Diagnosing Software Faults Using Multiverse Analysis

Chatterjee, Prantik; Chatterjee, Abhijit; Campos, João C.; Abreu, Rui; Roy, Subhajit

doi:10.24963/ijcai.2020/226

Cited by 12 publications

(8 citation statements)

References 15 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also believe that underapproximation widening may yield improvement performance on our distributed bounded model checker, Hydra [11,12]. Another interesting direction that we want to pursue is on combining bounded model checking algorithms (both overapproximation refinement and underapproximation widening) with dynamic analysis [5,13,38] and statistical testing [10,32] based approaches.…”

Section: Discussionmentioning

confidence: 99%

Proof-Guided Underapproximation Widening for Bounded Model Checking

Chatterjee

Meda

Lal

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Bounded Model Checking (BMC) is a popularly used strategy for program verification and it has been explored extensively over the past decade. Despite such a long history, BMC still faces scalability challenges as programs continue to grow larger and more complex. One approach that has proven to be effective in verifying large programs is called Counterexample Guided Abstraction Refinement (CEGAR). In this work, we propose a complementary approach to CEGAR for bounded model checking of sequential programs: in contrast to CEGAR, our algorithm gradually widens underapproximations of a program, guided by the proofs of unsatisfiability. We implemented our ideas in a tool called Legion. We compare the performance of Legion against that of Corral, a state-of-the-art verifier from Microsoft, that utilizes the CEGAR strategy. We conduct our experiments on 727 Windows and Linux device driver benchmarks. We find that Legion is able to solve 12% more instances than Corral and that Legion exhibits a complementary behavior to that of Corral. Motivated by this, we also build a portfolio verifier, $$\textsc {Legion}^{+}$$ L E G I O N + , that attempts to draw the best of Legion and Corral. Our portfolio, $$\textsc {Legion}^{+}$$ L E G I O N + , solves 15% more benchmarks than Corral with similar computational resource constraints (i.e. each verifier in the portfolio is run with a time budget that is half of the time budget of Corral). Moreover, it is found to be $$2.9\times $$ 2.9 × faster than Corral on benchmarks that are solved by both Corral and $$\textsc {Legion}^{+}$$ L E G I O N + .

show abstract

Section: Discussionmentioning

confidence: 99%

Proof-Guided Underapproximation Widening for Bounded Model Checking

Chatterjee

Meda

Lal

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…For our experiments, we use the number of relation terms in the key relation as a proxy for its complexity. We define our budget in terms of it and use a budget threshold for the key relation in the range [12][13][14] latent terms and depth of expression selection in range [2][3][4]. We use a timeout of 20 minutes for locking and 4 days for attacks.…”

Section: Experimental Evaluationmentioning

confidence: 99%

“…We believe that this work shows the potential of applying programming languages techniques in hardware design. We believe that there is also a potential of applying program analysis techniques, both symbolic [10,22,13,37,35], dynamic [43,15] and statistical [29,33,12,34], for hardware analysis; this is a direction we intend to pursue in the future.…”

Section: Related Workmentioning

confidence: 99%

HOLL: Program Synthesis for Higher OrderLogic Locking

Takhar¹,

Karri²,

Pilato³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Logic locking "hides" the functionality of a digital circuit to protect it from counterfeiting, piracy, and malicious design modifications. The original design is transformed into a "locked" design such that the circuit reveals its correct functionality only when it is "unlocked" with a secret sequence of bits-the key bit-string. However, strong attacks, especially the SAT attack that uses a SAT solver to recover the key bitstring, have been profoundly effective at breaking the locked circuit and recovering the circuit functionality. We lift logic locking to Higher Order Logic Locking (HOLL) by hiding a higher-order relation, instead of a key of independent values, challenging the attacker to discover this key relation to recreate the circuit functionality. Our technique uses program synthesis to construct the locked design and synthesize a corresponding key relation. HOLL has low overhead and existing attacks for logic locking do not apply as the entity to be recovered is no more a value. To evaluate our proposal, we propose a new attack (SynthAttack ) that uses an inductive synthesis algorithm guided by an operational circuit as an input-output oracle to recover the hidden functionality. SynthAttack is inspired by the SAT attack, and similar to the SAT attack, it is verifiably correct, i.e., if the correct functionality is revealed, a verification check guarantees the same. Our empirical analysis shows that SynthAttack can break HOLL for small circuits and small key relations, but it is ineffective for real-life designs.

show abstract

“…We believe that this work shows the potential of applying programming languages techniques in hardware design. We believe that there is also a potential of applying program analysis techniques, symbolic [9,21,12,36,34], dynamic [41,14] and statistical [28,32,11,33], for hardware analysis; this is a direction we intend to pursue in the future.…”

Section: Related Workmentioning

confidence: 99%

HOLL: Program Synthesis for Higher Order Logic Locking

Takhar

Karri

Pilato

et al. 2022

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Logic locking “hides” the functionality of a digital circuit to protect it from counterfeiting, piracy, and malicious design modifications. The original design is transformed into a “locked” design such that the circuit reveals its correct functionality only when it is “unlocked” with a secret sequence of bits—the key bit-string. However, strong attacks, especially the SAT attack that uses a SAT solver to recover the key bit-string, have been profoundly effective at breaking the locked circuit and recovering the circuit functionality.We lift logic locking to Higher Order Logic Locking (HOLL) by hiding a higher-order relation, instead of a key of independent values, challenging the attacker to discover this key relation to recreate the circuit functionality. Our technique uses program synthesis to construct the locked design and synthesize a corresponding key relation. HOLL has low overhead and existing attacks for logic locking do not apply as the entity to be recovered is no more a value. To evaluate our proposal, we propose a new attack (SynthAttack) that uses an inductive synthesis algorithm guided by an operational circuit as an input-output oracle to recover the hidden functionality. SynthAttack is inspired by the SAT attack, and similar to the SAT attack, it is verifiably correct, i.e., if the correct functionality is revealed, a verification check guarantees the same. Our empirical analysis shows that SynthAttack can break HOLL for small circuits and small key relations, but it is ineffective for real-life designs.

show abstract

Diagnosing Software Faults Using Multiverse Analysis

Cited by 12 publications

References 15 publications

Proof-Guided Underapproximation Widening for Bounded Model Checking

Proof-Guided Underapproximation Widening for Bounded Model Checking

HOLL: Program Synthesis for Higher OrderLogic Locking

HOLL: Program Synthesis for Higher Order Logic Locking

Contact Info

Product

Resources

About