Explaining Inconsistent Code. Muhammad Numair Mansur
|
|
- Hope Blankenship
- 5 years ago
- Views:
Transcription
1 Explaining Inconsistent Code Muhammad Numair Mansur
2 Introduction 50% of the time in debugging Fault localization. Becomes more tedious as the program size increase. Automatically explaining and localizing inconsistent code. 2
3 Code Inconsistency A code fragment is inconsistent if it is not a part of any normally terminating execution. Not necessarily always a bug! But sometimes inconsistent code results in an error. 3
4 Examples (Unreachability) Generated using Bixie 4
5 Examples (Unreachability) Generated using Bixie 5
6 Examples (conflicting assumptions) Generated using Bixie 6
7 Examples (conflicting assumptions) Generated using Bixie 7
8 Our Goal Automatically explain inconsistent code. 8
9 Our Goal Automatically explain inconsistent code. Pre Inconsistent program Automata Algorithm Error Invariant Automaton Post 9
10 Our Goal Automatically explain inconsistent code. Pre Inconsistent program Automata Algorithm Error Invariant Automaton Post 10
11 Finite automata A F.A is a 5 tuple: (Q, Σ, δ, q o,f) Q: A finite set of states. Σ: A finite set of input symbols called an alphabet. δ: A transition function ( δ: Q x Σ Q ). q : initial state. o F: A finite set of final states. 11
12 Finite automata Example: S 1 S 2 S 3 S 4 12
13 Finite automata Example: S 1 States S 2 S 3 S 4 13
14 Finite automata Example: S 1 States Transitions S 2 S 3 S 4 14
15 Finite automata input (A sequence from the input alphabet) F.A Output (accept or reject) Transitions through the states based on the input True, if ends in an accepting state 15
16 Finite automata Example: S 1 Σ = {a,b,c} Input: abca S 2 S 3 S 4 16
17 Finite automata Example: Σ = {a,b,c} Input: abca S 1 a S 2 S 3 S 4 17
18 Finite automata Example: Σ = {a,b,c} Input: abca S 1 a S 2 S 3 b S 4 18
19 Finite automata Example: Σ = {a,b,c} Input: abca S 1 a S 2 S c 3 b S 4 19
20 Finite automata Example: Σ = {a,b,c} Input: abca S 1 a S 2 S c 3 a b S 4 accept! 20
21 Program automata A simple and an abstract model of a program. 21
22 Program automata A simple and an abstract model of a program. Defined in terms of a finite automata. State (Q) = Program Location (Loc) Transition (δ) = Program Statement (δ p ) Alphabet(Σ) = A set of program statements Initial State (q 0 ) = Initial program Location ( ) Final State ( F ) = Final program Location ( ) 22
23 Program automata 23
24 Program automata assume( b ) means that the branch of if () is taken where b is true assume(!b ) means that the branch of if () is taken where b is not true 24
25 Program automata An assertion on the program state that x!= null 25
26 Program automata A run ρ is a finite sequence of locations and statements. l o st o l 1..st n-1 l n A path(ρ) st o st 1.. st n-1 is the path associated with a run. A run ρ is accepting if its final state is l e A word π * is a path if π = path(ρ) for some accepting run ρ. 26
27 Our Goal To automatically explain inconsistent code. Pre Inconsistent program Automata Algorithm Error Invariant Automaton Post 27
28 Algorithm Input: : precondition state formula : program automata : Postcondition state formula output: : error invariant automata. requires: is inconsistent subject to ensures: explains and.. 28
29 Algorithm Step 1: Translate the program automata into a single path of statements π. 29
30 Algorithm Step 1: Translate the program automata into a single path of statements π. 30
31 Algorithm Step 1: Translate the program automata into a single path of statements π. It can be composed of many atomic statements. 31
32 Algorithm Example: , This was the first step in getting the final result, an error invariant automata. 32
33 Error Invariant Automaton An abstraction of the program, that only mentions the statements and facts that are relevant for understanding the cause of the inconsistency. The irrelevant statements are first summarized as first order logical formulas and then eliminated. These formulas are called error invariants. An error invariant captures the reason of abnormal program termination. So, at a high level, an Error Invariant Automaton replaces code which does not contribute to the inconsistency with a suitably chosen invariant. Lets see this in practice on a fragment of code. 33
34 Error Invariant Automaton 1: public TaskDialog(Tast task) ~: : txtdescription.settask(task.getdescription()); ~: : if (notification) {..... } ~: : chbregular.setenabled(task == null); ~:.... } 34
35 Error Invariant Automaton 1: public TaskDialog(Tast task) ~: : txtdescription.settask(task.getdescription()); ~: : if (notification) {..... } ~: : chbregular.setenabled(task == null); ~:.... line 1-5 line 7-26 line 6 line 27 No Effect on inconsistency assert ( task!= null ) Arbitrary code No effect on task == null An assertion that task might be null } line 28 - end No Effect on inconsistency 35
36 Error Invariant Automaton 1: public TaskDialog(Tast task) ~: : txtdescription.settask(task.getdescription()); ~: : if (notification) {..... } ~: : chbregular.setenabled(task == null); ~:.... line 1-5 line 7-26 line 6 line 27 No Effect on inconsistency assert ( task!= null ) Arbitrary code No effect on task == null An assertion that task might be null } line 28 - end No Effect on inconsistency 36
37 Error Invariant Automaton 1: public TaskDialog(Tast task) ~: : txtdescription.settask(task.getdescription()); ~: : if (notification) {..... } ~: : chbregular.setenabled(task == null); ~:.... line 1-5 line 7-26 line 6 line 27 No Effect on inconsistency assert ( task!= null ) Arbitrary code No effect on task == null An assertion that task might be null } line 28 - end No Effect on inconsistency 37
38 Error Trace An error trace is a sequence of statements π = st0st1... stn, together with. describes the initial state and and is an assertion that is violated. That means, in an error trace Λ PF( π ) Λ is unsatisfiable. 38
39 Error Trace An error trace is a sequence of statements π = st0st1... stn, together with. describes the initial state and and is an assertion that is violated. That means, in an error trace Λ PF( π ) Λ is unsatisfiable. Example: Λ task null Λ task null Λ 39
40 Error Invariant An error invariant for a position [ logical formula such that. ] in an error trace is a first order The conjunction of the first order logical formulas for each statement implies I i. I i and the conjunction of the remaining formulas is unsatisfiable. 40
41 ErrInv( ) In the previous work, the authors introduced a function given an error trace, computes: which I0,sti1,I1,sti2... stik,ik Such that, sti1, sti2..stik is a subsequence of and Ij is an inductive invariant for the position ij and ij+1. 41
42 Inductive error invariant We say that an error invariant is inductive for position i < j if : 42
43 Inductive error invariant We say that an error invariant is inductive for position i < j if : 43
44 Inductive error invariant We say that an error invariant is inductive for position i < j if : is called an inductive error invariant. 44
45 Error Invariant Automaton An Error Invariant Automaton is an inconsistent program automaton with a mapping from locations of to state formulas, such that for all locations, is an error invariant for. 45
46 Algorithm Now, after applying step 1 we got a single path π A. Step 2: Apply ErrInv( π A ) ErrInv(π A ) = ErrInv( π ) = I 0 st(l i1 ) st(l ik )I k.
47 Algorithm Now, after applying step 1 we got a single path π A. I0 I1 I2 Step 2: Apply ErrInv( π A ) ErrInv(π A) = ErrInv( π ) I3 = I0st(li1) st(lik)ik. I4 I5 47
48 Algorithm Now, after applying step 1 we got a single path π A. I0 I1 I2 Step 2: Apply ErrInv( π A ) ErrInv(π A) = ErrInv( π ) I3 = I0st(li1) st(lik)ik. error invariants I4 I5 48
49 Algorithm Example: assume(task!=null) assume(task =null) 49
50 Algorithm Example: true assume(task!=null) assume(task!=null) ErrInv() task!= null assume(task =null) assume(task =null) false 50
51 Algorithm Step 3: The locations covered with an inductive error invariant can be collapsed into a single location. I 0 I 0 I 1 I 1 I 0 I 1 I 4 I 4 I 5 I 5 51
52 Algorithm Step 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 I 1 I 2 I 52
53 Algorithm Step 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 I 1 Apply the algo recursively to these nonatomic statements I 2 I 53
54 Algorithm Step 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 In case of this location I 1 I 2 Pre Post I 54
55 Algorithm Step 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 In case of the location with invariant I 2 I 1 I 2 Pre Post Inconsistent w.r.t pre and post I 55
56 Algorithm Step 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 In case of the location with invariant I 2 I 1 I2 I 56
57 Algorithm Step 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 pre In case of the location with invariant I 2 I 1 recursively I 2 post I 57
58 Algorithm Step 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 I 1 I I 2 I 58
59 Algorithm 1: public TaskDialog(Tast task) ~: : txtdescription.settask(task.getdescription()); ~: : if (notification) {..... } ~: : chbregular.setenabled(task == null); ~:.... } 59
60 Evaluations The approach was tested on 6 real world examples. For each of these examples, Error invariant automatas were generated using the technique introduced. All the generated error invariant automatas represented real world inconsistencies with no false alarms. Running time to prove inconsistency using unsat ranged from seconds in one of the experiments to seconds. 60
61 Evaluations Usability testing was also conducted on 11 programmers. Half of the test subjects were shown the full programs, while the other half were just shown the error invariant automata. All candidates took 1 hour and 6 minutes to identify the bug. For the full programs without error invariant automata : 51 minutes With error invariant automata : 17 minutes 61
62 Conclusion The experiments indicate that EIA provide useful visual assistance to spot inconsistencies. EIA can also be used for fault localization on a single trace and thus provide a general tool to assist programmers in debugging. 62
63 References Martin Schaf, Daniel Schawrtz, Thomas Wies Book Title: Joint meeting of the European Software Engineering conference and the Symposium on the Foundations of Software Engineering, ESEC/FSE 13, Saint Petersburg, Russian Federation, August18-26,2013 url: Title: Explaining Inconsistent Code, pages: Bixie - FInd inconsistencies in Java code. Jurgen Christ, Evren Ermis, Martin Schaf, Thomas Weis Book Title: Verification, Model Checking, and Abstract Interpretation,14th International Conference, VMCAI 2013, Rome, Italy, January 20-22, Proceedings url: Title: Flow-Sensitive Fault Localization, pages :
Automated Debugging with Error Invariants
Automated Debugging with Error Invariants Thomas Wies New York University joint work with Jürgen Christ, Evren Ermis (Freiburg University), Martin Schäf (SRI), Daniel Schwartz-Narbonne (NYU) Faulty Shell
More informationExplaining Inconsistent Code
Explaining Inconsistent Code Martin Schäf United Nations University, IIST P.O. Box 3058 Macau S.A.R schaef@iist.unu.edu Daniel Schwartz-Narbonne New York University 251 Mercer Street New York, NY 10012,
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Schedule of Lectures Jan 17/19: Interprocedural DFA
More informationTheory Bridge Exam Example Questions Version of June 6, 2008
Theory Bridge Exam Example Questions Version of June 6, 2008 This is a collection of sample theory bridge exam questions. This is just to get some idea of the format of the bridge exam and the level of
More informationLast lecture CMSC330. This lecture. Finite Automata: States. Finite Automata. Implementing Regular Expressions. Languages. Regular expressions
Last lecture CMSC330 Finite Automata Languages Sets of strings Operations on languages Regular expressions Constants Operators Precedence 1 2 Finite automata States Transitions Examples Types This lecture
More informationA Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm
Appears as Technical Memo MIT/LCS/TM-590, MIT Laboratory for Computer Science, June 1999 A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm Miguel Castro and Barbara Liskov
More informationCSC Advanced Object Oriented Programming, Spring Specification
CSC 520 - Advanced Object Oriented Programming, Spring 2018 Specification Specification A specification is an unambiguous description of the way the components of the software system should be used and
More informationMonitoring Interfaces for Faults
Monitoring Interfaces for Faults Aleksandr Zaks RV 05 - Fifth Workshop on Runtime Verification Joint work with: Amir Pnueli, Lenore Zuck Motivation Motivation Consider two components interacting with each
More informationVerification Overview Testing Theory and Principles Testing in Practice. Verification. Miaoqing Huang University of Arkansas 1 / 80
1 / 80 Verification Miaoqing Huang University of Arkansas Outline 1 Verification Overview 2 Testing Theory and Principles Theoretical Foundations of Testing Empirical Testing Principles 3 Testing in Practice
More information4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271
Mel Checking LTL Property System Mel Mel Checking CS 4271 Mel Checking OR Abhik Roychoudhury http://www.comp.nus.edu.sg/~abhik Yes No, with Counter-example trace 2 Recap: Mel Checking for mel-based testing
More informationChapter Seven: Regular Expressions. Formal Language, chapter 7, slide 1
Chapter Seven: Regular Expressions Formal Language, chapter 7, slide The first time a young student sees the mathematical constant π, it looks like just one more school artifact: one more arbitrary symbol
More informationChapter 2 & 3: Representations & Reasoning Systems (2.2)
Chapter 2 & 3: A Representation & Reasoning System & Using Definite Knowledge Representations & Reasoning Systems (RRS) (2.2) Simplifying Assumptions of the Initial RRS (2.3) Datalog (2.4) Semantics (2.5)
More informationModel Checking and Its Applications
Model Checking and Its Applications Orna Grumberg Technion, Israel Verification and Deduction Mentoring Workshop July 13, 2018 1 Personal data Ph.d. in (non-automated) verification Postdoc in Model Checking
More information[module 2.2] MODELING CONCURRENT PROGRAM EXECUTION
v1.0 20130407 Programmazione Avanzata e Paradigmi Ingegneria e Scienze Informatiche - UNIBO a.a 2013/2014 Lecturer: Alessandro Ricci [module 2.2] MODELING CONCURRENT PROGRAM EXECUTION 1 SUMMARY Making
More informationSpark verification features
Spark verification features Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2018 Adding specification information to programs Verification concerns checking whether
More informationProof Pearl: The Termination Analysis of Terminator
Proof Pearl: The Termination Analysis of Terminator Joe Hurd Computing Laboratory Oxford University joe.hurd@comlab.ox.ac.uk Abstract. Terminator is a static analysis tool developed by Microsoft Research
More information1. (10 points) Draw the state diagram of the DFA that recognizes the language over Σ = {0, 1}
CSE 5 Homework 2 Due: Monday October 6, 27 Instructions Upload a single file to Gradescope for each group. should be on each page of the submission. All group members names and PIDs Your assignments in
More informationFormal Definition of Computation. Formal Definition of Computation p.1/28
Formal Definition of Computation Formal Definition of Computation p.1/28 Computation model The model of computation considered so far is the work performed by a finite automaton Formal Definition of Computation
More informationR10 SET a) Construct a DFA that accepts an identifier of a C programming language. b) Differentiate between NFA and DFA?
R1 SET - 1 1. a) Construct a DFA that accepts an identifier of a C programming language. b) Differentiate between NFA and DFA? 2. a) Design a DFA that accepts the language over = {, 1} of all strings that
More informationFormal Methods for Software Development
Formal Methods for Software Development Model Checking with Temporal Logic Wolfgang Ahrendt 21st September 2018 FMSD: Model Checking with Temporal Logic /GU 180921 1 / 37 Model Checking Check whether a
More informationLeveraging DTrace for runtime verification
Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties System Every request gets
More informationI have read and understand all of the instructions below, and I will obey the Academic Honor Code.
Midterm Exam CS 341-451: Foundations of Computer Science II Fall 2014, elearning section Prof. Marvin K. Nakayama Print family (or last) name: Print given (or first) name: I have read and understand all
More informationExtended Finite-State Machine Induction using SAT-Solver
Extended Finite-State Machine Induction using SAT-Solver Vladimir Ulyantsev, Fedor Tsarev ulyantsev@rain.ifmo.ru, tsarev@rain.ifmo.ru St. Petersburg National Research University of IT, Mechanics and Optics
More informationVerifying Liveness Properties of ML Programs
Verifying Liveness Properties of ML Programs M M Lester R P Neatherway C-H L Ong S J Ramsay Department of Computer Science, University of Oxford ACM SIGPLAN Workshop on ML, 2011 09 18 Gokigeny all! Motivation
More informationVerifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China
Verifying Temporal Properties via Dynamic Program Execution Zhenhua Duan Xidian University, China Main Points Background & Motivation MSVL and Compiler PPTL Unified Program Verification Tool Demo Conclusion
More informationCT32 COMPUTER NETWORKS DEC 2015
Q.2 a. Using the principle of mathematical induction, prove that (10 (2n-1) +1) is divisible by 11 for all n N (8) Let P(n): (10 (2n-1) +1) is divisible by 11 For n = 1, the given expression becomes (10
More informationOutline. Introduction. 2 Proof of Correctness. 3 Final Notes. Precondition P 1 : Inputs include
Outline Computer Science 331 Correctness of Algorithms Mike Jacobson Department of Computer Science University of Calgary Lectures #2-4 1 What is a? Applications 2 Recursive Algorithms 3 Final Notes Additional
More informationBasic Verification Strategy
ormal Verification Basic Verification Strategy compare behavior to intent System Model of system behavior intent Verifier results Intent Usually, originates with requirements, refined through design and
More informationProperty-Directed Shape Analysis
Property-Directed Shape Analysis S. Itzhaky 1, N. Bjørner 2, T. Reps 3,4, M. Sagiv 1, and A. Thakur 3 1 Tel Aviv University, Tel Aviv, Israel 2 Microsoft Research, USA 3 University of Wisconsin Madison,
More informationCS Lecture 2. The Front End. Lecture 2 Lexical Analysis
CS 1622 Lecture 2 Lexical Analysis CS 1622 Lecture 2 1 Lecture 2 Review of last lecture and finish up overview The first compiler phase: lexical analysis Reading: Chapter 2 in text (by 1/18) CS 1622 Lecture
More informationCMPSCI 250: Introduction to Computation. Lecture #1: Things, Sets and Strings David Mix Barrington 22 January 2014
CMPSCI 250: Introduction to Computation Lecture #1: Things, Sets and Strings David Mix Barrington 22 January 2014 Things, Sets, and Strings The Mathematical Method Administrative Stuff The Objects of Mathematics
More informationReading Assignment. Symbolic Evaluation/Execution. Move from Dynamic Analysis to Static Analysis. Move from Dynamic Analysis to Static Analysis
Reading Assignment Symbolic Evaluation/Execution *R.W. Floyd, "Assigning Meaning to Programs, Symposium on Applied Mathematics, 1967, pp. 19-32 (Appeared as volume 19 of Mathematical Aspects of Computer
More informationCSE 105 THEORY OF COMPUTATION
CSE 105 THEORY OF COMPUTATION Spring 2018 http://cseweb.ucsd.edu/classes/sp18/cse105-ab/ Today's learning goals Sipser Section 2.2 Define push-down automata informally and formally Trace the computation
More informationRegular Expression Constrained Sequence Alignment
Regular Expression Constrained Sequence Alignment By Abdullah N. Arslan Department of Computer science University of Vermont Presented by Tomer Heber & Raz Nissim otivation When comparing two proteins,
More informationSymbolic Execution and Proof of Properties
Chapter 7 Symbolic Execution and Proof of Properties Symbolic execution builds predicates that characterize the conditions under which execution paths can be taken and the effect of the execution on program
More informationConcolic Fault Abstraction
Concolic Fault Abstraction Chanseok Oh New York University Email: chanseok@cs.nyu.edu Martin Schäf SRI International Email: martin.schaef@sri.com Daniel Schwartz-Narbonne New York University Email: dsn@cs.nyu.edu
More informationSymbolic Evaluation/Execution
Symbolic Evaluation/Execution Reading Assignment *R.W. Floyd, "Assigning Meaning to Programs, Symposium on Applied Mathematics, 1967, pp. 19-32 (Appeared as volume 19 of Mathematical Aspects of Computer
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationMonitoring Assumptions in Assume-Guarantee Contracts
University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science 6-2016 Monitoring Assumptions in Assume-Guarantee Contracts Oleg Sokolsky University of
More informationA CRASH COURSE IN SEMANTICS
LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}
More informationDiscrete Mathematics Lecture 4. Harper Langston New York University
Discrete Mathematics Lecture 4 Harper Langston New York University Sequences Sequence is a set of (usually infinite number of) ordered elements: a 1, a 2,, a n, Each individual element a k is called a
More informationRelational Model, Relational Algebra, and SQL
Relational Model, Relational Algebra, and SQL August 29, 2007 1 Relational Model Data model. constraints. Set of conceptual tools for describing of data, data semantics, data relationships, and data integrity
More informationA short manual for the tool Accumulator
A short manual for the tool Accumulator ZHAO Jianhua State Key Laboratory of Novel Software Technology Dept. of Computer Sci. and Tech. Nanjing University Nanjing, Jiangsu, P.R.China 210093 zhaojh@nju.edu.cn
More informationStatic Analysis! Prof. Leon J. Osterweil! CS 520/620! Fall 2012! Characteristics of! System to be! built must! match required! characteristics!
Static Analysis! Prof. Leon J. Osterweil! CS 520/620! Fall 2012! Requirements Spec.! Design! Test Results must! match required behavior! Characteristics of! System to be! built must! match required! characteristics!
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationAuto-Generating Test Sequences for Web Applications *
Auto-Generating Test Sequences for Web Applications * Hongwei Zeng and Huaikou Miao School of Computer Engineering and Science, Shanghai University, 200072, China zenghongwei@shu.edu.cn, hkmiao@shu.edu.cn
More informationDPLL(Γ+T): a new style of reasoning for program checking
DPLL(Γ+T ): a new style of reasoning for program checking Dipartimento di Informatica Università degli Studi di Verona Verona, Italy June, 2011 Motivation: reasoning for program checking Program checking
More informationMain Goal. Language-independent program verification framework. Derive program properties from operational semantics
Main Goal Language-independent program verification framework Derive program properties from operational semantics Questions: Is it possible? Is it practical? Answers: Sound and complete proof system,
More informationOverview of Timed Automata and UPPAAL
Overview of Timed Automata and UPPAAL Table of Contents Timed Automata Introduction Example The Query Language UPPAAL Introduction Example Editor Simulator Verifier Conclusions 2 Introduction to Timed
More informationCSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27
CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 2.1-2.7 p. 1/27 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer
More informationSoftware Model Checking. Xiangyu Zhang
Software Model Checking Xiangyu Zhang Symbolic Software Model Checking CS510 S o f t w a r e E n g i n e e r i n g Symbolic analysis explicitly explores individual paths, encodes and resolves path conditions
More informationCISC 4090 Theory of Computation
CISC 4090 Theory of Computation Turing machines Professor Daniel Leeds dleeds@fordham.edu JMH 332 Alan Turing (1912-1954) Father of Theoretical Computer Science Key figure in Artificial Intelligence Codebreaker
More informationECS 120 Lesson 7 Regular Expressions, Pt. 1
ECS 120 Lesson 7 Regular Expressions, Pt. 1 Oliver Kreylos Friday, April 13th, 2001 1 Outline Thus far, we have been discussing one way to specify a (regular) language: Giving a machine that reads a word
More informationSoftwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24
Softwaretechnik Program verification Albert-Ludwigs-Universität Freiburg June 28, 2012 Softwaretechnik June 28, 2012 1 / 24 Road Map Program verification Automatic program verification Programs with loops
More informationDefinition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,
CMPSCI 601: Recall From Last Time Lecture 5 Definition: A context-free grammar (CFG) is a 4- tuple, variables = nonterminals, terminals, rules = productions,,, are all finite. 1 ( ) $ Pumping Lemma for
More informationT Reactive Systems: Kripke Structures and Automata
Tik-79.186 Reactive Systems 1 T-79.186 Reactive Systems: Kripke Structures and Automata Spring 2005, Lecture 3 January 31, 2005 Tik-79.186 Reactive Systems 2 Properties of systems invariants: the system
More informationSynthesis using Variable Elimination
Synthesis using Variable Elimination Viktor Kuncak EPF Lausanne http://lara.epfl.ch/w/impro Implicit Programming at All Levels Opportunities for implicit programming in Development within an IDE InSynth
More informationProgram Verification using Templates over Predicate Abstraction. Saurabh Srivastava and Sumit Gulwani
Program Verification using Templates over Predicate Abstraction Saurabh Srivastava and Sumit Gulwani ArrayInit(Array A, int n) i := 0; while (i < n) A[i] := 0; i := i + 1; Assert( j: 0 j
More information1 Introduction. 3 Syntax
CS 6110 S18 Lecture 19 Typed λ-calculus 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic semantics,
More informationSoftwaretechnik. Program verification. Software Engineering Albert-Ludwigs-University Freiburg. June 30, 2011
Softwaretechnik Program verification Software Engineering Albert-Ludwigs-University Freiburg June 30, 2011 (Software Engineering) Softwaretechnik June 30, 2011 1 / 28 Road Map Program verification Automatic
More informationUsing Build-Integrated Static Checking to Preserve Correctness Invariants
Using Build-Integrated Static Checking to Preserve Correctness Invariants Hao Chen University of California, Davis Jonathan Shapiro Johns Hopkins University Motivation A key problem in creating secure
More informationClassifying Bugs with Interpolants
Classifying Bugs with Interpolants Andreas Podelski 1, Martin Schäf 2, and Thomas Wies 3 1 University of Freiburg 2 SRI International 3 New York University Abstract. We present an approach to the classification
More informationModel checking pushdown systems
Model checking pushdown systems R. Ramanujam Institute of Mathematical Sciences, Chennai jam@imsc.res.in Update Meeting, IIT-Guwahati, 4 July 2006 p. 1 Sources of unboundedness Data manipulation: integers,
More informationCITS5501 Software Testing and Quality Assurance Formal methods
CITS5501 Software Testing and Quality Assurance Formal methods Unit coordinator: Arran Stewart May 1, 2018 1 / 49 Sources Pressman, R., Software Engineering: A Practitioner s Approach, McGraw-Hill, 2005
More informationLecture 5 - Axiomatic semantics
Program Verification March 2014 Lecture 5 - Axiomatic semantics Lecturer: Noam Rinetzky Scribes by: Nir Hemed 1.1 Axiomatic semantics The development of the theory is contributed to Robert Floyd, C.A.R
More informationAutomating Construction of Lexers
Automating Construction of Lexers Regular Expression to Programs Not all regular expressions are simple. How can we write a lexer for (a*b aaa)? Tokenizing aaaab Vs aaaaaa Regular Expression Finite state
More informationSimplifying Loop Invariant Generation Using Splitter Predicates. Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University
Simplifying Loop Invariant Generation Using Splitter Predicates Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Loops and Loop Invariants Loop Head x = 0; while( x
More informationCS5371 Theory of Computation. Lecture 8: Automata Theory VI (PDA, PDA = CFG)
CS5371 Theory of Computation Lecture 8: Automata Theory VI (PDA, PDA = CFG) Objectives Introduce Pushdown Automaton (PDA) Show that PDA = CFG In terms of descriptive power Pushdown Automaton (PDA) Roughly
More informationAutomata Theory for Reasoning about Actions
Automata Theory for Reasoning about Actions Eugenia Ternovskaia Department of Computer Science, University of Toronto Toronto, ON, Canada, M5S 3G4 eugenia@cs.toronto.edu Abstract In this paper, we show
More informationMOPBox: A Library Approach to Runtime Verification
MOPBox: A Library Approach to Runtime Verification (Tool Demonstration) Eric Bodden eric.bodden@cased.de Center for Advanced Security Research Darmstadt Software Technology Group Technische Universität
More informationUnder-Approximation Refinement for Timed Automata
Under-Approximation Refinement for Timed Automata Bachelor s thesis Natural Science Faculty of the University of Basel Department of Mathematics and Computer Science Artificial Intelligence http://ai.cs.unibas.ch/
More informationLecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Fall 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationChecking Program Properties with ESC/Java
Checking Program Properties with ESC/Java 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic
More informationAutomatic Partial Loop Summarization in Dynamic Test Generation
Automatic Partial Loop Summarization in Dynamic Test Generation Patrice Godefroid Microsoft Research Redmond, WA, USA pg@microsoft.com Daniel Luchaup University of Wisconsin Madison Madison, WI, USA luchaup@cs.wisc.edu
More informationAutomatic Synthesis of a Voting Machine Design
Automatic Synthesis of a Voting Machine Design Lili Dworkin Haverford College Sanjit Seshia University of California, Berkeley Wenchao Li University of California, Berkeley Haverford College Computer Science
More information6.852 Lecture 17. Atomic objects Reading: Chapter 13 Next lecture: Atomic snapshot, read/write register
6.852 Lecture 17 Atomic objects Reading: Chapter 13 Next lecture: Atomic snapshot, read/write register Shared-memory model Single I/O automaton with locality restrictions doesn't exploit I/O automaton
More informationTHEORY OF COMPUTATION
THEORY OF COMPUTATION UNIT-1 INTRODUCTION Overview This chapter begins with an overview of those areas in the theory of computation that are basic foundation of learning TOC. This unit covers the introduction
More informationMore on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
More informationVariants of Turing Machines
November 4, 2013 Robustness Robustness Robustness of a mathematical object (such as proof, definition, algorithm, method, etc.) is measured by its invariance to certain changes Robustness Robustness of
More informationIntroduction to Axiomatic Semantics
Introduction to Axiomatic Semantics Meeting 10, CSCI 5535, Spring 2009 Announcements Homework 3 due tonight Homework 2 is graded 13 (mean), 14 (median), out of 21 total, but Graduate class: final project
More informationCS 432 Fall Mike Lam, Professor. Finite Automata Conversions and Lexing
CS 432 Fall 2017 Mike Lam, Professor Finite Automata Conversions and Lexing Finite Automata Key result: all of the following have the same expressive power (i.e., they all describe regular languages):
More informationReading assignment: Reviews and Inspections
Foundations for SE Analysis Reading assignment: Reviews and Inspections M. E. Fagan, "Design and code inspections to reduce error in program development, IBM Systems Journal, 38 (2&3), 1999, pp. 258-287.
More informationModel-checking with the TimeLine formalism
Model-checking with the TimeLine formalism Andrea Zaccara University of Antwerp Andrea.Zaccara@student.uantwerpen.be Abstract A logical model checker can be an effective tool for verification of software
More informationCOMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University
Eugene Syriani Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science McGill University 1 OVERVIEW In the context In Theory: Timed Automata The language: Definitions and Semantics
More informationFundamentals of Software Engineering
Fundamentals of Software Engineering Reasoning about Programs - Selected Features Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel,
More informationVerifiable Hierarchical Protocols with Network Invariants on Parametric Systems
Verifiable Hierarchical Protocols with Network Invariants on Parametric Systems Opeoluwa Matthews, Jesse Bingham, Daniel Sorin http://people.duke.edu/~om26/ FMCAD 2016 - Mountain View, CA Problem Statement
More informationSummaries for While Programs with Recursion
I N F O R M A T I K Summaries for While Programs with Recursion Andreas Podelski Ina Schaefer Silke Wagner MPI I 2004 1 007 December 2004 FORSCHUNGSBERICHT RESEARCH REPORT M A X - P L A N C K - I N S T
More informationImproving Test Suites via Operational Abstraction
Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science http://pag.lcs.mit.edu/~mernst/ Joint work with Michael Harder, Jeff Mellen, and Benjamin Morse Michael Ernst,
More informationPCP and Hardness of Approximation
PCP and Hardness of Approximation January 30, 2009 Our goal herein is to define and prove basic concepts regarding hardness of approximation. We will state but obviously not prove a PCP theorem as a starting
More informationConflict-driven ASP Solving with External Source Access
Conflict-driven ASP Solving with External Source Access Thomas Eiter, Michael Fink, Thomas Krennwallner, Christoph Redl redl@krtuwienacat September 05, 2012 Redl C (TU Vienna) HEX-Programs September 05,
More informationTh(N, +) is decidable
Theorem 6.12 Th(N, +) is decidable Presented by: Brian Lee Two Domains 1. We can give an algorithm to decide truth 2. A problem is undecidable First Order Logic Also known as First order predicate calculus
More informationRange Restriction for General Formulas
Range Restriction for General Formulas 1 Range Restriction for General Formulas Stefan Brass Martin-Luther-Universität Halle-Wittenberg Germany Range Restriction for General Formulas 2 Motivation Deductive
More informationPage 1. Reading assignment: Reviews and Inspections. Foundations for SE Analysis. Ideally want general models. Formal models
Reading assignment: Reviews and Inspections Foundations for SE Analysis M. E. Fagan, "Design and code inspections to reduce error in program development, IBM Systems Journal, 38 (2&3), 999, pp. 258-28.
More informationTimo Latvala. January 28, 2004
Reactive Systems: Kripke Structures and Automata Timo Latvala January 28, 2004 Reactive Systems: Kripke Structures and Automata 3-1 Properties of systems invariants: the system never reaches a bad state
More informationCS402 - Theory of Automata Glossary By
CS402 - Theory of Automata Glossary By Acyclic Graph : A directed graph is said to be acyclic if it contains no cycles. Algorithm : A detailed and unambiguous sequence of instructions that describes how
More informationProgram Correctness and Efficiency. Chapter 2
Program Correctness and Efficiency Chapter 2 Chapter Objectives To understand the differences between the three categories of program errors To understand the effect of an uncaught exception and why you
More informationReasoning about programs
Reasoning about programs Last time Coming up This Thursday, Nov 30: 4 th in-class exercise sign up for group on moodle bring laptop to class Final projects: final project presentations: Tue Dec 12, in
More informationHandling Loops in Bounded Model Checking of C Programs via k-induction
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Handling Loops in Bounded Model Checking of C Programs via k-induction Mikhail Y. R. Gadelha, Hussama I. Ismail, and
More informationlec3:nondeterministic finite state automata
lec3:nondeterministic finite state automata 1 1.introduction Nondeterminism is a useful concept that has great impact on the theory of computation. When the machine is in a given state and reads the next
More informationLast time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise
Last time Reasoning about programs Coming up This Thursday, Nov 30: 4 th in-class exercise sign up for group on moodle bring laptop to class Final projects: final project presentations: Tue Dec 12, in
More information