Proceedings ArticleDOI
Precise Cache Timing Analysis via Symbolic Execution
Duc-Hiep Chu,Joxan Jaffar,Rasool Maghareh +2 more
- pp 1-12
Reads0
Chats0
TLDR
This work presents a framework for WCET analysis of programs with emphasis on cache micro-architecture, and presents an experimental evaluation on well known benchmarks to show that systematic path-sensitivity in fact brings significant accuracy gains, and that the algorithm still scales well.Abstract:
We present a framework for WCET analysis of programs with emphasis on cache micro-architecture. Such an analysis is challenging primarily because of the timing model of a dynamic nature, that is, the timing of a basic block is heavily dependent on the context in which it is executed. At its core, our algorithm is based on symbolic execution, and an analysis is obtained by locating the "longest" symbolic execution path. Clearly a challenge is the intractable number of paths in the symbolic execution tree. Traditionally this challenge is met by performing some form of abstraction in the path generation process but this leads to a loss of path-sensitivity and thus precision in the analysis. The key feature of our algorithm is the ability for reuse. This is critical for maintaining a high-level of path-sensitivity, which in turn produces significantly increased accuracy. In other words, reuse allows scalability in path-sensitive exploration. Finally, we present an experimental evaluation on well known benchmarks in order to show two things: that systematic path-sensitivity in fact brings significant accuracy gains, and that the algorithm still scales well.read more
Citations
More filters
Journal ArticleDOI
Ascertaining Uncertainty for Efficient Exact Cache Analysis
TL;DR: In this paper, a novel abstract interpretation is proposed to determine whether a particular instruction may cause a hit and a miss on different paths, and an exact analysis is used to remove all remaining uncertainty, based on model checking.
Book ChapterDOI
Ascertaining Uncertainty for Efficient Exact Cache Analysis
Valentin Touzeau,Valentin Touzeau,Claire Maiza,Claire Maiza,David Monniaux,David Monniaux,Jan Reineke +6 more
TL;DR: This paper presents static cache analysis, which characterizes a program’s cache behavior by determining in a sound but approximate manner which memory accesses result in cache hits and which results in cache misses.
Proceedings ArticleDOI
Eliminating timing side-channel leaks using program repair
TL;DR: The method is implemented in LLVM and validated on a large set of applications, which are cryptographic libraries with 19,708 lines of C/C++ code in total, and ensures that the number of CPU cycles taken to execute any path is independent of the secret data.
Proceedings ArticleDOI
Adversarial symbolic execution for detecting concurrency-related cache timing leaks
Shengjian Guo,Meng Wu,Chao Wang +2 more
TL;DR: In this paper, the authors show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky if interleaved with other threads.
Proceedings ArticleDOI
Abstract interpretation under speculative execution
TL;DR: In this article, the authors introduce virtual control flow to augment instructions that may be speculatively executed and thus affect subsequent instructions, and propose optimizations to handle merges and loops and to safely bound the speculative execution depth.
References
More filters
Proceedings ArticleDOI
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
Patrick Cousot,Radhia Cousot +1 more
TL;DR: In this paper, the abstract interpretation of programs is used to describe computations in another universe of abstract objects, so that the results of abstract execution give some information on the actual computations.
Journal ArticleDOI
The worst-case execution-time problem—overview of methods and survey of tools
Reinhard Wilhelm,Jakob Engblom,Andreas Ermedahl,Niklas Holsti,Stephan Thesing,David Whalley,Guillem Bernat,Christian Ferdinand,Reinhold Heckmann,Tulika Mitra,Frank Mueller,Isabelle Puaut,Peter Puschner,Jan Staschulat,Per Stenström +14 more
TL;DR: Different approaches to the determination of upper bounds on execution times are described and several commercially available tools1 and research prototypes are surveyed.
Proceedings ArticleDOI
Automatic discovery of linear restraints among variables of a program
Patrick Cousot,Nicolas Halbwachs +1 more
Journal ArticleDOI
The CLP( ℛ ) language and system
TL;DR: The CLP programming language is defined, its underlyingphilosophy and programming methodology are discussed, important implementation issues are explored in detail, and finally, a prototypeinterpreter is described.
Journal ArticleDOI
Three Uses of the Herbrand-Gentzen Theorem in Relating Model Theory and Proof Theory
TL;DR: The Herbrand-Gentzen Theorem will be applied to generalize Beth's results from primitive predicate symbols to arbitrary formulas and terms, showing that the expressive power of each first-order system is rounded out, or the system is functionally complete.