Article

Bit level types for high level reasoning

Authors:
Ranjit Jhala

UC San Diego

UC San Diego
View Profile

,
Rupak Majumdar

UC Los Angeles

UC Los Angeles
View Profile

SIGSOFT '06/FSE-14: Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineeringNovember 2006Pages 128–140https://doi.org/10.1145/1181775.1181791

Published:05 November 2006Publication History

SIGSOFT '06/FSE-14: Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering

Pages 128–140

ABSTRACT

Bitwise operations are commonly used in low-level systems code to access multiple data fields that have been packed into a single word. Program analysis tools that reason about such programs must model the semantics of bitwise operations precisely in order to capture program control and data flow through these operations. We present a type system for subword data structures that explitictly tracks the flow of bit values in the program and identifies consecutive sections of bits as logical entities manipulated atomically by the programmer. Our type inference algorithm tags each integer value of the program with a bitvector type that identifies the data layout at the subword level. These types are used in a translation phase to remove bitwise operations from the program, thereby allowing verification engines to avoid the expensive low-level reasoning required for analyzing bitvector operations. We have used a software model checker to check properties of translated versions of a Linux device driver and a memory protection system. The resulting verification runs could prove many more properties than the naive model checker that did not reason about bitvectors, and could prove properties much faster than a model checker that did reason about bitvectors. We have also applied our bitvector type inference algorithm to generate program documentation for a virtual memory subsystem of an OS kernel. While we have applied the type system mainly for program understanding and verification, bitvector types also have applications to better variable ordering heuristics in boolean model checking and memory optimizations in compilers for embedded software.

References

T. Ball and S.K. Rajamani. The SLAM project: debugging system software via static analysis. In POPL 02: Principles of Programming Languages, pages 1--3. ACM, 2002. Google ScholarDigital Library
C. Barrett, D. Dill, and J. Levitt. A decision procedure for bit-vector arithmetic. In DAC 98: Design Automation Conference, pages 522--527, 1998. Google ScholarDigital Library
E.M. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In TACAS 04: Tools and Algorithms for the construction and analysis of systems, LNCS 2988, pages 168--176. Springer, 2004.Google Scholar
J. Corbet, G. Kroah-Hartman, and A. Rubini. Linux device drivers, 3rd edition. O'Reilly, 2005. Google ScholarDigital Library
M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In PLDI 02: Programming Language Design and Implementation, pages 57--68. ACM, 2002. Google ScholarDigital Library
D. Detlefs, G. Nelson, and J.B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005. Google ScholarDigital Library
C. Flanagan. Hybrid type checking. In POPL 06: Principles of Programming Languages, pages 245--256. ACM Press, 2006. Google ScholarDigital Library
J.S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI 02: Programming Language Design and Implementation, pages 1--12. ACM, 2002. Google ScholarDigital Library
R. Gupta, E. Mehofer, and Y. Zhang. A representation for bit section based analysis and optimization. In CC 02: Compiler Construction, LNCS 2304, pages 62--77. Springer, 2002. Google ScholarDigital Library
T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL 02: Principles of Programming Languages, pages 58--70. ACM, 2002. Google ScholarDigital Library
R. Jhala and K.L. McMillan. Interpolant-based transition relation approximation. In CAV 05: Computer-Aided Verification, LNCS 3576, pages 39--51. Springer, 2005. Google ScholarDigital Library
JOS. Jos: An operating system kernel. http://pdos.csail.mit.edu/6.828/2005/overview.html.Google Scholar
R. Komondoor, G. Ramalingam, J. Field, and S. Chandra. Dependent types for program understanding. In TACAS 05: Tools and Algorithms for the Construction and Analysis of Systems, LNCS 3440, pages 157--173. Springer, 2005. Google ScholarDigital Library
Daniel Kroening and Natasha Sharygina. Approximating predicate images for bit-vector logic. In TACAS, pages 242--256, 2006. Google ScholarDigital Library
C. Lee, M. Potkonjak, and W.H. Mangione-Smith. Mediabench: A tool for evaluating and synthesizing multimedia and communicatons systems. In MICRO 97: IEEE/ACM Symposium on Microarchitecture, pages 330--335. IEEE, 1997. Google ScholarDigital Library
B. Li and R. Gupta. Bit section instruction set extension of arm for embedded applications. In CASES 02, pages 69--78. ACM, 2002. Google ScholarDigital Library
M.O. Möller and H. Ruess. Solving bit-vector equations. In FMCAD 98: Formal Methods in Computer-Aided Design, LNCS 1522, pages 36--48. Springer, 1998. Google ScholarDigital Library
R. O'Callahan and D. Jackson. Lackwit: A program understanding tool based on type inference. In ICSE 97: International Conference on Software Engineering, pages 338--348. ACM, 1997. Google ScholarDigital Library
G. Ramalingam, J. Field, and F. Tip. Aggregate structure identification and its application to program analysis. In POPL 99: Principles of Programming Languages, pages 119--132. ACM, 1999. Google ScholarDigital Library
A. Stump, C.W. Barrett, and D.L. Dill. Cvc: A cooperating validity checker. In CAV 02: Computer-Aided Verification, LNCS 2404, pages 500--504. Springer, 2002. Google ScholarDigital Library
S. Tallam and R. Gupta. Bitwidth aware global register allocation. In POPL 03: Principles of Programming Languages, pages 85--96. ACM, 2003. Google ScholarDigital Library
E. Witchel, J. Cates, and K. Asanović. Mondrian memory protection. In ASPLOS 02. ACM, 2002. Google ScholarDigital Library
Y. Xie and A. Aiken. Scalable error detection using boolean satisfiability. In POPL 05: Principles of Programming Languages, pages 351--363. ACM, 2005. Google ScholarDigital Library

Index Terms

Bit level types for high level reasoning

Recommendations

Low-level liquid types
POPL '10: Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

We present Low-Level Liquid Types , a refinement type system for C based on Liquid Types . Low-Level Liquid Types combine refinement types with three key elements to automate verification of critical safety properties of low-level programs: First, by ...
Read More
Type inference and strong static type checking for Promela

The Spin model checker and its specification language Promela have been used extensively in industry and academia to check the logical properties of distributed algorithms and protocols. Model checking with Spin involves reasoning about a system via an ...
Read More
Liquid types
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation

We present Logically Qualified Data Types, abbreviated to Liquid Types, a system that combines Hindley-Milner type inference with Predicate Abstraction to automatically infer dependent types precise enough to prove a variety of safety properties. Liquid ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGSOFT '06/FSE-14: Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
November 2006
298 pages
ISBN:1595934685
DOI:10.1145/1181775
General Chair:
Michal Young
University of Oregon
,
Program Chair:
Premkumar Devanbu
University of California, Davis
Copyright © 2006 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 5 November 2006
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
bit vectors
model checking
type inference
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate17of128submissions,13%
Upcoming Conference
FSE '24

Sponsor:

sigsoft

32nd ACM International Conference on the Foundations of Software Engineering

July 15 - 19, 2024

Ipojuca (Pernambuco) , Brazil
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 246
  Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Bit level types for high level reasoning

SIGSOFT '06/FSE-14: Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Low-level liquid types

Type inference and strong static type checking for Promela

Liquid types