/blog/2012/09/07/undocumented-features-of-vsa/index.html
HTML | 330 lines | 193 code | 133 blank | 4 comment | 0 complexity | 4e30134f8d966cc92b00a34a01018a9d MD5 | raw file
- <!DOCTYPE html>
- <!--[if IEMobile 7 ]><html class="no-js iem7"><![endif]-->
- <!--[if lt IE 9]><html class="no-js lte-ie8"><![endif]-->
- <!--[if (gt IE 8)|(gt IEMobile 7)|!(IEMobile)|!(IE)]><!--><html class="no-js" lang="en"><!--<![endif]-->
- <head>
- <meta charset="utf-8">
- <title>Undocumented Features of VSA - Ed's Blog</title>
- <meta name="author" content="Ed Schwartz">
-
- <meta name="description" content="As I’ve written about recently, I’ve been hacking on VSA. I’ve been
- trying to get to the point where the example in Balakrishnan&# …">
-
- <!-- http://t.co/dKP3o1e -->
- <meta name="HandheldFriendly" content="True">
- <meta name="MobileOptimized" content="320">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <link rel="canonical" href="http://edmcman.bitbucket.org/blog/2012/09/07/undocumented-features-of-vsa">
- <link href="/favicon.png" rel="icon">
- <link href="/stylesheets/screen.css" media="screen, projection" rel="stylesheet" type="text/css">
- <script src="/javascripts/modernizr-2.0.js"></script>
- <script src="/javascripts/ender.js"></script>
- <script src="/javascripts/octopress.js" type="text/javascript"></script>
- <link href="/atom.xml" rel="alternate" title="Ed's Blog" type="application/atom+xml">
- <!--Fonts from Google"s Web font directory at http://google.com/webfonts -->
- <link href="http://fonts.googleapis.com/css?family=PT+Serif:regular,italic,bold,bolditalic" rel="stylesheet" type="text/css">
- <link href="http://fonts.googleapis.com/css?family=PT+Sans:regular,italic,bold,bolditalic" rel="stylesheet" type="text/css">
-
- </head>
- <body >
- <header role="banner"><hgroup>
- <h1><a href="/">Ed's Blog</a></h1>
-
- <h2>A PhD Student's Musings</h2>
-
- </hgroup>
- </header>
- <nav role="navigation"><ul class="subscription" data-subscription="rss">
- <li><a href="/atom.xml" rel="subscribe-rss" title="subscribe via RSS">RSS</a></li>
-
- </ul>
-
- <form action="http://google.com/search" method="get">
- <fieldset role="search">
- <input type="hidden" name="q" value="site:edmcman.bitbucket.org" />
- <input class="search" type="text" name="q" results="0" placeholder="Search"/>
- </fieldset>
- </form>
-
- <ul class="main-navigation">
- <li><a href="/">Blog</a></li>
- <li><a href="/blog/archives">Archives</a></li>
- </ul>
- </nav>
- <div id="main">
- <div id="content">
- <div>
- <article class="hentry" role="article" >
-
- <header>
- <h1 class="entry-title">
- Undocumented Features of VSA
- </h1>
-
- <p class="meta">
-
-
- <time datetime="2012-09-07T13:57:00-04:00" pubdate data-updated="true">Sep 7<span>th</span>, 2012</time>
- • <a rel="bookmark" href="/blog/2012/09/07/undocumented-features-of-vsa/">∞</a>
- </p>
-
- </header>
- <div class="entry-content"><p>As I’ve written about recently, I’ve been hacking on VSA. I’ve been
- trying to get to the point where the example in Balakrishnan’s
- dissertation works. I chose this example because I don’t know of any
- others! Below is a snapshot of the example that I started with.</p>
- <p><img src="/images/vsa-example.png"></p>
- <p>And here are the results that VSA is supposed to be able to infer:</p>
- <p><img src="/images/vsa-results.png"></p>
- <p>There are several interesting things about these results. First, note
- that %edx is bounded, even though it is incremented in a loop. In
- contrast, %eax grows to its maximum value. Although %eax approaches
- the maximum positive integer, VSA infers that it does not overflow.
- That sounds kind of weird, doesn’t it?</p>
- <p>My VSA implementation does not yield the same results. It notices
- that %eax is incremented without a direct bound on line 9, and widens
- %eax to <code>2^31 - 8</code> at line 7. On line 9, the computation %eax + 8
- overflows, and represents any value on the stack. The next loop
- iteration, we see weak updates to the whole stack at L1 and line 8,
- since %eax represents any stack address.</p>
- <p>Somewhere there’s a hidden assumption in addition of value-sets that
- says adding values in non-global regions cannot overflow. This kind
- of makes sense, if regions are separated, since the program might
- crash. I do not consider this to be a sound assumption, however.
- (Programs can handle exceptions…) Perhaps that is why this
- assumption is not explicitly mentioned, or if it is, is so buried that
- I could not find it. I expected it to be in the definition of
- addition for value-sets, but it’s not there.</p>
- <p>With this assumption/hack, we get the same results as the example
- above.</p>
- </div>
- <footer>
- <p class="meta">
-
-
- <span class="byline author vcard">Posted by <span class="fn">Ed Schwartz</span></span>
-
-
- <time datetime="2012-09-07T13:57:00-04:00" pubdate data-updated="true">Sep 7<span>th</span>, 2012</time>
-
- </p>
-
- <div class="sharing">
-
- <a href="http://twitter.com/share" class="twitter-share-button" data-url="http://edmcman.bitbucket.org/blog/2012/09/07/undocumented-features-of-vsa/" data-via="edmcman" data-counturl="http://edmcman.bitbucket.org/blog/2012/09/07/undocumented-features-of-vsa/" >Tweet</a>
-
-
- <div class="g-plusone" data-size="medium"></div>
-
-
- <div class="fb-like" data-send="true" data-width="450" data-show-faces="false"></div>
-
- </div>
-
- <p class="meta">
-
- <a class="basic-alignment left" href="/blog/2012/08/16/syntax-over-semantics/" title="Previous Post: Syntax over Semantics">« Syntax over Semantics</a>
-
-
- <a class="basic-alignment right" href="/blog/2012/09/17/thoughts-on-coq-and-isabelle-slash-hol/" title="Next Post: Thoughts on Coq and Isabelle/HOL">Thoughts on Coq and Isabelle/HOL »</a>
-
- </p>
- </footer>
- </article>
- <section>
- <h1>Comments</h1>
- <div id="disqus_thread" aria-live="polite"><noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
- </div>
- </section>
- </div>
- <aside class="sidebar">
-
- <section>
- <h1>Recent Posts</h1>
- <ul id="recent_posts">
-
- <li class="post">
- <a href="/blog/2014/02/28/foxfipdanet-on-mavericks/">FoxFi/PdaNet on Mavericks</a>
- </li>
-
- <li class="post">
- <a href="/blog/2013/05/16/experimental-methodology/">My Experimental Methodology</a>
- </li>
-
- <li class="post">
- <a href="/blog/2013/05/05/coming-to-a-bap-near-you/">Coming to a BAP near you</a>
- </li>
-
- <li class="post">
- <a href="/blog/2013/03/28/typechecking-fail/">Typechecking fail</a>
- </li>
-
- <li class="post">
- <a href="/blog/2013/02/27/bap-for-everyone/">BAP for everyone</a>
- </li>
-
- </ul>
- </section>
- <section>
- <h1>Latest Tweets</h1>
- <ul id="tweets">
- <li class="loading">Status updating...</li>
- </ul>
- <script type="text/javascript">
- $.domReady(function(){
- getTwitterFeed("edmcman", 4, false);
- });
- </script>
- <script src="/javascripts/twitter.js" type="text/javascript"> </script>
-
- <a href="http://twitter.com/edmcman" class="twitter-follow-button" data-show-count="false">Follow @edmcman</a>
-
- </section>
- <section class="googleplus">
- <h1>
- <a href="https://plus.google.com/101696516705586531824?rel=author">
- <img src="http://www.google.com/images/icons/ui/gprofile_button-32.png" width="32" height="32">
- Google+
- </a>
- </h1>
- </section>
-
- </aside>
- </div>
- </div>
- <footer role="contentinfo"><p>
- Copyright © 2014 - Ed Schwartz -
- <span class="credit">Powered by <a href="http://octopress.org">Octopress</a></span>
- </p>
- </footer>
-
- <script type="text/javascript">
- var disqus_shortname = 'edmcman';
-
-
- // var disqus_developer = 1;
- var disqus_identifier = 'http://edmcman.bitbucket.org/blog/2012/09/07/undocumented-features-of-vsa/';
- var disqus_url = 'http://edmcman.bitbucket.org/blog/2012/09/07/undocumented-features-of-vsa/';
- var disqus_script = 'embed.js';
-
- (function () {
- var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
- dsq.src = 'http://' + disqus_shortname + '.disqus.com/' + disqus_script;
- (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
- }());
- </script>
- <div id="fb-root"></div>
- <script>(function(d, s, id) {
- var js, fjs = d.getElementsByTagName(s)[0];
- if (d.getElementById(id)) {return;}
- js = d.createElement(s); js.id = id;
- js.src = "//connect.facebook.net/en_US/all.js#appId=212934732101925&xfbml=1";
- fjs.parentNode.insertBefore(js, fjs);
- }(document, 'script', 'facebook-jssdk'));</script>
- <script type="text/javascript">
- (function() {
- var script = document.createElement('script'); script.type = 'text/javascript'; script.async = true;
- script.src = 'https://apis.google.com/js/plusone.js';
- var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(script, s);
- })();
- </script>
- <script type="text/javascript">
- (function(){
- var twitterWidgets = document.createElement('script');
- twitterWidgets.type = 'text/javascript';
- twitterWidgets.async = true;
- twitterWidgets.src = 'http://platform.twitter.com/widgets.js';
- document.getElementsByTagName('head')[0].appendChild(twitterWidgets);
- })();
- </script>
- </body>
- </html>