1 / 19

프로그램 분석기술 Airac 의 예를 통해서

프로그램 분석기술 Airac 의 예를 통해서. 이광근 교수 프로그래밍 연구실 서울대. 4/30/2005 @ mpsoc. 프로그램 분석 static program analysis. 실행전에 실행성질을 자동으로 안전하게 어림잡는 일반적인 방법. 프로그램 분석 static program analysis. “ 실행전 ” : 프로그램을 돌리기 전에 “ 실행성질 ” : 실행중의 프로그램 성질 “ 자동으로 ” : 프로그램이 프로그램을 분석 “ 안전하게 ” : 모든 실제상황을 포섭

dena
Download Presentation

프로그램 분석기술 Airac 의 예를 통해서

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 프로그램 분석기술 Airac의 예를 통해서 이광근 교수 프로그래밍 연구실 서울대 4/30/2005 @ mpsoc

  2. 프로그램 분석static program analysis 실행전에 실행성질을 자동으로 안전하게 어림잡는 일반적인 방법

  3. 프로그램 분석static program analysis • “실행전”: 프로그램을 돌리기 전에 • “실행성질”: 실행중의 프로그램 성질 • “자동으로”: 프로그램이 프로그램을 분석 • “안전하게”: 모든 실제상황을 포섭 • “어림잡는”: 군더더기가없을 순 없다 • “일반적인”: 대상 소스 언어와 실행성질이 무제한

  4. 프로그램 분석 기술static program analysis • “semantic-based program analysis” • abstract interpretation • type system • model checking; theorem proving; data flow analysis • etc.

  5. AiracStatic Analyzer for Automatic Verification of Array Index Ranges in C Programs

  6. Airac • C 프로그램의 메모리접근 오류 자동 검출 int *c = (int *)malloc(sizeof(int)*10); c[i] = 1; c[i+ f()] = 1; c[*k + (*g)()] = 1; x = c; x[1] = 1; y = c + f(); y[*(y+1)] = 1; z->a = c; (z->a)[i] = 1; foo(c+2); int foo(int *d) {…d[i] = 1; …}

  7. Airac keywords • C: analyzes ANSI C + (GNU) program • pointers(array, procedure) • controls(procedure, return, break, goto) • intra- and inter-procedural • statically: no test runs • all: complete, no un-noticed bug • automatic: a software • always stops: for infinite-loop programs • modular: for large programs • correct: solid theoretical foundation

  8. Airac: performance (1/3)(commercial softwares)

  9. Airac: performance (2/3)

  10. Airac: performance (3/3)

  11. Airac: scalability

  12. Airac vs Swat (1/3)

  13. Airac vs Swat(2/3) Airac Bugs Coverity

  14. Airac vs Swat (3/3)

  15. cdc_acm.c (Linux device driver)

  16. New: 허위경보 다스리기 • Bayesian statistical analysis • after training: c • probability for being true alarm ~ beta distribution(c,x) • Monte Carlo method • estimate the probability from the distribution • Decision theory • parameterize the decision threshold by the risk ratio of siliencing true alarms to false alarming • 결과: • risk ratio = 3 then 74.83% false alarms removed • ranking alarms: order of presenting errors to the user

  17. Sifting Out False Alarms by Bayesian Statistical Post Analysis Alarms a1, a2, a3, .... Bayesian analysis a1 0.97 a2 0.12 a3 0.82 ...

  18. Ranking False Alarms • Ranking alarms by their trueness: “truer” alarms first • Only 15.17% of false alarms were mixed up until the user observes 50% of the true alarms

  19. New versions keep coming:cost/accuracy/interface/etc. ropas.snu.ac.kr/airac

More Related