An Abstraction Technique for Describing Concurrent Program Behaviour
Size: px
Start display at page:

Download "An Abstraction Technique for Describing Concurrent Program Behaviour"

Transcription

1 An Abstraction Technique for Describing Concurrent Program Behaviour Wytse Oortwijn (joint with Stefan Blom and Marieke Huisman) Formal Methods and Tools, University of Twente September 19, 2017 Wytse Oortwijn, UTwente Verifying Model Abstractions 1 / 21

2 Outline 1 Introduction 2 Approach 3 Distributed programs 4 Conclusion Wytse Oortwijn, UTwente Verifying Model Abstractions 2 / 21

3 Outline 1 Introduction 2 Approach 3 Distributed programs 4 Conclusion Wytse Oortwijn, UTwente Verifying Model Abstractions 3 / 21

4 Introduction Approach Distributed programs Concurrent programming is error-prone THERAC-25 Wytse Oortwijn, UTwente Verifying Model Abstractions 4 / 21 Conclusion

5 Introduction Approach Distributed programs Concurrent programming is error-prone THERAC-25 Wytse Oortwijn, UTwente Intel TSX Verifying Model Abstractions 4 / 21 Conclusion

6 Introduction Approach Distributed programs Concurrent programming is error-prone THERAC-25 Intel TSX Toyota car acceleration Wytse Oortwijn, UTwente Verifying Model Abstractions 4 / 21 Conclusion

7 Introduction Approach Distributed programs Concurrent programming is error-prone THERAC-25 Intel TSX Toyota car acceleration Mars climate orbiter Wytse Oortwijn, UTwente Verifying Model Abstractions 4 / 21 Conclusion

8 Introduction Approach Distributed programs Concurrent system behaviour Single traffic light only a few possible behaviours: red, orange, and green Wytse Oortwijn, UTwente Verifying Model Abstractions 5 / 21 Conclusion

9 Introduction Approach Distributed programs Concurrent system behaviour Single traffic light Multiple traffic lights only a few possible behaviours: red, orange, and green the number of possible behaviours is exponential in the number of lights Wytse Oortwijn, UTwente Verifying Model Abstractions 5 / 21 Conclusion

10 Static verification: deductive verification void main(args) { S 1 S 2; How to verify a concurrent program? Wytse Oortwijn, UTwente Verifying Model Abstractions 6 / 21

11 Static verification: deductive verification void main(args) { S 1 S 2; {P 1 S 1 {Q 1 {P 2 S 2 {Q 2 {P 1 P 2 S 1 S 2 {Q 1 Q 2 {P 1 P 2 main(args) {Q 1 Q 2 How to verify a concurrent program? Using program logics, like: Hoare logic, separation logic, etc. Wytse Oortwijn, UTwente Verifying Model Abstractions 6 / 21

12 Static verification: deductive verification requires P 1 P 2; ensures Q 1 Q 2; void main(args) { S 1 S 2; {P 1 S 1 {Q 1 {P 2 S 2 {Q 2 {P 1 P 2 S 1 S 2 {Q 1 Q 2 {P 1 P 2 main(args) {Q 1 Q 2 How to verify a concurrent program? (using automated tools) Using program logics, like: Hoare logic, separation logic, etc. Wytse Oortwijn, UTwente Verifying Model Abstractions 6 / 21

13 Static verification: deductive verification requires P 1 P 2; ensures Q 1 Q 2; void main(args) { S 1 S 2; {P 1 S 1 {Q 1 {P 2 S 2 {Q 2 {P 1 P 2 S 1 S 2 {Q 1 Q 2 {P 1 P 2 main(args) {Q 1 Q 2 How to verify a concurrent program? (using automated tools) Using program logics, like: Hoare logic, separation logic, etc. Strong correctness guarantees Wytse Oortwijn, UTwente Verifying Model Abstractions 6 / 21

14 Static verification: deductive verification requires P 1 P 2; ensures Q 1 Q 2; void main(args) { S 1 S 2; {P 1 S 1 {Q 1 {P 2 S 2 {Q 2 {P 1 P 2 S 1 S 2 {Q 1 Q 2 {P 1 P 2 main(args) {Q 1 Q 2 How to verify a concurrent program? (using automated tools) Using program logics, like: Hoare logic, separation logic, etc. Hard to construct a proof Wytse Oortwijn, UTwente Verifying Model Abstractions 6 / 21

15 Static verification: model checking void main(args) { S 1 S 2;

16 Static verification: model checking void main(args) { S 1 S 2; Abstract model capturing program behaviour

17 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour

18 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour Model checker algorithmic analysis

19 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour input Model checker algorithmic analysis

20 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour input Temporal properties LTL, CTL, etc. Model checker algorithmic analysis

21 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour input Temporal properties LTL, CTL, etc. input Model checker algorithmic analysis Wytse Oortwijn, UTwente Verifying Model Abstractions 7 / 21

22 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour input Temporal properties LTL, CTL, etc. input Model checker algorithmic analysis Good automation Wytse Oortwijn, UTwente Verifying Model Abstractions 7 / 21

23 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour input Temporal properties LTL, CTL, etc. input Model checker algorithmic analysis State-space explosion problems Wytse Oortwijn, UTwente Verifying Model Abstractions 7 / 21

24 Static verification: model checking void main(args) { S 1 S 2; abstraction Abstract model capturing program behaviour input Temporal properties LTL, CTL, etc. input Model checker algorithmic analysis Is the program abstraction correct? Wytse Oortwijn, UTwente Verifying Model Abstractions 7 / 21

25 Outline 1 Introduction 2 Approach 3 Distributed programs 4 Conclusion Wytse Oortwijn, UTwente Verifying Model Abstractions 8 / 21

26 Our approach: deducative + algorithmic verification void main(args) { S 1 S 2 ; abstraction Abstract model capturing program behaviour input Temporal properties LTL, CTL, etc. input Model checker algorithmic analysis Wytse Oortwijn, UTwente Verifying Model Abstractions 9 / 21

27 Our approach: deducative + algorithmic verification void main(args) { S 1 S 2 ; abstraction Process algebras input Temporal properties LTL, CTL, etc. input Model checker algorithmic analysis Abstract models are process algebra terms Wytse Oortwijn, UTwente Verifying Model Abstractions 9 / 21

28 Our approach: deducative + algorithmic verification requires Process(P); ensures Process(ε); void main(args) { S 1 S 2 ; abstraction Process algebras input Temporal properties LTL, CTL, etc. input Model checker algorithmic analysis Deductively verifying correctness of the abstraction Wytse Oortwijn, UTwente Verifying Model Abstractions 9 / 21

29 Our approach: deducative + algorithmic verification requires Process(P); ensures Process(ε); void main(args) { S 1 S 2 ; abstraction Process algebras with action contracts input Model checker algorithmic analysis The properties are encoded as process/action contracts Wytse Oortwijn, UTwente Verifying Model Abstractions 9 / 21

30 Our approach: deducative + algorithmic verification requires Process(P); ensures Process(ε) Res; void main(args) { S 1 S 2 ; abstraction Process algebras with action contracts results input Model checker algorithmic analysis Applying model checking result in the program logic Wytse Oortwijn, UTwente Verifying Model Abstractions 9 / 21

31 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; static void add2(counter c) { parallel { atomic-add(c.val, 1); and { atomic-add(c.val, 1); Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

32 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; ensures c.val = old(c.val) + 2; static void add2(counter c) { parallel { atomic-add(c.val, 1); and { atomic-add(c.val, 1); How to verify this property? Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

33 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; static void add2(counter c) { parallel { atomic-add(c.val, 1); and { atomic-add(c.val, 1); action incr; The incr action abstracts the atomic-add s. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

34 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; static void add2(counter c) { parallel { atomic-add(c.val, 1); and { atomic-add(c.val, 1); action incr; process parincr() := incr incr; The parincr process abstracts the add2 program. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

35 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; static void add2(counter c) { parallel { atomic-add(c.val, 1); and { atomic-add(c.val, 1); guard true; effect x = old(x) + 1; action incr; process parincr() := incr incr; Contracts are used to encode the properties of interest. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

36 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; static void add2(counter c) { parallel { atomic-add(c.val, 1); and { atomic-add(c.val, 1); guard true; effect x = old(x) + 1; action incr; requires true; ensures x = old(x) + 2; process parincr() := incr incr; Contracts are used to encode the properties of interest. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

37 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; requires Process(parincr); requires c.val x; static void add2(counter c) { parallel { atomic-add(c.val, 1); and { atomic-add(c.val, 1); guard true; effect x = old(x) + 1; action incr; requires true; ensures x = old(x) + 2; process parincr() := incr incr; Linking concrete program to abstract model. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

38 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; requires Process(parincr); requires c.val x; static void add2(counter c) { parallel { act incr do atomic-add(c.val, 1); and { act incr do atomic-add(c.val, 1); guard true; effect x = old(x) + 1; action incr; requires true; ensures x = old(x) + 2; process parincr() := incr incr; Linking abstract actions to concrete implementation. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

39 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; requires Process(parincr); requires c.val x; ensures Process(ε); static void add2(counter c) { parallel { act incr do atomic-add(c.val, 1); and { act incr do atomic-add(c.val, 1); guard true; effect x = old(x) + 1; action incr; requires true; ensures x = old(x) + 2; process parincr() := incr incr; Linking concrete program to abstract model. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

40 Example program: concurrent counting Concrete program Program abstraction class Counter { public int val; requires Process(parincr); requires c.val x; ensures Process(ε); ensures c.val = old(c.val) + 2; static void add2(counter c) { parallel { act incr do atomic-add(c.val, 1); and { act incr do atomic-add(c.val, 1); guard true; effect x = old(x) + 1; action incr; requires true; ensures x = old(x) + 2; process parincr() := incr incr; Using the result from analyzing all traces of parincr. Wytse Oortwijn, UTwente Verifying Model Abstractions 10 / 21

41 Model abstractions: theory Formalised using the Coq proof assistant (see our VSTTE2017 paper for more details) Wytse Oortwijn, UTwente Verifying Model Abstractions 11 / 21

42 Model abstractions: tool support As extension to the VerCors verification tool set (see our ifm2017 paper+talk for more details) Wytse Oortwijn, UTwente Verifying Model Abstractions 12 / 21

43 The VerCors verification tool set OpenCL OpenMP VerCors Tool Viper Silver PVL Java Common Object Language Silicon Z3 VerCors can be tried and downloaded via Wytse Oortwijn, UTwente Verifying Model Abstractions 13 / 21

44 Model abstractions: verified examples 1 Concurrent counting: verifying that a concurrent counter computes the correct result. 2 No-send-after-read: verifying that confidential data can not be send after being received. 3 Parallel GCD: verifying that a parallel GCD algorithm computes the correct result (VSTTE2017). 4 Locking protocol: verifying that a lock implementation adheres to the intended locking protocol. Wytse Oortwijn, UTwente Verifying Model Abstractions 14 / 21

45 Outline 1 Introduction 2 Approach 3 Distributed programs 4 Conclusion Wytse Oortwijn, UTwente Verifying Model Abstractions 15 / 21

46 Message Passing Interface (MPI) MPI primitives MPI Send(i, m) - sending a message m to process i; m := MPI Send(i) - receiving a message m from process i; MPI Bcast(m) - broadcasting a message m to every process, etc. Wytse Oortwijn, UTwente Verifying Model Abstractions 16 / 21

47 Message Passing Interface (MPI) MPI primitives MPI Send(i, m) - sending a message m to process i; m := MPI Send(i) - receiving a message m from process i; MPI Bcast(m) - broadcasting a message m to every process, etc. Challenges Message exchanges are concurrent; Number of processes often unknown; and Number of possible behaviours often unbounded Wytse Oortwijn, UTwente Verifying Model Abstractions 16 / 21

48 Modeling MPI primitives Abstracting MPI primitives MPI Send(i, m); action send(i, m); m := MPI Send(i); action recv(i, m); MPI Bcast(m); action bcast(m); MPI Barrier(); action barrier; Wytse Oortwijn, UTwente Verifying Model Abstractions 17 / 21

49 Modeling MPI primitives Abstracting MPI primitives MPI Send(i, m); action send(i, m); m := MPI Send(i); action recv(i, m); MPI Bcast(m); action bcast(m); MPI Barrier(); action barrier; Introducing Hoare logic axioms {send(i, m) P MPI Send(i, m) {P {recv(i, m) P m := MPI Recv(i) {P Wytse Oortwijn, UTwente Verifying Model Abstractions 17 / 21

50 Linking abstractions to MPI programs MPI program void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

51 Linking abstractions to MPI programs MPI program void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

52 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

53 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); ensures Process(ε); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

54 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); ensures Process(ε); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Does the program correctly execute its abstraction? Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

55 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); ensures Process(ε); void main(int k) { {P(k) ɛ int v := MPI Recv( ); MPI Send(0, v + k); Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Does the program correctly execute its abstraction? Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

56 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); ensures Process(ε); void main(int k) { {P(k) ɛ {Σ i:int recv(, i) send(0, i +k) ɛ int v := MPI Recv( ); MPI Send(0, v + k); Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Does the program correctly execute its abstraction? Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

57 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); ensures Process(ε); void main(int k) { {P(k) ɛ {Σ i:int recv(, i) send(0, i +k) ɛ int v := MPI Recv( ); {send(0, v + k) ɛ MPI Send(0, v + k); Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Does the program correctly execute its abstraction? Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

58 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); ensures Process(ε); void main(int k) { {P(k) ɛ {Σ i:int recv(, i) send(0, i +k) ɛ int v := MPI Recv( ); {send(0, v + k) ɛ MPI Send(0, v + k); {ε Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Does the program correctly execute its abstraction? Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

59 Linking abstractions to MPI programs MPI program requires Process(p(k) ɛ); ensures Process(ε); void main(int k) { {P(k) ɛ {Σ i:int recv(, i) send(0, i +k) ɛ int v := MPI Recv( ); {send(0, v + k) ɛ MPI Send(0, v + k); {ε Program abstraction process p(int k) := Σ i:int recv(, i) send(0, i + k) Does the program correctly execute its abstraction? Yes! Wytse Oortwijn, UTwente Verifying Model Abstractions 18 / 21

60 Toolchain overview requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k);

61 Toolchain overview requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); 1

62 Toolchain overview process p(int k) := Σ i:int recv(, i) send(0, i + k); 2 requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); 1

63 Toolchain overview process p(int k) := Σ i:int recv(, i) send(0, i + k); 2 requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); 1 3 Verdict Does the program correctly executes its abstraction? Hoare logic reasoning

64 Toolchain overview process p(int k) := Σ i:int recv(, i) send(0, i + k); 2 requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); 1 3 Verdict Does the program correctly executes its abstraction? Hoare logic reasoning P(k 1 ) P(k 2 ) MPI

65 Toolchain overview process p(int k) := Σ i:int recv(, i) send(0, i + k); 2 requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); 1 3 Verdict Does the program correctly executes its abstraction? Hoare logic reasoning P(k 1 ) P(k 2 ) MPI 4

66 Toolchain overview process p(int k) := Σ i:int recv(, i) send(0, i + k); 2 requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); 1 3 Verdict Does the program correctly executes its abstraction? Hoare logic reasoning 5 P(k 1 ) P(k 2 ) MPI 4

67 Toolchain overview process p(int k) := Σ i:int recv(, i) send(0, i + k); 2 requires Process(p(k) P); ensures Process(P); void main(int k) { int v := MPI Recv( ); MPI Send(0, v + k); 1 3 Verdict Does the program correctly executes its abstraction? Hoare logic reasoning 5 6 P(k 1 ) P(k 2 ) MPI 4 Final verdict Either pass or fail Wytse Oortwijn, UTwente Verifying Model Abstractions 19 / 21

68 Outline 1 Introduction 2 Approach 3 Distributed programs 4 Conclusion Wytse Oortwijn, UTwente Verifying Model Abstractions 20 / 21

69 Conclusion VerCors verification tool set Automated verification of parallel and concurrent software More information: Download & try: Wytse Oortwijn, UTwente Verifying Model Abstractions 21 / 21

Similar documents

A VERIFICATION TECHNIQUE FOR DETERMINISTIC PARALLEL PROGRAMS

A VERIFICATION TECHNIQUE FOR DETERMINISTIC PARALLEL PROGRAMS A VERIFICATION TECHNIQUE FOR DETERMINISTIC PARALLEL PROGRAMS MARIEKE HUISMAN UNIVERSITY OF TWENTE, NETHERLANDS JOINT WORK WITH SAEED DARABI AND STEFAN BLOM THE CHALLENGE OF RELIABLE SOFTWARE ICT problems

More information

Viper A Verification Infrastructure for Permission-Based Reasoning

Viper A Verification Infrastructure for Permission-Based Reasoning Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich Joint work with Uri Juhasz, Ioannis Kassios, Peter Müller, Milos Novacek, Malte Schwerhoff (and many students)

More information

VERIFICATION OF SHARED-READING SYNCHRONISERS

VERIFICATION OF SHARED-READING SYNCHRONISERS VERIFICATION OF SHARED-READING SYNCHRONISERS MARIEKE HUISMAN UNIVERSITY OF TWENTE, NETHERLANDS JOINT WORK WITH AFSHIN AMIGHI AND STEFAN BLOM SOFTWARE RELIABILITY All software has errors! Software failures

More information

Improving the Definition of UML

Improving the Definition of UML Improving the Definition of UML Greg O Keefe Computer Sciences Laboratory Australian National University Outline The UML definition claims to be Outline The UML definition claims to be precise Outline

More information

Introduction & Formal Methods

Introduction & Formal Methods Introduction & Formal Methods http://d3s.mff.cuni.cz Jan Kofroň CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Introduction to dependable systems NSWE 002 What you learn: Dependable systems

More information

Cover Page. The handle holds various files of this Leiden University dissertation

Cover Page. The handle holds various files of this Leiden University dissertation Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue

More information

Software Engineering using Formal Methods

Software Engineering using Formal Methods Software Engineering using Formal Methods Introduction to Promela Wolfgang Ahrendt 03 September 2015 SEFM: Promela /GU 150903 1 / 36 Towards Model Checking System Model Promela Program byte n = 0; active

More information

Witnessing the elimination of magic wands

Witnessing the elimination of magic wands Int J Softw Tools Technol Transfer (2015) 17:757 781 DOI 10.1007/s10009-015-0372-3 VERIFYTHIS 2012 Witnessing the elimination of magic wands Stefan Blom Marieke Huisman Published online: 31 March 2015

More information

Distributed Binary Decision Diagrams for Symbolic Reachability

Distributed Binary Decision Diagrams for Symbolic Reachability Distributed Binary Decision Diagrams for Symbolic Reachability Wytse Oortwijn Formal Methods and Tools, University of Twente November 1, 2015 Wytse Oortwijn (Formal Methods and Tools, Distributed University

More information

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Model-Driven Verifying Compilation of Synchronous Distributed Applications Model-Driven Verifying Compilation of Synchronous Distributed Applications Sagar Chaki, James Edmondson October 1, 2014 MODELS 14, Valencia, Spain Copyright 2014 Carnegie Mellon University This material

More information

Concurrent library abstraction without information hiding

Concurrent library abstraction without information hiding Universidad Politécnica de Madrid Escuela técnica superior de ingenieros informáticos Concurrent library abstraction without information hiding Artem Khyzha Advised by Manuel Carro and Alexey Gotsman Madrid

More information

Concurrency. State Models and Java Programs. Jeff Magee and Jeff Kramer. Concurrency: introduction 1. Magee/Kramer

Concurrency. State Models and Java Programs. Jeff Magee and Jeff Kramer. Concurrency: introduction 1. Magee/Kramer Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer Concurrency: introduction 1 What is a Concurrent Program? A sequential program has a single thread of control. A concurrent program

More information

Runtime Permission Checking in Concurrent Java Programs

Runtime Permission Checking in Concurrent Java Programs Master s Thesis Runtime Permission Checking in Concurrent Java Programs Author: Stijn Gijsen Supervisor: prof.dr. M. Huisman Committee: dr. C.M. Bockisch dr. S.C.C. Blom A thesis submitted in fulfilment

More information

Verifying C & C++ with ESBMC

Verifying C & C++ with ESBMC Verifying C & C++ with ESBMC Denis A Nicole dan@ecs.soton.ac.uk CyberSecuritySoton.org [w] @CybSecSoton [fb & tw] ESBMC ESBMC, the Efficient SMT-Based Context-Bounded Model Checker was originally developed

More information

Formal Specification and Verification

Formal Specification and Verification Formal Specification and Verification Introduction to Promela Bernhard Beckert Based on a lecture by Wolfgang Ahrendt and Reiner Hähnle at Chalmers University, Göteborg Formal Specification and Verification:

More information

Chapter 1. Introduction

Chapter 1. Introduction 1 Chapter 1 Introduction An exciting development of the 21st century is that the 20th-century vision of mechanized program verification is finally becoming practical, thanks to 30 years of advances in

More information

Software Engineering using Formal Methods

Software Engineering using Formal Methods Software Engineering using Formal Methods Introduction to Promela Wolfgang Ahrendt & Richard Bubel & Reiner Hähnle & Wojciech Mostowski 31 August 2011 SEFM: Promela /GU 110831 1 / 35 Towards Model Checking

More information

SimGrid MC 101. Getting Started with the SimGrid Model-Checker. Da SimGrid Team. April 11, 2017

SimGrid MC 101. Getting Started with the SimGrid Model-Checker. Da SimGrid Team. April 11, 2017 SimGrid MC 101 Getting Started with the SimGrid Model-Checker Da SimGrid Team April 11, 2017 About this Presentation Goals and Contents Understanding the basics of Model checking Running SimGrid as a Model

More information

Design and Analysis of Distributed Interacting Systems

Design and Analysis of Distributed Interacting Systems Design and Analysis of Distributed Interacting Systems Lecture 5 Linear Temporal Logic (cont.) Prof. Dr. Joel Greenyer May 2, 2013 (Last Time:) LTL Semantics (Informally) LTL Formulae are interpreted on

More information

Warm-Up Problem. Let be a set of well-formed Predicate logic formulas. Let be well-formed Predicate logic formulas. Prove or disprove the following.

Warm-Up Problem. Let be a set of well-formed Predicate logic formulas. Let be well-formed Predicate logic formulas. Prove or disprove the following. Warm-Up Problem Let be a set of well-formed Predicate logic formulas Let be well-formed Predicate logic formulas Prove or disprove the following If then 1/35 Program Verification Carmen Bruni Lecture 18

More information

Lecture 1: Model Checking. Edmund Clarke School of Computer Science Carnegie Mellon University

Lecture 1: Model Checking. Edmund Clarke School of Computer Science Carnegie Mellon University Lecture 1: Model Checking Edmund Clarke School of Computer Science Carnegie Mellon University 1 Cost of Software Errors June 2002 Software bugs, or errors, are so prevalent and so detrimental that they

More information

Runtime assertion checking of multithreaded Java programs

Runtime assertion checking of multithreaded Java programs Master Thesis Runtime assertion checking of multithreaded Java programs An extension of the STROBE framework Author: Jorne Kandziora Supervisors: dr. M. Huisman dr. C.M. Bockisch M. Zaharieva-Stojanovski,

More information

Model checking Timber program. Paweł Pietrzak

Model checking Timber program. Paweł Pietrzak Model checking Timber program Paweł Pietrzak 1 Outline Background on model checking (spam?) The SPIN model checker An exercise in SPIN - model checking Timber Deriving finite models from Timber programs

More information

Verifying Concurrent Programs

Verifying Concurrent Programs Verifying Concurrent Programs Daniel Kroening 8 May 1 June 01 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs

More information

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements System Correctness EEC 421/521: Software Engineering A Whirlwind Intro to Software Model Checking A system is correct when it meets its requirements a design without requirements cannot be right or wrong,

More information

Applications of Formal Verification

Applications of Formal Verification Applications of Formal Verification Model Checking: Introduction to PROMELA Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State of Baden-Württemberg

More information

An Overview of the DE Hardware Description Language and Its Application in Formal Verification of the FM9001 Microprocessor

An Overview of the DE Hardware Description Language and Its Application in Formal Verification of the FM9001 Microprocessor An Overview of the DE Hardware Description Language and Its Application in Formal Verification of the FM9001 Microprocessor Cuong Chau ckcuong@cs.utexas.edu Department of Computer Science The University

More information

Lecture Notes on Session Types

Lecture Notes on Session Types Lecture Notes on Session Types 15-814: Types and Programming Languages Frank Pfenning Lecture 22 November 27, 2018 1 Introduction Some of the material in this lecture, specifically, the discussion of external

More information

Lecture 8: September 30

Lecture 8: September 30 CMPSCI 377 Operating Systems Fall 2013 Lecture 8: September 30 Lecturer: Prashant Shenoy Scribe: Armand Halbert 8.1 Semaphores A semaphore is a more generalized form of a lock that can be used to regulate

More information

Behavioural Equivalences and Abstraction Techniques. Natalia Sidorova

Behavioural Equivalences and Abstraction Techniques. Natalia Sidorova Behavioural Equivalences and Abstraction Techniques Natalia Sidorova Part 1: Behavioural Equivalences p. p. The elevator example once more How to compare this elevator model with some other? The cabin

More information

Formal Methods in Software Development

Formal Methods in Software Development Formal Methods in Software Development Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at

More information

Verification Condition Generation

Verification Condition Generation Verification Condition Generation Jorge Sousa Pinto Departamento de Informática / Universidade do Minho jsp@di.uminho.pt www.di.uminho.pt/~jsp Outline (1) - From Hoare Logic to VCGen algorithms: an architecture

More information

Applications of Formal Verification

Applications of Formal Verification Applications of Formal Verification Model Checking: Introduction to PROMELA Prof. Dr. Bernhard Beckert Dr. Vladimir Klebanov SS 2012 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State

More information

Lecture 2. Decidability and Verification

Lecture 2. Decidability and Verification Lecture 2. Decidability and Verification model temporal property Model Checker yes error-trace Advantages Automated formal verification, Effective debugging tool Moderate industrial success In-house groups:

More information

Symbolic and Concolic Execution of Programs

Symbolic and Concolic Execution of Programs Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James

More information

CLAN: A Tool for Contract Analysis and Conflict Discovery

CLAN: A Tool for Contract Analysis and Conflict Discovery CLAN: A Tool for Contract Analysis and Conflict Discovery Stephen Fenech 1, Gordon J. Pace 1, and Gerardo Schneider 2 1 Dept. of Computer Science, University of Malta, Malta 2 Dept. of Informatics, University

More information

Improving the Practicality of Transactional Memory

Improving the Practicality of Transactional Memory Improving the Practicality of Transactional Memory Woongki Baek Electrical Engineering Stanford University Programming Multiprocessors Multiprocessor systems are now everywhere From embedded to datacenter

More information

The UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN

The UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN The UPPAAL Model Checker Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN The aim of this presentation Introduce the basic concepts of model checking from a practical perspective Describe

More information

Techniques for the unambiguous specification of software

Techniques for the unambiguous specification of software Formal Techniques for the unambiguous of software Objectives To explain why formal techniques help discover problems in system requirements To describe the use of algebraic techniques for interface To

More information

Applications of Formal Verification

Applications of Formal Verification Applications of Formal Verification Model Checking: Introduction to PROMELA Prof. Dr. Bernhard Beckert Dr. Vladimir Klebanov SS 2010 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State

More information

Lindsay Groves, Simon Doherty. Mark Moir, Victor Luchangco

Lindsay Groves, Simon Doherty. Mark Moir, Victor Luchangco Lindsay Groves, Simon Doherty Victoria University of Wellington Mark Moir, Victor Luchangco Sun Microsystems, Boston (FORTE, Madrid, September, 2004) Lock-based concurrency doesn t scale Lock-free/non-blocking

More information

Specifying Concurrent Programs: a case study in JML and Separation Logic

Specifying Concurrent Programs: a case study in JML and Separation Logic Specifying Concurrent Programs: a case study in JML and Separation Logic Martijn Roo University of Twente The Netherlands m.j.roo@student.utwente.nl ABSTRACT This paper presents a case study for the verification

More information

Formal Methods for Software Development

Formal Methods for Software Development Formal Methods for Software Development Verification with Spin Wolfgang Ahrendt 07 September 2018 FMSD: Spin /GU 180907 1 / 34 Spin: Previous Lecture vs. This Lecture Previous lecture Spin appeared as

More information

Indistinguishability: Friend and Foe of Concurrent Data Structures. Hagit Attiya CS, Technion

Indistinguishability: Friend and Foe of Concurrent Data Structures. Hagit Attiya CS, Technion Indistinguishability: Friend and Foe of Concurrent Data Structures Hagit Attiya CS, Technion Uncertainty is a main obstacle for designing correct applications in concurrent systems Formally captured by

More information

15-819M: Data, Code, Decisions

15-819M: Data, Code, Decisions 15-819M: Data, Code, Decisions 08: First-Order Logic André Platzer aplatzer@cs.cmu.edu Carnegie Mellon University, Pittsburgh, PA André Platzer (CMU) 15-819M/08: Data, Code, Decisions 1 / 40 Outline 1

More information

Integrating Arrays into the Heap-Hop program prover

Integrating Arrays into the Heap-Hop program prover Integrating Arrays into the Heap-Hop program prover Ioana Cristescu under the supervision of Jules Villard Queen Mary University of London 7 September 2011 1 / 29 Program verification using Heap-Hop Program

More information

Model Checking with Automata An Overview

Model Checking with Automata An Overview Model Checking with Automata An Overview Vanessa D Carson Control and Dynamical Systems, Caltech Doyle Group Presentation, 05/02/2008 VC 1 Contents Motivation Overview Software Verification Techniques

More information

UniLFS: A Unifying Logical Framework for Service Modeling and Contracting

UniLFS: A Unifying Logical Framework for Service Modeling and Contracting UniLFS: A Unifying Logical Framework for Service Modeling and Contracting RuleML 2103: 7th International Web Rule Symposium July 11-13, 2013 Dumitru Roman 1 and Michael Kifer 2 1 SINTEF / University of

More information

Distributed Systems Programming (F21DS1) Formal Verification

Distributed Systems Programming (F21DS1) Formal Verification Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on

More information

Specification of a transacted memory for smart cards in Java and JML

Specification of a transacted memory for smart cards in Java and JML Specification of a transacted memory for smart cards in Java and JML Erik Poll University of Nijmegen, NL Pieter Hartel Eduard de Jong Joint work with University of Twente Sun Microsystems Transacted Memory

More information

Weak Memory Models: an Operational Theory

Weak Memory Models: an Operational Theory Opening Weak Memory Models: an Operational Theory INRIA Sophia Antipolis 9th June 2008 Background on weak memory models Memory models, what are they good for? Hardware optimizations Contract between hardware

More information

Threaded Programming. Lecture 9: Alternatives to OpenMP

Threaded Programming. Lecture 9: Alternatives to OpenMP Threaded Programming Lecture 9: Alternatives to OpenMP What s wrong with OpenMP? OpenMP is designed for programs where you want a fixed number of threads, and you always want the threads to be consuming

More information

Model Checking. Dragana Cvijanovic

Model Checking. Dragana Cvijanovic Model Checking Dragana Cvijanovic d.cvijanovic@cs.ucl.ac.uk 1 Introduction Computerised systems pervade more and more our everyday lives. Digital technology is now used to supervise critical functions

More information

School of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne

School of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne Principles of Dependable Systems Building Reliable Software School of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne Winter 2006-2007 Outline Class Projects: mtgs next week

More information

ABHELSINKI UNIVERSITY OF TECHNOLOGY

ABHELSINKI UNIVERSITY OF TECHNOLOGY T-79.5305 Formal Methods (4 ECTS) T-79.5305 Formaalit menetelmät (4 op) 2006-09-13 Tommi Junttila, Keijo Heljanko, Ilkka Niemelä, and Heikki Tauriainen T-79.5305 Formal Methods, Autumn 2006 1/27 T-79.5305

More information

Introduction to Model Checking

Introduction to Model Checking Introduction to Model Checking René Thiemann Institute of Computer Science University of Innsbruck WS 2007/2008 RT (ICS @ UIBK) week 4 1/23 Outline Promela - Syntax and Intuitive Meaning Promela - Formal

More information

Verification and Validation

Verification and Validation 2014-2015 Verification and Validation Part I : Extended Static Analysis Burkhart Wolff Département Informatique Université Paris-Sud / Orsay Static Analysis! We have seen test methods, and proof methods.

More information

Compositional Software Model Checking

Compositional Software Model Checking Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory October 18, 2002 Outline of talk program verification issues the semantic challenge programming languages the logical

More information

Proving the Correctness of Distributed Algorithms using TLA

Proving the Correctness of Distributed Algorithms using TLA Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)

More information

Certified Memory Usage Analysis

Certified Memory Usage Analysis Certified Memory Usage Analysis David Cachera, Thomas Jensen, David Pichardie, Gerardo Schneider IRISA, ENS Cachan Bretagne, France Context Embedded devices (smart cards, mobile phones) memory is limited

More information

Lecture 5 - Axiomatic semantics

Lecture 5 - Axiomatic semantics Program Verification March 2014 Lecture 5 - Axiomatic semantics Lecturer: Noam Rinetzky Scribes by: Nir Hemed 1.1 Axiomatic semantics The development of the theory is contributed to Robert Floyd, C.A.R

More information

Aoraï Plugin Tutorial

Aoraï Plugin Tutorial Aoraï Plugin Tutorial (A.k.a. LTL to ACSL) Nicolas Stouls and Virgile Prevosto Nicolas.Stouls@insa-lyon.fr,virgile.prevosto@cea.fr October 31, 2017 Foreword Aoraï is a Frama-C plugin that provides a method

More information

Summary Semaphores. Passing the Baton any await statement. Synchronisation code not linked to the data

Summary Semaphores. Passing the Baton any await statement. Synchronisation code not linked to the data Lecture 4 Monitors Summary Semaphores Good news Simple, efficient, expressive Passing the Baton any await statement Bad news Low level, unstructured omit a V: deadlock omit a P: failure of mutex Synchronisation

More information

Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming

Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming Nicolas Bettenburg 1 Universitaet des Saarlandes, D-66041 Saarbruecken, nicbet@studcs.uni-sb.de Abstract. As traditional

More information

The University of Iowa Fall CS:5810 Formal Methods in Software Engineering. Introduction

The University of Iowa Fall CS:5810 Formal Methods in Software Engineering. Introduction The University of Iowa Fall 2017 CS:5810 Formal Methods in Software Engineering Introduction Copyright 2017, Cesare Tinelli, Pierre-Loïc Garoche, Reiner Hänle, Steven Miller These notes are copyrighted

More information

Hoare Logic and Model Checking

Hoare Logic and Model Checking Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the

More information

From Event-B Models to Dafny Code Contracts

From Event-B Models to Dafny Code Contracts From Event-B Models to Dafny Code Contracts Mohammadsadegh Dalvandi, Michael Butler, Abdolbaghi Rezazadeh Electronic and Computer Science School, University of Southampton Southampton, United Kingdom {md5g11,mjb,ra3}@ecs.soton.ac.uk

More information

Property Specifications

Property Specifications Property Specifications Jim Browne Table of Contents Overview Temporal Logics Specification Patterns The major part of this lecture is taken from slides by David Garlan 9/4/2008 Unification of Verification

More information

Processes & Threads. Concepts: processes - units of sequential execution.

Processes & Threads. Concepts: processes - units of sequential execution. Chapter 2 Processes & Threads concurrent processes We structure complex systems as sets of simpler activities, each represented as a sequential process. Processes can overlap or be concurrent, so as to

More information

Chapter 2. Processes & Threads. Concurrency: processes & threads 1. Magee/Kramer

Chapter 2. Processes & Threads. Concurrency: processes & threads 1. Magee/Kramer Chapter 2 Processes & Threads Concurrency: processes & threads 1 concurrent processes We structure complex systems as sets of simpler activities, each represented as a sequential process. Processes can

More information

Witnessing the Elimination of Magic Wands

Witnessing the Elimination of Magic Wands Witnessing the Elimination of Magic Wands Stefan Blom and Marieke Huisman University of Twente November 8, 2013 Abstract. This paper discusses the use and verification of magic wands. Magic wands are used

More information

Model Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12

Model Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12 Model Checking mc Revision:.2 Model Checking for Infinite Systems mc 2 Revision:.2 check algorithmically temporal / sequential properties fixpoint algorithms with symbolic representations: systems are

More information

Advances in Programming Languages

Advances in Programming Languages O T Y H Advances in Programming Languages APL8: ESC/Java2 David Aspinall (including slides by Ian Stark and material adapted from ESC/Java2 tutorial by David Cok, Joe Kiniry and Erik Poll) School of Informatics

More information

Aoraï Plugin Tutorial

Aoraï Plugin Tutorial Aoraï Plugin Tutorial (A.k.a. LTL to ACSL) Nicolas Stouls and Virgile Prevosto Nicolas.Stouls@insa-lyon.fr,virgile.prevosto@cea.fr October 7, 2011 Foreword Aoraï is a Frama-C plugin that provides a method

More information

Hoare Logic and Model Checking. A proof system for Separation logic. Introduction. Separation Logic

Hoare Logic and Model Checking. A proof system for Separation logic. Introduction. Separation Logic Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. Kasper Svendsen University of Cambridge CST Part II 2016/17 This lecture

More information

Verification and Validation

Verification and Validation Cycle Ingénieur 2 ème année Département Informatique Verification and Validation Part IV : Proof-based Verification (I) Burkhart Wolff Département Informatique Université Paris-Sud / Orsay 2013-2014 What

More information

Verification and Validation

Verification and Validation 2017-2018 Cycle Ingénieur 2 ème année Département Informatique Verification and Validation Part IV : Proof-based Verification (I) Burkhart Wolff Département Informatique Université Paris-Sud / Orsay Difference

More information

F-Soft: Software Verification Platform

F-Soft: Software Verification Platform F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com

More information

Postprint.

Postprint. http://www.diva-portal.org Postprint This is the accepted version of a paper presented at 7th International Conference, VSTTE 2015, San Francisco, CA, USA, July 18-19, 2015. Citation for the original published

More information

Promela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN

Promela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN Promela and SPIN Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH Promela and SPIN Promela (Protocol Meta Language): Language for modelling discrete, event-driven

More information

Suggested Solutions (Midterm Exam October 27, 2005)

Suggested Solutions (Midterm Exam October 27, 2005) Suggested Solutions (Midterm Exam October 27, 2005) 1 Short Questions (4 points) Answer the following questions (True or False). Use exactly one sentence to describe why you choose your answer. Without

More information

Bandera: Extracting Finite-state Models from Java Source Code

Bandera: Extracting Finite-state Models from Java Source Code Bandera: Extracting Finite-state Models from Java Source Code James C. Corbet Matthew B. Dwyer John Hatcliff Shawn Laubach Corina S. Păsăreanu Robby Hongjun Zheng Presenter: Henrik Kragh-Hansen October

More information

Algebraic specification and verification with CafeOBJ Part 1 Introduction

Algebraic specification and verification with CafeOBJ Part 1 Introduction Algebraic specification and verification with CafeOBJ Part 1 Introduction Norbert Preining ESSLLI 2016 Bozen, August 2016 Algebraic specification and verification with CafeOBJ [5pt]Part 1 Introduction

More information

Verifying Concurrent Memory Reclamation Algorithms with Grace

Verifying Concurrent Memory Reclamation Algorithms with Grace Verifying Concurrent Memory Reclamation Algorithms with Grace Alexey Gotsman, Noam Rinetzky, and Hongseok Yang 1 IMDEA Software Institute 2 Tel-Aviv University 3 University of Oxford Abstract. Memory management

More information

Program logics for relaxed consistency

Program logics for relaxed consistency Program logics for relaxed consistency UPMARC Summer School 2014 Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 1st Lecture, 28 July 2014 Outline Part I. Weak memory models 1. Intro

More information

hijac UTP Semantics for Safety-Critical Java University of York hijac Workshop 15 November 2011

hijac UTP Semantics for Safety-Critical Java University of York hijac Workshop 15 November 2011 UTP Semantics for Safety-Critical Java University of York Workshop 15 November 2011 1 / 27 Outline 1 Unifying Theories of Programming 2 SCJ-Circus 3 UTP SCJ Memory Model 4 COMPASS 5 Conclusions 2 / 27

More information

Automated Software Synthesis for Complex Robotic Systems

Automated Software Synthesis for Complex Robotic Systems Automated Software Synthesis for Complex Robotic Systems Indranil Saha Department of Computer Science and Engineering Indian Institute of Technology Kanpur Indranil Saha Automated Software Synthesis for

More information

MTV: METHODS & TOOLS 4 VERIFICATION MASTER COMPUTER SCIENCE MARIEKE HUISMAN: STUDY ADVISOR MY NAME: JACO VAN DE POL

MTV: METHODS & TOOLS 4 VERIFICATION MASTER COMPUTER SCIENCE MARIEKE HUISMAN: STUDY ADVISOR MY NAME: JACO VAN DE POL MTV: METHODS & TOOLS 4 VERIFICATION MASTER COMPUTER SCIENCE MARIEKE HUISMAN: STUDY ADVISOR MY NAME: JACO VAN DE POL OVERVIEW Motivation Program Tools and Techniques Why choose MTV? (or avoid it) MoTiVation:

More information

A Distributed Hash Table for Shared Memory

A Distributed Hash Table for Shared Memory A Distributed Hash Table for Shared Memory Wytse Oortwijn Formal Methods and Tools, University of Twente August 31, 2015 Wytse Oortwijn (Formal Methods and Tools, AUniversity Distributed of Twente) Hash

More information

Teaching Principles of Dependable Distributed Software

Teaching Principles of Dependable Distributed Software Teaching Principles of Dependable Distributed Software Zoltán Horváth hz@inf.elte.hu Faculty of Informatics, Eötvös Loránd University, Budapest 14th Workshop on Software Engineering Education and Reverse

More information

Algorithmic Verification of Procedural Programs in the Presence of Code Variability

Algorithmic Verification of Procedural Programs in the Presence of Code Variability Algorithmic Verification of Procedural Programs in the Presence of Code Variability Siavash Soleimanifard School of Computer Science and Communication KTH Royal Institute of Technology Stockholm Doctoral

More information

6. Hoare Logic and Weakest Preconditions

6. Hoare Logic and Weakest Preconditions 6. Hoare Logic and Weakest Preconditions Program Verification ETH Zurich, Spring Semester 07 Alexander J. Summers 30 Program Correctness There are many notions of correctness properties for a given program

More information

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Model-Driven Verifying Compilation of Synchronous Distributed Applications Model-Driven Verifying Compilation of Synchronous Distributed Applications Sagar Chaki, James Edmondson October 1, 2014 MODELS 14, Valencia, Spain Report Documentation Page Form Approved OMB No. 0704-0188

More information

Introduction to Embedded Systems

Introduction to Embedded Systems Introduction to Embedded Systems Sanjit A. Seshia UC Berkeley EECS 149/249A Fall 2015 2008-2015: E. A. Lee, A. L. Sangiovanni-Vincentelli, S. A. Seshia. All rights reserved. Chapter 3: Discrete Dynamics,

More information

More on Verification and Model Checking

More on Verification and Model Checking More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,

More information

Viper: A Verification Infrastructure for Permission-Based Reasoning

Viper: A Verification Infrastructure for Permission-Based Reasoning Viper: A Verification Infrastructure for Permission-Based Reasoning Peter Müller, Malte Schwerhoff, and Alexander J. Summers Department of Computer Science, ETH Zurich, Switzerland {peter.mueller, malte.schwerhoff,

More information

G Programming Languages - Fall 2012

G Programming Languages - Fall 2012 G22.2110-003 Programming Languages - Fall 2012 Lecture 4 Thomas Wies New York University Review Last week Control Structures Selection Loops Adding Invariants Outline Subprograms Calling Sequences Parameter

More information

Proof-by-Instance for Embedded Network Design From Prototype to Tool Roadmap. Marc Boyer, Loïc Fejoz. 1, Stephan Merz 3

Proof-by-Instance for Embedded Network Design From Prototype to Tool Roadmap. Marc Boyer, Loïc Fejoz. 1, Stephan Merz 3 Proof-by-Instance for Embedded Network Design From Prototype to Tool Roadmap 2 Marc Boyer, Loïc Fejoz 1 1, Stephan Merz 3 RealTime at Work, Nancy, France 2 ONERA The French aerospace Lab, 3 Inria & LORIA,

More information

To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED. To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 Introduction SDN research directions as outlined in IRTF RG outlines i) need for more flexibility and programmability

More information

The GROOVE Simulator: A Tool for State Space Generation

The GROOVE Simulator: A Tool for State Space Generation Presented at AGTIVE, September 2003, Charlottesville, Virginia. To appear in Lecture Notes in Computer Science, Springer-Verlag. The GROOVE Simulator: A Tool for State Space Generation Arend Rensink University

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback