Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control
Size: px
Start display at page:

Download "Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control"

Transcription

1 Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control Zachary Kincaid Azadeh Farzan University of Toronto January 18, 2013 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

2 Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T s program counter is at v, then ι(v) holds over the globals & locals of T. Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

3 Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T s program counter is at v, then ι(v) holds over the globals & locals of T. Our program model has: Unbounded concurrency: program is the parallel composition of n copies of some thread T, where n is a parameter Invariants must be sound for all n Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

4 Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T s program counter is at v, then ι(v) holds over the globals & locals of T. Our program model has: Unbounded concurrency: program is the parallel composition of n copies of some thread T, where n is a parameter Invariants must be sound for all n Unbounded data domains Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

5 Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T s program counter is at v, then ι(v) holds over the globals & locals of T. Our program model has: Unbounded concurrency: program is the parallel composition of n copies of some thread T, where n is a parameter Invariants must be sound for all n Unbounded data domains Natural model for device drivers, file systems, client/server-type programs,... Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

6 Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module Data module computes numerical invariants Control module computes a program model Data module Control module Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

7 Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module Data module computes numerical invariants Control module computes a program model Data module Control module 2 We propose data flow graphs as a program representation for (parameterized) concurrent programs Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

8 Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module Data module computes numerical invariants Control module computes a program model Data module Control module 2 We propose data flow graphs as a program representation for (parameterized) concurrent programs 3 We give a semicompositional algorithm for constructing data flow graphs Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

9 Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module Data module computes numerical invariants Control module computes a program model Data module Control module 2 We propose data flow graphs as a program representation for (parameterized) concurrent programs 3 We give a semicompositional algorithm for constructing data flow graphs Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

10 Sequential program analysis Flow analysis: solve a system of equations valued over some abstract domain For sequential programs, equations come from the control flow graph: IN(t) = t OUT (t) = t (IN(t)) IN(u) = OUT (t) OUT (w) OUT (u) = u (IN(u)) u v IN(v) = OUT (t) OUT (v) = v (IN(v)) w IN(w) = OUT (u) OUT (v) OUT (w) = w (IN(w)) Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

11 Sequential program analysis Flow analysis: solve a system of equations valued over some abstract domain For sequential programs, equations come from the control flow graph: IN(t) = t OUT (t) = t (IN(t)) IN(u) = OUT (t) OUT (w) OUT (u) = u (IN(u)) u v IN(v) = OUT (t) OUT (v) = v (IN(v)) w IN(w) = OUT (u) OUT (v) OUT (w) = w (IN(w)) How about parameterized programs? Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

12 Data flow Represent data flow, not control flow: ABC x := x + 1 y := 1 x := x + y x := -x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

13 Data flow Represent data flow, not control flow: ABC x := x + 1 x y := 1 y x := x + y x x := -x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

14 Data flow Represent data flow, not control flow: x uninit ABC x y x := x + 1 x y := 1 y x := x + y x x := -x y y Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

15 Why data flow? Invariant: x = 0 y := 0 acquire(lock) assert(x = 0) release(lock) x? acquire(lock) x := 1 x := 0 release(lock) Break invariant Restore invariant Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

16 Data flow graphs A DFG for a program P is a directed graph P = Loc,, where Loc V ars Loc is a set of directed edges labeled by program variables x x := x + 1 x := x + y Loc contains a distinguished uninit vertex Note: # of vertices does not depend on # of threads Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

17 Representing traces A program is represented by a DFG P if all its feasible traces are represented by P. Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

18 Representing traces A program is represented by a DFG P if all its feasible traces are represented by P. A trace is represented by a DFG P if all data flow edges it witnesses belong to P Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

19 Representing traces A program is represented by a DFG P if all its feasible traces are represented by P. A trace is represented by a DFG P if all data flow edges it witnesses belong to P A trace witnesses a data flow u x v iff it is of the form: Thread n executes u, u modifies x T n, u Thread m at v No modifications to x (x local requires n = m) Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

20 Representing traces A program is represented by a DFG P if all its feasible traces are represented by P. A trace is represented by a DFG P if all data flow edges it witnesses belong to P A trace witnesses a data flow u x v iff it is of the form: uninit ABC Thread n executes u, u modifies x T n, u Thread m at v x x y x := x + 1 x y := 1 y No modifications to x (x local requires n = m) y x := x + y y x x := -x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

21 Computing invariants with DFGs DFGs induce a set of equations: IN(v) x = (V ars \ {x}).out (u) u x v IN(v) = IN(v) x x V ar OUT (v) = v (IN(v)) Define an inductive annotation to be a solution to these equations. Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

22 Computing invariants with DFGs DFGs induce a set of equations: IN(v) x = u x v IN(v) = IN(v) x x V ar OUT (v) = v (IN(v)) (V ars \ {x}).out (u) Define an inductive annotation to be a solution to these equations. Theorem (DFG soundness) If σ is a trace represented by a DFG P, and ι is an inductive annotation for P, then ι safely approximates the states reached by σ. Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

23 Overview Data module Control module Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

24 Overview Data module Control module Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

25 Constructing data flow graphs Goal Compute the set of all u, x, v such that there is some feasible trace that witnesses u x v Strategy: Overapproximate the set of feasible traces Compute dataflow edges witnessed by one of these traces Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

26 Precise DFG construction needs data (flag is initially 0) assume(flag) x? x := null assert(x!= null) x := alloc(...) flag := 1 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

27 Precise DFG construction needs data (flag is initially 0) assume(flag) x? x := null T 1,x := null assert(x!= null) x := alloc(...) x T 2,assume(flag) flag := 1 T 2,assert(x!= null) Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

28 Precise DFG construction needs data (flag is initially 0) assume(flag) assert(x!= null) x? x := null T 1,x := null x := alloc(...) x T 2,assume(flag) flag = 0 Cannot execute! flag := 1 T 2,assert(x!= null) Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

29 ι-feasible traces Use an annotation ι to rule out infeasible traces: a trace σ is ι-infeasible if there is some subtrace σ T n, v, some thread m, and some location u such that Thread m is at location u after executing σ Thread n may not execute v in any state satisfying ι(u). Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

30 ι-feasible traces: example (flag is initially 0) assume(flag) x? x := null assert(x!= null) x := alloc(...) flag := 1 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

31 ι-feasible traces: example (flag is initially 0) assume(flag) T 1,x := null assert(x!= null) x? x := null x T 2,assume(flag) x := alloc(...) T 2,assert(x!= null) flag := 1 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

32 ι-feasible traces: example (flag is initially 0) assume(flag) T 1,x := null assert(x!= null) x? x := null x T 2,assume(flag) x := alloc(...) T 2,assert(x!= null) flag := 1 guard: flag 0 T 1 at x := alloc(...) T 2 at assume(flag) is ι(x := alloc(...)) flag 0 satisfiable? Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

33 ι-feasible traces: example (flag is initially 0) assume(flag) T 1,x := null assert(x!= null) x? x := null x T 2,assume(flag) x := alloc(...) T 2,assert(x!= null) flag := 1 guard: flag 0 T 1 at x := alloc(...) T 2 at assume(flag) is ι(x := alloc(...)) flag 0 satisfiable? ι(x := alloc(...)) : flag = 0 infeasible Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

34 ι-feasible traces: example (flag is initially 0) assume(flag) T 1,x := null assert(x!= null) x? x := null x T 2,assume(flag) x := alloc(...) T 2,assert(x!= null) flag := 1 guard: flag 0 T 1 at x := alloc(...) T 2 at assume(flag) is ι(x := alloc(...)) flag 0 satisfiable? ι(x := alloc(...)) : flag = 0 infeasible ι(x := alloc(...)) : true feasible Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

35 Constructing data flow graphs Goal Compute the set of all u, x, v such that there is some feasible trace that witnesses u x v Strategy: Overapproximate the set of feasible traces Compute dataflow edges witnessed by one of these traces Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

36 Constructing data flow graphs Goal Compute the set of all u, x, v such that there is some feasible trace that witnesses u x v Strategy: Overapproximate the set of feasible traces by ι-feasible traces Compute dataflow edges witnessed by one of these traces Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

37 Constructing data flow graphs Goal Compute the set of all u, x, v such that there is some feasible trace that witnesses u x v Strategy: Overapproximate the set of feasible traces by ι-feasible traces Compute dataflow edges witnessed by one of these traces Parameterization is still an obstacle Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

38 Constructing data flow graphs Goal Compute the set of all u, x, v such that there is some feasible trace that witnesses u x v Strategy: Overapproximate the set of feasible traces by ι-feasible traces Compute dataflow edges witnessed by one of these traces Parameterization is still an obstacle Data flow edges for 2-thread ι-feasible witnesses can be computed efficiently Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

39 Projection Lemma (projection) Let ι be an annotation, let σ be an ι-feasible trace, and let N be a set of threads. Then σ N, the projection of σ onto N, is also ι-feasible. Thread n executes u, u modifies x T n, u Thread m at v No modifications to x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

40 Projection Lemma (projection) Let ι be an annotation, let σ be an ι-feasible trace, and let N be a set of threads. Then σ N, the projection of σ onto N, is also ι-feasible. Thread n executes u, u modifies x T n, u Thread m at v No modifications to x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

41 Projection Lemma (projection) Let ι be an annotation, let σ be an ι-feasible trace, and let N be a set of threads. Then σ N, the projection of σ onto N, is also ι-feasible. Thread n executes u, u modifies x T n, u Thread m at v No modifications to x A data flow edge u x v has an ι-feasible witness iff it has a 2-thread ι-feasible witness Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

42 Feedback loop Given a DFG, we know how to compute numerical invariants Given numerical invariants, we know how to compute a DFG Sequential reaching definitions Sequential DFG Data analysis DFG construction Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

43 Feedback loop Given a DFG, we know how to compute numerical invariants Given numerical invariants, we know how to compute a DFG Sequential reaching definitions Sequential DFG Data analysis DFG construction Annotation Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

44 Feedback loop Given a DFG, we know how to compute numerical invariants Given numerical invariants, we know how to compute a DFG Sequential reaching definitions Sequential DFG Data flow edges Data analysis DFG construction Annotation Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

45 Feedback loop Given a DFG, we know how to compute numerical invariants Given numerical invariants, we know how to compute a DFG Sequential reaching definitions Sequential DFG Data flow edges Data analysis DFG construction Annotation Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

46 Feedback loop Given a DFG, we know how to compute numerical invariants Given numerical invariants, we know how to compute a DFG Sequential reaching definitions Sequential DFG Data flow edges Data analysis DFG construction Annotation Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

47 Feedback loop Given a DFG, we know how to compute numerical invariants Given numerical invariants, we know how to compute a DFG Sequential reaching definitions Sequential DFG Data flow edges Data analysis DFG construction Annotation Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

48 Experimental results We implemented our algorithm in a tool, DUET Integer overflow & array bounds checks for 15 Linux device drivers DUET proves 1312/1597 (82%) assertions correct in 13m9s Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

49 Experimental results: Boolean programs Boolean abstractions of Linux device drivers: Suite 1 DUET Linear interfaces 1 Improvement Assertions proved % increase Average time 3.4s 16.9s 5x speedup Suite 2 DUET Dynamic cutoff detection 2 Improvement Assertions proved % increase Average time 8.2s 24.9s 3x speedup 1 S. La Torre, P. Madhusudan, and G. Parlato. Model-checking parameterized concurrent programs using linear interfaces. In CAV, pages A. Kaiser, D. Kroening, and T. Wahl. Dynamic cutoff detection in parameterized concurrent programs. In CAV, pages Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

50 Conclusion Separate reasoning into a data module and a control module Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

51 Conclusion Separate reasoning into a data module and a control module Data flow graphs represent parameterized programs Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

52 Conclusion Separate reasoning into a data module and a control module Data flow graphs represent parameterized programs Semi-compositional DFG construction algorithm Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

53 Questions? Thank you for your attention. Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

54 Bonus slide: future work Improved algorithms for inferring groups of related variables to improve DFGs analyses over relational domains (e.g., octagons, polyhedra) Extension to handle aliasing Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, / 22

Similar documents

Duet: Static Analysis for Unbounded Parallelism

Duet: Static Analysis for Unbounded Parallelism Duet: Static Analysis for Unbounded Parallelism Azadeh Farzan and Zachary Kincaid University of Toronto Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing

More information

Verifying Recursive Programs using Intra-procedural Analyzers

Verifying Recursive Programs using Intra-procedural Analyzers Verifying Recursive Programs using Intra-procedural Analyzers Yu-Fang Chen, Academia Sinica, Taiwan joint work with Chiao Hsieh, Ming-Hsien Tsai, Bow-Yaw Wang and Farn Wang First of all Thanks for the

More information

Verifying Concurrent Programs

Verifying Concurrent Programs Verifying Concurrent Programs Daniel Kroening 8 May 1 June 01 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs

More information

Algebraic Program Analysis

Algebraic Program Analysis Introduction to Algebraic Program Analysis Zachary Kincaid 1 Thomas Reps 2,3 1 Princeton University 2 University of Wisconsin-Madison 3 GrammaTech, Inc. January 8, 2018 1 Program analysis Design algorithms

More information

the complexity of predicting atomicity violations

the complexity of predicting atomicity violations the complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign. Motivation: Interleaving explosion problem Testing is the main technique

More information

Local Verification of Global Invariants in

Local Verification of Global Invariants in Local Verification of Global Invariants in 1 Local Verification of Global Invariants in Concurrent Programs Ernie Cohen 1, Michal Moskal 2, Wolfram Schulte 2, Stephan Tobies 1 1 European Microsoft Innovation

More information

Configurable Software Model Checking

Configurable Software Model Checking Configurable Software Model Checking CPAchecker Dirk Beyer Dirk Beyer 1 / 26 Software Verification C Program int main() { int a = foo(); int b = bar(a); } assert(a == b); Verification Tool TRUE i.e., specification

More information

The Apron Library. Bertrand Jeannet and Antoine Miné. CAV 09 conference 02/07/2009 INRIA, CNRS/ENS

The Apron Library. Bertrand Jeannet and Antoine Miné. CAV 09 conference 02/07/2009 INRIA, CNRS/ENS The Apron Library Bertrand Jeannet and Antoine Miné INRIA, CNRS/ENS CAV 09 conference 02/07/2009 Context : Static Analysis What is it about? Discover properties of a program statically and automatically.

More information

A CRASH COURSE IN SEMANTICS

A CRASH COURSE IN SEMANTICS LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}

More information

Interrupt-driven Software

Interrupt-driven Software Interrupt-driven Software 2 3 Interrupt 1 Interrupt 3 Interrupt 2 Interrupt?? 4 5 6 7 T1() { a = 1; x = a; T2() { a = 2; T1() { a = 1; x = a; T2() { a = 2; 8 9 10 Interrupt-driven programs Abstract Interpretation

More information

Splitting the Control Flow with Boolean Flags

Splitting the Control Flow with Boolean Flags École Normale Supérieure, Paris, France A.Simon@ens.fr July 2008 Good States are Usually Convex Declare C variable int array[12];. 0 1 2 3 4 5 6 7 8 9 10 11 i Access array[i] within bound if 0 i and i

More information

Model-checking Parameterized Concurrent Programs using Linear Interfaces

Model-checking Parameterized Concurrent Programs using Linear Interfaces Model-checking Parameterized Concurrent Programs using Linear Interfaces S. La Torre 1, P. Madhusudan 2, G. Parlato 2 1 Università degli Studi di Salerno, Italy 2 University of Illinois at Urbana-Champaign,

More information

Software Model Checking. Xiangyu Zhang

Software Model Checking. Xiangyu Zhang Software Model Checking Xiangyu Zhang Symbolic Software Model Checking CS510 S o f t w a r e E n g i n e e r i n g Symbolic analysis explicitly explores individual paths, encodes and resolves path conditions

More information

Finding heap-bounds for hardware synthesis

Finding heap-bounds for hardware synthesis Finding heap-bounds for hardware synthesis B. Cook + A. Gupta # S. Magill* A. Rybalchenko # J. Simsa* S. Singh + V. Vafeiadis + *CMU # MPI-SWS + MSR Coding hardware in advanced languages Use of advanced

More information

Sendmail crackaddr - Static Analysis strikes back

Sendmail crackaddr - Static Analysis strikes back Sendmail crackaddr - Static Analysis strikes back Bogdan Mihaila Technical University of Munich, Germany December 6, 2014 Name Lastname < name@mail.org > ()()()()()()()()()... ()()() 1 / 25 Abstract Interpretation

More information

Embedded Software Verification Challenges and Solutions. Static Program Analysis

Embedded Software Verification Challenges and Solutions. Static Program Analysis Embedded Software Verification Challenges and Solutions Static Program Analysis Chao Wang chaowang@nec-labs.com NEC Labs America Princeton, NJ ICCAD Tutorial November 11, 2008 www.nec-labs.com 1 Outline

More information

Model Checking Embedded C Software using k-induction and Invariants

Model Checking Embedded C Software using k-induction and Invariants FEDERAL UNIVERSITY OF RORAIMA and FEDERAL UNIVESITY OF AMAZONAS Model Checking Embedded C Software using k-induction and Invariants Herbert Rocha, Hussama Ismail, Lucas Cordeiro and Raimundo Barreto Agenda

More information

Bounded Model Checking Of C Programs: CBMC Tool Overview

Bounded Model Checking Of C Programs: CBMC Tool Overview Workshop on Formal Verification and Analysis Tools, CFDVS, IIT-Bombay - Feb 21,2017 Bounded Model Checking Of C Programs: CBMC Tool Overview Prateek Saxena CBMC Developed and Maintained by Dr Daniel Kröning

More information

Cover Page. The handle holds various files of this Leiden University dissertation

Cover Page. The handle holds various files of this Leiden University dissertation Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue

More information

Lock-sensitive Interference Analysis for Java: Combining Program Dependence Graphs with Dynamic Pushdown Networks

Lock-sensitive Interference Analysis for Java: Combining Program Dependence Graphs with Dynamic Pushdown Networks Lock-sensitive Interference Analysis for Java: Combining Program Dependence Graphs with Dynamic Pushdown Networks Jürgen Graf 1, Martin Hecker 1, Martin Mohr 1, and Benedikt Nordhoff 2 1 Karlsruhe Institute

More information

Computing Approximate Happens-Before Order with Static and Dynamic Analysis

Computing Approximate Happens-Before Order with Static and Dynamic Analysis Department of Distributed and Dependable Systems Technical report no. D3S-TR-2013-06 May 7, 2018 Computing Approximate Happens-Before Order with Static and Dynamic Analysis Pavel Parízek, Pavel Jančík

More information

A Combination Framework for Tracking Partition Sizes (Full Version)

A Combination Framework for Tracking Partition Sizes (Full Version) A Combination Framework for Tracking Partition Sizes (Full Version) Sumit Gulwani Microsoft Research sumitg@microsoft.com Tal Lev-Ami Tel-Aviv University tla@post.tau.ac.il Mooly Sagiv Tel-Aviv University

More information

A Gentle Introduction to Program Analysis

A Gentle Introduction to Program Analysis A Gentle Introduction to Program Analysis Işıl Dillig University of Texas, Austin January 21, 2014 Programming Languages Mentoring Workshop 1 / 24 What is Program Analysis? Very broad topic, but generally

More information

A Combination Framework for Tracking Partition Sizes

A Combination Framework for Tracking Partition Sizes A Combination Framework for Tracking Partition Sizes Sumit Gulwani Microsoft Research sumitg@microsoft.com Tal Lev-Ami Tel-Aviv University tla@post.tau.ac.il Mooly Sagiv Tel-Aviv University msagiv@post.tau.ac.il

More information

Automatic synthesis of switching controllers for linear hybrid systems: Reachability control

Automatic synthesis of switching controllers for linear hybrid systems: Reachability control Automatic synthesis of switching controllers for linear hybrid systems: Reachability control Massimo Benerecetti and Marco Faella Università di Napoli Federico II, Italy Abstract. We consider the problem

More information

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2014 Outline Overview Syntactic Analysis Abstract

More information

Advanced Programming Methods. Introduction in program analysis

Advanced Programming Methods. Introduction in program analysis Advanced Programming Methods Introduction in program analysis What is Program Analysis? Very broad topic, but generally speaking, automated analysis of program behavior Program analysis is about developing

More information

Learning Analysis Strategies for Octagon and Context Sensitivity from Labeled Data Generated by Static Analyses

Learning Analysis Strategies for Octagon and Context Sensitivity from Labeled Data Generated by Static Analyses Noname manuscript No. (will be inserted by the editor) Learning Analysis Strategies for Octagon and Context Sensitivity from Labeled Data Generated by Static Analyses Kihong Heo Hakjoo Oh Hongseok Yang

More information

A New Abstraction Framework for Affine Transformers

A New Abstraction Framework for Affine Transformers A New Abstraction Framework for Affine Transformers Tushar Sharma and Thomas Reps SAS 17 Motivations Prove Program Assertions Function and loop summaries Sound with respect to bitvectors A NEW ABSTRACTION

More information

Softwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24

Softwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24 Softwaretechnik Program verification Albert-Ludwigs-Universität Freiburg June 28, 2012 Softwaretechnik June 28, 2012 1 / 24 Road Map Program verification Automatic program verification Programs with loops

More information

Type Theory meets Effects. Greg Morrisett

Type Theory meets Effects. Greg Morrisett Type Theory meets Effects Greg Morrisett A Famous Phrase: Well typed programs won t go wrong. 1. Describe abstract machine: M ::= 2. Give transition relation: M 1 M 2

More information

Static Program Analysis CS701

Static Program Analysis CS701 Static Program Analysis CS701 Thomas Reps [Based on notes taken by Aditya Venkataraman on Oct 6th, 2015] Abstract This lecture introduces the area of static program analysis. We introduce the topics to

More information

Lost in Abstraction: Monotonicity in Multi-threaded Programs

Lost in Abstraction: Monotonicity in Multi-threaded Programs Lost in Abstraction: Monotonicity in Multi-threaded Programs Alexander Kaiser 1, Daniel Kroening 1, and Thomas Wahl 2 1 University of Oxford, United Kingdom 2 Northeastern University, Boston, United States

More information

Softwaretechnik. Program verification. Software Engineering Albert-Ludwigs-University Freiburg. June 30, 2011

Softwaretechnik. Program verification. Software Engineering Albert-Ludwigs-University Freiburg. June 30, 2011 Softwaretechnik Program verification Software Engineering Albert-Ludwigs-University Freiburg June 30, 2011 (Software Engineering) Softwaretechnik June 30, 2011 1 / 28 Road Map Program verification Automatic

More information

Introduction to CBMC. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel December 5, 2011

Introduction to CBMC. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel December 5, 2011 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 December 5, 2011 based on slides by Daniel Kroening Bug Catching with SAT-Solvers Main Idea: Given a program and a claim use

More information

Program Verification (6EC version only)

Program Verification (6EC version only) Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language

More information

An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C

An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C Robbert Krebbers Radboud University Nijmegen January 22, 2014 @ POPL, San Diego, USA 1 / 16 What is this program supposed

More information

Hoare triples. Floyd-Hoare Logic, Separation Logic

Hoare triples. Floyd-Hoare Logic, Separation Logic Hoare triples Floyd-Hoare Logic, Separation Logic 1. Floyd-Hoare Logic 1969 Reasoning about control Hoare triples {A} p {B} a Hoare triple partial correctness: if the initial state satisfies assertion

More information

RATCOP: Relational Analysis Tool for Concurrent Programs

RATCOP: Relational Analysis Tool for Concurrent Programs RATCOP: Relational Analysis Tool for Concurrent Programs Suvam Mukherjee 1, Oded Padon 2, Sharon Shoham 2, Deepak D Souza 1, and Noam Rinetzky 2 1 Indian Institute of Science, India 2 Tel Aviv University,

More information

BOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH

BOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH BOOGIE A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH Presentation by Itsik Hefez Introduction Boogie is an intermediate verification language, intended as a layer on which

More information

EFFECTIVE HEURISTIC-BASED TEST GENERATION TECHNIQUES FOR CONCURRENT SOFTWARE. Niloofar Razavi

EFFECTIVE HEURISTIC-BASED TEST GENERATION TECHNIQUES FOR CONCURRENT SOFTWARE. Niloofar Razavi EFFECTIVE HEURISTIC-BASED TEST GENERATION TECHNIQUES FOR CONCURRENT SOFTWARE by Niloofar Razavi A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Graduate Department

More information

Goal. Overflow Checking in Firefox. Sixgill. Sixgill (cont) Verifier Design Questions. Sixgill: Properties 4/8/2010

Goal. Overflow Checking in Firefox. Sixgill. Sixgill (cont) Verifier Design Questions. Sixgill: Properties 4/8/2010 Goal Overflow Checking in Firefox Brian Hackett Can we clean a code base of buffer overflows? Keep it clean? Must prove buffer accesses are in bounds Verification: prove a code base has a property Sixgill

More information

Static Analysis! Prof. Leon J. Osterweil! CS 520/620! Fall 2012! Characteristics of! System to be! built must! match required! characteristics!

Static Analysis! Prof. Leon J. Osterweil! CS 520/620! Fall 2012! Characteristics of! System to be! built must! match required! characteristics! Static Analysis! Prof. Leon J. Osterweil! CS 520/620! Fall 2012! Requirements Spec.! Design! Test Results must! match required behavior! Characteristics of! System to be! built must! match required! characteristics!

More information

More on Operational Semantics

More on Operational Semantics More on Operational Semantics (Slides modified from those created by Xinyu Feng) 1 / 23 Outline Various formulations Extensions Going wrong Local variable declaration Heap Big-step operational semantics

More information

Software Security: Vulnerability Analysis

Software Security: Vulnerability Analysis Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants

More information

Verasco: a Formally Verified C Static Analyzer

Verasco: a Formally Verified C Static Analyzer Verasco: a Formally Verified C Static Analyzer Jacques-Henri Jourdan Joint work with: Vincent Laporte, Sandrine Blazy, Xavier Leroy, David Pichardie,... June 13, 2017, Montpellier GdR GPL thesis prize

More information

Interval Polyhedra: An Abstract Domain to Infer Interval Linear Relationships

Interval Polyhedra: An Abstract Domain to Infer Interval Linear Relationships Interval Polyhedra: An Abstract Domain to Infer Interval Linear Relationships Liqian Chen 1,2 Antoine Miné 3,2 Ji Wang 1 Patrick Cousot 2,4 1 National Lab. for Parallel and Distributed Processing, Changsha,

More information

6. Hoare Logic and Weakest Preconditions

6. Hoare Logic and Weakest Preconditions 6. Hoare Logic and Weakest Preconditions Program Verification ETH Zurich, Spring Semester 07 Alexander J. Summers 30 Program Correctness There are many notions of correctness properties for a given program

More information

Lectures 20, 21: Axiomatic Semantics

Lectures 20, 21: Axiomatic Semantics Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics

More information

Reading Assignment. Symbolic Evaluation/Execution. Move from Dynamic Analysis to Static Analysis. Move from Dynamic Analysis to Static Analysis

Reading Assignment. Symbolic Evaluation/Execution. Move from Dynamic Analysis to Static Analysis. Move from Dynamic Analysis to Static Analysis Reading Assignment Symbolic Evaluation/Execution *R.W. Floyd, "Assigning Meaning to Programs, Symposium on Applied Mathematics, 1967, pp. 19-32 (Appeared as volume 19 of Mathematical Aspects of Computer

More information

A Verified Implementation of the Bounded List Container

A Verified Implementation of the Bounded List Container A Verified Implementation of the Bounded List Container Raphaël Cauderlier, Mihaela Sighireanu March 26, 2018 1 / 32 Outline 1 Introduction 2 Bounded Doubly-Linked Lists 3 Verification 4 Conclusion 2 /

More information

Symbolic Evaluation/Execution

Symbolic Evaluation/Execution Symbolic Evaluation/Execution Reading Assignment *R.W. Floyd, "Assigning Meaning to Programs, Symposium on Applied Mathematics, 1967, pp. 19-32 (Appeared as volume 19 of Mathematical Aspects of Computer

More information

F-Soft: Software Verification Platform

F-Soft: Software Verification Platform F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com

More information

Lecture. DM510 - Operating Systems, Weekly Notes, Week 11/12, 2018

Lecture. DM510 - Operating Systems, Weekly Notes, Week 11/12, 2018 Lecture In the lecture on March 13 we will mainly discuss Chapter 6 (Process Scheduling). Examples will be be shown for the simulation of the Dining Philosopher problem, a solution with monitors will also

More information

Push-button verification of Files Systems via Crash Refinement

Push-button verification of Files Systems via Crash Refinement Push-button verification of Files Systems via Crash Refinement Verification Primer Behavioral Specification and implementation are both programs Equivalence check proves the functional correctness Hoare

More information

Static Lock Capabilities for Deadlock-Freedom

Static Lock Capabilities for Deadlock-Freedom Static Lock Capabilities for Deadlock-Freedom Colin S. Gordon csgordon@cs.washington.edu University of Washington TLDI, January 28, 2012 Joint work with Michael D. Ernst and Dan Grossman Colin S. Gordon

More information

CCured. One-Slide Summary. Lecture Outline. Type-Safe Retrofitting of C Programs

CCured. One-Slide Summary. Lecture Outline. Type-Safe Retrofitting of C Programs CCured Type-Safe Retrofitting of C Programs [Necula, McPeak,, Weimer, Condit, Harren] #1 One-Slide Summary CCured enforces memory safety and type safety in legacy C programs. CCured analyzes how you use

More information

Static program checking and verification

Static program checking and verification Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness

More information

Outline. software testing: search bugs black-box and white-box testing static and dynamic testing

Outline. software testing: search bugs black-box and white-box testing static and dynamic testing Outline 1 Verification Techniques software testing: search bugs black-box and white-box testing static and dynamic testing 2 Programming by Contract assert statements in Python using preconditions and

More information

An Annotated Language

An Annotated Language Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of

More information

Static Analysis in Practice

Static Analysis in Practice in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice

More information

Compilation and Program Analysis (#11) : Hoare triples and shape analysis

Compilation and Program Analysis (#11) : Hoare triples and shape analysis Compilation and Program Analysis (#11) : Hoare triples and shape analysis Laure Gonnord http://laure.gonnord.org/pro/teaching/capm1.html Laure.Gonnord@ens-lyon.fr Master 1, ENS de Lyon dec 2017 Inspiration

More information

Timing Analysis of Parallel Software Using Abstract Execution

Timing Analysis of Parallel Software Using Abstract Execution Timing Analysis of Parallel Software Using Abstract Execution Björn Lisper School of Innovation, Design, and Engineering Mälardalen University bjorn.lisper@mdh.se 2014-09-10 EACO Workshop 2014 Motivation

More information

Hoare logic. A proof system for separation logic. Introduction. Separation logic

Hoare logic. A proof system for separation logic. Introduction. Separation logic Introduction Hoare logic Lecture 6: Examples in separation logic In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing separation logic.

More information

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs? Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare

More information

Spark verification features

Spark verification features Spark verification features Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2018 Adding specification information to programs Verification concerns checking whether

More information

Compiler Construction 2016/2017 Loop Optimizations

Compiler Construction 2016/2017 Loop Optimizations Compiler Construction 2016/2017 Loop Optimizations Peter Thiemann January 16, 2017 Outline 1 Loops 2 Dominators 3 Loop-Invariant Computations 4 Induction Variables 5 Array-Bounds Checks 6 Loop Unrolling

More information

Precise Thread-Modular Abstract Interpretation of Concurrent Programs using Relational Interference Abstractions

Precise Thread-Modular Abstract Interpretation of Concurrent Programs using Relational Interference Abstractions Precise Thread-Modular Abstract Interpretation of Concurrent Programs using Relational Interference Abstractions Raphaël Monat 1 and Antoine Miné 2 1 École Normale Supérieure de Lyon and École Normale

More information

DIRECTED PROGRAMS GEOMETRIC MODELS OF CONCURRENT. Samuel Mimram. École Polytechnique

DIRECTED PROGRAMS GEOMETRIC MODELS OF CONCURRENT. Samuel Mimram. École Polytechnique DIRECTED GEOMETRIC MODELS OF CONCURRENT PROGRAMS Samuel Mimram École Polytechnique Applied and Computational Algebraic Topology Spring School April 24th, 2017 2 / 117 Models of concurrent programs We are

More information

Real-Time and Embedded Systems (M) Lecture 19

Real-Time and Embedded Systems (M) Lecture 19 Low-Level/Embedded Programming Real-Time and Embedded Systems (M) Lecture 19 Lecture Outline Hardware developments Implications on system design Low-level programming Automatic memory management Timing

More information

Static Program Analysis

Static Program Analysis Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Recap: Taking Conditional Branches into Account Extending

More information

Tree Interpolation in Vampire

Tree Interpolation in Vampire Tree Interpolation in Vampire Régis Blanc 1, Ashutosh Gupta 2, Laura Kovács 3, and Bernhard Kragl 4 1 EPFL 2 IST Austria 3 Chalmers 4 TU Vienna Abstract. We describe new extensions of the Vampire theorem

More information

Vertex Cover is Fixed-Parameter Tractable

Vertex Cover is Fixed-Parameter Tractable Vertex Cover is Fixed-Parameter Tractable CS 511 Iowa State University November 28, 2010 CS 511 (Iowa State University) Vertex Cover is Fixed-Parameter Tractable November 28, 2010 1 / 18 The Vertex Cover

More information

Model Requirements and JAVA Programs MVP 2 1

Model Requirements and JAVA Programs MVP 2 1 Model Requirements and JAVA Programs MVP 2 1 Traditional Software The Waterfall Model Problem Area Development Analysis REVIEWS Design Implementation Costly wrt time and money. Errors are found too late

More information

Programming Languages

Programming Languages CSE 230: Winter 2008 Principles of Programming Languages Ocaml/HW #3 Q-A Session Push deadline = Mar 10 Session Mon 3pm? Lecture 15: Type Systems Ranjit Jhala UC San Diego Why Typed Languages? Development

More information

Contents. Program 1. Java s Integral Types in PVS (p.4 of 37)

Contents. Program 1. Java s Integral Types in PVS (p.4 of 37) Java s Integral Types in PVS Bart Jacobs bart@cs.kun.nl www.cs.kun.nl/ bart www.verificard.org. Dep. Computer Science, Univ. Nijmegen, NL Contents I. Example programs II. Integral types in Java (implementations)

More information

Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing

Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing IEEE Software Technology Conference 2015 Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing Steve Baird Senior Software Engineer Copyright 2014 AdaCore Slide: 1 procedure Array_Indexing_Bug

More information

Handling Loops in Bounded Model Checking of C Programs via k-induction

Handling Loops in Bounded Model Checking of C Programs via k-induction Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Handling Loops in Bounded Model Checking of C Programs via k-induction Mikhail Y. R. Gadelha, Hussama I. Ismail, and

More information

SYNERGY : A New Algorithm for Property Checking

SYNERGY : A New Algorithm for Property Checking SYNERGY : A New Algorithm for Property Checking Bhargav S. Gulavani Thomas A. Henzinger Yamini Kannan Aditya V. Nori Sriram K. Rajamani bhargav@cse.iitb.ernet.in tah@epfl.ch yaminik@microsoft.com adityan@microsoft.com

More information

Symbolic Execution and Verification Conditions. Review of Verification Conditions. Survey from Homework 4. Time spent: 7.1 hrs (mean), 6 hrs (median)

Symbolic Execution and Verification Conditions. Review of Verification Conditions. Survey from Homework 4. Time spent: 7.1 hrs (mean), 6 hrs (median) Symbolic Execution and Verification Conditions Survey from Homework 4 Time spent: 7.1 hrs (mean), 6 hrs (median) Meeting 13, CSCI 5535, Spring 2009 2 Survey from Homework 4 Fun facts about your classmates:

More information

Dual-fitting analysis of Greedy for Set Cover

Dual-fitting analysis of Greedy for Set Cover Dual-fitting analysis of Greedy for Set Cover We showed earlier that the greedy algorithm for set cover gives a H n approximation We will show that greedy produces a solution of cost at most H n OPT LP

More information

Advances in Programming Languages

Advances in Programming Languages O T Y H Advances in Programming Languages APL8: ESC/Java2 David Aspinall (including slides by Ian Stark and material adapted from ESC/Java2 tutorial by David Cok, Joe Kiniry and Erik Poll) School of Informatics

More information

Minimal Dominating Sets in Graphs: Enumeration, Combinatorial Bounds and Graph Classes

Minimal Dominating Sets in Graphs: Enumeration, Combinatorial Bounds and Graph Classes Minimal Dominating Sets in Graphs: Enumeration, Combinatorial Bounds and Graph Classes J.-F. Couturier 1 P. Heggernes 2 D. Kratsch 1 P. van t Hof 2 1 LITA Université de Lorraine F-57045 Metz France 2 University

More information

Extended Static Checking for Java

Extended Static Checking for Java Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata Compaq Systems Research Center What is Static Checking? Annotated

More information

Model Checking and Its Applications

Model Checking and Its Applications Model Checking and Its Applications Orna Grumberg Technion, Israel Verification and Deduction Mentoring Workshop July 13, 2018 1 Personal data Ph.d. in (non-automated) verification Postdoc in Model Checking

More information

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets)

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2) (1) IBM Research - Zurich (2) ETH Zurich 1 Outline

More information

Having a BLAST with SLAM

Having a BLAST with SLAM Announcements Having a BLAST with SLAM Meetings -, CSCI 7, Fall 00 Moodle problems? Blog problems? Looked at the syllabus on the website? in program analysis Microsoft uses and distributes the Static Driver

More information

Representation Independence, Confinement and Access Control

Representation Independence, Confinement and Access Control Representation Independence, Confinement and Access Control Anindya Banerjee and David Naumann ab@cis.ksu.edu and naumann@cs.stevens-tech.edu Kansas State University and Stevens Institute of Technology

More information

Automatic Software Verification

Automatic Software Verification Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework

More information

Introduction to Axiomatic Semantics

Introduction to Axiomatic Semantics Introduction to Axiomatic Semantics Meeting 10, CSCI 5535, Spring 2009 Announcements Homework 3 due tonight Homework 2 is graded 13 (mean), 14 (median), out of 21 total, but Graduate class: final project

More information

Abstract Semantic Differencing for Numerical Programs

Abstract Semantic Differencing for Numerical Programs Abstract Semantic Differencing for Numerical Programs Nimrod Partush Eran Yahav Technion, Israel Semantic differencing Characterize semantic difference between similar programs 2 Motivating example 1.

More information

Predicate Abstraction Daniel Kroening 1

Predicate Abstraction Daniel Kroening 1 Predicate Abstraction 20.1.2005 Daniel Kroening 1 Motivation Software has too many state variables State Space Explosion Graf/Saïdi 97: Predicate Abstraction Idea: Only keep track of predicates on data

More information

TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS*

TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS* TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS* Tal Lev-Ami, Roman Manevich, and Mooly Sagiv Tel Aviv University {tla@trivnet.com, {rumster,msagiv}@post.tau.ac.il} Abstract TVLA (Three-Valued-Logic

More information

Runtime Checking for Program Verification Systems

Runtime Checking for Program Verification Systems Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification

More information

A Non-Blocking Concurrent Queue Algorithm

A Non-Blocking Concurrent Queue Algorithm A Non-Blocking Concurrent Queue Algorithm Bruno Didot bruno.didot@epfl.ch June 2012 Abstract This report presents a new non-blocking concurrent FIFO queue backed by an unrolled linked list. Enqueue and

More information

Reminder of the last lecture. Aliasing Issues: Call by reference, Pointer programs. Introducing Aliasing Issues. Home Work from previous lecture

Reminder of the last lecture. Aliasing Issues: Call by reference, Pointer programs. Introducing Aliasing Issues. Home Work from previous lecture Reminder of the last lecture Aliasing Issues: Call by reference, Pointer programs Claude Marché Cours MPRI 2-36-1 Preuve de Programme 18 janvier 2017 Additional features of the specification language Abstract

More information

Petri Nets ee249 Fall 2000

Petri Nets ee249 Fall 2000 Petri Nets ee249 Fall 2000 Marco Sgroi Most slides borrowed from Luciano Lavagno s lecture ee249 (1998) 1 Models Of Computation for reactive systems Main MOCs: Communicating Finite State Machines Dataflow

More information

Multi-Clock Timed Networks

Multi-Clock Timed Networks Multi-Clock Timed Networks arosh Aziz Abdulla, Johann Deneux, and ritha Mahata Dept of Information Technology Uppsala University Sweden parosh,johannd,pritha @ituuse Abstract We consider verification of

More information

LOGICAL CONCURRENCY CONTROL FROM SEQUENTIAL PROOFS. address:

LOGICAL CONCURRENCY CONTROL FROM SEQUENTIAL PROOFS. address: Logical Methods in Computer Science Vol. 7 (3:10) 2011, pp. 1 29 www.lmcs-online.org Submitted Jun.26, 2010 Published Sep. 2, 2011 LOGICAL CONCURRENCY CONTROL FROM SEQUENTIAL PROOFS JYOTIRMOY DESHMUKH

More information

CSE101: Design and Analysis of Algorithms. Ragesh Jaiswal, CSE, UCSD

CSE101: Design and Analysis of Algorithms. Ragesh Jaiswal, CSE, UCSD Recap. Growth rates: Arrange the following functions in ascending order of growth rate: n 2 log n n log n 2 log n n/ log n n n Introduction Algorithm: A step-by-step way of solving a problem. Design of

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback