Verification and Validation
|
|
- Jemima Fields
- 5 years ago
- Views:
Transcription
1 Verification and Validation Part I : Extended Static Analysis Burkhart Wolff Département Informatique Université Paris-Sud / Orsay
2 Static Analysis! We have seen test methods, and proof methods. What else?! Broader term: Static Analysis all techniques that can be done before running and deploying a program; Test generation and symbolic execution methods were classic static checking 19/11/14 B. Wolff - GLA - Static Analysis I 2
3 Static Analysis! Static Analysis : What else? " type checking; simple type; HO-types as in ML; OCaml; Scala (and now even in SWIFT and Java!). Effect types, dependent types, " compiler goodies: Variable initialization; Data-Flow Anomaly -criteria (Whitebox II, 20); Dead Code, Style Patterns... 19/11/14 B. Wolff - GLA - Static Analysis I 3
4 Static Analysis! Static Analysis : What else? " the classic compiler goodies: Lint, Checkstyle -> C FindBugs, PMD -> Java CppCheck -> C++ Splint -> C FxCop, StyleCop -> C# Type Checking; DF-Anomalies; MISRA-C Style Rules checking; dead code, duplicated code, Bad Smells 19/11/14 B. Wolff - GLA - Static Analysis I 4
5 Static Analysis! Static Analysis : What else? " modern targets for compiler-goodies Buffer-Overflow Attacks (SAGE) Memory Leaks (memcheck by Valgrind) Race Conditions (non-synced concurrent access to a resource; SLAM) Dead-locks (SLAM, SDV, FDR) Termination checker... Strong time-bounds (Absynt) 19/11/14 B. Wolff - GLA - Static Analysis I 5
6 Static Analysis : A first Summary! Lots of Methods with the same Goal: More automation, better prediction of real errors (i.e. less false-positives) better explanation of real errors (very difficult) less constraints on the supported language subset ( real C, real Java) trend to dirty languages such as JavaScript 19/11/14 B. Wolff - GLA - Static Analysis I 6
7 Static Analysis : A first Summary! Modern Static Analysis Methods are typically a combination of the following techniques " Data-Flow, Control-flow, Patterns, ( Classics ) " Symbolic Execution ( forward analysis ) " Deductive Verification (wp like, backw. ana. ) " Model-Checking " Abstract Interpretation " Predicate Abstraction, " Interpolant Construction 19/11/14 B. Wolff - GLA - Static Analysis I 7
8 Static Analysis : A first Summary! Modern Static Analysis Methods are typically a combination of the following techniques " Data-Flow, Control-flow, Patterns, ( Classics ) " Symbolic Execution ( forward analysis ) " Deductive Verification (wp like, backw. ana. ) " Model-Checking " Abstract Interpretation " Predicate Abstraction, " Interpolant Construction 19/11/14 B. Wolff - GLA - Static Analysis I 8
9 Static Analysis : A first Summary! Modern Static Analysis Methods are typically a combination of the following techniques " Data-Flow, Control-flow, Patterns, ( Classics ) " Symbolic Execution ( forward analysis ) " Deductive Verification (wp like, backw. ana. ) " Model-Checking } " Abstract Interpretation Strong Point: Has some form of " Predicate Abstraction, Invariant Generation " Interpolant Construction 19/11/14 B. Wolff - GLA - Static Analysis I 9
10 An Example for an Extended Static Checking Method: SAL Annotations! SAL1.0 introduced by Microsoft in VisualStudio 2005, SAL2.0 introduced in VisualStudio 2012 (so: you can buy it!) heavily used in Windows 8 development, particular versions were applied (and are mandatory) for Driver Code ( SAL is a pre-post-invariant C annotation language restricted to the management of ressources, so " valid memory, " In, Out, non-null-ness of parameters, " parameter ranges, and " locks and locking behavior. 19/11/14 B. Wolff - GLA - Static Analysis I 10
11 An Example for an extended Static Checking Method: SAL Annotations! SAL is a pre-post-invariant C annotation language. Technically: " Syntax: A collection of C-preprocessor macros -> ignored for the standard production code generation; annotated code is compiled with THE production code compiler -> but used in the analyzer run during the nightly-build -> analyzer is scalable in peckyness : options allow to control the depth of checking, in order to avoid avalanches of (false positive) warnings which might be unacceptable by developers 19/11/14 B. Wolff - GLA - Static Analysis I 11
12 An Example for an extended Static Checking Method: SAL Annotations! Example: void *memcpy(_out_writes_bytes_all_(s) char *p1, _In_reads_bytes_(s) char *p2, _In_ int s); void *wordcpy(_out_writes_all_(s) DWORD *p1, _In_reads_(s) DWORD *p2, _In_ int s); 19/11/14 B. Wolff - GLA - Static Analysis I 12
13 An Example for an extended Static Checking Method: SAL Annotations! Example: void *memcpy(_out_writes_bytes_all_(s) char *p1, _In_reads_bytes_(s) char *p2, _In_ int s); void *wordcpy(_out_writes_all_(s) DWORD *p1, _In_reads_(s) DWORD *p2, _In_ int s); 19/11/14 B. Wolff - GLA - Static Analysis I 13
14 An Example for an extended Static Checking Method: SAL Annotations! Example: void *memcpy(_out_writes_bytes_all_(s) char *p1, _In_reads_bytes_(s) char *p2, _In_ int s); pre: valid memory with read access until s void *wordcpy(_out_writes_all_(s) DWORD *p1, _In_reads_(s) DWORD *p2, _In_ int s); pre: valid memory with write access until s post-condition implicit: no change of memory except for out parameters... 19/11/14 B. Wolff - GLA - Static Analysis I 14
15 An Example for an extended Static Checking Method: SAL Annotations! Example: // Incorrect void Func1(_In_ int *p1) { if (p1 == NULL) return; } *p1 = 1; // Correct void Func2(_Inout_ PCHAR p1) { if (p1 == NULL) return; } *p1 = 1; 19/11/14 B. Wolff - GLA - Static Analysis I 15
16 An Example for an extended Static Checking Method: SAL Annotations! Example: // Incorrect void Func1(_In_ int *p1) { if (p1 == NULL) return; pre: only read, typing liberal, but legal C } *p1 = 1; // Correct void Func2(_Inout_ PCHAR p1) { if (p1 == NULL) return; pre: read and write typing more strict } *p1 = 1; 19/11/14 B. Wolff - GLA - Static Analysis I 16
17 An Example for an extended Static Checking Method: SAL Annotations! Example: // Incorrect void Func1(_Out_opt_ int *p1) { *p = 1; } pre: only write, maybe NULL // Correct void Func2(_Out_ int *p1) { *p = 1; } pre: only write not NULL 19/11/14 B. Wolff - GLA - Static Analysis I 17
18 An Example for an extended Static Checking Method: SAL Annotations! Example: // Incorrect _When_(return == 0, _Requires_lock_held_(p->cs)) int Func1(_In_ MyData *p, int flag);... a post... pre: requires that lock acquired // Correct _When_(flag == 0, _Requires_lock_held_(p->cs)) int Func2(_In_ MyData *p, int flag);... a post... pre: requires that lock acquired 19/11/14 B. Wolff - GLA - Static Analysis I 18
19 An Example for an extended Static Checking Method: SAL Annotations " Due to heavy machinery (heuristics, patterns, abstract interpretation...) the annotation of loops with invariants is not necessary by the user for the SAL language. The programmer has just to provide contracts. Since 2006, Microsoft annotates the entire Windows and Word code-base with SAL. 19/11/14 B. Wolff - GLA - Static Analysis I 19
20 Dijkstra's Calculus: Summary Verification by Formal Proof "... even if direct use of deductive verification (Hoare, Dijkstra's wp) is difficult and requires specialists, the technique is nowadays used under the hood in many static extended static analysis methods. " extended static analysis: even lack of precision may be acceptable if the method scales... 19/11/14 B. Wolff - GLA - Static Analysis I 20
Secure Programming. An introduction to Splint. Informatics and Mathematical Modelling Technical University of Denmark E
Secure Programming An introduction to Splint Christian D. Jensen René Rydhof Hansen Informatics and Mathematical Modelling Technical University of Denmark E05-02230 CDJ/RRH (IMM/DTU) Secure Programming
More informationSplint Pre-History. Security Flaws. (A Somewhat Self-Indulgent) Splint Retrospective. (Almost) Everyone Hates Specifications.
(A Somewhat Self-Indulgent) Splint Retrospective Splint Pre-History Pre-history 1973: Steve Ziles algebraic specification of set 1975: John Guttag s PhD thesis: algebraic specifications for abstract datatypes
More informationStephen McLaughlin. From Uncertainty to Belief: Inferring the Specification Within
From Uncertainty to Belief: Inferring the Specification Within Overview Area: Program analysis and error checking / program specification Problem: Tools lack adequate specification. Good specifications
More informationPrinciples of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)
Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems) More Analysis for Functional Correctness Jonathan Aldrich Charlie Garrod School of Computer Science
More informationCSCI-GA Scripting Languages
CSCI-GA.3033.003 Scripting Languages 12/02/2013 OCaml 1 Acknowledgement The material on these slides is based on notes provided by Dexter Kozen. 2 About OCaml A functional programming language All computation
More informationCSCE 314 Programming Languages. Type System
CSCE 314 Programming Languages Type System Dr. Hyunyoung Lee 1 Names Names refer to different kinds of entities in programs, such as variables, functions, classes, templates, modules,.... Names can be
More informationPrinciples of Software Construction: Objects, Design and Concurrency. Static Analysis. toad Spring 2013
Principles of Software Construction: Objects, Design and Concurrency Static Analysis 15-214 toad Spring 2013 Christian Kästner Charlie Garrod School of Computer Science 2012-13 C Garrod, C Kästner, J Aldrich,
More information18-642: Code Style for Compilers
18-642: Code Style for Compilers 9/6/2018 2017-2018 Philip Koopman Programming can be fun, so can cryptography; however they should not be combined. Kreitzberg and Shneiderman 2017-2018 Philip Koopman
More informationVerification and Validation
Cycle Ingénieur 2 ème année Département Informatique Verification and Validation Part IV : Proof-based Verification (I) Burkhart Wolff Département Informatique Université Paris-Sud / Orsay 2013-2014 What
More informationVerification and Validation
2017-2018 Cycle Ingénieur 2 ème année Département Informatique Verification and Validation Part IV : Proof-based Verification (I) Burkhart Wolff Département Informatique Université Paris-Sud / Orsay Difference
More informationPart II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?
Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare
More informationVerification Using Static Analysis
Verification Using Static Analysis Outline Today we will discuss static analysis and how it differs from dynamic analysis We will also look at the different types of static analysis including: Control
More informationFormal Methods for Program Analysis and Generation
Formal Methods for Program Analysis and Generation Robert van Engelen 10/1/09 Research Seminar First, a little story Step 0: School We learned to program in school Step 1: College then told to forget what
More informationStatic Analysis in C/C++ code with Polyspace
1 Static Analysis in C/C++ code with Polyspace Yongchool Ryu Application Engineer gary.ryu@mathworks.com 2016 The MathWorks, Inc. 2 Agenda Efficient way to find problems in Software Category of Static
More informationStatic Program Analysis Part 1 the TIP language
Static Program Analysis Part 1 the TIP language http://cs.au.dk/~amoeller/spa/ Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Questions about programs Does the program terminate
More informationDebugging. Erwan Demairy Dream
1 Debugging Erwan Demairy Dream 2 Where are we? Tools Requirements Global architecture UML Local architecture Implementation Compilation Link Editor Compiler Linker Tests Debug Profiling Build IDE Debugger
More informationStatic Analysis in Practice
in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice
More informationToday Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding
More informationProgram Verification. Aarti Gupta
Program Verification Aarti Gupta 1 Agenda Famous bugs Common bugs Testing (from lecture 6) Reasoning about programs Techniques for program verification 2 Famous Bugs The first bug: A moth in a relay (1945)
More informationGaps in Static Analysis Tool Capabilities. Providing World-Class Services for World-Class Competitiveness
Gaps in Static Analysis Tool Capabilities 1 Overview Gaps in Static Analysis tools as identified during the evaluation of five (5) commercially available static analysis tools Collaborative effort between
More informationThe Hack programming language:
The Hack programming language: Types for PHP Andrew Kennedy Facebook Facebook s PHP Codebase 350,000 files >10,000,000 LoC (www.facebook.com & internally) 1000s of commits per day, 2 releases per day Anecdotally,
More information18-642: Code Style for Compilers
18-642: Code Style for Compilers 9/25/2017 1 Anti-Patterns: Coding Style: Language Use Code compiles with warnings Warnings are turned off or over-ridden Insufficient warning level set Language safety
More informationAdvances in Programming Languages
O T Y H Advances in Programming Languages APL8: ESC/Java2 David Aspinall (including slides by Ian Stark and material adapted from ESC/Java2 tutorial by David Cok, Joe Kiniry and Erik Poll) School of Informatics
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationSimulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1
Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 2012 The MathWorks, Inc. 1 Agenda Formal Verification Key concept Applications Verification of designs against (functional) requirements Design error detection Test
More informationSymbolic Execution, Dynamic Analysis
Symbolic Execution, Dynamic Analysis http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Symbolic execution Pavel Parízek Symbolic Execution, Dynamic Analysis
More informationFormal Methods in Software Development
Formal Methods in Software Development Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationProgram Verification (6EC version only)
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language
More informationVerifying source code
Software and Systems Verification (VIMIMA01) Verifying source code Akos Hajdu, Istvan Majzik, Zoltan Micskei Budapest University of Technology and Economics Fault Tolerant Systems Research Group Budapest
More informationCOMP 181 Compilers. Administrative. Last time. Prelude. Compilation strategy. Translation strategy. Lecture 2 Overview
COMP 181 Compilers Lecture 2 Overview September 7, 2006 Administrative Book? Hopefully: Compilers by Aho, Lam, Sethi, Ullman Mailing list Handouts? Programming assignments For next time, write a hello,
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationDeductive Verification in Frama-C and SPARK2014: Past, Present and Future
Deductive Verification in Frama-C and SPARK2014: Past, Present and Future Claude Marché (Inria & Université Paris-Saclay) OSIS, Frama-C & SPARK day, May 30th, 2017 1 / 31 Outline Why this joint Frama-C
More informationStatic Analysis of C++ Projects with CodeSonar
Static Analysis of C++ Projects with CodeSonar John Plaice, Senior Scientist, GrammaTech jplaice@grammatech.com 25 July 2017, Meetup C++ de Montréal Abstract Static program analysis consists of the analysis
More informationClosures. Mooly Sagiv. Michael Clarkson, Cornell CS 3110 Data Structures and Functional Programming
Closures Mooly Sagiv Michael Clarkson, Cornell CS 3110 Data Structures and Functional Programming Summary 1. Predictive Parsing 2. Large Step Operational Semantics (Natural) 3. Small Step Operational Semantics
More informationSoftware Security: Vulnerability Analysis
Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants
More informationCSCE 548 Building Secure Software Software Analysis Basics
CSCE 548 Building Secure Software Software Analysis Basics Professor Lisa Luo Spring 2018 Previous Class Ø Android Background Ø Two Android Security Problems: 1. Android App Repackaging o Very easy to
More informationOverview. CMSC 330: Organization of Programming Languages. Concurrency. Multiprocessors. Processes vs. Threads. Computation Abstractions
CMSC 330: Organization of Programming Languages Multithreaded Programming Patterns in Java CMSC 330 2 Multiprocessors Description Multiple processing units (multiprocessor) From single microprocessor to
More informationCS 6371: Advanced Programming Languages
CS 6371: Advanced Programming Languages Dr. Kevin Hamlen Spring 2017 Fill out, sign, and return prereq forms: Course number: CS 6371 Section: 1 Prerequisites: CS 5343: Algorithm Analysis & Data Structures
More informationCS2141 Software Development using C/C++ Debugging
CS2141 Software Development using C/C++ Debugging Debugging Tips Examine the most recent change Error likely in, or exposed by, code most recently added Developing code incrementally and testing along
More informationStatic Analysis in Practice
in Practice 15-313: Foundations of Software Engineering Jonathan Aldrich 1 Outline: in Practice Case study: Analysis at ebay Case study: Analysis at Microsoft Analysis Results and Process Example: Standard
More informationContracts in OpenBSD
Contracts in OpenBSD MSc. Dissertation Report Murat Torlakcik A thesis submitted in part fulfilment of the degree of MSc Advanced Software Engineering in Computer Science with the supervision of Dr. Joseph
More informationBug Hunting and Static Analysis
Bug Hunting and Red Hat Ondřej Vašík and Petr Müller 2011-02-11 Abstract Basic overview of common error patterns in C/C++, few words about defensive programming
More informationSoftware security, secure programming
Software security, secure programming Lecture 4: Protecting your code against software vulnerabilities? (overview) Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Preamble Bad news several
More informationChecking Program Properties with ESC/Java
Checking Program Properties with ESC/Java 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic
More informationCMSC 330: Organization of Programming Languages. Operational Semantics
CMSC 330: Organization of Programming Languages Operational Semantics Notes about Project 4, Parts 1 & 2 Still due today (7/2) Will not be graded until 7/11 (along with Part 3) You are strongly encouraged
More information! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !
What Are Formal Methods? David S. Rosenblum ICS 221 Winter 2001! Use of formal notations! first-order logic, state machines, etc.! in software system descriptions! system models, constraints, specifications,
More informationRuntime Atomicity Analysis of Multi-threaded Programs
Runtime Atomicity Analysis of Multi-threaded Programs Focus is on the paper: Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs by C. Flanagan and S. Freund presented by Sebastian Burckhardt
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 17 - Language-based security October 25, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Engineering Disaster? Millions of Bots Compromised applications Programming
More informationA Practical Approach to Programming With Assertions
A Practical Approach to Programming With Assertions Ken Bell Christian-Albrechts Universität Kiel Department of Computer Science and Applied Mathematics Real-Time Systems and Embedded Systems Group July
More informationChapter 5: Process Synchronization. Operating System Concepts 9 th Edition
Chapter 5: Process Synchronization Silberschatz, Galvin and Gagne 2013 Chapter 5: Process Synchronization Background The Critical-Section Problem Peterson s Solution Synchronization Hardware Mutex Locks
More informationManagement. Software Quality. Dr. Stefan Wagner Technische Universität München. Garching 28 May 2010
Technische Universität München Software Quality Management Dr. Stefan Wagner Technische Universität München Garching 28 May 2010 Some of these slides were adapted from the tutorial "Clone Detection in
More informationVerified compilers. Guest lecture for Compiler Construction, Spring Magnus Myréen. Chalmers University of Technology
Guest lecture for Compiler Construction, Spring 2015 Verified compilers Magnus Myréen Chalmers University of Technology Mentions joint work with Ramana Kumar, Michael Norrish, Scott Owens and many more
More informationVerifying Java Programs Verifying Java Programs with KeY
Verifying Java Programs Verifying Java Programs with KeY Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationMoving Fast with High Reliability: Program Analysis at Uber
Moving Fast with High Reliability: Program Analysis at Uber Manu Sridharan Software Reliability Workshop ETH Zurich OCTOBER 14, 2017 Uber Apps Rider Driver Eats ios and Android Uber Apps Rider Driver Eats
More informationAutomatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
More informationProgram Analysis Tools
CMPT 473 Software Quality Assurance Program Analysis Tools Nick Sumner Fixing bugs is costly Why? 2 Fixing bugs is costly The longer broken code exists, the more code depends upon it. 3 Fixing bugs is
More informationLessons Learned in Static Analysis Tool Evaluation. Providing World-Class Services for World-Class Competitiveness
Lessons Learned in Static Analysis Tool Evaluation 1 Overview Lessons learned in the evaluation of five (5) commercially available static analysis tools Topics Licensing Performance Measurement Limitations
More informationSimple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;
Simple Overflow 1 #include int main(void){ unsigned int num = 0xffffffff; printf("num is %d bits long\n", sizeof(num) * 8); printf("num = 0x%x\n", num); printf("num + 1 = 0x%x\n", num + 1); }
More informationLecture 10 Design by Contract
CS 5959 Writing Solid Code Fall 2015 Nov-23 Lecture 10 Design by Contract Zvonimir Rakamarić University of Utah Design by Contract Also called assume-guarantee reasoning Developers annotate software components
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2017 Lecture 11 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 FAQ Multilevel Feedback Queue: Q0, Q1,
More informationStatic Analysis methods and tools An industrial study. Pär Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU
Static Analysis methods and tools An industrial study Pär Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU Outline Why static analysis What is it Underlying technology Some tools (Coverity, KlocWork,
More informationLightweight Verification of Array Indexing
Lightweight Verification of Array Indexing Martin Kellogg*, Vlastimil Dort**, Suzanne Millstein*, Michael D. Ernst* * University of Washington, Seattle ** Charles University, Prague The problem: unsafe
More informationClosures. Mooly Sagiv. Michael Clarkson, Cornell CS 3110 Data Structures and Functional Programming
Closures Mooly Sagiv Michael Clarkson, Cornell CS 3110 Data Structures and Functional Programming t ::= x x. t t t Call-by-value big-step Operational Semantics terms variable v ::= values abstraction x.
More informationIsabelle Tutorial: System, HOL and Proofs
Isabelle Tutorial: System, HOL and Proofs Burkhart Wolff, Makarius Wenzel Université Paris-Sud What we will talk about What we will talk about Isabelle with: its System Framework the Logical Framework
More informationMore Examples. Lecture 24: More Scala. Higher-Order Functions. Control Structures
More Examples Lecture 24: More Scala CSC 131 Fall, 2014 Kim Bruce MyList, MyArrayList, SinglyLinkedList - Val vs var - Can create Array[T] (unlike Java), though need implicit ClassManifest - foreach(f)
More informationProcess Synchronization
Process Synchronization Concurrent access to shared data may result in data inconsistency Multiple threads in a single process Maintaining data consistency requires mechanisms to ensure the orderly execution
More informationTesting. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?
Testing ECE/CS 5780/6780: Embedded System Design Scott R. Little Lecture 24: Introduction to Software Testing and Verification What is software testing? Running a program in order to find bugs (faults,
More informationStatic verification of program running time
Static verification of program running time CIS 673 course project report Caleb Stanford December 2016 Contents 1 Introduction 2 1.1 Total Correctness is Not Enough.................................. 2
More informationJML tool-supported specification for Java Erik Poll Radboud University Nijmegen
JML tool-supported specification for Java Erik Poll Radboud University Nijmegen Erik Poll - JML p.1/41 Overview The specification language JML Tools for JML, in particular runtime assertion checking using
More informationType Theory meets Effects. Greg Morrisett
Type Theory meets Effects Greg Morrisett A Famous Phrase: Well typed programs won t go wrong. 1. Describe abstract machine: M ::= 2. Give transition relation: M 1 M 2
More informationStanford University Computer Science Department CS 295 midterm. May 14, (45 points) (30 points) total
Stanford University Computer Science Department CS 295 midterm May 14, 2008 This is an open-book exam. You have 75 minutes. Write all of your answers directly on the paper. Make your answers as concise
More informationTransforming The Code: More Than Meets The Eye
1 / 19 Transforming The Code: More Than Meets The Eye Doni Pracner Department of Mathematics and Informatics Faculty of Sciences University of Novi Sad 12th Workshop Software Engineering, Education & Reverse
More informationProblems with Concurrency. February 19, 2014
with Concurrency February 19, 2014 s with concurrency interleavings race conditions dead GUI source of s non-determinism deterministic execution model 2 / 30 General ideas Shared variable Access interleavings
More informationPierce Ch. 3, 8, 11, 15. Type Systems
Pierce Ch. 3, 8, 11, 15 Type Systems Goals Define the simple language of expressions A small subset of Lisp, with minor modifications Define the type system of this language Mathematical definition using
More informationNumerical Computations and Formal Methods
Program verification Formal arithmetic Decision procedures Proval, Laboratoire de Recherche en Informatique INRIA Saclay IdF, Université Paris Sud, CNRS October 28, 2009 Program verification Formal arithmetic
More information1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.
1. true / false By a compiler we mean a program that translates to code that will run natively on some machine. 2. true / false ML can be compiled. 3. true / false FORTRAN can reasonably be considered
More informationSoftware Security Program Analysis with PREfast & SAL. Erik Poll. Digital Security group Radboud University Nijmegen
Software Security Program Analysis with PREfast & SAL Erik Poll Digital Security group Radboud University Nijmegen 1 static analysis aka source code analysis Automated analysis at compile time to find
More informationLow level security. Andrew Ruef
Low level security Andrew Ruef What s going on Stuff is getting hacked all the time We re writing tons of software Often with little regard to reliability let alone security The regulatory environment
More informationCSci 4061 Introduction to Operating Systems. Programs in C/Unix
CSci 4061 Introduction to Operating Systems Programs in C/Unix Today Basic C programming Follow on to recitation Structure of a C program A C program consists of a collection of C functions, structs, arrays,
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationHybrid Verification in SPARK 2014: Combining Formal Methods with Testing
IEEE Software Technology Conference 2015 Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing Steve Baird Senior Software Engineer Copyright 2014 AdaCore Slide: 1 procedure Array_Indexing_Bug
More informationAn introduction to formal specifications and JML. Invariant properties
An introduction to formal specifications and JML Invariant properties Yves Ledru Université Grenoble-1 Laboratoire d Informatique de Grenoble Yves.Ledru@imag.fr 2013 Page 1 Invariant properties Invariants
More informationDEBUGGING: DYNAMIC PROGRAM ANALYSIS
DEBUGGING: DYNAMIC PROGRAM ANALYSIS WS 2017/2018 Martina Seidl Institute for Formal Models and Verification System Invariants properties of a program must hold over the entire run: integrity of data no
More informationModule: Programming Language Security. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Programming Language Security Professor Patrick McDaniel Spring 2009 1 Engineering Disaster? Millions of Bots Compromised applications Programming
More informationCS 112 Introduction to Computing II. Wayne Snyder Computer Science Department Boston University
9/5/6 CS Introduction to Computing II Wayne Snyder Department Boston University Today: Arrays (D and D) Methods Program structure Fields vs local variables Next time: Program structure continued: Classes
More informationUsing Static Code Analysis to Find Bugs Before They Become Failures
Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker Senior Software Engineer, Video Product Line, Tektronix, Inc. Pacific Northwest Software Quality Conference,
More informationOS06: Monitors in Java
OS06: Monitors in Java Based on Chapter 4 of [Hai17] Jens Lechtenbörger Computer Structures and Operating Systems 2018 1 Introduction 1.1 OS Plan ˆ OS Motivation (Wk 23) ˆ OS Introduction (Wk 23) ˆ Interrupts
More informationTypes and Type Inference
CS 242 2012 Types and Type Inference Notes modified from John Mitchell and Kathleen Fisher Reading: Concepts in Programming Languages, Revised Chapter 6 - handout on Web!! Outline General discussion of
More informationMotivation & examples Threads, shared memory, & synchronization
1 Motivation & examples Threads, shared memory, & synchronization How do locks work? Data races (a lower level property) How do data race detectors work? Atomicity (a higher level property) Concurrency
More informationFormal Methods. CITS5501 Software Testing and Quality Assurance
Formal Methods CITS5501 Software Testing and Quality Assurance Pressman, R. Software Engineering: A Practitioner s Approach. Chapter 28. McGraw-Hill, 2005 The Science of Programming, David Gries, 1981
More informationCSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 22 - Language-based security November 16, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1 The Morris Worm Robert Morris, a 23 doctoral student from
More informationJava PathFinder JPF 2 Second Generation of Java Model Checker
Java PathFinder JPF 2 Second Generation of Java Model Checker Guenther Brand Mat. Nr. 9430535 27. 06. 2003 Abstract This essay is based on the papers Java PathFinder, Second Generation of Java Model Checker
More informationDEBUGGING: STATIC ANALYSIS
DEBUGGING: STATIC ANALYSIS WS 2017/2018 Martina Seidl Institute for Formal Models and Verification Deduction Techniques (1/2) basic idea: reasoning from abstract program to concrete program runs (program
More informationCS61C Machine Structures. Lecture 3 Introduction to the C Programming Language. 1/23/2006 John Wawrzynek. www-inst.eecs.berkeley.
CS61C Machine Structures Lecture 3 Introduction to the C Programming Language 1/23/2006 John Wawrzynek (www.cs.berkeley.edu/~johnw) www-inst.eecs.berkeley.edu/~cs61c/ CS 61C L03 Introduction to C (1) Administrivia
More informationCS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012
CS-XXX: Graduate Programming Languages Lecture 9 Simply Typed Lambda Calculus Dan Grossman 2012 Types Major new topic worthy of several lectures: Type systems Continue to use (CBV) Lambda Caluclus as our
More informationA Practical Optional Type System for Clojure. Ambrose Bonnaire-Sergeant
A Practical Optional Type System for Clojure Ambrose Bonnaire-Sergeant Statically typed vs. Dynamically typed Traditional distinction Dynamically typed Statically typed eg. Java, C, Haskell eg. Javascript,
More informationAnnouncements. CS 3204 Operating Systems. Schedule. Optimistic Concurrency Control. Optimistic Concurrency Control (2)
Announcements CS 3204 Operating Systems Lecture 15 Godmar Back Project 2 due Tuesday Oct 17, 11:59pm Midterm Thursday Oct 12 Posted Midterm Announcement Posted Sample Midterm Reading assignment: Read Chapter
More informationVariables. Store information needed by the program
Variables Store information needed by the program Must have a TYPE int - can only store a number without a fractional part float, double - can store any number, with or without a fractional part (double
More informationSimply-Typed Lambda Calculus
#1 Simply-Typed Lambda Calculus #2 Back to School What is operational semantics? When would you use contextual (small-step) semantics? What is denotational semantics? What is axiomatic semantics? What
More informationTopics Introduction to Microprocessors
Topics 22440 Introduction to Microprocessors C-Language Review (I) Important: : You will not learn how to code in C in this one lecture! You ll still need some sort of C reference. C Syntax Important Tidits
More information