Your search keyword '"Viswanathan, Mahesh"' showing total 15 results

1. Deciding Differential Privacy of Online Algorithms with Multiple Variables

Author

Chadha, Rohit, Sistla, A. Prasad, Viswanathan, Mahesh, and Bhusal, Bishnu

Subjects

Computer Science - Cryptography and Security, Computer Science - Formal Languages and Automata Theory, Computer Science - Logic in Computer Science, Computer Science - Programming Languages, D.2.4, F.3.1

Abstract

We consider the problem of checking the differential privacy of online randomized algorithms that process a stream of inputs and produce outputs corresponding to each input. This paper generalizes an automaton model called DiP automata (See arXiv:2104.14519) to describe such algorithms by allowing multiple real-valued storage variables. A DiP automaton is a parametric automaton whose behavior depends on the privacy budget $\epsilon$. An automaton $A$ will be said to be differentially private if, for some $\mathfrak{D}$, the automaton is $\mathfrak{D}\epsilon$-differentially private for all values of $\epsilon>0$. We identify a precise characterization of the class of all differentially private DiP automata. We show that the problem of determining if a given DiP automaton belongs to this class is PSPACE-complete. Our PSPACE algorithm also computes a value for $\mathfrak{D}$ when the given automaton is differentially private. The algorithm has been implemented, and experiments demonstrating its effectiveness are presented.

Published

2023

2. Sound Dynamic Deadlock Prediction in Linear Time

Author

Tunç, Hünkar Can, Mathur, Umang, Pavlogiannis, Andreas, and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Logic in Computer Science

Abstract

Deadlocks are one of the most notorious concurrency bugs, and significant research has focused on detecting them efficiently. Dynamic predictive analyses work by observing concurrent executions, and reason about alternative interleavings that can witness concurrency bugs. Such techniques offer scalability and sound bug reports, and have emerged as an effective approach for concurrency bug detection, such as data races. Effective dynamic deadlock prediction, however, has proven a challenging task, as no deadlock predictor currently meets the requirements of soundness, high-precision, and efficiency. In this paper, we first formally establish that this tradeoff is unavoidable, by showing that (a) sound and complete deadlock prediction is intractable, in general, and (b) even the seemingly simpler task of determining the presence of potential deadlocks, which often serve as unsound witnesses for actual predictable deadlocks, is intractable. The main contribution of this work is a new class of predictable deadlocks, called sync(hronization)-preserving deadlocks. Informally, these are deadlocks that can be predicted by reordering the observed execution while preserving the relative order of conflicting critical sections. We present two algorithms for sound deadlock prediction based on this notion. Our first algorithm SPDOffline detects all sync-preserving deadlocks, with running time that is linear per abstract deadlock pattern, a novel notion also introduced in this work. Our second algorithm SPDOnline predicts all sync-preserving deadlocks that involve two threads in a strictly online fashion, runs in overall linear time, and is better suited for a runtime monitoring setting. We implemented both our algorithms and evaluated their ability to perform offline and online deadlock-prediction on a large dataset of standard benchmarks.

Published

2023

3. On Linear Time Decidability of Differential Privacy for Programs with Unbounded Inputs

Author

Chadha, Rohit, Sistla, A. Prasad, and Viswanathan, Mahesh

Subjects

Computer Science - Cryptography and Security, Computer Science - Formal Languages and Automata Theory, Computer Science - Logic in Computer Science, Computer Science - Programming Languages

Abstract

We introduce an automata model for describing interesting classes of differential privacy mechanisms/algorithms that include known mechanisms from the literature. These automata can model algorithms whose inputs can be an unbounded sequence of real-valued query answers. We consider the problem of checking whether there exists a constant $d$ such that the algorithm described by these automata are $d\epsilon$-differentially private for all positive values of the privacy budget parameter $\epsilon$. We show that this problem can be decided in time linear in the automaton's size by identifying a necessary and sufficient condition on the underlying graph of the automaton. This paper's results are the first decidability results known for algorithms with an unbounded number of query answers taking values from the set of reals., Comment: An extended abstract to be published in 36th Annual IEEE Symposium on Logic in Computer Science (LICS 2021)

Published

2021

4. Deciding Accuracy of Differential Privacy Schemes

Author

Barthe, Gilles, Chadha, Rohit, Krogmeier, Paul, Sistla, A. Prasad, and Viswanathan, Mahesh

Subjects

Computer Science - Cryptography and Security, Computer Science - Programming Languages, F.3.1

Abstract

Differential privacy is a mathematical framework for developing statistical computations with provable guarantees of privacy and accuracy. In contrast to the privacy component of differential privacy, which has a clear mathematical and intuitive meaning, the accuracy component of differential privacy does not have a generally accepted definition; accuracy claims of differential privacy algorithms vary from algorithm to algorithm and are not instantiations of a general definition. We identify program discontinuity as a common theme in existing \emph{ad hoc} definitions and introduce an alternative notion of accuracy parametrized by, what we call, {\distance} -- the {\distance} of an input $x$ w.r.t., a deterministic computation $f$ and a distance $d$, is the minimal distance $d(x,y)$ over all $y$ such that $f(y)\neq f(x)$. We show that our notion of accuracy subsumes the definition used in theoretical computer science, and captures known accuracy claims for differential privacy algorithms. In fact, our general notion of accuracy helps us prove better claims in some cases. Next, we study the decidability of accuracy. We first show that accuracy is in general undecidable. Then, we define a non-trivial class of probabilistic computations for which accuracy is decidable (unconditionally, or assuming Schanuel's conjecture). We implement our decision procedure and experimentally evaluate the effectiveness of our approach for generating proofs or counterexamples of accuracy for common algorithms from the literature.

Published

2020

5. Optimal Prediction of Synchronization-Preserving Races

Author

Mathur, Umang, Pavlogiannis, Andreas, and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages

Abstract

Concurrent programs are notoriously hard to write correctly, as scheduling nondeterminism introduces subtle errors that are both hard to detect and to reproduce. The most common concurrency errors are (data) races, which occur when memory-conflicting actions are executed concurrently. Consequently, considerable effort has been made towards developing efficient techniques for race detection. The most common approach is dynamic race prediction: given an observed, race-free trace $\sigma$ of a concurrent program, the task is to decide whether events of $\sigma$ can be correctly reordered to a trace $\sigma^*$ that witnesses a race hidden in $\sigma$. In this work we introduce the notion of sync(hronization)-preserving races. A sync-preserving race occurs in $\sigma$ when there is a witness $\sigma^*$ in which synchronization operations (e.g., acquisition and release of locks) appear in the same order as in $\sigma$. This is a broad definition that strictly subsumes the famous notion of happens-before races. Our main results are as follows. First, we develop a sound and complete algorithm for predicting sync-preserving races. For moderate values of parameters like the number of threads, the algorithm runs in $\widetilde{O}(\mathcal{N})$ time and space, where $\mathcal{N}$ is the length of the trace $\sigma$. Second, we show that the problem has a $\Omega(\mathcal{N}/\log^2 \mathcal{N})$ space lower bound, and thus our algorithm is essentially time and space optimal. Third, we show that predicting races with even just a single reversal of two sync operations is $\operatorname{NP}$-complete and even $\operatorname{W}[1]$-hard when parameterized by the number of threads. Thus, sync-preservation characterizes exactly the tractability boundary of race prediction, and our algorithm is nearly optimal for the tractable side.

Published

2020

6. Atomicity Checking in Linear Time using Vector Clocks

Author

Mathur, Umang and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Software Engineering

Abstract

Multi-threaded programs are challenging to write. Developers often need to reason about a prohibitively large number of thread interleavings to reason about the behavior of software. A non-interference property like atomicity can reduce this interleaving space by ensuring that any execution is equivalent to an execution where all atomic blocks are executed serially. We consider the well studied notion of conflict serializability for dynamically checking atomicity. Existing algorithms detect violations of conflict serializability by detecting cycles in a graph of transactions observed in a given execution. The number of edges in such a graph can grow quadratically with the length of the trace making the analysis not scalable. In this paper, we present AeroDrome, a novel single pass linear time algorithm that uses vector clocks to detect violations of conflict serializability in an online setting. Experiments show that AeroDrome scales to traces with a large number of events with significant speedup.

Published

2020

7. What's Decidable About Program Verification Modulo Axioms?

Author

Mathur, Umang, Madhusudan, P., and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Logic in Computer Science

Abstract

We consider the decidability of the verification problem of programs \emph{modulo axioms} --- that is, verifying whether programs satisfy their assertions, when the functions and relations it uses are assumed to interpreted by arbitrary functions and relations that satisfy a set of first-order axioms. Unfortunately, verification of entirely uninterpreted programs (with the empty set of axioms) is already undecidable. A recent work introduced a subclass of \emph{coherent} uninterpreted programs, and showed that they admit decidable verification \cite{coherence2019}. We undertake a systematic study of various natural axioms for relations and functions, and study the decidability of the coherent verification problem. Axioms include relations being reflexive, symmetric, transitive, or total order relations, %and their combinations, functions restricted to being associative, idempotent or commutative, and combinations of such axioms as well. Our comprehensive results unearth a rich landscape that shows that though several axiom classes admit decidability for coherent programs, coherence is not a panacea as several others continue to be undecidable.

Published

2019

8. Decidable Synthesis of Programs with Uninterpreted Functions

Author

Krogmeier, Paul, Mathur, Umang, Murali, Adithya, Madhusudan, P., and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Formal Languages and Automata Theory, Computer Science - Logic in Computer Science

Abstract

We identify a decidable synthesis problem for a class of programs of unbounded size with conditionals and iteration that work over infinite data domains. The programs in our class use uninterpreted functions and relations, and abide by a restriction called coherence that was recently identified to yield decidable verification. We formulate a powerful grammar-restricted (syntax-guided) synthesis problem for coherent uninterpreted programs, and we show the problem to be decidable, identify its precise complexity, and also study several variants of the problem.

Published

2019

9. Deciding Differential Privacy for Programs with Finite Inputs and Outputs

Author

Barthe, Gilles, Chadha, Rohit, Jagannath, Vishal, Sistla, A. Prasad, and Viswanathan, Mahesh

Subjects

Computer Science - Cryptography and Security, Computer Science - Logic in Computer Science, Computer Science - Programming Languages

Abstract

Differential privacy is a de facto standard for statistical computations over databases that contain private data. The strength of differential privacy lies in a rigorous mathematical definition that guarantees individual privacy and yet allows for accurate statistical results. Thanks to its mathematical definition, differential privacy is also a natural target for formal analysis. A broad line of work uses logical methods for proving privacy. However, these methods are not complete, and only partially automated. A recent and complementary line of work uses statistical methods for finding privacy violations. However, the methods only provide statistical guarantees (but no proofs). We propose the first decision procedure for checking the differential privacy of a non-trivial class of probabilistic computations. Our procedure takes as input a program P parametrized by a privacy budget $\epsilon$, and either proves differential privacy for all possible values of $\epsilon$ or generates a counterexample. In addition, our procedure applies both to $\epsilon$-differential privacy and $(\epsilon,\delta)$-differential privacy. Technically, the decision procedure is based on a novel and judicious encoding of the semantics of programs in our class into a decidable fragment of the first-order theory of the reals with exponentiation. We implement our procedure and use it for (dis)proving privacy bounds for many well-known examples, including randomized response, histogram, report noisy max and sparse vector.

Published

2019

10. Deciding Memory Safety for Single-Pass Heap-Manipulating Programs

Author

Mathur, Umang, Murali, Adithya, Krogmeier, Paul, Madhusudan, P., and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Formal Languages and Automata Theory, Computer Science - Logic in Computer Science, Computer Science - Software Engineering

Abstract

We investigate the decidability of automatic program verification for programs that manipulate heaps, and in particular, decision procedures for proving memory safety for them. We extend recent work that identified a decidable subclass of uninterpreted programs to a class of alias-aware programs that can update maps. We apply this theory to develop verification algorithms for memory safety--- determining if a heap-manipulating program that allocates and frees memory locations and manipulates heap pointers does not dereference an unallocated memory location. We show that this problem is decidable when the initial allocated heap forms a forest data-structure and when programs are streaming-coherent, which intuitively restricts programs to make a single pass over a data-structure. Our experimental evaluation on a set of library routines that manipulate forest data-structures shows that common single-pass algorithms on data-structures often fall in the decidable class, and that our decision procedure is efficient in verifying them., Comment: StreamVerif tool for automata-based verification of uninterpreted programs can be found at https://github.com/umangm/streamverif

Published

2019

11. Decidable Verification of Uninterpreted Programs

Author

Mathur, Umang, Madhusudan, P., and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Formal Languages and Automata Theory, Computer Science - Logic in Computer Science

Abstract

We study the problem of completely automatically verifying uninterpreted programs---programs that work over arbitrary data models that provide an interpretation for the constants, functions and relations the program uses. The verification problem asks whether a given program satisfies a postcondition written using quantifier-free formulas with equality on the final state, with no loop invariants, contracts, etc. being provided. We show that this problem is undecidable in general. The main contribution of this paper is a subclass of programs, called coherent programs that admits decidable verification, and can be decided in PSPACE. We then extend this class of programs to classes of programs that are $k$-coherent, where $k \in \mathbb{N}$, obtained by (automatically) adding $k$ ghost variables and assignments that make them coherent. We also extend the decidability result to programs with recursive function calls and prove several undecidability results that show why our restrictions to obtain decidability seem necessary.

Published

2018

12. What Happens - After the First Race? Enhancing the Predictive Power of Happens - Before Based Dynamic Race Detection

Author

Mathur, Umang, Kini, Dileep, and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Software Engineering

Abstract

Dynamic race detection is the problem of determining if an observed program execution reveals the presence of a data race in a program. The classical approach to solving this problem is to detect if there is a pair of conflicting memory accesses that are unordered by Lamport's happens-before (HB) relation. HB based race detection is known to not report false positives, i.e., it is sound. However, the soundness guarantee of HB only promises that the first pair of unordered, conflicting events is a schedulable data race. That is, there can be pairs of HB-unordered conflicting data accesses that are not schedulable races because there is no reordering of the events of the execution, where the events in race can be executed immediately after each other. We introduce a new partial order, called schedulable happens-before (SHB) that exactly characterizes the pairs of schedulable data races --- every pair of conflicting data accesses that are identified by SHB can be scheduled, and every HB-race that can be scheduled is identified by SHB. Thus, the SHB partial order is truly sound. We present a linear time, vector clock algorithm to detect schedulable races using SHB. Our experiments demonstrate the value of our algorithm for dynamic race detection --- SHB incurs only little performance overhead and can scale to executions from real-world software applications without compromising soundness.

Published

2018

13. Data Race Detection on Compressed Traces

Author

Kini, Dileep, Mathur, Umang, and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Software Engineering

Abstract

We consider the problem of detecting data races in program traces that have been compressed using straight line programs (SLP), which are special context-free grammars that generate exactly one string, namely the trace that they represent. We consider two classical approaches to race detection --- using the happens-before relation and the lockset discipline. We present algorithms for both these methods that run in time that is linear in the size of the compressed, SLP representation. Typical program executions almost always exhibit patterns that lead to significant compression. Thus, our algorithms are expected to result in large speedups when compared with analyzing the uncompressed trace. Our experimental evaluation of these new algorithms on standard benchmarks confirms this observation.

Published

2018

14. A Decidable Fragment of Second Order Logic With Applications to Synthesis

Author

Madhusudan, P., Mathur, Umang, Saha, Shambwaditya, and Viswanathan, Mahesh

Subjects

Computer Science - Logic in Computer Science, Computer Science - Programming Languages

Abstract

We propose a fragment of many-sorted second order logic called EQSMT and show that checking satisfiability of sentences in this fragment is decidable. EQSMT formulae have an $\exists^*\forall^*$ quantifier prefix (over variables, functions and relations) making EQSMT conducive for modeling synthesis problems. Moreover, EQSMT allows reasoning using a combination of background theories provided that they have a decidable satisfiability problem for the $\exists^*\forall^*$ FO-fragment (e.g., linear arithmetic). Our decision procedure reduces the satisfiability of EQSMT formulae to satisfiability queries of $\exists^*\forall^*$ formulae of each individual background theory, allowing us to use existing efficient SMT solvers supporting $\exists^*\forall^*$ reasoning for these theories; hence our procedure can be seen as effectively quantified SMT (EQSMT) reasoning. Errata: We have modified the transformation step-2 (page 9) to correct for a slight error. Also, the description above Theorem 10 is different from the published version.

Published

2017

15. Dynamic Race Prediction in Linear Time

Author

Kini, Dileep, Mathur, Umang, and Viswanathan, Mahesh

Subjects

Computer Science - Programming Languages, Computer Science - Software Engineering, D.2.5, D.2.4

Abstract

Writing reliable concurrent software remains a huge challenge for today's programmers. Programmers rarely reason about their code by explicitly considering different possible inter-leavings of its execution. We consider the problem of detecting data races from individual executions in a sound manner. The classical approach to solving this problem has been to use Lamport's happens-before (HB) relation. Until now HB remains the only approach that runs in linear time. Previous efforts in improving over HB such as causally-precedes (CP) and maximal causal models fall short due to the fact that they are not implementable efficiently and hence have to compromise on their race detecting ability by limiting their techniques to bounded sized fragments of the execution. We present a new relation weak-causally-precedes (WCP) that is provably better than CP in terms of being able to detect more races, while still remaining sound. Moreover it admits a linear time algorithm which works on the entire execution without having to fragment it., Comment: 22 pages, 8 figures, 1 algorithm, 1 table

Published

2017