The COGENT Case for Property-Based Tes=ng
|
|
- Samuel Cody Harrison
- 5 years ago
- Views:
Transcription
1 The OGENT ase for Property-Based Tes=ng Zilin hen, Liam O'onnor, Gabriele Keller, Gerwin Klein and Gernot Heiser PLOS 17
2 What Is OGENT? Reduces the cost of formally verifying systems code Restricted, purely func=onal language Uniqueness type system ase-studies: BilbyFs, ext2, F2FS, VFAT equa=onal OGENT Abstract Spec (Isabelle/HOL) manual manual one-off generated automa=c O onnor et al., IFP 16! Amani et al., ASPLOS 16! ADTs 2
3 Manual Effort BilbyFs functions sync(), iget() and library Effort Isabelle LOP OGENT SLO ost $/SLO LOP/LO 9.25 pm 13,000 1, sync()-specific 3.75 pm 5, iget()-specific 1 pm 1, sel4 12 py 180,000 8, * BilbyFs: totally 4,200 lines of OGENT Amani et al., ASPLOS 16! 3
4 Original sel4 150 bugs Abstract Spec (Isabelle/HOL) 150 bugs Executabe Spec (Haskell derived) 1 week-end 150 bugs 2 weeks 4
5 Present sel4: New Features Abstract Spec (Isabelle/HOL) Executabe Spec (Haskell derived) Unit tests 5
6 Assurance Strength 1. Safe language 2. Unit tes=ng 3. Func=onal Model Property-based checking proof tes=ng 4. Func=onal Model checking proof 5. Func=onal proof Abstract Spec (Isabelle/HOL) an do in sequence orrect code easier to verify an stop anywhere Assurance cost tradeoff generated OGENT automa=c 6
7 What Is Property-Based Tes=ng (PBT)? sort :: [Int] -> [Int]! sort =...!! Input: [4,7,3,5,0] Expected: [0,3,4,5,7]!! Unit tes=ng: Feed in specified inputs ompare outputs to expected prop_length: xs. length xs == length (sort xs)!! prop_elem: xs, x. x xs ==> x (sort xs)!! prop_sorted: {xs length xs >= 2}, i [0..length xs - 2].! (sort xs)!!i <= (sort xs)!!(i+1)!! prop_lib: xs. sort xs == List.sort xs! Property-based tes=ng: Generate random (but biased) inputs Run un=l viola=on found 7
8 OGENT: PBT-ing vs Verifying PBT overhead minimal if verifying anyway Both need (formal) specifica=on Both need (formal) proper=es OGENT total, determinis=c, purely func=onal language Good match to Isabelle & func=onal verifica=on PBT: find bugs early (spec, proper=es, implementa=on) PBT: lightweight and agile alterna=ve to formal proofs PBT and formal verifica=on support each other! 8
9 What Do We Prove? Func=onal correctness: a refinement statement from an abstract specifica=on Defini=on (refinement): Program refines A, if!!!a!. Refinement rela=on R that relates abstract and concrete states Data refinement (informally): de Roever and Engelhardt, 1998! 9
10 K J Proving Refinement To prove data refinement (by simula=on): R; JconcK JabsK; R abs OGENT: purely func=onal, determinis=c, total Refinement statement: abs : X a Y a and conc : X c Y c R X i a i c o a abs i a. R Y o a (conc i c ) (1) corres R a c! o a. R o c abs R X i a i c corres R Y (abs i a ) (conc i c ) (2) R conc R orem like this for each o 10
11 How To Test Refinement R X i a i c corres R Y (abs i a ) (conc i c ) Encode these proper=es as machine-testable specifica=ons Quickheck library in Haskell laessen and Hughes, IFP 00! test data genera=on control distribu=on, sa=sfy invariants combinators in the specifica=on language: forall, (==>), (.&.), (.&&.), (..), etc. counter-example shrinking 11
12 Quickheck Architecture Abstract Spec Embedding (Executable Spec) Generated Manual Semi-Automatic Executable Spec Isabelle/HOL Haskell OGENT Tests Tests Embeddings (ogent) Embedding (Functional ADTs ) ogent Functional ADTs compiled FFI Tests Embeddings () Embedding ( ADTs) ADTs 12
13 Modular Tes=ng Abstract Spec Generated Manual Semi-Automatic Isabelle/HOL Haskell OGENT Embedding (Executable Spec) Executable Spec Embeddings (ogent) Embedding (Functional ADTs ) Tests ogent Tests Functional ADTs compiled FFI Test s Embeddings () Embedding ( ADTs) ADTs 13
14 Modular Tes=ng Abstract Spec Generated Manual Semi-Automatic Isabelle/HOL Haskell OGENT Embedding (Executable Spec) Executable Spec Embeddings (ogent) Embedding (Functional ADTs ) Tests ogent Tests Functional ADTs compiled FFI Test s Embeddings () Embedding ( ADTs) ADTs 14
15 Example data MountState! data FsmState! hs_fsm_init :: (MountState, FsmState)! -> ogent_monad (Either Errode FsmState)! fsm_init : (SysState, MountState!, FsmState take (..))! -> RR SysState FsmState (Errode, FsmState take(..))! cogent_fsm_init :: t21 -> IO t24!! foreign import ccall unsafe "ffi_fsm_init"! c_fsm_init :: Ptr FFI.t21 -> IO (Ptr FFI.t24)! 15 t24* ffi_fsm_init (t21* a1);! t24 fsm_init (t21 a1);! data t21! data t24! 15
16 Example hs_fsm_init :: (MountState, FsmState)! -> ogent_monad (Either Errode FsmState)! a2c_i ::(MountState, FsmState) -> IO t21! rel_o :: Either Errode FsmState -> t24 -> IO Bool! Refines gen_mountstate :: Gen MountState! gen_fsmstate :: Gen FsmState! $ghci > quickheck prop_fsm_init_corres! R X i a i c corres R Y (abs i a ) (conc i c ) +++ OK, passed 100 tests.! prop_fsm_init_corres = monadicio $! forallm gen_mountstate $ \mount_st ->! forallm gen_fsmstate $ \fsm_st -> run $ do! let ia = (mount_st, fsm_st)! ic <- a2c_i ia! oa <- return $ hs_fsm_init (mount_st, fsm_st)! oc <- cogent_fsm_init ic! corresm rel_o oa oc! cogent_fsm_init :: t21 -> IO t24! 16
17 More In The Paper The OGENT ase for Property-Based Testing ract Zilin hen Liam O onnor Gabriele Keller Gerwin Klein Gernot Heiser Data61 and UNSW, Australia first.last@data61.csiro.au 17
18 Future Work More automa=on Glue code between Haskell and Refinement statements R X i a i c corres R Y (abs i a ) (conc i c ) Refinement rela=ons R X, R Y with domain-specific knowledge Isabelle theorems Test results vs. theorem proving in Isabelle Test data generators and shrinking algorithms David R. MacIver, 2016! Jacob Stanley, 2017! Tes=ng kernel modules Full case-studies 18
19 Thank you Trustworthy Systems Gernot Heiser e gernot.heiser@data61.csiro.au w hpp://trustworthy.systems OGENT Project ts.data61.csiro.au/projects/ts/cogent.pml
Towards a Practical, Verified Kernel
Towards a Practical, Verified Kernel Kevin Elphinstone and Gerwin Klein, National ICT Australia and the University of New South Wales Philip Derrin, National ICT Australia Timothy Roscoe, ETH Zürich Gernot
More informationGerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch Simon Winwood 1 microkernel
More informationTesting. Wouter Swierstra and Alejandro Serrano. Advanced functional programming - Lecture 2. [Faculty of Science Information and Computing Sciences]
Testing Advanced functional programming - Lecture 2 Wouter Swierstra and Alejandro Serrano 1 Program Correctness 2 Testing and correctness When is a program correct? 3 Testing and correctness When is a
More informationTrickle: Automated Infeasible Path
Trickle: Automated Infeasible Path Detection Using All Minimal Unsatisfiable Subsets Bernard Blackham, Mark Liffiton, Gernot Heiser School of Computer Science & Engineering, UNSW Software Systems Research
More informationCISC327 - So*ware Quality Assurance
CISC327 - So*ware Quality Assurance Lecture 8 Introduc
More informationSoftware System Design and Implementation
Software System Design and Implementation Property-based Testing Gabriele Keller The University of New South Wales School of Computer Science and Engineering Sydney, Australia COMP3141 17s1 Testing in
More informationTurning proof assistants into programming assistants
Turning proof assistants into programming assistants ST Winter Meeting, 3 Feb 2015 Magnus Myréen Why? Why combine proof- and programming assistants? Why proofs? Testing cannot show absence of bugs. Some
More informationTranslation Validation for a Verified OS Kernel
To appear in PLDI 13 Translation Validation for a Verified OS Kernel Thomas Sewell 1, Magnus Myreen 2, Gerwin Klein 1 1 NICTA, Australia 2 University of Cambridge, UK L4.verified sel4 = a formally verified
More informationProofs about Programs
Proofs about Programs Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions & Postconditions Program Verification Assignment Statements Conditional Statements Loops Composition
More informationSec$on 2: Specifica)on, ADTs, RI WITH MATERIAL FROM MANY
Sec$on 2: Specifica)on, ADTs, RI WITH MATERIAL FROM MANY Agenda Announcements HW1: due today at 23:59 pm Don t forget to commit/push your changes THIS INCLUDES TAGGING YOUR FINAL VERSION Abstract data
More informationUnit- and Sequence Test Generation with HOL-TestGen
Unit- and Sequence Test Generation with HOL-TestGen Tests et Methodes Formelles Prof. Burkhart Wolff Univ - Paris-Sud / LRI 16.6.2015 B.Wolff - HOL-TestGen 1 Overview HOL-TestGen and its Business-Case
More informationCOMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka
COMP 4161 Data61 Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka 1 COMP4161 c Data61, CSIRO: provided under Creative Commons Attribution
More informationHaskell Introduction Lists Other Structures Data Structures. Haskell Introduction. Mark Snyder
Outline 1 2 3 4 What is Haskell? Haskell is a functional programming language. Characteristics functional non-strict ( lazy ) pure (no side effects*) strongly statically typed available compiled and interpreted
More informationPush-button verification of Files Systems via Crash Refinement
Push-button verification of Files Systems via Crash Refinement Verification Primer Behavioral Specification and implementation are both programs Equivalence check proves the functional correctness Hoare
More informationCOSC 310: So*ware Engineering. Dr. Bowen Hui University of Bri>sh Columbia Okanagan
COSC 310: So*ware Engineering Dr. Bowen Hui University of Bri>sh Columbia Okanagan 1 Admin A2 is up Don t forget to keep doing peer evalua>ons Deadline can be extended but shortens A3 >meframe Labs This
More informationFile Systems Deserve Verification Too!
File Systems Deserve Verification Too! Gabriele Keller 1 2 Toby Murray 1 2 Sidney Amani 1 2 Liam O Connor 1 2 Zilin Chen 1 2 Leonid Ryzhyk 1 2 3 Gerwin Klein 1 2 Gernot Heiser 1 2 1 NICTA, Sydney, Australia
More informationHPCSoC Modeling and Simulation Implications
Department Name (View Master > Edit Slide 1) HPCSoC Modeling and Simulation Implications (Sharing three concerns from an academic research user perspective using free, open tools. Solutions left to the
More informationReview. Asser%ons. Some Per%nent Ques%ons. Asser%ons. Page 1. Automated Tes%ng. Path- Based Tes%ng. But s%ll need to look at execu%on results
Review Asser%ons Computer Science 521-621 Fall 2011 Prof. L. J. Osterweil Material adapted from slides originally prepared by Prof. L. A. Clarke Dynamic Tes%ng Execute program on real data and compare
More informationCISC327 - So*ware Quality Assurance. Lecture 13 Black Box Unit
CISC327 - So*ware Quality Assurance Lecture 13 Black Box Unit Tes@ng Black Box Unit Tes@ng Black box method tes@ng Test harnesses Role of code- level specifica@ons (asser@ons) Automa@ng black box unit
More informationAutoma'c Test Genera'on
Automa'c Test Genera'on First, about Purify Paper about Purify (and PurifyPlus) posted How do you monitor reads and writes: insert statements before and a?er reads, writes in code can s'll be done with
More informationCOMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein
COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion
More informationCISC327 - So*ware Quality Assurance
CISC327 - So*ware Quality Assurance Lecture 12 Black Box Tes?ng CISC327-2003 2017 J.R. Cordy, S. Grant, J.S. Bradbury, J. Dunfield Black Box Tes?ng Outline Last?me we con?nued with black box tes?ng and
More informationMo;va;on. Program Equivalence. Performance. Goal. More Pain, More Gain 10/27/15. Program Equivalence. (slides due to Rahul Sharma)
Mo;va;on Program Equivalence Verifica/on is specifica/on- limited We need specifica/ons to verifica/on And specifica/ons are hard to come by (slides due to Rahul Sharma) Much research focuses on well-
More informationSoftware System Design and Implementation
Software System Design and Implementation Motivation & Introduction Gabriele Keller (Manuel M. T. Chakravarty) The University of New South Wales School of Computer Science and Engineering Sydney, Australia
More informationFunctional Programming in Hardware Design
Functional Programming in Hardware Design Tomasz Wegrzanowski Saarland University Tomasz.Wegrzanowski@gmail.com 1 Introduction According to the Moore s law, hardware complexity grows exponentially, doubling
More informationSQLite with a Fine-Toothed Comb. John Regehr Trust-in-So1 / University of Utah
SQLite with a Fine-Toothed Comb John Regehr Trust-in-So1 / University of Utah Feasible states for a system we care about No execu
More informationProvably Correct Software
Provably Correct Software Max Schäfer Institute of Information Science/Academia Sinica September 17, 2007 1 / 48 The Need for Provably Correct Software BUT bugs are annoying, embarrassing, and cost gazillions
More informationCISC327 - So*ware Quality Assurance
CISC327 - So*ware Quality Assurance Lecture 12 Black Box Tes?ng CISC327-2003 2017 J.R. Cordy, S. Grant, J.S. Bradbury, J. Dunfield Black Box Tes?ng Outline Last?me we con?nued with black box tes?ng and
More informationSAFE HASKELL. David Terei David Mazières. Simon Marlow Simon Peyton Jones
SAFE HASKELL David Terei David Mazières Stanford University Simon Marlow Simon Peyton Jones Microsoft Research MOTIVATION Haskell is a great language for building secure systems in: Information flow control
More informationF.P. Brooks, No Silver Bullet: Essence and Accidents of Software Engineering CIS 422
The hardest single part of building a software system is deciding precisely what to build. No other part of the conceptual work is as difficult as establishing the detailed technical requirements...no
More informationMore Course Overview: Models, Tests, Bugs, and Symbols
Some logis@cs More Course Overview: Models, Tests, Bugs, and Symbols Everyone who wants to be registered is, right? Homework 1 will be posted tonight or tomorrow Due September 29, by 9 AM on moodle Requires
More informationPush-Button Verification of File Systems
1 / 24 Push-Button Verification of File Systems via Crash Refinement Helgi Sigurbjarnarson, James Bornholt, Emina Torlak, Xi Wang University of Washington 2 / 24 File systems are hard to get right Complex
More informationOrganisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course
Organisatorials COMP 4161 NICTA Advanced Course When Tue 9:00 10:30 Thu 9:00 10:30 Where Tue: Law 163 (F8-163) Thu: Australian School Business 205 (E12-205) Advanced Topics in Software Verification Rafal
More informationHyperkernel: Push-Button Verification of an OS Kernel
Hyperkernel: Push-Button Verification of an OS Kernel Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang The OS Kernel is a critical component Essential
More informationPush-Button Verification of File Systems
1 / 25 Push-Button Verification of File Systems via Crash Refinement Helgi Sigurbjarnarson, James Bornholt, Emina Torlak, Xi Wang University of Washington October 26, 2016 2 / 25 File systems are hard
More informationImproving Interrupt Response Time in a Verifiable Protected Microkernel
Improving Interrupt Response Time in a Verifiable Protected Microkernel Bernard Blackham Yao Shi Gernot Heiser The University of New South Wales & NICTA, Sydney, Australia EuroSys 2012 Motivation The desire
More informationProperty-Based Testing for Coq. Cătălin Hrițcu
Property-Based Testing for Coq Cătălin Hrițcu Prosecco Reading Group - Friday, November 29, 2013 The own itch I m trying to scratch hard to devise correct safety and security enforcement mechanisms (static
More informationModules and Representa/on Invariants
Modules and Representa/on Invariants COS 326 David Walker Princeton University slides copyright 2017 David Walker permission granted to reuse these slides for non-commercial educa/onal purposes LAST TIME
More informationOutline. Pointers arithme.c and others Func.ons & pointers
Pointers II 1 Outline Pointers arithme.c and others Func.ons & pointers 2 Pointer Arithme/c When you add to or subtract from a pointer, the amount by which you do that is mul/plied by the size of the type
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationQCon London An Introduction to Property Based Testing. Aaron Bedra Chief Security Officer,
QCon London 2016 An Introduction to Property Based Testing Aaron Bedra Chief Security Officer, Eligible @abedra Why do we test? To better understand what we are building To help us think deeper about what
More informationLYREBIRD David Cock
davec@cse.unsw.edu.aullyrebird LYREBIRD David Cock λ What is the Motivation? Program proof is important, but there s more to do. NICTA Copyright c 2011 From Imagination to Impact 2 What is the Motivation?
More informationOutline. Introduction Concepts and terminology The case for static typing. Implementing a static type system Basic typing relations Adding context
Types 1 / 15 Outline Introduction Concepts and terminology The case for static typing Implementing a static type system Basic typing relations Adding context 2 / 15 Types and type errors Type: a set of
More informationRuntime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
More informationAdvanced Type System Features Tom Schrijvers. Leuven Haskell User Group
Advanced Type System Features Tom Schrijvers Leuven Haskell User Group Data Recursion Genericity Schemes Expression Problem Monads GADTs DSLs Type Type Families Classes Lists and Effect Free Other Handlers
More informationFeature- Oriented Programming with Family Polymorphism
Feature- Oriented Programming with Family Polymorphism Fuminobu Takeyama Shigeru Chiba Tokyo Ins@tute of Technology 2012/03/25 Feature- Oriented Programming with Family Polymorphism 1 /24 Feature- oriented
More informationSide Effects (3B) Young Won Lim 11/20/17
Side Effects (3B) Copyright (c) 2016-2017 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later
More informationThe Vampire Theorem Prover. Krystof Hoder Andrei Voronkov
The Vampire Theorem Prover Krystof Hoder Andrei Voronkov Automated First- Order Automated we do not rely on user interac@on can be used a black- box by other tools Theorem Proving Automated First- Order
More informationSchool of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne
Principles of Dependable Systems Building Reliable Software School of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne Winter 2006-2007 Outline Class Projects: mtgs next week
More informationMechanised Separation Algebra
Mechanised Separation Algebra Gerwin Klein, Rafal Kolanski, and Andrew Boyton 1 NICTA, Sydney, Australia 2 School of Computer Science and Engineering, UNSW, Sydney, Australia {first-name.last-name}@nicta.com.au
More informationFrom Types to Contracts
From Types to Contracts head [] = BAD head (x:xs) = x head :: [a] -> a (head 1) Bug! Type BAD means should not happen: crash null :: [a] - > Bool null [] = True null (x:xs) = False head {xs not (null xs)}
More informationpicoq: Parallel Regression Proving for Large-Scale Verification Projects
picoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog, Ahmet Celik, and Milos Gligoric The University of Texas at Austin, USA 1 / 29 Introduction Verification Using Proof
More informationModifying an Exis.ng Commercial Product for Cryptographic Module Evalua.on
Modifying an Exis.ng Commercial Product for Cryptographic Module Evalua.on ICMC16 O?awa, Canada 18-20 May 2016 Presented by Alan Gornall Introduc.on I provide cer.fica.on support to my clients: compliance
More informationPrograms and Proofs in Isabelle/HOL
Programs and Proofs in Isabelle/HOL Makarius Wenzel http://sketis.net March 2016 = Isabelle λ β α Introduction What is Isabelle? Hanabusa Itcho : Blind monks examining an elephant Introduction 2 History:
More informationAdvances in Programming Languages
T O Y H Advances in Programming Languages APL4: JML The Java Modeling Language David Aspinall (slides originally by Ian Stark) School of Informatics The University of Edinburgh Thursday 21 January 2010
More informationcsc444h: so(ware engineering I matt medland
csc444h: so(ware engineering I matt medland matt@cs.utoronto.ca http://www.cs.utoronto.ca/~matt/csc444 tes2ng top- 10 infrastructure source code control including other types of testing reproducible builds
More informationA Certified Reduction Strategy for Homological Image Processing
A Certified Reduction Strategy for Homological Image Processing M. Poza, C. Domínguez, J. Heras, and J. Rubio Department of Mathematics and Computer Science, University of La Rioja 19 September 2014 PROLE
More informationsel4: Formal Verification of an Operating-System Kernel
sel4: Formal Verification of an Operating-System Kernel Gerwin Klein 1,2, June Andronick 1,2, Kevin Elphinstone 1,2, Gernot Heiser 1,2,3 David Cock 1, Philip Derrin 1, Dhammika Elkaduwe 1,2, Kai Engelhardt
More informationType Theory meets Effects. Greg Morrisett
Type Theory meets Effects Greg Morrisett A Famous Phrase: Well typed programs won t go wrong. 1. Describe abstract machine: M ::= 2. Give transition relation: M 1 M 2
More informationRethinking Automated Theorem Provers?
Rethinking Automated Theorem Provers? David J. Pearce School of Engineering and Computer Science Victoria University of Wellington @WhileyDave http://whiley.org http://github.com/whiley Background Verification:
More informationTaken Out of Context: Language Theoretic Security & Potential Applications for ICS
Taken Out of Context: Language Theoretic Security & Potential Applications for ICS Darren Highfill, UtiliSec Sergey Bratus, Dartmouth Meredith Patterson, Upstanding Hackers 1 darren@utilisec.com sergey@cs.dartmouth.edu
More informationTowards Provably Secure and Correct Systems. Avik Chaudhuri
Towards Provably Secure and Correct Systems Avik Chaudhuri Systems we rely on Opera
More informationGetting Started with AutoCorres
Getting Started with AutoCorres Japheth Lim Rohan Jacob-Rao David Greenaway September 10, 2018 Contents 1 Introduction 2 2 A First Proof with AutoCorres 2 2.1 Two simple functions: min and max...............
More informationCS 267: Automated Verification. Lecture 18, Part 2: Data Model Analysis for Web Applications. Instructor: Tevfik Bultan
CS 267: Automated Verification Lecture 18, Part 2: Data Model Analysis for Web Applications Instructor: Tevfik Bultan Web Application Depability 2 Web Application Depability 3 Web Application Depability
More informationLecture Outline. Type systems and their expressiveness. Type Checking in COOL (II) Type checking with SELF_TYPE in COOL
Lecture Outline Type systems and their expressiveness Type Checking in COOL (II) Lecture 10 Type checking with SELF_TYPE in COOL Error recovery in semantic analysis Prof. Aiken CS 143 Lecture 10 1 Prof.
More informationDiscrete Processes
FRTN20 Market-Driven Systems Marknadsstyrda System FRTN20 Lecture 2: Discrete Produc@on 1 Discrete Produc@on Processes General Characteris@cs of discrete produc@on processes: Discon@nuous produc@on of
More informationProgramming Languages
: Winter 2010 Principles of Programming Languages Lecture 1: Welcome, etc. Ranjit Jhala UC San Diego Computation & Interaction Precisely expressed by PL Dependence means need for analysis Safety Security
More informationSpecifications. Prof. Clarkson Fall Today s music: Nice to know you by Incubus
Specifications Prof. Clarkson Fall 2015 Today s music: Nice to know you by Incubus Question Would you like a tiny bonus to your final grade for being here on time today? A. Yes B. Sí C. Hai D. Haan E.
More informationAdvanced Programming Methods. Introduction in program analysis
Advanced Programming Methods Introduction in program analysis What is Program Analysis? Very broad topic, but generally speaking, automated analysis of program behavior Program analysis is about developing
More informationLecture 2. White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2)
Lecture 2 White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2) White- box Tes2ng (aka. Glass- box or structural tes2ng) An error may exist at one (or more) loca2on(s) Line numbers
More informationWhat were his cri+cisms? Classical Methodologies:
1 2 Classifica+on In this scheme there are several methodologies, such as Process- oriented, Blended, Object Oriented, Rapid development, People oriented and Organisa+onal oriented. According to David
More informationλ calculus is inconsistent
Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles
More informationTypes. Type checking. Why Do We Need Type Systems? Types and Operations. What is a type? Consensus
Types Type checking What is a type? The notion varies from language to language Consensus A set of values A set of operations on those values Classes are one instantiation of the modern notion of type
More informationA Simpl Shortest Path Checker Verification
A Simpl Shortest Path Checker Verification Christine Rizkallah Max-Planck-Institut für Informatik, Saarbrücken, Germany Abstract. Verification of complex algorithms with current verification tools in reasonable
More informationSept 26, 2016 Sprenkle - CSCI Documentation is a love letter that you write to your future self. Damian Conway
Objec,ves Javadocs Inheritance Ø Final methods, fields Abstract Classes Interfaces Sept 26, 2016 Sprenkle - CSCI209 1 JAVADOCS Documentation is a love letter that you write to your future self. Damian
More information4 Data refinement of representation of a file 4
Data refinement of representation of a file Karen Zee and Viktor Kuncak June 30, 2010 Abstract This document illustrates the verification of basic file operations (file creation, file read and file write)
More informationQuickCheck, SmallCheck & Reach: Automated Testing in Haskell. Tom Shackell
QuickCheck, SmallCheck & Reach: Automated Testing in Haskell By Tom Shackell A Brief Introduction to Haskell Haskell is a purely functional language. Based on the idea of evaluation of mathematical functions
More informationTitan: A System Programming Language made for Lua
Titan: A System Programming Language made for Lua Hugo Musso Gualandi, PUC-Rio in collaboration with André Maidl, Fabio Mascarenhas, Gabriel Ligneul and Hisham Muhammad Part 1: Why Titan We started out
More informationModules and Representation Invariants
Modules and Representation Invariants COS 326 Andrew W. Appel Princeton University slides copyright 2013-2015 David Walker and Andrew W. Appel In previous classes: Reasoning about individual OCaml expressions.
More informationIA014: Advanced Functional Programming
IA014: Advanced Functional Programming 8. GADT Generalized Algebraic Data Types (and type extensions) Jan Obdržálek obdrzalek@fi.muni.cz Faculty of Informatics, Masaryk University, Brno Motivation IA014
More informationComprehensive Formal Verification of an OS Microkernel
Comprehensive Formal Verification of an OS Microkernel GERWIN KLEIN, JUNE ANDRONICK, KEVIN ELPHINSTONE, TOBY MURRAY, THOMAS SEWELL, RAFAL KOLANSKI, and GERNOT HEISER, NICTA and UNSW, Sydney, Australia
More informationVerification of the GCC-generated binary of the sel4 microkernel
EROPY 2018 (Eabling Rust through Os Proofs...and beyond), rance Verification of the G-generated binary of the sel4 microkernel homas Sewell 1, Magnus Myreen 2, Gerwin Klein 1 the clever PhD student who
More informationLearning- Based So/ware Tes2ng: a Tutorial. K. Meinke, F. Niu, M. Sindhu KTH Royal Ins2tute of Technology Stockholm, Sweden
Learning- Based So/ware Tes2ng: a Tutorial K. Meinke, F. Niu, M. Sindhu KTH Royal Ins2tute of Technology Stockholm, Sweden 0. Overview of Talk 1. Specifica2on- based Black- box Tes2ng 2. Learning- based
More informationFormalization of Incremental Simplex Algorithm by Stepwise Refinement
Formalization of Incremental Simplex Algorithm by Stepwise Refinement Mirko Spasić, Filip Marić Faculty of Mathematics, University of Belgrade FM2012, 30. August 2012. Overview 1 Introduction 2 Approach
More informationSide Effects (3B) Young Won Lim 11/23/17
Side Effects (3B) Copyright (c) 2016-2017 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later
More informationApproach starts with GEN and KILL sets
b -Advanced-DFA Review of Data Flow Analysis State Propaga+on Computer Science 5-6 Fall Prof. L. J. Osterweil Material adapted from slides originally prepared by Prof. L. A. Clarke A technique for determining
More informationGuarded Operations, Refinement and Simulation
Guarded Operations, Refinement and Simulation Steve Reeves and David Streader Department of Computer Science University of Waikato Hamilton, New Zealand stever,dstr@cs.waikato.ac.nz Abstract Simulation
More informationAlterna(ve Architectures
Alterna(ve Architectures COMS W4118 Prof. Kaustubh R. Joshi krj@cs.columbia.edu hep://www.cs.columbia.edu/~krj/os References: Opera(ng Systems Concepts (9e), Linux Kernel Development, previous W4118s Copyright
More informationSide Effects (3B) Young Won Lim 11/27/17
Side Effects (3B) Copyright (c) 2016-2017 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later
More informationSynthesizing Data- Structure Manipula5ons with Natural Proofs
Synthesizing Data- Structure Manipula5ons with Natural Proofs Xiaokang Qiu (Joint work with Armando Solar- Lezama) Program Synthesis Building Reliable SoHware Program Verification Constraint Solving (Verifica5on
More informationExtended Static Checking for Haskell (ESC/Haskell)
Extended Static Checking for Haskell (ESC/Haskell) Dana N. Xu University of Cambridge advised by Simon Peyton Jones Microsoft Research, Cambridge Program Errors Give Headache! Module UserPgm where f ::
More informationSoftware System Design and Implementation
Software System Design and Implementation Admin & Motivation & Some History Gabriele Keller Admin: Liam O Connor-Davies The University of New South Wales School of Computer Science and Engineering Sydney,
More informationBioinforma)cs Resources - NoSQL -
Bioinforma)cs Resources - NoSQL - Lecture & Exercises Prof. B. Rost, Dr. L. Richter, J. Reeb Ins)tut für Informa)k I12 Short SQL Recap schema typed data tables defined layout space consump)on is computable
More informationESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen
ESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen Erik Poll - JML p.1/19 Extended static checker for Java ESC/Java by Rustan Leino et.al. Extension ESC/Java2 by David Cok
More informationBackground. From my PhD (2009): Verified Lisp interpreter in ARM, x86 and PowerPC machine code
Certification of high-level and low-level programs, IHP, Paris, 2014 CakeML A verified implementation of ML Ramana Kumar Magnus Myreen Michael Norrish Scott Owens Background From my PhD (2009): Verified
More informationLambda Calculus and Type Inference
Lambda Calculus and Type Inference Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ October 13, 2004 Lambda Calculus and Type
More informationInformatics 1 Functional Programming Lecture 12. Data Abstraction. Don Sannella University of Edinburgh
Informatics 1 Functional Programming Lecture 12 Data Abstraction Don Sannella University of Edinburgh Part I Sets as lists without abstraction We will look again at our four ways of implementing sets.
More informationProgramming Languages and Techniques (CIS120)
Programming Languages and Techniques (CIS120) Lecture 20 Feb 29, 2012 Transi@on to Java II DON T PANIC Smoothing the transi@on Eclipse set- up instruc@ons in lab today/tomorrow First Java homework assignment
More informationLecture 7. Advanced Topics in Tes3ng
Lecture 7 Advanced Topics in Tes3ng Muta3on Tes3ng Muta3on tes3ng concerns evalua3ng test suites for their inherent quality, i.e. ability to reveal errors. Need an objec3ve method to determine quality
More informationLecture 2. White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2)
Lecture 2 White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2) White- box Tes2ng (aka. Glass- box or structural tes2ng) An error may exist at one (or more) loca2on(s) Line numbers
More information