Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ranjit Jhala Rupak Majumdar Interprocedural Analysis of Asynchronous Programs.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Ranjit Jhala Rupak Majumdar Interprocedural Analysis of Asynchronous Programs."— Presentation transcript:

1 Ranjit Jhala Rupak Majumdar Interprocedural Analysis of Asynchronous Programs

2 Conclusions Boost your pet Dataflow Analysis to work on Asynchronous Programs … lets begin at the beginning

3 client(rc) Asynchronous Programs reqs(){ if(r == NULL){ async reqs(); return; } rc = malloc(…); if (rc == NULL){ return NO_MEM; } async client(rc,r->id); r = r->next; reqs(); } client(*c,id){... c->id = id;... return; } main(){... async reqs();... } global request_list *r; v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs

4 Asynchronous Programs reqs(){ if(r == NULL){ async reqs(); return; } rc = malloc(…); if (rc == NULL){ return NO_MEM; } async client(rc,r->id); r = r->next; reqs(); } client(*c,id){... c->id = id;... return; } main(){... async reqs();... } global request_list *r; v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs client(rc)

5 Asynchronous Programs Dispatch Location V 3 Calls all other functions client reqs v0v0 v1v1 v2v2 v3v3 v5v5 v6v6 v7v7 v8v8 v9v9 v 11 v 13 v 14 v 15 reqs main reqs client reqs v4v4 v 10 v 12

6 Asynchronous Program Execution client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs PC client(rc)

7 Asynchronous Program Execution Pending Calls reqs client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs PC Async calls stored in set client(rc)

8 Asynchronous Program Execution Pending Calls reqs client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs Async calls stored in set –Execute at dispatch loop PC client(rc)

9 Asynchronous Program Execution Pending Calls client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] client(rc) c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs Async calls stored in set –Execute at dispatch loop PC

10 Asynchronous Program Execution Pending Calls client(…) client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs Async calls stored in set –Execute at dispatch loop Sync calls exec at call site PC client(rc)

11 Asynchronous Program Execution Pending Calls client(…) client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs PC Async calls stored in set –Execute at dispatch loop Sync calls exec at call site client(rc)

12 Asynchronous Program Execution Pending Calls client(…) reqs client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs PC Async calls stored in set –Execute at dispatch loop Sync calls exec at call site client(rc)

13 Asynchronous Program Execution Pending Calls client(…) reqs client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs PC Async calls stored in set –Execute at dispatch loop –Order is non-deterministic Sync calls exec at call site PC client(rc)

14 Asynchronous Program Execution Pending Calls client(…) reqs client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs PC Async calls stored in set –Execute at dispatch loop –Order is non-deterministic Sync calls exec at call site PC client(rc)

15 Asynchronous Program Execution Pending Calls reqs client reqs v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] reqs PC Async calls stored in set –Execute at dispatch loop –Order is non-deterministic Sync calls exec at call site PC client(rc)

16 Asynchronous Programs Why? Latency hiding and Parallelism Domains: Distributed Systems Web Servers Embedded Systems Discrete-event simulation Languages and Libraries: Java + Atomic Methods LibAsync, LibEvent, … NesC Async calls stored in set Execute at dispatch loop Sync calls execute at call site

17 client(rc) Q: How to Analyze Async Programs ? v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs Prove dereference of c is safe i.e. c not null at v 13 r rc c (Must) Non-null (May) Null r rc c r c Dataflow Facts

18 client(rc) Verification via Dataflow Analysis v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs Prove Flow fact holds at v 13 r rc c (Must) Non-null (May) Null r rc c r c Dataflow Facts c

19 client(rc) Dataflow Analysis v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs 1 st Attempt Treat asynchronous calls as synchronous r r rc r r r r rc rc Verification “works” … but unsoundly deduces global r is non-null! [Sharir-Pnueli 80] [Reps-Horwitz-Sagiv 95]

20 client(rc) Dataflow Analysis v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs 1 st Attempt Treat asynchronous calls as synchronous Unsound Global r may change between call, dispatch Idea Separately track local and global facts rc

21 client(rc) Dataflow Analysis v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs 2 nd Attempt Only execute async calls from dispatch location

22 client(rc) Dataflow Analysis v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs Imprecise Initial value of formals ? All values ( > ) too coarse Idea Track pending calls with formals at call-site 2 nd Attempt Only execute async calls from dispatch location

23 Encoding Pending Calls as Flow Facts Idea: Counters - For each kind of async call £ input fact: Count number of pending calls of kind - Expanded DFA facts: Dataflow facts £ Counters reqs 1 client, 5 client, 0 c c Idea Track pending calls with formals at call-site

24 Key: Combining two Analyses Expanded DFA facts: Dataflow facts £ Counters reqs 1 client, 5 client, 0 c c rrc r not null, rc maybe null, and pending calls: 1 to reqs, 5 to client (arg non-null) 0 to client (arg null)

25 Key: Combining two Analyses Expanded DFA facts: Dataflow facts £ Counters Counters: Restrict analysis to valid inter-procedural paths i.e. feasible sequences of async calls / dispatches Dataflow facts: Perform desired analysis over restricted paths

26 client(rc) Dataflow Analysis v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs 3 rd Attempt Count # pending calls of each kind reqs 1 client, 5 client, 0 c c rrc

27 client(rc) Dataflow Analysis v0v0 v1v1 v2v2 v3v3 v4v4 v5v5 v6v6 v 10 v7v7 v8v8 v9v9 v 11 v 12 v 13 v 14 v 15 reqs main reqs client [r!=0] c->id=id rc=malloc() r=r->next [r==0] [rc!=0][rc==0] client reqs Non-Terminating #Pending calls unbounded due to recursion, loops Idea Approximate via Abstract counters 3 rd Attempt Count # pending calls of each kind

28 Dealing with Unbounded Async Calls Over-Approximations : k 1 -Abstract Counters - For each async call £ input fact: Abstractly count number of pending calls of each kind - Values > k, abstracted to infinity 1 - Finite counter values = {0,1,…,k, 1 } - Finite DFA facts: Dataflow facts £ k 1 -Abs counters - Analysis Terminates reqs 1 client, 5 client, 0 c c 1 E.g. k =1

29 Recall: Combining two Analyses Expanded DFA facts: Dataflow facts £ Counters Counters: Restrict analysis to valid inter-procedural paths i.e. feasible sequences of async calls / dispatches Dataflow facts: Perform desired analysis over restricted paths Which interprocedural paths do k 1 – Abstractions consider ?

30 reqs client reqs client reqs client reqs 1 2 3 8 7 6 5 4 reqs 1 client, 1 client, 0 c c PC Example: (k=1) 1 Abstraction

31 reqs client reqs client reqs client reqs client 1 2 3 8 7 6 5 4 reqs 1 client, 1 client, 0 c c PC Example: (k=1) 1 Abstraction

32 reqs client reqs client reqs client reqs client 1 2 3 9 8 7 6 5 4 10 reqs 1 client, 1 client, 0 c c PC Example: (k=1) 1 Abstraction Valid

33 reqs client reqs client reqs client reqs client 1 2 3 9 8 7 6 5 4 10 reqs 1 client, 1 client, 0 c c PC ValidInvalid Example: (k=1) 1 Abstraction No matching async call Over-Approx: k 1 -Abstraction - Considers all valid paths - Plus, some invalid paths - DFA on superset of valid paths

34 Over-approximate/Sound - Works for example … but imprecise in general - How to do exact DFA over set of valid paths ? Dealing with Unbounded Async Calls Idea How bad is over-approximation ? Find out using under-approximation! Over-Approx: k 1 -Abstraction - Considers all valid paths - Plus, some invalid paths - DFA on superset of valid paths

35 Computing Under-Approximate Solutions Under-Approximations: k-Abstract Counters - For each async call £ input fact: Abstractly count number of pending calls of each kind - Values > k, abstracted to k - Effect: All calls after k are “dropped” - Finite counter values = {0,1,…,k} - Finite dataflow facts £ k-Abs counters, ) termination reqs 1 client, 5 client, 0 c c 1 E.g. k =1

36 Key: Combining two Analyses Expanded DFA facts: Dataflow facts £ Counters Counters: Restrict analysis to valid inter-procedural paths i.e. feasible sequences of async calls / dispatches Dataflow facts: Perform desired analysis over restricted paths Which interprocedural paths do k – Abstractions consider ?

37 reqs client reqs client 1 2 3 5 4 reqs 0 client, 1 client, 0 c c PC Example: (k=1) Abstraction Already (k=1) pending calls with given input fact Call at step 5 is “dropped” Only one pending call !

38 reqs client reqs client 1 2 3 5 4 Example: (k=1) Abstraction Already (k=1) pending calls with given input fact Call at step 5 is “dropped” Only one pending call ! reqs 0 client, 1 client, 0 c c PC

39 reqs client reqs client reqs client reqs 1 2 3 8 7 6 5 4 Example: (k=1) Abstraction reqs 1 client, 1 client, 0 c c PC Only one call in (k=1)-Abstract pending set None remain after this dispatch

40 reqs client reqs client reqs client reqs client 1 2 3 8 7 6 5 4 reqs 1 client, 0 c c PC Example: (k=1) Abstraction Exists matching async call But no more calls in (k=1)-abstract pending set ! Only one call in (k=1)-Abstract pending set None remain after this dispatch

41 reqs client reqs client reqs client reqs client 1 2 3 9 8 7 6 5 4 PC Example: (k=1) Abstraction Valid but ignored by k-abstraction ? Exists matching async call But no more calls in (k=1)-abstract pending set !

42 client 1 2 3 9 8 7 6 5 4 Example: (k=1) Abstraction Valid but ignored by k-abstraction Under-Approx: k-Abstraction - Ignores all invalid paths - and some valid paths - DFA on subset of valid paths - Under-Approx. DFA solution

43 What we have: For all K … Require Exact DFA on Valid Paths K 1 -Abstract DFA Over-Approx Paths K-Abstract DFA Under-Approx Paths Both Computable Via Standard DFA [Sharir-Pnueli 80] [Reps-Horwitz-Sagiv 95]

44 Increase K to Increase Precision Require Exact DFA on Valid Paths K-Abstract DFA Under-Approx Paths K 1 -Abstract DFA Over-Approx Paths K++ But how to compute exact DFA Solution ?

45 Theorem: There exists magic K … Require Exact DFA on Valid Paths K 1 -Abstract DFA Over-Approx Paths K-Abstract DFA Under-Approx Paths Approximations Converge! To Exact DFA on Valid Paths K 1 -Abstract DFA Over-Approx K-Abstract DFA Under-Approx

46 Algorithm Require Exact DFA on Valid Paths AsyncDFA(){ k := 0 repeat over := DFA(k 1 -Counter); under := DFA(k-Counter); k := k+1; until (over = under); return over; } DFA = Interprocedural Analysis via Summaries [Sharir-Pnueli 80, Reps-Horwitz-Sagiv 95]

47 Proof “Obvious ? Finitely many solutions + monotonicity implies computable fixpoint …” Alas, over- and under- approximations could converge to different fixpoints …

48 Proof Buzzwords Counters are Well Quasi Ordered Pre * exists –Initial configurations reaching a location –Constructable via complex backward algorithm –Petri Nets: [Esparza-Finkel-Mayr 98] –Async Programs: [Sen-Vishwanathan 06] Magic k exists due to existence of Pre * –Simple forward algorithm –[PLDI 04, Geeraerts-Raskin-van Begin 04]

49 Application: Safety Verification Ground Dataflow Facts = Predicate Abstraction Implemented on BLAST framework - Lazy Interprocedural DFA [POPL 02] –Predicates automatically found via Counterexample Formula Interpolation [POPL 04] –Reduced Product of Predicate Abstraction, Counter lattice [FSE 05]

50 Preliminary Experiments C LibEvent Programs –Load Balancer –Network Simulator Properties –Buffer Overflow –Null Pointer Dereference –Protocol State Several proved, bugs found

51 A Few Fun Facts For async calls (events) exact solution computable –Unlike threads [Ramalingam 00] Optimizations directly carry over: –Procedure summarization, –On-the-fly exploration, –Demand-driven, … Proof messy but algorithm very simple EXPSPACE-Hard –but early experiments cause for optimism –magic k = 1

52 Conclusions Boost your pet Dataflow Analysis to work on Asynchronous Programs … just add counters

53 Merci ?

54 reqs 1 Example: (k=1) 1 Abstraction reqs 0 client, 0 c c PC

55 reqs 1 2 reqs 1 client, 0 c c PC Example: (k=1) 1 Abstraction

56 reqs client reqs 1 2 3 reqs 0 client, 0 c c PC Example: (k=1) 1 Abstraction

57 reqs client reqs 1 2 3 4 reqs 0 client, 1 client, 0 c c PC Example: (k=1) 1 Abstraction

58 reqs client reqs client 1 2 3 5 4 reqs 0 client, 1 client, 0 c c PC Example: (k=1) 1 Abstraction

59 reqs client reqs client reqs 1 2 3 6 5 4 reqs 0 client, 1 client, 0 c c PC Example: (k=1) 1 Abstraction

60 reqs client reqs client reqs 1 2 3 7 6 5 4 reqs 0 client, 1 client, 0 c c PC Example: (k=1) 1 Abstraction

Download ppt "Ranjit Jhala Rupak Majumdar Interprocedural Analysis of Asynchronous Programs."

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Data-Flow Analysis II CS 671 March 13, 2008. CS 671 – Spring 2008 1 Data-Flow Analysis Gather conservative, approximate information about what a program.

Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
What’s Decidable for Asynchronous Programs? Rupak Majumdar Max Planck Institute for Software Systems Joint work with Pierre Ganty, Michael Emmi, Fernando.

What’s Decidable for Asynchronous Programs? Rupak Majumdar Max Planck Institute for Software Systems Joint work with Pierre Ganty, Michael Emmi, Fernando.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Timed Automata.

Timed Automata.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
PARTIAL-COHERENCE ABSTRACTIONS FOR RELAXED MEMORY MODELS Presented by Michael Kuperstein, Technion Joint work with Martin Vechev, IBM Research and Eran.

PARTIAL-COHERENCE ABSTRACTIONS FOR RELAXED MEMORY MODELS Presented by Michael Kuperstein, Technion Joint work with Martin Vechev, IBM Research and Eran.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.

BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
Permissive Interfaces Tom Henzinger Ranjit Jhala Rupak Majumdar.

Permissive Interfaces Tom Henzinger Ranjit Jhala Rupak Majumdar.

Similar presentations

Ads by Google