SpaceSearch: A Library for Building and Verifying Solver-Aided Tools
|
|
|
- Lambert Washington
- 5 years ago
- Views:
Transcription
1 SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Steven S. Stefan Weitz Lyubomirsky Heule Emina Torlak Michael D. Ernst Zachary Tatlock
2
3
4 Reduction
5 Reduction SMT
6 Reduction SMT
7 SpaceSearch Reduction SMT
8 The Border Gateway Protocol
9 The Border Gateway Protocol
10 The Border Gateway Protocol
11 The Border Gateway Protocol
12 The Border Gateway Protocol
13 The Border Gateway Protocol neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outcustomer permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list outprovider permit
14 The Border Gateway Protocol neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outcustomer permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list outprovider permit
15 The Border Gateway Protocol neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outcustomer permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list outprovider permit
16 The Border Gateway Protocol neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outcustomer permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list outprovider permit
17 The Border Gateway Protocol neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outcustomer permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list outprovider permit
18 The Border Gateway Protocol neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outcustomer permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list outprovider permit
19 The Border Gateway Protocol neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outcustomer permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list outprovider permit
20 Specification Bagpipe Spec Holds neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration Spec Violation
21 Specification Bagpipe Spec Holds neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration Spec Violation
22 Bagpipe t:trace( ), check(, t) Specification Spec Holds neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration Spec Violation
23 Bagpipe Specification t:trace( ), check(, t) configure terminal Spec Holds neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration Spec Violation
24 Bagpipe Specification t:trace( ), check(, t) fin Reduce [OOPSLA 16] t:inittrace( ), check(, t) Spec Holds neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration Spec Violation
25 Bagpipe Specification t:trace( ), check(, t) fin Reduce [OOPSLA 16] t:inittrace( ), check(, t) Spec Holds neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration Spec Violation
26 Bagpipe Specification neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration t:trace( ), check(, t) fin Reduce t:inittrace( ), check(, t) Reduce? SMT [OOPSLA 16] Spec Holds Spec Violation
27 t:inittrace( ), check(, t) neighbor
28 t:inittrace( ), check(, t) neighbor inittrace( )
29 t:inittrace( ), check(, t) neighbor inittrace( ) { t:inittrace( ) check(, t) }
30 t:inittrace( ), check(, t) neighbor inittrace( ) { t:inittrace( ) check(, t) } search( ) = None
31 SpaceSearch Interface empty = singleton(a) = a union(, ) =
32 SpaceSearch Interface empty = singleton(a) = a union(, ) = a a b f(a) bind(s,f) = Ux:S f(x) = bind(, ) = b f(b)
33 SpaceSearch Interface empty = search( ) = None singleton(a) = a search( a ) = Some a union(, ) = a a b f(a) bind(s,f) = Ux:S f(x) = bind(, ) = b f(b)
34 Bagpipe Specification t:trace( ), check(, t) fin Reduce t:inittrace( ), check(, t) Spec Holds neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration Spec Violation
35 Bagpipe Specification neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration t:trace( ), check(, t) fin Reduce t:inittrace( ), check(, t) Reduce search( bind(inittracespace( ), (λ t. if check(, t) then empty else singleton(t))) = None Spec Holds Spec Violation
36 Bagpipe Specification neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration t:trace( ), check(, t) fin Reduce t:inittrace( ), check(, t) Reduce search( bind(inittracespace( ), (λ t. if check(, t) then empty else singleton(t))) = None Extract? SMT Spec Holds Spec Violation
37 Meet
38 Meet x y. (x /\ y) ( x \/ y) De Morgan's Law
39 Meet x y. (x /\ y) ( x \/ y) De Morgan's Law (let ((x (symbolic-bool)) (y (symbolic-bool)))
40 Meet x y. (x /\ y) ( x \/ y) De Morgan's Law (let ((x (symbolic-bool)) (y (symbolic-bool))) (eq? (and x y) (not (or (not x) (not y))))
41 Meet x y. (x /\ y) ( x \/ y) De Morgan's Law (solve (let ((x (symbolic-bool)) (y (symbolic-bool))) (if (eq? (and x y) (not (or (not x) (not y)))) (assert false) counter-example))
42 Meet x y. (x /\ y) ( x \/ y) De Morgan's Law (solve (let ((x (symbolic-bool)) (y (symbolic-bool))) (if (eq? (and x y) (not (or (not x) (not y)))) (assert false) counter-example)) type-driven state merging (declare-const x Bool) (declare-const y Bool) (define-const a Bool (and x y)) (define-const b Bool (not (or (not x) (not y)))) (assert (not (and (=> a b) (=> b a)))) (check-sat)
43 SpaceSearch Extraction => union(s,t) => (lambda (v) (if (symbolic-bool) (s v) (t v))) empty => (lambda (v) (assert false)) search(s) => (solve s) single(a) => (lambda (v) a) bind(s,f) => (lambda (v) (f (s v) v))
44 Bagpipe Specification neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration t:trace( ), check(, t) fin Reduce t:inittrace( ), check(, t) Reduce search( bind(inittracespace( ), (λ t. if check(, t) then empty else singleton(t))) = None Spec Holds Spec Violation
45 Bagpipe Specification neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Configuration t:trace( ), check(, t) fin Reduce t:inittrace( ), check(, t) Reduce search( bind(inittracespace( ), (λ t. if check(, t) then empty else singleton(t))) = None Extract /SMT Spec Holds Spec Violation
46 Summary SpaceSearch Interface & Semantics Extraction
47 Summary SpaceSearch Interface & Semantics Extraction More in the paper: Infinite Search Spaces Other Backends Parallelization Incrementalization
48 Evaluation SpaceSearch Interface & Semantics Extraction Bagpipe 1. BGP Verification
49 Evaluation SpaceSearch Interface & Semantics Extraction Bagpipe 1. BGP Verification 2. SQL Rewrite
50 Evaluation SpaceSearch Interface & Semantics Extraction Bagpipe 1. BGP Verification 2. SQL Rewrite 3. x86 Semantics
51 1. BGP Verification Specification Correct Bagpipe neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Counter Example Configuration
52 1. BGP Verification 10 Juniper Scenarios No Martian Block To External Gao & Rexford Bagpipe 14 Specs Hold neighbor remote-as 2 neighbor remote-as 3 neighbor remote-as 4! prefix lists ip prefix-list outc permit /0 le 32 ip prefix-list outpeer permit /24 le p prefix-list ou permit Internet2 >100K BelWü >200K Selfnet >50 19 Spec Violations, No False Positives
53 2. SQL Rewrite Verification SELECT DISTINCT x.name FROM Employee AS x, Employee AS y WHERE x.name = y.name = SELECT DISTINCT name FROM Employee
54 2. SQL Rewrite Verification SELECT DISTINCT x.name FROM Employee AS x, Employee AS y WHERE x.name = y.name = SELECT DISTINCT name FROM Employee ConjunctiveQuery: SELECT DISTINCT a,b FROM A,B WHERE a = b, b = c
55 2. SQL Rewrite Verification = Query A Reduce search( counterexamples(, )) Equal Extract Counter Example Query B SMT
56 3. x86 Semantics Validation ADD x, y Instruction search( bind(int32, (λ x. bind(int32, (λ y. if stoke(add x, y) = rocksalt(add x, y) then empty else singleton(x,y))))) Extract Equal Counter Example SMT
57 3. x86 Semantics Validation ADD x, y Instruction search( bind(int32, (λ x. bind(int32, (λ y. if stoke(add x, y) = rocksalt(add x, y) then empty else singleton(x,y))))) Extract SMT Equal Counter Example Bugs found: 7 Rocksalt Bugs 1 Stoke Bug
58 Related Work Solver Aided Languages: Rosette Torlak et al. PLDI 14 Smten Uhler et al. CAV 13 Solver Aided Tool Verification: XCert Tatlock et al. PLDI 10 Verified SAT Solvers & SAT Tactics: Marić TCS 10 Oe et al. VMCAI 12
59 Thank You github.com/konne88/spacesearch Bagpipe 1. BGP Verification SpaceSearch Interface & Semantics Extraction 2. SQL Rewrite 3. x86 Semantics Konstantin Weitz Steven S. Lyubomirsky Stefan Heule Emina Torlak Michael D. Ernst Zachary Tatlock
SpaceSearch: A Library for Building and Verifying Solver-Aided Tools
SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Weitz University of Washington, USA weitzkon@cs.washington.edu Emina Torlak University of Washington, USA emina@cs.washington.edu
Synthesis and Verification for All Emina Torlak
Synthesis and Verification for All Emina Torlak University of Washington emina@cs.washington.edu homes.cs.washington.edu/~emina/ Emina Racket Racket a programmable programming language Racket a programmable
Symbolic and Concolic Execution of Programs
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James
CSE507. Practical Applications of SAT. Computer-Aided Reasoning for Software. Emina Torlak
Computer-Aided Reasoning for Software CSE507 Practical Applications of SAT courses.cs.washington.edu/courses/cse507/18sp/ Emina Torlak emina@cs.washington.edu Today Past 2 lectures The theory and mechanics
Abstractions and small languages in synthesis CS294: Program Synthesis for Everyone
Abstractions and small languages in synthesis CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley Today Today: we describe why high-level
Optimizing Synthesis with Metasketches
Optimizing Synthesis Artifact with Metasketches * POPL * Consistent * Complete * Well Documented * Easy to Reuse * Evaluated * AEC * James Bornholt Emina Torlak Dan Grossman Luis Ceze University of Washington
Synchronous Specification
Translation Validation for Synchronous Specification in the Signal Compiler Van-Chan Ngo Jean-Pierre Talpin Thierry Gautier INRIA Rennes, France FORTE 2015 Construct a modular translation validationbased
Hyperkernel: Push-Button Verification of an OS Kernel
Hyperkernel: Push-Button Verification of an OS Kernel Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang The OS Kernel is a critical component Essential
Combining Static and Dynamic Contract Checking for Curry
Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 1 Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel Programming Languages
Leonardo de Moura and Nikolaj Bjorner Microsoft Research
Leonardo de Moura and Nikolaj Bjorner Microsoft Research A Satisfiability Checker with built-in support for useful theories Z3 is a solver developed at Microsoft Research. Development/Research driven by
CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan Remember Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas
Growing Solver-Aided Languages with ROSETTE
Growing Solver-Aided Languages with ROSETTE Emina Torlak & Rastislav Bodik U.C. Berkeley ExCAPE June 10, 2013 solver-aided domain-specific language Solver-aided DSL (SDSL) Noun 1. A high-level language
Growing Solver-Aided Languages with ROSETTE
Growing Solver-Aided Languages with ROSETTE Emina Torlak & Rastislav Bodik U.C. Berkeley solver-aided domain-specific language Solver-aided DSL (SDSL) Noun 1. A high-level language in which partially implemented
Counterexample-Driven Genetic Programming
Counterexample-Driven Genetic Programming Iwo Błądek, Krzysztof Krawiec Institute of Computing Science, Poznań University of Technology Poznań, 12.12.2017 I. Błądek, K. Krawiec Counterexample-Driven Genetic
Typed Lambda Calculus. Chapter 9 Benjamin Pierce Types and Programming Languages
Typed Lambda Calculus Chapter 9 Benjamin Pierce Types and Programming Languages t ::= x x. t t t Call-by-value small step perational Semantics terms variable v ::= values abstraction x. t abstraction values
Smten: Automatic Translation of High-level Symbolic Computations into SMT Queries
Smten: Automatic Translation of High-level Symbolic Computations into SMT Queries Richard Uhler 1 and Nirav Dave 2 1 Massachusetts Institute of Technology, Computer Science and Artificial Intelligence
CSC312 Principles of Programming Languages : Functional Programming Language. Copyright 2006 The McGraw-Hill Companies, Inc.
CSC312 Principles of Programming Languages : Functional Programming Language Overview of Functional Languages They emerged in the 1960 s with Lisp Functional programming mirrors mathematical functions:
Verifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China
Verifying Temporal Properties via Dynamic Program Execution Zhenhua Duan Xidian University, China Main Points Background & Motivation MSVL and Compiler PPTL Unified Program Verification Tool Demo Conclusion
Automatic Formal Verification for EPICS
Automatic Formal Verification for EPICS Jonathan Jacky, Stefani Banerian, Michael D. Ernst, Calvin Loncaric, Stuart Pernsteiner, Zachary Tatlock, Emina Department of Radiation Oncology University of Washington
No model may be available. Software Abstractions. Recap on Model Checking. Model Checking for SW Verif. More on the big picture. Abst -> MC -> Refine
No model may be available Programmer Software Abstractions Tests Coverage Code Abhik Roychoudhury CS 5219 National University of Singapore Testing Debug Today s lecture Abstract model (Boolean pgm.) Desirable
Generating Small Countermodels. Andrew Reynolds Intel August 30, 2012
Generating Small Countermodels using SMT Andrew Reynolds Intel August 30, 2012 Acknowledgements Intel Corporation AmitGoel, Sava Krstic University of Iowa Cesare Tinelli, Francois Bobot New York University
The SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
Data Structure Synthesis. Calvin Loncaric Emina Torlak Michael D. Ernst
Data Structure Synthesis Calvin Loncaric Emina Torlak Michael D. Ernst Data structures are everywhere 2 Data structures are everywhere 2 Data structures are everywhere 2 Data structures are everywhere
I Commands. Send comments to
This chapter describes the Cisco NX-OS Border Gateway Protocol (BGP) commands that begin with I. UCR-73 ip as-path access-list ip as-path access-list To configure an access-list filter for Border Gateway
Programming with Constraint Solvers CS294: Program Synthesis for Everyone
Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley Today Today: we describe four programming
4. Logical Values. Our Goal. Boolean Values in Mathematics. The Type bool in C++
162 Our Goal 163 4. Logical Values Boolean Functions; the Type bool; logical and relational operators; shortcut evaluation int a; std::cin >> a; if (a % 2 == 0) std::cout
Seminar in Software Engineering Presented by Dima Pavlov, November 2010
Seminar in Software Engineering-236800 Presented by Dima Pavlov, November 2010 1. Introduction 2. Overview CBMC and SAT 3. CBMC Loop Unwinding 4. Running CBMC 5. Lets Compare 6. How does it work? 7. Conclusions
DATA AND SCHEMA MODIFICATIONS CHAPTERS 4,5 (6/E) CHAPTER 8 (5/E)
1 DATA AND SCHEMA MODIFICATIONS CHAPTERS 4,5 (6/E) CHAPTER 8 (5/E) 2 LECTURE OUTLINE Updating Databases Using SQL Specifying Constraints as Assertions and Actions as Triggers Schema Change Statements in
Alive: Provably Correct InstCombine Optimizations
Alive: Provably Correct InstCombine Optimizations David Menendez Santosh Nagarakatte Rutgers University John Regehr University of Utah Nuno Lopes Microsoft Research Can We Trust Compilers? Any large software
four last forms can be transformed to first form axiomatic versus operational interpretation c Anne E. Haxthausen, Spring OH4 p.
Course 02263 Formal Aspects of Software Engineering RSL Value Definitions & Functions Anne E. Haxthausen DTU Informatics (IMM) Technical University of Denmark aeha@dtu.dk c Anne E. Haxthausen, Spring 2014
Learning Loop Invariants for Program Verification
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/pl-ml/code2inv
Static Contract Checking for Haskell
Static Contract Checking for Haskell Dana N. Xu INRIA France Work done at University of Cambridge Simon Peyton Jones Microsoft Research Cambridge Joint work with Koen Claessen Chalmers University of Technology
(How) Did you specify your test suite?
(How) Did you specify your test suite? Helmut Veith Formal Methods in Systems Engineering Vienna University of Technology Joint work with Andreas Holzer, Christian Schallhart, and Michael Tautschnig high
Synthesis-Aided Compiler for Low-Power Spatial Architectures
Synthesis-Aided Compiler for Low-Power Spatial Architectures Phitchaya Mangpo Phothilimthana, Tikhon Jelvis, Rohin Shah, Nishant Totla, Sarah Chasins, and Ras Bodik 2 unusual ISA small memory narrow bitwidth
Built-in Module BOOL. Lecture Note 01a
Built-in Module BOOL Lecture Note 01a Topics! Built-in Boolean Algebra module BOOL and the equivalence of two boolean expressions (or SAT problems)! Study important concepts about CafeOBJ system through
An Introduction to Satisfiability Modulo Theories
An Introduction to Satisfiability Modulo Theories Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se February 13, 2019 1/28 Outline From theory... From DPLL to DPLL(T) Slides courtesy of Alberto
Course Overview CS294: Program Synthesis for Everyone
Course Overview CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley The name of the course this CS294 topics course has been listed
Verifying C & C++ with ESBMC
Verifying C & C++ with ESBMC Denis A Nicole dan@ecs.soton.ac.uk CyberSecuritySoton.org [w] @CybSecSoton [fb & tw] ESBMC ESBMC, the Efficient SMT-Based Context-Bounded Model Checker was originally developed
5. Introduction to the Lambda Calculus. Oscar Nierstrasz
5. Introduction to the Lambda Calculus Oscar Nierstrasz Roadmap > What is Computability? Church s Thesis > Lambda Calculus operational semantics > The Church-Rosser Property > Modelling basic programming
Software Model Checking. Xiangyu Zhang
Software Model Checking Xiangyu Zhang Symbolic Software Model Checking CS510 S o f t w a r e E n g i n e e r i n g Symbolic analysis explicitly explores individual paths, encodes and resolves path conditions
NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion. Ahmed El-Hassany Petar Tsankov Laurent Vanbever Martin Vechev
NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion Ahmed El-Hassany Petar Tsankov Laurent Vanbever Martin Vechev I shouldn t be the one giving this talk Third year PhD student
n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week!
Announcements SMT Solvers, Symbolic Execution n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week! n Presentations n Some of
Designing Systems for Push-Button Verification
Designing Systems for Push-Button Verification Luke Nelson, Helgi Sigurbjarnarson, Xi Wang Joint work with James Bornholt, Dylan Johnson, Arvind Krishnamurthy, EminaTorlak, Kaiyuan Zhang Formal verification
OpenMath and SMT-LIB
James, Matthew England, Roberto Sebastiani & Patrick Trentin 1 Universities of Bath/Coventry/Trento/Trento J.H.@bath.ac.uk 17 July 2017 1 Thanks to EU H2020-FETOPEN-2016-2017-CSA project SC 2 (712689)
1KOd17RMoURxjn2 CSE 20 DISCRETE MATH Fall
CSE 20 https://goo.gl/forms/1o 1KOd17RMoURxjn2 DISCRETE MATH Fall 2017 http://cseweb.ucsd.edu/classes/fa17/cse20-ab/ Today's learning goals Explain the steps in a proof by mathematical and/or structural
Introduction to CBMC. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel December 5, 2011
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 December 5, 2011 based on slides by Daniel Kroening Bug Catching with SAT-Solvers Main Idea: Given a program and a claim use
CSE 311 Lecture 21: Context-Free Grammars. Emina Torlak and Kevin Zatloukal
CSE 311 Lecture 21: Context-Free Grammars Emina Torlak and Kevin Zatloukal 1 Topics Regular expressions A brief review of Lecture 20. Context-free grammars Syntax, semantics, and examples. 2 Regular expressions
http://whiley.org @whileydave http://github.com/davepearce/whiley The Whiley Programming Language David J. Pearce Victoria University of Wellington New Zealand http://whiley.org Overview What is Whiley?
Formalization of Incremental Simplex Algorithm by Stepwise Refinement
Formalization of Incremental Simplex Algorithm by Stepwise Refinement Mirko Spasić, Filip Marić Faculty of Mathematics, University of Belgrade FM2012, 30. August 2012. Overview 1 Introduction 2 Approach
Functional Programming. Overview. Topics. Recall λ-terms. Examples
Topics Functional Programming Christian Sternagel Harald Zankl Evgeny Zuenko Department of Computer Science University of Innsbruck WS 2017/2018 abstract data types, algebraic data types, binary search
1 Lexical Considerations
Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.035, Spring 2013 Handout Decaf Language Thursday, Feb 7 The project for the course is to write a compiler
Yices 1.0: An Efficient SMT Solver
Yices 1.0: An Efficient SMT Solver SMT-COMP 06 Leonardo de Moura (joint work with Bruno Dutertre) {demoura, bruno}@csl.sri.com. Computer Science Laboratory SRI International Menlo Park, CA Yices: An Efficient
3. Logical Values. Boolean Functions; the Type bool; logical and relational operators; shortcut evaluation
140 3. Logical Values Boolean Functions; the Type bool; logical and relational operators; shortcut evaluation Our Goal 141 int a; std::cin >> a; if (a % 2 == 0) std::cout
3. Logical Values. Our Goal. Boolean Values in Mathematics. The Type bool in C++
Our Goal 3. Logical Values Boolean Functions; the Type bool; logical and relational operators; shortcut evaluation int a; std::cin >> a; if (a % 2 == 0) std::cout
Isabelle Tutorial: System, HOL and Proofs
Isabelle Tutorial: System, HOL and Proofs Burkhart Wolff Université Paris-Sud What we will talk about What we will talk about Isabelle with: Brief Revision Advanced Automated Proof Techniques Structured
6.821 Programming Languages Handout Fall MASSACHVSETTS INSTITVTE OF TECHNOLOGY Department of Electrical Engineering and Compvter Science
6.821 Programming Languages Handout Fall 2002 MASSACHVSETTS INSTITVTE OF TECHNOLOGY Department of Electrical Engineering and Compvter Science 2002 Midterm There are four problems on this examination. They
CVC4 - the SMT Solver
CVC4 - the SMT Solver Installation on Linux #install make, for example: apt-get install build-essential #install libgmp, for example: apt-get install libgmp-dev #install boost, for example: apt-get install
Synthesis for Concurrency
Synthesis for Concurrency Martin Vechev ETH Zurich (joint work with Eran Yahav, Greta Yorsh) 1 Concurrency is Everywhere Unreliable Concurrency is Everywhere 2003 Northeast Blackout concurrency error triggers
Outline for Today CSE 142. CSE142 Wi03 G-1. withdraw Method for BankAccount. Class Invariants
CSE 142 Outline for Today Conditional statements if Boolean expressions Comparisons (=,!=, ==) Boolean operators (and, or, not - &&,,!) Class invariants Conditional Statements & Boolean Expressions
Nickel: A framework for design and verification of information flow control systems
Nickel: A framework for design and verification of information flow control systems Luke Nelson Joint work with Helgi Sigurbjarnarson, Bruno Castro-Karney, James Bornholt, Emina Torlak, Xi Wang 2018 New
Database Systems CSE 303. Outline. Lecture 06: SQL. What is Sub-query? Sub-query in WHERE clause Subquery
Database Systems CSE 303 Lecture 06: SQL 2016 Subquery Outline What is a Subquery Subquery in WHERE clause >ALL, >ANY, >=ALL,
The Boogie Intermediate Language
The Boogie Intermediate Language What is BoogiePL? A simplified C-like language that s structured for verification tasks Has constructs that allow specification of assumptions and axioms, as well as assertions
OptCE: A Counterexample-Guided Inductive Optimization Solver
Federal University of Amazonas (UFAM) Postgraduate Program in Electrical Engineering (PPGEE) OptCE: A Counterexample-Guided Inductive Optimization Solver Higo Albuquerque, Rodrigo Araújo, Iury Bessa, Lucas
Model Checking and Its Applications
Model Checking and Its Applications Orna Grumberg Technion, Israel Verification and Deduction Mentoring Workshop July 13, 2018 1 Personal data Ph.d. in (non-automated) verification Postdoc in Model Checking
Syntax-Guided Synthesis. Rajeev Alur. University of Pennsylvania
Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Specification S Program P Verifier Proof of correctness or Witness of a bug 2 Classical Program Synthesis Specification
EP578 Computing for Physicists
EP578 Computing for Physicists Topic 3 Selection & Loops Department of Engineering Physics University of Gaziantep Course web page wwwgantepedutr/~bingul/ep578 Oct 2011 Sayfa 1 1 Introduction This lecture
Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001
Research Collection Other Conference Item Formal background and algorithms Author(s): Biere, Armin Publication Date: 2001 Permanent Link: https://doi.org/10.3929/ethz-a-004239730 Rights / License: In Copyright
Higher-Order Logic. Specification and Verification with Higher-Order Logic
Higher-Order Logic Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität Kaiserslautern
Language to Specify Syntax-Guided Synthesis Problems
Language to Specify Syntax-Guided Synthesis Problems Mukund Raghothaman Abhishek Udupa Saturday 25 th January, 2014 1 Introduction We present a language to specify syntax guided synthesis (SyGuS) problems.
Effectively-Propositional Modular Reasoning about Reachability in Linked Data Structures CAV 13, POPL 14 Shachar Itzhaky
Effectively-Propositional Modular Reasoning about Reachability in Linked Data Structures CAV 13, POPL 14 Shachar Itzhaky Anindya Banerjee Neil Immerman Ori Lahav Aleks Nanevski Mooly Sagiv http://www.cs.tau.ac.il/~shachar/afwp.html
Dynamic Symbolic Database Application Testing
Dynamic Symbolic Database Application Testing Chengkai Li, Christoph Csallner University of Texas at Arlington June 7, 2010 DBTest 2010 Chengkai Li, Christoph Csallner Dynamic Symbolic Database Application
Programming language design and analysis
Programming language design and analysis Introduction Marius Minea 25 September 2017 Why this course? Programming languages are fundamental and one of the oldest CS fields Language design is an important
Lexical Considerations
Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.035, Spring 2010 Handout Decaf Language Tuesday, Feb 2 The project for the course is to write a compiler
BGP Policy Accounting
Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is sent to, or received from, different peers. Policy accounting is enabled on an input interface, and counters based
Embedded Software Verification Challenges and Solutions. Static Program Analysis
Embedded Software Verification Challenges and Solutions Static Program Analysis Chao Wang chaowang@nec-labs.com NEC Labs America Princeton, NJ ICCAD Tutorial November 11, 2008 www.nec-labs.com 1 Outline
More Untyped Lambda Calculus & Simply Typed Lambda Calculus
Concepts in Programming Languages Recitation 6: More Untyped Lambda Calculus & Simply Typed Lambda Calculus Oded Padon & Mooly Sagiv (original slides by Kathleen Fisher, John Mitchell, Shachar Itzhaky,
Model Checking with Automata An Overview
Model Checking with Automata An Overview Vanessa D Carson Control and Dynamical Systems, Caltech Doyle Group Presentation, 05/02/2008 VC 1 Contents Motivation Overview Software Verification Techniques
On the Complexity of Verifying Stateful Networks. A. Panda S. Shenker Y. Velner K. Alpernas A. Rabinovich M. Sagiv
On the Complexity of Verifying Stateful Networks A. Panda S. Shenker Y. Velner K. Alpernas A. Rabinovich M. Sagiv Alice Classical Networking Ted Stevens was right Bob Mallory Trent Networks provide end-to-end
Alloy: A Lightweight Object Modelling Notation
Alloy: A Lightweight Object Modelling Notation Daniel Jackson, ACM Transactions on Software Engineering, 2002 Presented By: Steven Stewart, 2012-January-23 1 Alloy: 2002 to present Software is built on
Synthesizing Memory Models
Synthesizing Memory Models from Framework Sketches and Litmus Tests James Bornholt Emina Torlak University of Washington Memory consistency models define memory reordering behaviors on mul>processors Memory
Isabelle/HOL:Selected Features and Recent Improvements
/: Selected Features and Recent Improvements webertj@in.tum.de Security of Systems Group, Radboud University Nijmegen February 20, 2007 /:Selected Features and Recent Improvements 1 2 Logic User Interface
Imagining Tests as Interactions
Imagining Tests as Interactions Sagar Sen Software Engineering Dept., Simula Research Laboratory Outline Introduction Case 1: Tests that Cover All T-wise Interactions Case 2: Finding Service Level Agreements
A General Approach to Network Configuration Verification
A General Approach to Network Configuration Verification Ryan Beckett Princeton University Aarti Gupta Princeton University Ratul Mahajan Microsoft Research David Walker Princeton University Abstract We
HAMPI A Solver for String Theories
HAMPI A Solver for String Theories Vijay Ganesh MIT (With Adam Kiezun, Philip Guo, Pieter Hooimeijer and Mike Ernst) Dagstuhl, 2010 Motivation for String Theories String-manipulating programs ü String
Looping and Counting. Lecture 3 Hartmut Kaiser hkaiser/fall_2012/csc1254.html
Looping and Counting Lecture 3 Hartmut Kaiser hkaiser@cct.lsu.edu http://www.cct.lsu.edu/ hkaiser/fall_2012/csc1254.html Abstract First we ll discuss types and type safety. Then we will modify the program
Denotational Semantics. Domain Theory
Denotational Semantics and Domain Theory 1 / 51 Outline Denotational Semantics Basic Domain Theory Introduction and history Primitive and lifted domains Sum and product domains Function domains Meaning
DEMO A Language for Practice Implementation Comp 506, Spring 2018
DEMO A Language for Practice Implementation Comp 506, Spring 2018 1 Purpose This document describes the Demo programming language. Demo was invented for instructional purposes; it has no real use aside
Looping and Counting. Lecture 3. Hartmut Kaiser hkaiser/fall_2011/csc1254.html
Hartmut Kaiser hkaiser@cct.lsu.edu http://www.cct.lsu.edu/ hkaiser/fall_2011/csc1254.html 2 Abstract First we ll discuss types and type safety. Then we will modify the program we developed last time (Framing
Chapter 6: Arrays. Starting Out with Games and Graphics in C++ Second Edition. by Tony Gaddis
Chapter 6: Arrays Starting Out with Games and Graphics in C++ Second Edition by Tony Gaddis 6.1 Array Basics An array allows you to store a group of items of the same data type together in memory Why?
arxiv: v1 [cs.pl] 22 May 2014
![arxiv: v1 [cs.pl] 22 May 2014](/thumbs/92/110918274.jpg "arxiv: v1 [cs.pl] 22 May 2014")
Language to Specify Syntax-Guided Synthesis Problems Mukund Raghothaman Abhishek Udupa Friday 7 th December, 2018 arxiv:1405.5590v1 [cs.pl] 22 May 2014 Abstract We present a language to specify syntax
STRICT_VARIANT. A simpler variant in C++ Chris Beck
STRICT_VARIANT A simpler variant in C++ Chris Beck https://github.com/cbeck88/strict_variant What is a variant? A variant is a heterogenous container. std::vector many objects of one type std::variant
Static Program Analysis Part 8 control flow analysis
Static Program Analysis Part 8 control flow analysis http://cs.au.dk/~amoeller/spa/ Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Agenda Control flow analysis for the -calculus
The Pointer Assertion Logic Engine
The Pointer Assertion Logic Engine [PLDI 01] Anders Mφller Michael I. Schwartzbach Presented by K. Vikram Cornell University Introduction Pointer manipulation is hard Find bugs, optimize code General Approach
Having a BLAST with SLAM
Having a BLAST with SLAM Meeting, CSCI 555, Fall 20 Announcements Homework 0 due Sat Questions? Move Tue office hours to -5pm 2 Software Model Checking via Counterexample Guided Abstraction Refinement
CS 314 Principles of Programming Languages
CS 314 Principles of Programming Languages Lecture 16: Functional Programming Zheng (Eddy Zhang Rutgers University April 2, 2018 Review: Computation Paradigms Functional: Composition of operations on data.
BGP and the Internet
BGP and the Internet Transit and Internet Exchange Points 1 Definitions Transit carrying traffic across a network, usually for a fee traffic and prefixes originating from one AS are carried across an intermediate
Boolean Representations and Combinatorial Equivalence
Chapter 2 Boolean Representations and Combinatorial Equivalence This chapter introduces different representations of Boolean functions. It then discusses the applications of these representations for proving
Verification of Fault-Tolerant Protocols with Sally
Verification of Fault-Tolerant Protocols with Sally Bruno Dutertre, Dejan Jovanović, and Jorge A. Navas Computer Science Laboratory, SRI International Abstract. Sally is a model checker for infinite-state
LR Parsing LALR Parser Generators
LR Parsing LALR Parser Generators Outline Review of bottom-up parsing Computing the parsing DFA Using parser generators 2 Bottom-up Parsing (Review) A bottom-up parser rewrites the input string to the
Rethinking Automated Theorem Provers?
Rethinking Automated Theorem Provers? David J. Pearce School of Engineering and Computer Science Victoria University of Wellington @WhileyDave http://whiley.org http://github.com/whiley Background Verification: