C_m. There could be many parts of the program (as shown), which does not affect the value of C_m, as not all memory blocks conflict with m. The model checking can only work on the slice of the assertion condition, and therefore, can avoid searching the entire state space.
- In the inter-core conflict refinement, we choose one of the three tasks (statemate/nsichneu/compress) to generate conflicts in the shared cache. We run different tasks on the other core (light) and we measure the average improvement of WCET over all the tasks (light).
This figure gives the key result of this paper. We show the improvement in all three variants of cache analysis with respect to time when benchmark statemate is used.
The vertical cut (light) at 100th second show that we can terminate the refinement after 100 seconds and get the respective improvements (light). However, if we run the refinement phase till 150 seconds (light), we get better improvements.
The vertical portion (light) show the effect of eliminating unnecessary model checker calls.
The flat portion (light) show that all possible refinements have been either validated or violated by model checker refinements.
We instantiate our framework to refine three different varieties of cache conflicts
intra-task, which is most common and is generated among different memory blocks accessed inside a single task
inter-task, which is generated by a high priority task when it preempts a low priority task. The delay generated due to the additional cache misses for preemption is known as cache related preemption delay
inter-core, which is generated in the shared cache in multi-cores. For example, (highlight the tasks) these two tasks may replace the memory blocks of each other in the shared L2 cache (light).
Our model checker refinement steps eliminate spurious cache conflicts. Let us see through an example how these spurious cache conflicts appear.
So if key is 0, we observe that this last access was a cache miss, as a[2] will be replaced by a[0].
So if key is 1, we observe that this last access was a cache hit, as a[2] will not be replaced by a[0].
So if we summarise, the hit/miss characteristics of the last access was sufficient to determine whether key was 0 or 1.
In order to find such information leak, we perform a con colic execution. Meaning we execute the program with concrete inputs, but treat all sensitive inputs as uninstantiated. This way, we track all memory related operations and figure out the memory addresses which depend on sensitive inputs. In this case, the only example is a[key], whose symbolic address can be specified as shown.
#equivalence classes of observations quantify the vulnerability of a program w.r.t. the attack model. The graph shows the #observation equivalence classes explored by our checker over time. For both attacks (cache size is set to 8KB), the checker finishes to explore all equivalence classes. The figure clearly shows trace-based attack (i.e. observing the sequence of cache hits and misses) is more powerful attack as compared to timing-based attack (i.e. observing merely the number of cache misses).