Software Model Checking with Abstraction Refinement
|
|
|
- Edith Bishop
- 6 years ago
- Views:
Transcription
1 Software Model Checking with Abstraction Refinement Computer Science and Artificial Intelligence Laboratory MIT Armando Solar-Lezama With slides from Thomas Henzinger, Ranjit Jhala and Rupak Majumdar. Used with permission. Dec 08, 20 December 08, 20
2 Model checking so far o o The promise of model checking - Exhaustive exploration of the state space of a program - Push-button verification of arbitrary temporal logic formulas - Dramatic performance improvements from But State reduction techniques Symbolic representations - It only works for programs with bounded state space 2
3 Abstraction to the rescue o We can abstract the infinite state space into a finite one - Every abstract state corresponds to an infinite set of states - Is this the same thing as abstract interpretation? : 2: 3: 4: 5: void main(){ int x = *; while(*){ if(x>0) x = 2*x; else x = x-; x = abs(*)/x; (,+) (,z) (,-) (2,+) (2,z) (2,-) (3,+) (4,z) (4,-) (5,+) (5,-) 3
4 The problem with abstraction o Abstractions usually have to be tailored to the program and property of interest - Imprecision on the abstraction can lead to spurious paths : 2: 3: 4: void main(){ int x = *; while(*){ if(x>) x = 2*x; else x = x-2; (,+) (,z) (,-) (2,+) (2,z) (2,-) (3,+) (4,+) (4,z) (4,-) 5: x = abs(*)/x; (5,+) (5,0) x x (5,-) 4
5 Spurious path under the microscope (2,+) : 2: 3: 4: 5: void main(){ int x = *; while(*){ if(x>) x = 2*x; else x = x-2; x = abs(*)/x; (,+) (2,+) (5,+) (4,+) (5,0) x x (5,0) (5,-) x>2 x= x=2 (5,0) (5,-) 5
6 2 Key ingredients for software MC o We need a simple way to come up with abstractions o Our abstractions must be flexible - We need to be able to refine them on demand - This is how we identify spurious paths and eliminate them 6
7 Predicate Abstraction o Abstract state defined by a set of predicates - Ex: x>0, p.next!= null, p.next.val > 0 o Transition function can be computed by a theorem prover x>0 x>0 x = x- not(x>0) o Big idea: - We can refine the abstraction by introducing more predicates! 7
8 Example Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4: while(new!= old); 5: unlock (); return; unlock lock unlock lock Henzinger, Jhala,Majumdar 8
9 What a program really is State Transition pc lock old new : unlock(); new++; 4: pc lock old new q 0x33a q 0x33a Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4: while(new!= old); 5: unlock (); return; Henzinger, Jhala,Majumdar 9
10 The Safety Verification Problem Error Safe Initial Is there a path from an initial to an error state? Problem: Infinite state graph Solution : Set of states = logical formula Henzinger, Jhala,Majumdar 0
11 Idea : Predicate Abstraction Predicates on program state: lock old = new States satisfying same predicates are equivalent Merged into one abstract state #abstract states is finite Henzinger, Jhala,Majumdar
12 Abstract States and Transitions State pc lock old new : unlock(); new++; 4: pc lock old new q 0x33a q 0x33a Theorem Prover lock old=new!lock! old=new Henzinger, Jhala,Majumdar 2
13 Abstraction State pc lock old new : unlock(); new++; 4: pc lock old new q 0x33a q 0x33a Theorem Prover Existential Lifting lock old=new! lock! old=new Henzinger, Jhala,Majumdar 3
14 Abstraction State pc lock old new : unlock(); new++; 4: pc lock old new q 0x33a q 0x33a lock old=new! lock! old=new Henzinger, Jhala,Majumdar 4
15 Analyze Abstraction Analyze finite graph No false negatives Problem Spurious counterexamples Henzinger, Jhala,Majumdar 5
16 Idea 2: Counterex.-Guided Refinement Solution Use spurious counterexamples to refine abstraction! Henzinger, Jhala,Majumdar 6
17 Idea 2: Counterex.-Guided Refinement Solution Use spurious counterexamples to refine abstraction. Add predicates to distinguish states across cut 2. Build refined abstraction Imprecision due to merge Henzinger, Jhala,Majumdar 7
18 Iterative Abstraction-Refinement Solution Use spurious counterexamples to refine abstraction [Kurshan et al 93] [Clarke et al 00] [Ball-Rajamani 0]. Add predicates to distinguish states across cut 2. Build refined abstraction -eliminates counterexample 3. Repeat search Till real counterexample or system proved safe Henzinger, Jhala,Majumdar 8
19 Lazy Abstraction C Program Abstract Yes Safe BLAST Property Refine No Trace Henzinger, Jhala,Majumdar 9
20 Lazy Abstraction C Program spec.opt Instrumented C file With ERROR label BLAST Yes Safe Property No Trace Henzinger, Jhala,Majumdar 20
21 Problem: Abstraction is Expensive Reachable Problem #abstract states = 2 #predicates Exponential Thm. Prover queries Observe Fraction of state space reachable #Preds ~ 00 s, #States ~ 2 00, #Reach ~ 000 s Henzinger, Jhala,Majumdar 2
22 Solution: Only Abstract Reachable States Safe Problem #abstract states = 2 #predicates Exponential Thm. Prover queries Solution Build abstraction during search Henzinger, Jhala,Majumdar 22
23 Solution2: Don t Refine Error-Free Regions Error Free Problem #abstract states = 2 #predicates Exponential Thm. Prover queries Solution Don t refine error-free regions Henzinger, Jhala,Majumdar 23
24 Key Idea: Reachability Tree Initial 2 Unroll Abstraction. Pick tree-node (=abs. state) 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off Find min infeasible suffix - Learn new predicates - Rebuild subtree with new preds. Henzinger, Jhala,Majumdar 24
25 Key Idea: Reachability Tree Initial 2 Unroll Abstraction. Pick tree-node (=abs. state) 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off Find min infeasible suffix - Learn new predicates - Rebuild subtree with new preds. Error Free Henzinger, Jhala,Majumdar 25
26 Key Idea: Reachability Tree Initial Unroll. Pick tree-node (=abs. state) 2 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off Find min spurious suffix - Learn new predicates Rebuild subtree with new preds. Error Free SAFE S: Only Abstract Reachable States S2: Don t refine error-free regions Henzinger, Jhala,Majumdar 26
27 Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); Predicates: LOCK Reachability Tree Henzinger, Jhala,Majumdar 27
28 Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); lock() old = new q=q->next 2 LOCK 2 Predicates: LOCK Reachability Tree Henzinger, Jhala,Majumdar 28
29 Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); [q!=null] 3 2 LOCK LOCK 2 3 Predicates: LOCK Reachability Tree Henzinger, Jhala,Majumdar 29
30 Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); q->data = new unlock() new LOCK LOCK Predicates: LOCK Reachability Tree Henzinger, Jhala,Majumdar 30
31 Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK LOCK [new==old] Predicates: LOCK Reachability Tree Henzinger, Jhala,Majumdar 3
32 Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK LOCK Predicates: LOCK unlock() 5 Reachability Tree Henzinger, Jhala,Majumdar 32
33 Analyze Counterexample Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK LOCK lock() old = new q=q->next [q!=null] q->data = new unlock() new++ [new==old] 5 5 unlock() Predicates: LOCK Reachability Tree Henzinger, Jhala,Majumdar 33
34 Analyze Counterexample Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); Predicates: LOCK LOCK LOCK old = new new++ [new==old] Inconsistent new == old Reachability Tree Henzinger, Jhala,Majumdar 34
35 Repeat Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); Predicates: LOCK, new==old Reachability Tree Henzinger, Jhala,Majumdar 35
36 Repeat Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK, new==old 2 lock() old = new q=q->next 2 Predicates: LOCK, new==old Reachability Tree Henzinger, Jhala,Majumdar 36
37 Repeat Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK, new==old 2 LOCK, new==old 3,! new = old 4 q->data = new unlock() new Predicates: LOCK, new==old Reachability Tree Henzinger, Jhala,Majumdar 37
38 Repeat Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK, new==old 2 LOCK, new==old 3,! new = old 4 [new==old] Predicates: LOCK, new==old Reachability Tree Henzinger, Jhala,Majumdar 38
39 Repeat Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK, new==old 2 LOCK, new==old 3,! new = old 4 [new!=old] Predicates: LOCK, new==old,! new == old Reachability Tree Henzinger, Jhala,Majumdar 39
40 Repeat Build-and-Search Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; 4:while(new!= old); 5: unlock (); LOCK, new==old LOCK, new==old 3,! new = old LOCK, new=old SAFE Predicates: LOCK, new==old,! new == old 5, new==old Reachability Tree Henzinger, Jhala,Majumdar 40
41 Key Idea: Reachability Tree Initial 2 Unroll. Pick tree-node (=abs. state) 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off Find min spurious suffix - Learn new predicates - Rebuild subtree with new preds. Error Free SAFE S: Only Abstract Reachable States S2: Don t refine error-free regions Henzinger, Jhala,Majumdar 4
42 Lazy Abstraction C Program Abstract Yes Safe Property Refine No Trace Problem: Abstraction is Expensive Solution:. Abstract reachable states, 2. Avoid refining error-free regions Key Idea: Reachability Tree Henzinger, Jhala,Majumdar 42
43 MIT OpenCourseWare Fundamentals of Program Analysis Fall 205 For information about citing these materials or our Terms of Use, visit:
Having a BLAST with SLAM
Having a BLAST with SLAM Meeting, CSCI 555, Fall 20 Announcements Homework 0 due Sat Questions? Move Tue office hours to -5pm 2 Software Model Checking via Counterexample Guided Abstraction Refinement
Scalable Program Verification by Lazy Abstraction
Scalable Program Verification by Lazy Abstraction Ranjit Jhala U.C. Berkeley ars, July, 997 Lost contact due to real-time priority inversion bug ars, December, 999 Crashed due to uninitialized variable
Having a BLAST with SLAM
Having a BLAST with SLAM # #2 Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement There are easily two dozen SLAM/BLAST/MAGIC papers; I will skim. #3 SLAM Overview INPUT: Program
Having a BLAST with SLAM
Having a BLAST with SLAM # #2 Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement There are easily two dozen SLAM/BLAST/MAGIC papers; I will skim. #3 SLAM Overview INPUT: Program
CS 510/13. Predicate Abstraction
CS 50/3 Predicate Abstraction Predicate Abstraction Extract a finite state model from an infinite state system Used to prove assertions or safety properties Successfully applied for verification of C programs
Having a BLAST with SLAM
Announcements Having a BLAST with SLAM Meetings -, CSCI 7, Fall 00 Moodle problems? Blog problems? Looked at the syllabus on the website? in program analysis Microsoft uses and distributes the Static Driver
Software Model Checking. Xiangyu Zhang
Software Model Checking Xiangyu Zhang Symbolic Software Model Checking CS510 S o f t w a r e E n g i n e e r i n g Symbolic analysis explicitly explores individual paths, encodes and resolves path conditions
Double Header. Two Lectures. Flying Boxes. Some Key Players: Model Checking Software Model Checking SLAM and BLAST
Model Checking #1 Double Header Two Lectures Model Checking Software Model Checking SLAM and BLAST Flying Boxes It is traditional to describe this stuff (especially SLAM and BLAST) with high-gloss animation
Counterexample Guided Abstraction Refinement in Blast
Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich 1 How would you analyze this? * means something
An Eclipse Plug-in for Model Checking
An Eclipse Plug-in for Model Checking Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala Electrical Engineering and Computer Sciences University of California, Berkeley, USA Rupak Majumdar Computer Science
No model may be available. Software Abstractions. Recap on Model Checking. Model Checking for SW Verif. More on the big picture. Abst -> MC -> Refine
No model may be available Programmer Software Abstractions Tests Coverage Code Abhik Roychoudhury CS 5219 National University of Singapore Testing Debug Today s lecture Abstract model (Boolean pgm.) Desirable
Predicate Abstraction Daniel Kroening 1
Predicate Abstraction 20.1.2005 Daniel Kroening 1 Motivation Software has too many state variables State Space Explosion Graf/Saïdi 97: Predicate Abstraction Idea: Only keep track of predicates on data
On Reasoning about Finite Sets in Software Checking
On Reasoning about Finite Sets in Software Model Checking Pavel Shved Institute for System Programming, RAS SYRCoSE 2 June 2010 Static Program Verification Static Verification checking programs against
Static program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
F-Soft: Software Verification Platform
F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com
Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement. Having a BLAST with SLAM. Combining Strengths. SLAM Overview SLAM
Hving BLAST with SLAM Topic: Softwre Model Checking vi Counter-Exmple Guided Abstrction Refinement There re esily two dozen SLAM/BLAST/MAGIC ppers; I will skim. # # Theorem Proving Combining Strengths
Introduction. Preliminaries. Original IC3. Tree-IC3. IC3 on Control Flow Automata. Conclusion
.. Introduction Preliminaries Original IC3 Tree-IC3 IC3 on Control Flow Automata Conclusion 2 of 22 Lifting IC3 to Control Flow Automata Tim Lange tim.lange@cs.rwth-aachen.de Introduction Preliminaries
Predicate Refinement Heuristics in Program Verification with CEGAR
Predicate Refinement Heuristics in Program Verification with CEGAR Tachio Terauchi (JAIST) Part of this is joint work with Hiroshi Unno (U. Tsukuba) 1 Predicate Abstraction with CEGAR Iteratively generate
Subsumer-First: Steering Symbolic Reachability Analysis
Subsumer-First: Steering Symbolic Reachability Analysis Andrey Rybalchenko 1 and Rishabh Singh 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 Massachusetts Institue of Technology (MIT) Abstract.
On Reasoning About Finite Sets in Software Model Checking
On Reasoning About Finite Sets in Software Model Checking Pavel Shved Institute for System Programming, RAS email: shved@ispras.ru Abstract A number of static checking techniques is based on constructing
Using Counterexample Analysis to Minimize the Number of Predicates for Predicate Abstraction
Using Counterexample Analysis to Minimize the Number of Predicates for Predicate Abstraction Thanyapat Sakunkonchak, Satoshi Komatsu, and Masahiro Fujita VLSI Design and Education Center, The University
Proofs from Tests. Nels E. Beckman, Aditya V. Nori, Sriram K. Rajamani, Robert J. Simmons, SaiDeep Tetali, Aditya V. Thakur
1 Proofs from Tests Nels E. Beckman, Aditya V. Nori, Sriram K. Rajamani, Robert J. Simmons, SaiDeep Tetali, Aditya V. Thakur Abstract We present an algorithm DASH to check if a program P satisfies a safety
Proving Properties of non-array Programs
Proving Properties of non-array Programs Thanks to Priyanka Darke Tata Research Development and Design Centre, Pune, India December 13, 2017 Copyright 2012 Tata Consultancy Services Limited 1 Background
Program verification. Generalities about software Verification Model Checking. September 20, 2016
Program verification Generalities about software Verification Model Checking Laure Gonnord David Monniaux September 20, 2016 1 / 43 The teaching staff Laure Gonnord, associate professor, LIP laboratory,
Model Checking: Back and Forth Between Hardware and Software
Model Checking: Back and Forth Between Hardware and Software Edmund Clarke 1, Anubhav Gupta 1, Himanshu Jain 1, and Helmut Veith 2 1 School of Computer Science, Carnegie Mellon University {emc, anubhav,
Formal Systems Tutorial Hybrid System Modeling, Program Analysis
Formal Systems Tutorial Hybrid System Modeling, Program Analysis Department of Computer Science & Engineering, Indian Institute of Technology, Kharagpur 1. There are three taps in the system, namely Tap-1
Model Checking with Abstract State Matching
Model Checking with Abstract State Matching Corina Păsăreanu QSS, NASA Ames Research Center Joint work with Saswat Anand (Georgia Institute of Technology) Radek Pelánek (Masaryk University) Willem Visser
Predicate Abstraction of ANSI C Programs using SAT Λ
Predicate Abstraction of ANSI C Programs using SAT Λ Edmund Clarke and Daniel Kroening and Natalia Sharygina and Karen Yorav School of Computer Science Carnegie Mellon University, Pittsburgh, PA, USA Software
More on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification
Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification Aws Albarghouthi 1, Yi Li 1, Arie Gurfinkel 2, and Marsha Chechik 1 1 Department of Computer Science, University of Toronto,
The software model checker BLAST
Int J Softw Tools Technol Transfer (2007) 9:505 525 DOI 10.1007/s10009-007-0044-z SPECIAL SECTION FASE 04/ 05 The software model checker BLAST Applications to software engineering Dirk Beyer Thomas A.
A Verifier for Temporal Properties
A Verifier for Temporal Properties David Mandelin May 3, 2002 1 Background Before distributing a program, programmers would like to know for certain that it does what it is intended to do. The only way
Checking Memory Safety with Blast
Checking Memory Safety with Blast Dirk Beyer 1 Thomas A. Henzinger 12 Ranjit Jhala 3 Rupak Majumdar 4 1 EPFL, Switzerland 2 University of California, Berkeley 3 University of California, San Diego 4 University
Interpolation-based Software Verification with Wolverine
Interpolation-based Software Verification with Wolverine Daniel Kroening 1 and Georg Weissenbacher 2 1 Computer Science Department, Oxford University 2 Department of Electrical Engineering, Princeton University
Permissive Interfaces
Permissive Interfaces Thomas A. Henzinger Ranjit Jhala Rupak Majumdar EPFL, Switzerland UC Berkeley UC Los Angeles Abstract A modular program analysis considers components independently and provides succinct
Overview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems - Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two
TRACER: A Symbolic Execution Tool for Verification
TRACER: A Symbolic Execution Tool for Verification Joxan Jaffar, Vijayaraghavan Murali, Jorge A. Navas, and Andrew E. Santosa 3 National University of Singapore The University of Melbourne 3 University
Proofs from Tests. Sriram K. Rajamani. Nels E. Beckman. Aditya V. Nori. Robert J. Simmons.
Proofs from Tests Nels E. Beckman Carnegie Mellon University nbeckman@cs.cmu.edu Aditya V. Nori Microsoft Research India adityan@microsoft.com Robert J. Simmons Carnegie Mellon University rjsimmon@cs.cmu.edu
20b -Advanced-DFA. J. L. Peterson, "Petri Nets," Computing Surveys, 9 (3), September 1977, pp
State Propagation Reading assignment J. L. Peterson, "Petri Nets," Computing Surveys, 9 (3), September 1977, pp. 223-252. Sections 1-4 For reference only M. Pezzè, R. N. Taylor and M. Young, Graph Models
Page # 20b -Advanced-DFA. Reading assignment. State Propagation. GEN and KILL sets. Data Flow Analysis
b -Advanced-DFA Reading assignment J. L. Peterson, "Petri Nets," Computing Surveys, 9 (3), September 977, pp. 3-5. Sections -4 State Propagation For reference only M. Pezzè, R. N. Taylor and M. Young,
Basic Verification Strategy
ormal Verification Basic Verification Strategy compare behavior to intent System Model of system behavior intent Verifier results Intent Usually, originates with requirements, refined through design and
Lazy Abstraction with Interpolants
Lazy Abstraction with Interpolants Kenneth L. McMillan Cadence Berkeley Labs Abstract. We describe a model checker for infinite-state sequential programs, based on Craig interpolation and the lazy abstraction
Verification Framework for Detecting Safety Violations in UML State chart Models of Reactive Systems C.M. Prashanth
Verification Framework for Detecting Safety Violations in UML State chart Models of Reactive Systems C.M. Prashanth Dept. of Computer Engineering N.I.T.K, Surathkal INDIA-575 025 +91 9448185670 prashanth_bcs@yahoo.co.in
A New approach to Detect Safety Violations in UML Statechart Models
IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.7, July 2008 167 A New approach to Detect Safety Violations in UML Statechart Models Prashanth C.M. Dr. K. Chandrashekar
Proving liveness. Alexey Gotsman IMDEA Software Institute
Proving liveness Alexey Gotsman IMDEA Software Institute Safety properties Ensure bad things don t happen: - the program will not commit a memory safety fault - it will not release a lock it does not hold
What does my program mean?
September 16, 2015 L02-1 What does my program mean? Armando Solar Lezama Computer Science and Artificial Intelligence Laboratory M.I.T. Adapted from Arvind 2010. Used with permission. September 16, 2015
Static Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Schedule of Lectures Jan 17/19: Interprocedural DFA
4/24/18. Overview. Program Static Analysis. Has anyone done static analysis? What is static analysis? Why static analysis?
Overview Program Static Analysis Program static analysis Abstract interpretation Static analysis techniques 2 What is static analysis? The analysis to understand computer software without executing programs
System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements
System Correctness EEC 421/521: Software Engineering A Whirlwind Intro to Software Model Checking A system is correct when it meets its requirements a design without requirements cannot be right or wrong,
Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001
Research Collection Other Conference Item Formal background and algorithms Author(s): Biere, Armin Publication Date: 2001 Permanent Link: https://doi.org/10.3929/ethz-a-004239730 Rights / License: In Copyright
CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan Remember Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas
Abstract Interpretation
Abstract Interpretation Ranjit Jhala, UC San Diego April 22, 2013 Fundamental Challenge of Program Analysis How to infer (loop) invariants? Fundamental Challenge of Program Analysis Key issue for any analysis
Towards a Software Model Checker for ML. Naoki Kobayashi Tohoku University
Towards a Software Model Checker for ML Naoki Kobayashi Tohoku University Joint work with: Ryosuke Sato and Hiroshi Unno (Tohoku University) in collaboration with Luke Ong (Oxford), Naoshi Tabuchi and
Lecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
Scalable Program Analysis Using Boolean Satisfiability: The Saturn Project
Scalable Program Analysis Using Boolean Satisfiability: The Saturn Project Alex Aiken Stanford University Saturn 1 The Idea Verify properties of large systems! Doesn t {SLAM, BLAST, CQual, ESP} already
Reasoning About Imperative Programs. COS 441 Slides 10
Reasoning About Imperative Programs COS 441 Slides 10 The last few weeks Agenda reasoning about functional programming It s very simple and very uniform: substitution of equal expressions for equal expressions
Proof Pearl: The Termination Analysis of Terminator
Proof Pearl: The Termination Analysis of Terminator Joe Hurd Computing Laboratory Oxford University joe.hurd@comlab.ox.ac.uk Abstract. Terminator is a static analysis tool developed by Microsoft Research
Software Model Checking. From Programs to Kripke Structures
Software Model Checking (in (in C or or Java) Java) Model Model Extraction 1: int x = 2; int y = 2; 2: while (y
Runtime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
CSC2108: Automated Verification Assignment 3. Due: November 14, classtime.
CSC2108: Automated Verification Assignment 3. Due: November 14, classtime. 1. Recall the notion of alternation depth in µ-calculus formulas. An alternation depth of a formula is one if results of a least
Verifiable Hierarchical Protocols with Network Invariants on Parametric Systems
Verifiable Hierarchical Protocols with Network Invariants on Parametric Systems Opeoluwa Matthews, Jesse Bingham, Daniel Sorin http://people.duke.edu/~om26/ FMCAD 2016 - Mountain View, CA Problem Statement
Program Verification. Aarti Gupta
Program Verification Aarti Gupta 1 Agenda Famous bugs Common bugs Testing (from lecture 6) Reasoning about programs Techniques for program verification 2 Famous Bugs The first bug: A moth in a relay (1945)
Grad PL vs. The World
Grad PL vs. The World #1 Grad PL Conclusions You are now equipped to read the most influential papers in PL. You can also recognize PL concepts and will know what to do when they come up in your research.
Formal Verification by Model Checking
Formal Verication by Model Checking Jonathan Aldrich Carnegie Mellon University Based on slides developed by Natasha Sharygina 17-654/17-754: Analysis of Software Artacts Spring 2006 1 CTL Model Checking
Areas related to SW verif. Trends in Software Validation. Your Expertise. Research Trends High level. Research Trends - Ex 2. Research Trends Ex 1
Areas related to SW verif. Trends in Software Validation Abhik Roychoudhury CS 6214 Formal Methods Model based techniques Proof construction techniques Program Analysis Static Analysis Abstract Interpretation
Proof Pearl: The Termination Method of TERMINATOR
Proof Pearl: The Termination Method of TERMINATOR Joe Hurd Computing Laboratory University of Oxford University of Edinburgh Thursday 9 August 2007 Joe Hurd Proof Pearl: The Termination Method of TERMINATOR
Outline. Introduction SDV Motivation Model vs Real Implementation SLIC SDVRP SLAM-2 Comparisons Conclusions
Outline Introduction SDV Motivation Model vs Real Implementation SIC SDVRP SAM-2 Comparisons Conclusions SDV Research Platform Academic release of SDV (Static Driver Verifier), based on the code that ships
Predicate Abstraction with Adjustable-Block Encoding
Predicate Abstraction with Adjustable-Block Encoding Dirk Beyer Simon Fraser University / University of Passau M. Erkan Keremoglu Simon Fraser University, B.C., Canada Philipp Wendler University of Passau,
PANDA: Simultaneous Predicate Abstraction and Concrete Execution
PANDA: Simultaneous Predicate Abstraction and Concrete Execution Jakub Daniel and Pavel Parízek Charles University in Prague, Faculty of Mathematics and Physics, Department of Distributed and Dependable
FORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY
FORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY Pamela Zave AT&T Laboratories Research Florham Park, New Jersey, USA
Formal Methods in Software Engineering. Lecture 07
Formal Methods in Software Engineering Lecture 07 What is Temporal Logic? Objective: We describe temporal aspects of formal methods to model and specify concurrent systems and verify their correctness
Symbolic Evaluation/Execution
Symbolic Evaluation/Execution Reading Assignment *R.W. Floyd, "Assigning Meaning to Programs, Symposium on Applied Mathematics, 1967, pp. 19-32 (Appeared as volume 19 of Mathematical Aspects of Computer
Finite State Verification. CSCE Lecture 14-02/25/2016
Finite State Verification CSCE 747 - Lecture 14-02/25/2016 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
AN ABSTRACTION TECHNIQUE FOR REAL-TIME VERIFICATION
AN ABSTRACTION TECHNIQUE FOR REAL-TIME VERIFICATION Edmund M. Clarke, Flavio Lerda, Muralidhar Talupur Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213 {flerda,tmurali,emc}@cs.cmu.edu
STATIC PROGRAM TRANSFORMATIONS FOR EFFICIENT SOFTWARE MODEL CHECKING
STATIC PROGRAM TRANSFORMATIONS FOR EFFICIENT SOFTWARE MODEL CHECKING Shobha Vasudevan Computer Engineering Research Center The University of Texas at Austin Austin, Texas, U.S.A. shobha@cerc.utexas.edu
Regression Verification - a practical way to verify programs
Regression Verification - a practical way to verify programs Ofer Strichman Benny Godlin Technion, Haifa, Israel. Email: ofers@ie.technion.ac.il bgodlin@cs.technion.ac.il 1 Introduction When considering
Model Checking Embedded C Software using k-induction and Invariants
FEDERAL UNIVERSITY OF RORAIMA and FEDERAL UNIVESITY OF AMAZONAS Model Checking Embedded C Software using k-induction and Invariants Herbert Rocha, Hussama Ismail, Lucas Cordeiro and Raimundo Barreto Agenda
Sliced Path Prefixes: An Effective Method to Enable Refinement Selection
FORTE '15 Sliced Path Prefixes: An Effective Method to Enable Refinement Selection Dirk Beyer, Stefan Löwe, Philipp Wendler SoSy-Lab Software Systems We want Refinement Selection!!! Because straight-forward
Hardware-Software Codesign. 9. Worst Case Execution Time Analysis
Hardware-Software Codesign 9. Worst Case Execution Time Analysis Lothar Thiele 9-1 System Design Specification System Synthesis Estimation SW-Compilation Intellectual Prop. Code Instruction Set HW-Synthesis
Unbounded Symbolic Execution for Program Verification
Unbounded Symbolic Execution for Program Verification JOXAN JAFFAR 1, JORGE A. NAVAS 1, AND ANDREW E. SANTOSA 2 1 National University of Singapore 2 University of Sydney, Australia {joxan,navas}@comp.nus.edu.sg,
Sciduction: Combining Induction, Deduction and Structure for Verification and Synthesis
Sciduction: Combining Induction, Deduction and Structure for Verification and Synthesis (abridged version of DAC slides) Sanjit A. Seshia Associate Professor EECS Department UC Berkeley Design Automation
Automatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
Verifying Concurrent Programs
Verifying Concurrent Programs Daniel Kroening 8 May 1 June 01 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs
Binary Decision Diagrams and Symbolic Model Checking
Binary Decision Diagrams and Symbolic Model Checking Randy Bryant Ed Clarke Ken McMillan Allen Emerson CMU CMU Cadence U Texas http://www.cs.cmu.edu/~bryant Binary Decision Diagrams Restricted Form of
Lecture 6. Abstract Interpretation
Lecture 6. Abstract Interpretation Wei Le 2014.10 Outline Motivation History What it is: an intuitive understanding An example Steps of abstract interpretation Galois connection Narrowing and Widening
Finite State Verification. CSCE Lecture 21-03/28/2017
Finite State Verification CSCE 747 - Lecture 21-03/28/2017 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
Finding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar
Finding and Fixing Bugs in Liquid Haskell Anish Tondwalkar Overview Motivation Liquid Haskell Fault Localization Fault Localization Evaluation Predicate Discovery Predicate Discovery Evaluation Conclusion
SYNERGY : A New Algorithm for Property Checking
SYNERGY : A New Algorithm for Property Checking Bhargav S. Gulavani Thomas A. Henzinger Yamini Kannan Aditya V. Nori Sriram K. Rajamani bhargav@cse.iitb.ernet.in tah@epfl.ch yaminik@microsoft.com adityan@microsoft.com
Problem Solving as Search. CMPSCI 383 September 15, 2011
Problem Solving as Search CMPSCI 383 September 15, 2011 1 Today s lecture Problem-solving as search Uninformed search methods Problem abstraction Bold Claim: Many problems faced by intelligent agents,
Reading Assignment. Symbolic Evaluation/Execution. Move from Dynamic Analysis to Static Analysis. Move from Dynamic Analysis to Static Analysis
Reading Assignment Symbolic Evaluation/Execution *R.W. Floyd, "Assigning Meaning to Programs, Symposium on Applied Mathematics, 1967, pp. 19-32 (Appeared as volume 19 of Mathematical Aspects of Computer
Abstraction Refinement for Quantified Array Assertions
Abstraction Refinement for Quantified Array Assertions Mohamed Nassim Seghir 1,, Andreas Podelski 1, and Thomas Wies 1,2 1 University of Freiburg, Germany 2 EPFL, Switzerland Abstract. We present an abstraction
Verifying Multithreaded Software with Impact
Verifying Multithreaded Software with Impact Björn Wachter, Daniel Kroening and Joël Ouaknine University of Oxford Intro Multi-threading C/C++ with POSIX/WIN 32 threads event processing, device drivers,
TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS*
TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS* Tal Lev-Ami, Roman Manevich, and Mooly Sagiv Tel Aviv University {tla@trivnet.com, {rumster,msagiv}@post.tau.ac.il} Abstract TVLA (Three-Valued-Logic
Model Checking with Automata An Overview
Model Checking with Automata An Overview Vanessa D Carson Control and Dynamical Systems, Caltech Doyle Group Presentation, 05/02/2008 VC 1 Contents Motivation Overview Software Verification Techniques
Alternation for Termination
Alternation for Termination William R. Harris 1, Akash Lal 2, Aditya V. Nori 2, and Sriram K. Rajamani 2 1 University of Wisconsin; Madison, WI, USA 2 Microsoft Research India; Bangalore, India Abstract.
4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271
Mel Checking LTL Property System Mel Mel Checking CS 4271 Mel Checking OR Abhik Roychoudhury http://www.comp.nus.edu.sg/~abhik Yes No, with Counter-example trace 2 Recap: Mel Checking for mel-based testing
Bounded Model Checking Of C Programs: CBMC Tool Overview
Workshop on Formal Verification and Analysis Tools, CFDVS, IIT-Bombay - Feb 21,2017 Bounded Model Checking Of C Programs: CBMC Tool Overview Prateek Saxena CBMC Developed and Maintained by Dr Daniel Kröning
Static Program Checking
Bounded Verification Jalloy Automated Software Analysis Group, Institute of Theoretical Informatics Jun.-prof. Mana Taghdiri June 5, 2014 KIT University of the State of Baden-Wuerttemberg and National
The STERNOL Specification Tool (SST)
Industrilogik The STERNOL specification tool 1999-05-12 1 Adtranz Signal s Formal Verification Process (2) The STERNOL Specification Tool (SST) Lars-Henrik Eriksson Industrilogik L4i AB Industrilogik The
Abstract Interpretation Using Laziness: Proving Conway s Lost Cosmological Theorem
Abstract Interpretation Using Laziness: Proving Conway s Lost Cosmological Theorem Kevin Watkins CMU CSD POP Seminar December 8, 2006 In partial fulfillment of the speaking skills requirement ? 2111 1231