Fault Tolerant Parallel Filters Based On Bch CodesIJERA Editor
Digital filters are used in signal processing and communication systems. In some cases, the reliability of those
systems is critical, and fault tolerant filter implementations are needed. Over the years, many techniques that
exploit the filters’ structure and properties to achieve fault tolerance have been proposed. As technology scales,
it enables more complex systems that incorporate many filters. In those complex systems, it is common that
some of the filters operate in parallel, for example, by applying the same filter to different input signals.
Recently, a simple technique that exploits the presence of parallel filters to achieve multiple fault tolerance has
been presented. In this brief, that idea is generalized to show that parallel filters can be protected using Bose–
Chaudhuri–Hocquenghem codes (BCH) in which each filter is the equivalent of a bit in a traditional ECC. This
new scheme allows more efficient protection when the number of parallel filters is large.
Fault Tolerant Parallel Filters Based On Bch CodesIJERA Editor
Digital filters are used in signal processing and communication systems. In some cases, the reliability of those
systems is critical, and fault tolerant filter implementations are needed. Over the years, many techniques that
exploit the filters’ structure and properties to achieve fault tolerance have been proposed. As technology scales,
it enables more complex systems that incorporate many filters. In those complex systems, it is common that
some of the filters operate in parallel, for example, by applying the same filter to different input signals.
Recently, a simple technique that exploits the presence of parallel filters to achieve multiple fault tolerance has
been presented. In this brief, that idea is generalized to show that parallel filters can be protected using Bose–
Chaudhuri–Hocquenghem codes (BCH) in which each filter is the equivalent of a bit in a traditional ECC. This
new scheme allows more efficient protection when the number of parallel filters is large.
Intro to Functional Reactive Programming In ScalaDiego Alonso
An overview and introduction to the Functional Reactive Programming paradigm, including Arrowised FRP, and a small peek at a simplified implementation of AFRP in Scala based on Monadic Stream Functions.
Given at Scala eXchange on 13th of December 2018.
Actors and functional_reactive_programmingDiego Alonso
Slides from my presentation in the Typelevel Summit held in Lausanne, on the 14th of June 2019.
It introduces an implementation of Functional Reactive Programming, using an analogy with actors.
Python always got a good relation with the C language, through its syntax affinity or with its own API integrated with C.
Presentation's goal is to describe and compare several ways of doing bindings in C/C++ for Python which allow to augment Python features through speed improvements or giving access to a large ecosystem of C/C++ (or other) libs.
Following is presented : Python C API, ctypes, SWIG, Cython speaking about qualities and weak points.
* Introduction
* Logistic Regression
* Log-Linear Model
* Linear-Chain CRF
* Example: Part of Speech (POS) Tagging
* CRF Training and Testing
* Example: Part of Speech (POS) Tagging
* Example: Speech Disfluency Detection
Approaches and techniques for statically finding a multitude of issues in source code have been developed in the past. A core property of these approaches is that they are usually targeted towards finding only a very specific kind of issue and that the effort to develop such an analysis is significant. This strictly limits the number of kinds of issues that can be detected.
In this paper, we discuss a generic approach based on the detection of infeasible paths in code that can discover a wide range of code smells ranging from useless code that hinders comprehension to real bugs. Code issues are identified by calculating the difference between the control-flow graph that contains all technically possible edges and the corresponding graph recorded while performing a more precise analysis using abstract interpretation.
We have evaluated the approach using the Java Development Kit as well as the Qualitas Corpus (a curated collection of over 100 Java Applications) and were able to find thousands of issues across a wide range of categories.
Papaya farm-lets brochure on Malekula island Vanuatu $19,950 imagine your own 1 acre farm-let receive a passive income finance available to approved applicants.
Intro to Functional Reactive Programming In ScalaDiego Alonso
An overview and introduction to the Functional Reactive Programming paradigm, including Arrowised FRP, and a small peek at a simplified implementation of AFRP in Scala based on Monadic Stream Functions.
Given at Scala eXchange on 13th of December 2018.
Actors and functional_reactive_programmingDiego Alonso
Slides from my presentation in the Typelevel Summit held in Lausanne, on the 14th of June 2019.
It introduces an implementation of Functional Reactive Programming, using an analogy with actors.
Python always got a good relation with the C language, through its syntax affinity or with its own API integrated with C.
Presentation's goal is to describe and compare several ways of doing bindings in C/C++ for Python which allow to augment Python features through speed improvements or giving access to a large ecosystem of C/C++ (or other) libs.
Following is presented : Python C API, ctypes, SWIG, Cython speaking about qualities and weak points.
* Introduction
* Logistic Regression
* Log-Linear Model
* Linear-Chain CRF
* Example: Part of Speech (POS) Tagging
* CRF Training and Testing
* Example: Part of Speech (POS) Tagging
* Example: Speech Disfluency Detection
Approaches and techniques for statically finding a multitude of issues in source code have been developed in the past. A core property of these approaches is that they are usually targeted towards finding only a very specific kind of issue and that the effort to develop such an analysis is significant. This strictly limits the number of kinds of issues that can be detected.
In this paper, we discuss a generic approach based on the detection of infeasible paths in code that can discover a wide range of code smells ranging from useless code that hinders comprehension to real bugs. Code issues are identified by calculating the difference between the control-flow graph that contains all technically possible edges and the corresponding graph recorded while performing a more precise analysis using abstract interpretation.
We have evaluated the approach using the Java Development Kit as well as the Qualitas Corpus (a curated collection of over 100 Java Applications) and were able to find thousands of issues across a wide range of categories.
Papaya farm-lets brochure on Malekula island Vanuatu $19,950 imagine your own 1 acre farm-let receive a passive income finance available to approved applicants.
Corporate Bridge of Risk Management (Pvt.) Limited
There are many things in business life that could happen in the future to you, some good and some bad, each may have the capacity to affect your goals and objectives. We have a proactive approach that attempts to prioritize the things that could happen so that you can improve the likelihood of achieving your goals.
It is a privately-held company providing leading services of pre and post employment screening, background screening, due diligence investigation, national and international registrations, Public record documents verification, litigation matters and financial services for many of country’s smallest, medium and world largest companies.
We Conduct highly competent investigative interviews and thoroughly versed and vetted in all types of workplace investigations concerning fraud, white-collar crimes, theft, substance abuse and other forms of workplace misconduct. This enables us to provide you, the employer, with comprehensive analysis.
Our Management team is known for solving complex business problems, reducing risk and improving employee morale for clients and committed to providing long-term solutions with uncompromising ethics, trust, excellence, can do attitude, and passion for protecting today’s building tomorrow’s.
:Our services :
Screening Pillar
Investigation Pillar
Registration Pillar
Verifications Pillar
Consultancy Pillar
Website : http://www.cbrm.com.pk
Quantifying Information Leaks via Model Counting Modulo TheoriesQuoc-Sang Phan
The 41st CREST Open Workshop - Software Engineering And Computer Science Using Information
http://crest.cs.ucl.ac.uk/cow/the_41st_cow_27_and_28_april_2015/
Automated Program Repair, Distinguished lecture at MPI-SWSAbhik Roychoudhury
MPI-SWS Distinguished Lecture 2019. The talk focuses on fuzzing, symbolic execution as background technologies and compares their relative power. Then the use of such technologies for automated program repair is investigated.
Towards a stable definition of Algorithmic RandomnessHector Zenil
Although information content is invariant up to an additive constant, the range of possible additive constants applicable to programming languages is so large that in practice it plays a major role in the actual evaluation of K(s), the Kolmogorov complexity of a string s. We present a summary of the approach we've developed to overcome the problem by calculating its algorithmic probability and evaluating the algorithmic complexity via the coding theorem, thereby providing a stable framework for Kolmogorov complexity even for short strings. We also show that reasonable formalisms produce reasonable complexity classifications.
LDPC - Encoding
LDPC code is a linear error correcting code, a method of transmitting a message over a noisy transmission channel. An LDPC is constructed using a sparse bipartite graph.
In our Project:
Encoding a LDPC code was done in Matlab hardware implementation was done on FPGA-Field ProgrammableGate-Array using Verilog
Unlock full featured course with 250+ Video Lectures at 20% Discount for "Learn 5 PLC's in a Day" lifetime E-Learning course for 39 USD only: https://www.udemy.com/nfi-plc-online-leaning/?couponCode=slideshare2016
Enroll for Advanced Industrial Automation Training with PLC, HMI and Drive Combo with 300+ Video Lecture for 69.3 USD only: http://online.nfiautomation.org/catalog/1769?couponCode=LEARNING_MADE_EASY
Low Power FPGA Based Elliptical Curve CryptographyIOSR Journals
Abstract: Cryptography is the study of techniques for ensuring the secrecy and authentication of the information. The development of public-key cryptography is the greatest and perhaps the only true revolution in the entire history of cryptography. Elliptic Curve Cryptography is one of the public-key cryptosystem showing up in standardization efforts, including the IEEE P1363 Standard. The principal attraction of elliptic curve cryptography compared to RSA is that it offers equal security for a smaller key-size, thereby reducing the processing overhead. As a Public-Key Cryptosystem, ECC has many advantages such as fast speed, high security and short key. It is suitable for the hardware of implementation, so ECC has been more and more focused in recent years. The hardware implementation of ECC on FPGA uses the arithmetic unit that has small area, small storage unit and fast speed, and it is an extremely suitable system which has limited computation ability and storage space.[1][2] The modular arithmetic division operations are carried out using conditional successive subtractions, thereby reducing the area. The system is implemented on Vertex-Pro XCV1000 FPGA. Index Terms – VHDL, FSM, FPGA, Elliptic Curve Cryptography.
Low Power FPGA Based Elliptical Curve CryptographyIOSR Journals
Cryptography is the study of techniques for ensuring the secrecy and authentication of the
information. The development of public-key cryptography is the greatest and perhaps the only true revolution in
the entire history of cryptography. Elliptic Curve Cryptography is one of the public-key cryptosystem showing
up in standardization efforts, including the IEEE P1363 Standard. The principal attraction of elliptic curve
cryptography compared to RSA is that it offers equal security for a smaller key-size, thereby reducing the
processing overhead. As a Public-Key Cryptosystem, ECC has many advantages such as fast speed, high
security and short key. It is suitable for the hardware of implementation, so ECC has been more and more
focused in recent years. The hardware implementation of ECC on FPGA uses the arithmetic unit that has small
area, small storage unit and fast speed, and it is an extremely suitable system which has limited computation
ability and storage space.[1][2] The modular arithmetic division operations are carried out using conditional
successive subtractions, thereby reducing the area. The system is implemented on Vertex-Pro XCV1000 FPGA
Recent developments on SMT solvers for non-linear polynomial constraints have become crucial to make the template-based (or constraint-based) method for program analysis effective in practice. Moreover, using Max-SMT (its optimization version) is the key to extend this approach to develop an automated compositional program verification method based on generating conditional inductive invariants. We build a bottom-up program verification framework that propagates preconditions of small program parts as postconditions for preceding program parts and can recover from failures when some precondition is not proved. These techniques have successfully been implemented within the VeryMax tool which currently can check safety, reachability and termination properties of C++ code. In this talk we will provide an overview of the Max-SMT solving techniques and its application to compositional program analysis.
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudMateus S. H. Cruz
Presentation given at the SWIM seminar (University of Tsukuba) about the paper "Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/08/19/summary-privacy-preserving-multi-keyword-fuzzy-search-over-encrypted-data-in-the-cloud/
*Wang et al.: "Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud". INFOCOM 2014.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
Towards an SMT-based approach for Quantitative Information Flow
1. INTRODUCTION
THE APPROACH
CONCLUSION
Towards an SMT-based approach for Quantitative
Information Flow
Quoc-Sang Phan Pasquale Malacaria
Queen Mary, University of London
November 29, 2012
1 / 32
3. INTRODUCTION
THE APPROACH
CONCLUSION
Contributions
1 Introduction of a new research problem: #SMT, and its
applications to QIF and Symbolic Execution.
2 A framework, called #DPLL(T ), to build a solver for
#SMT-based QIF.
3 We show that Symbolic Execution analysis can be view as
#SMT solver.
4 Two prototyping tools for QIF: sqifc employs CBMC and
jpf-qif is built on top of Symbolic Pathfinder.
5 Experiment of the tools on non-trivial case studies, with
dramatic improvement of performance compared with
existing tools.
3 / 32
4. INTRODUCTION
THE APPROACH
CONCLUSION
Quantitative Information Flow Analysis
Channel Capacity
∆F (H) = F(H) − F(H|L) ≤ log2(N)
Lagrange multipliers and maximum information leakage
in different observational models. Malacaria and Chen
(PLAS 2008)
On the Foundations of Quantitative Information Flow.
Smith (FOSSACS 2009).
4 / 32
5. INTRODUCTION
THE APPROACH
CONCLUSION
Challenge
f : D → Do
N = 0
for all v in Do do
if (assert O != v is violated) then
N ← N + 1
end if
end for
return N
Figure: Exhaustive counting of outputs of a program f
5 / 32
6. INTRODUCTION
THE APPROACH
CONCLUSION
STATE OF THE ART
Existing techniques:
DisQuant: Backes et al. S&P 2009.
Employ model checking to compute an equivalence relation R.
If R is in linear integer inequalities A¯x ¯b (bounded integer
polytope), then use Barvinok algorithm to count.
selfcomp: Heusser and Malacaria. ACSAC 2010.
Exploit assume-guarantee reasoning to extend self-composition.
Applied to programs in Linux kernel.
6 / 32
7. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
The #SMT problem
The SMT problem
Satisfiability Modulo Theories (SMT) is a decision problem for
logical formulas w.r.t. combinations of background theories T
expressed in classical first-order logic with equality.
Boolean abstraction BA(ϕ): a bijective function that
maps Boolean atoms into themselves.
maps non-Boolean T -atoms into fresh Boolean atoms.
7 / 32
8. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
The #SMT problem
ϕ := {¬(x + y > 1) ∨ A1}
∧ {(x + y > 1) ∨ ¬A2}
∧ {¬A3 ∨ (y − z < 7)}
BA(ϕ) := {¬B1 ∨ A1}
∧ {B1 ∨ ¬A2}
∧ {¬A3 ∨ B2}
The #SMT problem
Propositional abstract model counting or #SMT is the problem of
computing the number of boolean abstraction of models for a
given logical formula.
- The number of boolean abstraction of the models is always finite.
- #SMT solver: #SAT solver + T -solvers.
8 / 32
9. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
The #SMT problem
ϕ := {¬(x + y > 1) ∨ A1}
∧ {(x + y > 1) ∨ ¬A2}
∧ {¬A3 ∨ (y − z < 7)}
BA(ϕ) := {¬B1 ∨ A1}
∧ {B1 ∨ ¬A2}
∧ {¬A3 ∨ B2}
The #SMT problem
Propositional abstract model counting or #SMT is the problem of
computing the number of boolean abstraction of models for a
given logical formula.
- The number of boolean abstraction of the models is always finite.
- #SMT solver: #SAT solver + T -solvers.
9 / 32
10. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
QIF as a #SMT problem
A set of boolean variables Φ := {p1, p2, .., pM}, in which each pi
corresponds to a bit bi of the output O.
Without any constraints: Φ represents 2M possible values.
With the constraints from program P: Φ represents N
possible values (possible outputs of the program).
10 / 32
11. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
QIF as a #SMT problem
P can be encoded into a logical formula ϕ w.r.t. theories T .
Each pi is a boolean abstraction of the T -atom expressing the
constraints on bit bi → QIF is a #SMT problem.
Program ←→ Logical formula
Model checker ←→ T -solver
11 / 32
12. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
An example
base = 8;
if (H < 16) then
O = base + H
else
O = base
end if
Figure: Data sanitization program
H is in [0..15].
O is in [8..23].
12 / 32
13. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Symbolic Quantitative Information Flow
UNSAT
p1
p1 ∧ p2
p1 ∧ p2 ∧ p3
p1 ∧ p2 ∧ p3 ∧ p4
p1 ∧ p2 ∧ p3 ∧ p4 ∧ p5p1 ∧ p2 ∧ p3 ∧ p4 ∧ ¬p5
p1
p2
p3
p4
p5
assert !(p1 && p2 && p3 && p4 && p5);
13 / 32
14. A #DPLL(T ) for QIF
1: function SymCount(Φ, Ψ, N, pc, i)
2: Extract pi from Φ
3: pc1 ← pc ∧ pi
4: if (T -solver(pc1)) then
5: if (i == M) then
6: Ψ ← Ψ ∪ {pc1}
7: N ← N + 1
8: else
9: SymCount(Φ, Ψ, N, pc1, i + 1)
10: end if
11: end if
12: pc2 ← pc ∧ ¬pi
13: . . .
14: end function
Figure: Symbolic counting for QIF
15. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Symbolic Execution as a #SMT solver
If a program is encoded as a logical formula, e.g. Static Single
Assignment form, then a Symbolic Execution tool is a #SMT
solver for this formula.
15 / 32
16. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Symbolic Execution as a #SMT solver
if (x > 1) y = x < 5 ? x + 10 : x ; else y = 0 ;
C1 as (x > 1).
C2 as (x < 5).
A1 as (y1 = x + 10).
A2 as (y2 = x).
A3 as (y3 = 0).
C1 ∧ (C2 ∧ A1 ∨ ¬C2 ∧ A2) ∨ ¬C1 ∧ A3
There are 4 models
{C1 ∧ C2, C1 ∧ ¬C2, ¬C1 ∧ C2, ¬C1 ∧ ¬C2}
16 / 32
17. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Symbolic Execution as a #SMT solver
O =
f1(i1, i2.., iM) if pc1
f2(i1, i2.., iM) if pc2
. . . . . .
fN(i1, i2.., iM) if pcN
Where:
∀i, j ∈ [1, N] ∧ i = j, pci ∧ pcj = ⊥
17 / 32
18. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Symbolic Execution as #DPLL(T )
pc c : execute then path
→ unit propagation
pc ¬c : execute else path
→ unit propagation
(pc c) ∧ (pc ¬c)
then path: pc1 = pc ∧ c
else path: pc2 = pc ∧ ¬c
→ branching
18 / 32
19. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
SQIF-SE: SQIF by Symbolic Execution
base = 8;
if (H < 16) then
O = base + H
else
O = base
end if
for all element bi in vector bvo do
if (bi == 1) then
pi = True
else
pi = False
end if
end for
Figure: Additional conditions
19 / 32
20. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
SQIF-SE: SQIF by Symbolic Execution
base = 8;
if (H < 16) then
O = base + H
else
O = base
end if
for all element bi in vector bvo do
if (bi == 1) then
pi = True
else
pi = False
end if
end for
Figure: Additional conditions
20 / 32
21. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
SQIF-SE: SQIF by Symbolic Execution
s1
s2 s3
p1
p1
p2 p2
H ≥ 16
pc := (H 16)
H < 16
pc := (H ≥ 16)<
pc ∧ p1 pc ∧ p1
pc ∧ p1 ∧ p2
pc ∧ p1 ∧ ¬p2
(H ≥ 16) and (H < 16): program conditions.
p1, p2, ..: additional conditions.
21 / 32
22. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Soundness and Completeness
Theoretically, the SQIF approach is both sound and complete.
1 In reality, SQIF is sound and complete with small leaks.
2 SQIF-SE is sound and complete with bounded model of
program.
Does it leak more than k?
Quantifying information leaks in software. ACSAC 2010.
Heusser and Malacaria.
With user policy k, SQIF may not be complete but the result of
secure/insecure is always sound.
22 / 32
23. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Soundness and Completeness
Theoretically, the SQIF approach is both sound and complete.
1 In reality, SQIF is sound and complete with small leaks.
2 SQIF-SE is sound and complete with bounded model of
program.
Does it leak more than k?
Quantifying information leaks in software. ACSAC 2010.
Heusser and Malacaria.
With user policy k, SQIF may not be complete but the result of
secure/insecure is always sound.
23 / 32
24. INTRODUCTION
THE APPROACH
CONCLUSION
QIF as a #SMT problem
A #DPLL(T ) for QIF
Symbolic Execution as #DPLL(T )
Soundness and Completeness
Experiment
Experiment
Two prototyping tools:
jpf-qif
tool for Java and also developed in Java.
built on top of Symbolic Pathfinder (Symbolic Execution
extension of Java Pathfinder).
sqifc
tool for C and also develped in C.
built on top of CBMC (Bounded Model Checking tool for C).
Compare with selfcomp (Heusser and Malacaria, ACSAC 2010).
24 / 32
25. CVE-2011-2208
1 int osf_getdomainname (char __user *name , int namelen)
2 {
3 unsigned len;
4 int i, error;
5
6 error = verify_area(VERIFY_WRITE , name , namelen );
7 if (error)
8 goto out;
9
10 len = namelen;
11 if (namelen > 32)
12 len = 32;
13
14 down_read (& uts_sem );
15 for (i = 0; i < len; ++i) {
16 __put_user( system_utsname .domainname[i], name + i);
17 if ( system_utsname .domainname[i] == ’0’)
18 break;
19 }
20 up_read (& uts_sem );
21 out:
22 return error;
23 }
Figure: arch/alpha/kernel/osf sys.c
30. Case Study LoC Language sqifc jpf-qif selfcomp
Data
Sanitization
< 10 C/Java 28.179 20.695 timed
out
CVE-2011-2208
(64)
> 200 C 22.759 × 119.117
CVE-2011-2208
(256)
C 88.196 × timed
out
CVE-2011-1078
(8)
> 200 C 10.380 × 13.853
CVE-2011-1078
(64)
C 37.899 × timed
out
CRC (8) < 30 C/Java 1.209 8.386 0.498
CRC (32) C/Java 8.657 9.357 timed
out
Tax Record 267 Java × 24.988s ×
Figure: Times in seconds for all case studies, timeout is 30 minutes
31. INTRODUCTION
THE APPROACH
CONCLUSION
Conclusions
1 Introduction of a new research problem: #SMT, and its
applications to QIF and Symbolic Execution.
2 A framework, called #DPLL(T ), to build a solver for
#SMT-based QIF.
3 The methodology of Symbolic Execution re-casted as
#DPLL(T ).
4 Two prototyping tools for QIF: sqifc and jpf-qif.
5 Experiment of the tools on non-trivial case studies.
31 / 32