Verifying Parallel Programs
|
|
- Diana Powers
- 5 years ago
- Views:
Transcription
1 Verifying Parallel Programs Stephen F. Siegel The Verified Software Laboratory Department of Computer and Information Sciences University of Delaware, Newark, USA SIG-NEWGRAD 5 October
2 1968 NATO Conference on Software Engineering response to software crisis the difficulty of writing correct, understandable and verifiable computer programs (Wikipedia) 2
3 1968 NATO Conference on Software Engineering response to software crisis the difficulty of writing correct, understandable and verifiable computer programs (Wikipedia) birth of software engineering the application of a systematic, disciplined, quantifiable approach to the development, operation and maintenance of software 2
4 1968 NATO Conference on Software Engineering response to software crisis the difficulty of writing correct, understandable and verifiable computer programs (Wikipedia) birth of software engineering the application of a systematic, disciplined, quantifiable approach to the development, operation and maintenance of software...the consequences of software failure in all its aspects are becoming increasingly serious. Particularly alarming is the seemingly unavoidable fallibility of large software, since a malfunction in an advanced hardware-software system can be a matter of life and death, not only for individuals, but also for vehicles carrying hundreds of people and ultimately for nations as well. David and Fraser 2
5 Other Observations on the Software Crisis 1994: Scientific American, Software s Chronic Crisis, by W. Wayt Gibbs 1/4 large software development efforts canceled average development project overshoots schedule by 50% 3/4 of large systems are operating failures do not function as intended or are not used at all 3
6 Other Observations on the Software Crisis 1994: Scientific American, Software s Chronic Crisis, by W. Wayt Gibbs 1/4 large software development efforts canceled average development project overshoots schedule by 50% 3/4 of large systems are operating failures do not function as intended or are not used at all software is expected to fail releases contain long lists of known bugs...you ARE NOT ENTITLED TO ANY DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, if the Software does not meet Microsoft s Limited Warranty, and, to the maximum extent allowed by applicable law, even if any remedy fails of its essential purpose... imagine if other engineered products (bridges, cars,...) had similar standards 3
7 Famous Software Failures: Ariane 5 Flight 501 References Ariane 5: Flight 501 Failure: Report by the Inquiry Board, Prof. J. L. Lions, Chairman, July 19, Summary June 4, 1996: first launch of Ariane 5 $10 billion to develop carried four expensive (and uninsured) scientific satellites exploded 37 seconds after lift-off result of software failure: out-of-range cast 4
8 Les Hatton: The Chimera of Software Quality A u g u s t TH E PR OF ESSI ON The Chimera of Software Quality Les Hatton Kingston University Despite years of computing progress, today's systems experience spectacular and all-too-frequent crashes, while many enormously expensive projects fail to produce anything useful. Of equal importance, and potentially more damaging, are the misleading smaller defects we tend to miss. From time to time, we must remind ourselves that the underlying quality of the software that our results and progress increasingly depend on will likely be flawed and even more dependent on independent corroboration than the science itself. Many scientific results are corrupted, perhaps fatally so, by undiscovered mistakes in the software used to calculate and present those results. Commercial application areas I've spent the past 30 years analyzing the quality of software-controlled systems. In every area I've looked at or worked in, often previously undiscovered software defects run rife. In scientific modeling, these defects can lead to highly misleading results. Twelve years ago, with a coauthor, I published the results of a large study of high-quality signal-processing software in the oil industry. Previously undiscovered defects had effectively reduced accuracy in 5this data from six significant figures to between
9 Les Hatton: The Chimera of Software Quality study of signal-processing software in oil industry undiscovered defects had reduced accuracy from 6 significant digits to 1 2 data is used to site oil wells requires at least 3 significant digits daily forecasting model of the UK Meteorological Office undiscovered defects zeroed the nonlinear terms in the Navier-Stokes equations every other time step it turned out to make very little difference 6
10 Parallel Programs two main styles 1. shared-variable multi-threaded programs (Java, C,...) single- or multi-core architectures 2. message-passing scientific programs using MPI distributed systems massively-parallel systems nondeterminism any aspect of program execution not specified by program code multiple interleavings 7
11 Verification Approaches: Testing run program on some input, compare with expected result 8
12 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra 8
13 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra nondeterminism a correct result on a test execution does not guarantee a correct result on another execution with the same input 8
14 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra nondeterminism a correct result on a test execution does not guarantee a correct result on another execution with the same input requires a test oracle what if you don t know the correct result? 8
15 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra nondeterminism a correct result on a test execution does not guarantee a correct result on another execution with the same input requires a test oracle what if you don t know the correct result? consumes an enormous portion of development effort 50%? 8
16 Verification Approaches: Finite-State Verification (FSV) encompasses a wide variety of techniques state space reachability analysis temporal logic model checking symbolic model checking (e.g., with Binary Decision Diagrams) Boolean Satisfiability (SAT) checking Integer Linear Programming (ILP) dataflow analysis symbolic execution 10
17 The Three Tasks Involved in an FSV Technique 11
18 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 11
19 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 11
20 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties 11
21 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties What is a model? a simplified or abstract version of the program, often written in a modeling language for a particular FSV tool impose small bounds on configuration (L, N, M 6) floating-point variables are usually not used in models Small Configuration Hypothesis defects almost always manifest themselves in small configurations 11
22 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties What is a state of the model? a vector with one component for each variable in the model 11
23 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties What are typical properties of models? freedom from deadlock assertions about the state assert(x==y*z); assertions about the order of events (temporal logic) ((x==1) = (y==1)) 11
24 Example: Shared Resource boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();
25 Example: Shared Resource Property 1: Freedom from deadlock The program does not deadlock Property 2: Mutual exclusion It is never the case that both processes use the resource 032 at020 the same102 time. 123 Property 3: Liveness The resource 002will eventually 030 be 103used. 120 State: [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();
26 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();
27 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();
28 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
29 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
30 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
31 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
32 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
33 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
34 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
35 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
36 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();
37 FSV: Strengths and Weaknesses strengths can prove things about all possible executions of a program can be (close to) fully automated produces a trace as counterexample when property does not hold 14
38 FSV: Strengths and Weaknesses strengths can prove things about all possible executions of a program can be (close to) fully automated produces a trace as counterexample when property does not hold weaknesses model construction problems the result is only as good as the model state space explosion problem the number of states typically grows exponentially with the number of processes 14
39 FSV: Strengths and Weaknesses strengths can prove things about all possible executions of a program can be (close to) fully automated produces a trace as counterexample when property does not hold weaknesses model construction problems the result is only as good as the model state space explosion problem the number of states typically grows exponentially with the number of processes progress in automatic model extraction development of techniques to combat state explosion industrial use Intel, Motorola, Microsoft,... 14
40 Model Checking for Scientific Computing questions what does it mean for a scientific program to be correct? how does one model floating-point computation? 15
41 Correctness assume we are given 1. a trusted sequential version of the program, and 2. a parallel version of the program our approach prove the two versions are functionally equivalent produce the same output for any given input 16
42 How do we model floating-point computation? one double-precision floating-point variable has 2 64 possible states abstraction? 17
43 How do we model floating-point computation? one double-precision floating-point variable has 2 64 possible states abstraction? Input: symbolic constants x 0, x 1,... Output: symbolic expressions in the x i x 0 x 4 + x 1 x 6 = x 1 x 6 x 0 x (x 0 x 4 ) + x 1 x 6 = (0.0 + (x 0 x 4 )) + x 1 x 6 17
44 How do we represent symbolic expressions? Value numbering place all symbolic expressions in an expression table every expression has a unique ID number 18
45 How do we represent symbolic expressions? Value numbering place all symbolic expressions in an expression table every expression has a unique ID number in the model... replace all floating-point values with ID numbers 18
46 How do we represent symbolic expressions? Value numbering place all symbolic expressions in an expression table every expression has a unique ID number in the model... replace all floating-point values with ID numbers replace all floating-point operations with symbolic operations to evaluate x + y: is x + y already in the table? if yes, return its ID number if no, create new table entry and return new ID number 18
47 i e i 19
48 i e i 0 (, 0.0) (, 1.0)
49 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = =
50 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = =
51 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = x0 x =
52 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = x0 x =
53 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x C = 0 0 (0.0+x0 x = 4 )+x 1 x
54 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x C = 0 0 (0.0+x0 x = 4 )+x 1 x
55 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x C = 0 0 (0.0+x0 x = 4 )+x 1 x x 0 x
56 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x C = 0 0 (0.0+x0 x = 4 )+x 1 x x 0 x
57 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x C = 0 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x
58 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x C = 0 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x
59 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x C = 19 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x x 2 x
60 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x C = 19 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x x 2 x
61 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x C = 21 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x
62 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x C = 21 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x
63 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x 5 23 (, 0, 22) 0.0+x 2 x C = (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x x 2 x 5 19
64 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x 5 23 (, 0, 22) 0.0+x 2 x 5 24 (, 5, 9) x 3 x C = (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x x 2 x 5 19
65 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x 5 23 (, 0, 22) 0.0+x 2 x 5 24 (, 5, 9) x 3 x 7 25 (, 23, 24) (0.0+x 2 x 5 )+x 3 x C = (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x 6 (0.0+x 2 x 5 )+x 3 x 7 19
66 Current Projects tools MPI-Spin Mover(coming soon...) a number of case studies ECCSVM/BlobFlow vortex method fluid dynamics code Prof. Lou Rossi, Math Dept. a number of techniques for mitigating state explosion abstractions for scientific computing 20
CISC : Finite-State Verification
CISC879-011: Finite-State Verification Stephen F. Siegel Department of Computer and Information Sciences University of Delaware Fall 2006 1 The Software Crisis The desire for formal software verification
More informationModel Checking. Automatic Verification Model Checking. Process A Process B. when not possible (not AI).
Sérgio Campos scampos@dcc.ufmg.br Why? Imagine the implementation of a complex hardware or software system: A 100K gate ASIC perhaps 100 concurrent modules; A flight control system dozens of concurrent
More informationUsing Model Checking with Symbolic Execution to Verify Parallel Numerical Programs
Using Model Checking with Symbolic Execution to Verify Parallel Numerical Programs Stephen F. Siegel 1 Anastasia Mironova 2 George S. Avrunin 1 Lori A. Clarke 1 1 University of Massachusetts Amherst 2
More informationC07: Testing and JUnit
CISC 3120 C07: Testing and JUnit Hui Chen Department of Computer & Information Science CUNY Brooklyn College 9/19/2017 CUNY Brooklyn College 1 Outline Recap and issues Grades and feedback Assignments &
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationUC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara
CS189A - Capstone Christopher Kruegel Department of Computer Science http://www.cs.ucsb.edu/~chris/ Project Assignments All the teams must be formed today Monday, January 10 th If you have not done so
More information(See related materials in textbook.) CSE 435: Software Engineering (slides adapted from Ghezzi et al & Stirewalt
Verification (See related materials in textbook.) Outline What are the goals of verification? What are the main approaches to verification? What kind of assurance do we get through testing? How can testing
More informationSoftware Testing Lecture 1. Justin Pearson
Software Testing Lecture 1 Justin Pearson 2017 1 / 50 Four Questions Does my software work? 2 / 50 Four Questions Does my software work? Does my software meet its specification? 3 / 50 Four Questions Does
More informationResearch Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001
Research Collection Other Conference Item Formal background and algorithms Author(s): Biere, Armin Publication Date: 2001 Permanent Link: https://doi.org/10.3929/ethz-a-004239730 Rights / License: In Copyright
More informationProgram Verification. Aarti Gupta
Program Verification Aarti Gupta 1 Agenda Famous bugs Common bugs Testing (from lecture 6) Reasoning about programs Techniques for program verification 2 Famous Bugs The first bug: A moth in a relay (1945)
More informationProgram verification. Generalities about software Verification Model Checking. September 20, 2016
Program verification Generalities about software Verification Model Checking Laure Gonnord David Monniaux September 20, 2016 1 / 43 The teaching staff Laure Gonnord, associate professor, LIP laboratory,
More informationCSc 225 Algorithms and Data Structures I Case Studies
CSc 225 Algorithms and Data Structures I Case Studies Jianping Pan Fall 2007 9/12/07 CSc 225 1 Things we have so far Algorithm analysis pseudo code primitive operations worst-case scenarios Asymptotic
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationSystem Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements
System Correctness EEC 421/521: Software Engineering A Whirlwind Intro to Software Model Checking A system is correct when it meets its requirements a design without requirements cannot be right or wrong,
More informationAlgorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)
Algorithmic Verification The software crisis (and hardware as well) Algorithmic Verification Comp4151 Lecture 1-B Ansgar Fehnker Computer become more powerful (Moore s law) The quality of programs cannot
More informationTesting. UW CSE 160 Winter 2016
Testing UW CSE 160 Winter 2016 1 Testing Programming to analyze data is powerful It s useless (or worse!) if the results are not correct Correctness is far more important than speed 2 Famous examples Ariane
More information10. Software Testing Fundamental Concepts
10. Software Testing Fundamental Concepts Department of Computer Science and Engineering Hanyang University ERICA Campus 1 st Semester 2016 Testing in Object-Oriented Point of View Error Correction Cost
More informationIngegneria del Software Corso di Laurea in Informatica per il Management
Ingegneria del Software Corso di Laurea in Informatica per il Management Software testing Davide Rossi Dipartimento di Informatica Università di Bologna Validation and verification Software testing is
More informationScalable Program Verification by Lazy Abstraction
Scalable Program Verification by Lazy Abstraction Ranjit Jhala U.C. Berkeley ars, July, 997 Lost contact due to real-time priority inversion bug ars, December, 999 Crashed due to uninitialized variable
More informationModels of concurrency & synchronization algorithms
Models of concurrency & synchronization algorithms Lecture 3 of TDA383/DIT390 (Concurrent Programming) Carlo A. Furia Chalmers University of Technology University of Gothenburg SP3 2016/2017 Today s menu
More informationThe Toolkit for Accurate Scientific Software
The Toolkit for Accurate Scientific Software Stephen F. Siegel, Timothy Zirkel, Yi Wei Verified Software Laboratory Department of Computer and Information Sciences University of Delaware Newark, DE, USA
More informationTowards an industrial use of FLUCTUAT on safety-critical avionics software
Towards an industrial use of FLUCTUAT on safety-critical avionics software David Delmas 1, Eric Goubault 2, Sylvie Putot 2, Jean Souyris 1, Karim Tekkal 3 and Franck Védrine 2 1. Airbus Operations S.A.S.,
More informationFloating Point. CSC207 Fall 2017
Floating Point CSC207 Fall 2017 Ariane 5 Rocket Launch Ariane 5 rocket explosion In 1996, the European Space Agency s Ariane 5 rocket exploded 40 seconds after launch. During conversion of a 64-bit to
More informationLecture 1: Model Checking. Edmund Clarke School of Computer Science Carnegie Mellon University
Lecture 1: Model Checking Edmund Clarke School of Computer Science Carnegie Mellon University 1 Cost of Software Errors June 2002 Software bugs, or errors, are so prevalent and so detrimental that they
More informationIntroduction to Axiomatic Semantics (1/2)
#1 Introduction to Axiomatic Semantics (1/2) How s The Homework Going? Remember: just do the counterexample guided abstraction refinement part of DPLL(T). If you notice any other errors, those are good
More informationJava PathFinder JPF 2 Second Generation of Java Model Checker
Java PathFinder JPF 2 Second Generation of Java Model Checker Guenther Brand Mat. Nr. 9430535 27. 06. 2003 Abstract This essay is based on the papers Java PathFinder, Second Generation of Java Model Checker
More information6. Hoare Logic and Weakest Preconditions
6. Hoare Logic and Weakest Preconditions Program Verification ETH Zurich, Spring Semester 07 Alexander J. Summers 30 Program Correctness There are many notions of correctness properties for a given program
More informationIntroduction to CS 270 Math Foundations of CS
Introduction to CS 270 Math Foundations of CS Verification of Computer Systems Jeremy Johnson Drexel University Course Description Emphasizes analytic problem-solving and introduction of mathematical material
More informationTopics in Software Testing
Dependable Software Systems Topics in Software Testing Material drawn from [Beizer, Sommerville] Software Testing Software testing is a critical element of software quality assurance and represents the
More informationFormal Verification for UML/SysML models
Formal Verification for UML/SysML models IBM Research Lab - Haifa Content Formal verification v.s. testing Correctness properties Formal verification for Rhapsody models 2 Formal Verification Desired Properties
More informationMore on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
More informationObject-Oriented and Classical Software Engineering
Slide 6.1 Object-Oriented and Classical Software Engineering Seventh Edition, WCB/McGraw-Hill, 2007 Stephen R. Schach srs@vuse.vanderbilt.edu CHAPTER 6 Slide 6.2 TESTING 1 Overview Slide 6.3 Quality issues
More informationObject-Oriented and Classical Software Engineering
Slide 6.1 Object-Oriented and Classical Software Engineering Seventh Edition, WCB/McGraw-Hill, 2007 Stephen R. Schach srs@vuse.vanderbilt.edu CHAPTER 6 Slide 6.2 TESTING Overview Slide 6.3 Quality issues
More informationFault-Tolerant Computing
Fault-Tolerant Computing Dealing with Low-Level Impairments Slide 1 About This Presentation This presentation has been prepared for the graduate course ECE 257A (Fault-Tolerant Computing) by Behrooz Parhami,
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationTesting. Prof. Clarkson Fall Today s music: Wrecking Ball by Miley Cyrus
Testing Prof. Clarkson Fall 2017 Today s music: Wrecking Ball by Miley Cyrus Review Previously in 3110: Modules Specification (functions, modules) Today: Validation Testing Black box Glass box Randomized
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationThe Future of EDA: Methodology, Tools
The Future of EDA: Methodology, Tools and ds Solutions Sharad Malik Princeton University NSF Future of EDA Workshop July 8-9, 2009 Essence of EDA Tools follow methodology ASIC Design Methodology Standard
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationLecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Fall 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationBinary Decision Diagrams and Symbolic Model Checking
Binary Decision Diagrams and Symbolic Model Checking Randy Bryant Ed Clarke Ken McMillan Allen Emerson CMU CMU Cadence U Texas http://www.cs.cmu.edu/~bryant Binary Decision Diagrams Restricted Form of
More informationLecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Spring 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationThe Problem with Threads
The Problem with Threads Author Edward A Lee Presented by - Varun Notibala Dept of Computer & Information Sciences University of Delaware Threads Thread : single sequential flow of control Model for concurrent
More informationCSE 201 JAVA PROGRAMMING I. Copyright 2016 by Smart Coding School
CSE 201 JAVA PROGRAMMING I Primitive Data Type Primitive Data Type 8-bit signed Two s complement Integer -128 ~ 127 Primitive Data Type 16-bit signed Two s complement Integer -32768 ~ 32767 Primitive Data
More informationA Case Study on Model Checking and Deductive Verification Techniques of Safety-Critical Software
A Case Study on Model Checking and Deductive Verification Techniques of Safety-Critical Software Rovedy A. B. e Silva 1,2, Jose M. Parente de Oliveira 2, and Jorge Sousa Pinto 3 1 Aeronautics and Space
More informationMassive Data Analysis
Professor, Department of Electrical and Computer Engineering Tennessee Technological University February 25, 2015 Big Data This talk is based on the report [1]. The growth of big data is changing that
More informationFinite State Verification. CSCE Lecture 14-02/25/2016
Finite State Verification CSCE 747 - Lecture 14-02/25/2016 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
More informationLecture1: Symbolic Model Checking with BDDs. Edmund M. Clarke, Jr. Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213
Lecture: Symbolic Model Checking with BDDs Edmund M Clarke, Jr Computer Science Department Carnegie Mellon University Pittsburgh, PA 523 Temporal Logic Model Checking Specification Language: A propositional
More information1. Introduction to Model Checking
CSE6009 Model Checking 1. Introduction to Model Checking Scott Uk-Jin Lee Department of Computer Science and Engineering Hanyang University ERICA Campus 2 nd Semester 2015 System Correctness Correctness
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationGarbage Collection (2) Advanced Operating Systems Lecture 9
Garbage Collection (2) Advanced Operating Systems Lecture 9 Lecture Outline Garbage collection Generational algorithms Incremental algorithms Real-time garbage collection Practical factors 2 Object Lifetimes
More informationRace Catcher. Automatically Pinpoints Concurrency Defects in Multi-threaded JVM Applications with 0% False Positives.
Race Catcher US and International Patents Issued and Pending. Automatically Pinpoints Concurrency Defects in Multi-threaded JVM Applications with 0% False Positives. Whitepaper Introducing Race Catcher
More informationRegression testing. Whenever you find a bug. Why is this a good idea?
Regression testing Whenever you find a bug Reproduce it (before you fix it!) Store input that elicited that bug Store correct output Put into test suite Then, fix it and verify the fix Why is this a good
More informationIntroduction to Axiomatic Semantics (1/2)
#1 Introduction to Axiomatic Semantics (1/2) How s The Homework Going? Remember that you can t just define a meaning function in terms of itself you must use some fixed point machinery. #2 #3 Observations
More informationCombining Complementary Formal Verification Strategies to Improve Performance and Accuracy
Combining Complementary Formal Verification Strategies to Improve Performance and Accuracy David Owen June 15, 2007 2 Overview Four Key Ideas A Typical Formal Verification Strategy Complementary Verification
More informationAlloy: A Lightweight Object Modelling Notation
Alloy: A Lightweight Object Modelling Notation Daniel Jackson, ACM Transactions on Software Engineering, 2002 Presented By: Steven Stewart, 2012-January-23 1 Alloy: 2002 to present Software is built on
More informationABSTRACTION ISN T THE ENTIRE STORY
ABSTRACTION ISN T THE ENTIRE STORY CS 045 Computer Organization and Architecture Prof. Donald J. Patterson Adapted from Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition
More informationLIMITATIONS OF COMPUTING. Introduction to Computer Engineering 2015 Spring by Euiseong Seo
LIMITATIONS OF COMPUTING Introduction to Computer Engineering 2015 Spring by Euiseong Seo Where are we? Chapter 1: The Big Picture Chapter 2: Binary Values and Number Systems Chapter 3: Date Representation
More informationHoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré
Hoare Logic COMP2600 Formal Methods for Software Engineering Rajeev Goré Australian National University Semester 2, 2016 (Slides courtesy of Ranald Clouston) COMP 2600 Hoare Logic 1 Australian Capital
More informationSCR: A PRACTICAL METHOD FOR REQUIREMENTS SPECIFICATION
SCR: A PRACTICAL METHOD FOR REQUIREMENTS SPECIFICATION Constance Heitmeyer, Naval Research Laboratory, Washington, DC Abstract A controversial issue in the formal methods research community is the degree
More informationIntroduction & Formal Methods
Introduction & Formal Methods http://d3s.mff.cuni.cz Jan Kofroň CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Introduction to dependable systems NSWE 002 What you learn: Dependable systems
More informationEECS 4313 Software Engineering Testing. Topic 01: Limits and objectives of software testing Zhen Ming (Jack) Jiang
EECS 4313 Software Engineering Testing Topic 01: Limits and objectives of software testing Zhen Ming (Jack) Jiang Acknowledge Some of the contents are from Prof. Alex Orso, Bil Tzerpos and Gunnar Gotshalks
More informationFinite State Verification. CSCE Lecture 21-03/28/2017
Finite State Verification CSCE 747 - Lecture 21-03/28/2017 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
More informationComputing with Infinitely Many Processes under assumptions on concurrency and participation -M.Merritt&G.Taubenfeld. Dean Christakos & Deva Seetharam
Computing with Infinitely Many Processes under assumptions on concurrency and participation -M.Merritt&G.Taubenfeld Dean Christakos & Deva Seetharam November 25, 2003 Abstract This paper explores four
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More informationThe Spin Model Checker : Part I/II
The Spin Model Checker : Part I/II Moonzoo Kim CS Dept. KAIST Korea Advanced Institute of Science and Technology Motivation: Tragic Accidents Caused by SW Bugs 2 Cost of Software Errors June 2002 Software
More information[module 2.2] MODELING CONCURRENT PROGRAM EXECUTION
v1.0 20130407 Programmazione Avanzata e Paradigmi Ingegneria e Scienze Informatiche - UNIBO a.a 2013/2014 Lecturer: Alessandro Ricci [module 2.2] MODELING CONCURRENT PROGRAM EXECUTION 1 SUMMARY Making
More informationBasic Definitions: Testing
Basic Definitions: Testing l What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults a.k.a. BUGS 1 Bugs Hopper s bug (moth stuck in a
More informationSelf Stabilization. CS553 Distributed Algorithms Prof. Ajay Kshemkalyani. by Islam Ismailov & Mohamed M. Ali
Self Stabilization CS553 Distributed Algorithms Prof. Ajay Kshemkalyani by Islam Ismailov & Mohamed M. Ali Introduction There is a possibility for a distributed system to go into an illegitimate state,
More informationState of Practice. Automatic Verification of Embedded Control Software with ASTRÉE and beyond
Automatic Verification of Embedded Control Software with ASTRÉE and beyond Patrick Cousot Jerome C. Hunsaker Visiting Professor Department of Aeronautics and Astronautics, MIT cousot mit edu www.mit.edu/~cousot
More informationINF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen
INF672 Protocol Safety and Verication Karthik Bhargavan Xavier Rival Thomas Clausen 1 Course Outline Lecture 1 [Today, Sep 15] Introduction, Motivating Examples Lectures 2-4 [Sep 22,29, Oct 6] Network
More informationQuality Assurance in Software Development
Quality Assurance in Software Development Qualitätssicherung in der Softwareentwicklung A.o.Univ.-Prof. Dipl.-Ing. Dr. Bernhard Aichernig Graz University of Technology Austria Summer Term 2017 1 / 47 Agenda
More informationModel Checking. Dragana Cvijanovic
Model Checking Dragana Cvijanovic d.cvijanovic@cs.ucl.ac.uk 1 Introduction Computerised systems pervade more and more our everyday lives. Digital technology is now used to supervise critical functions
More informationVerification and Validation. Verification and validation
Verification and Validation Verification and validation Verification and Validation (V&V) is a whole life-cycle process. V&V has two objectives: Discovery of defects, Assessment of whether or not the system
More informationWrite perfect C code to solve the three problems below.
Fall 2017 CSCI 4963/6963 Week 12 David Goldschmidt goldschmidt@gmail.com Office: Amos Eaton 115 Office hours: Mon/Thu 1:00-1:50PM; Wed 1:00-2:50PM Write perfect C code to solve the three problems below.
More informationSoftware Engineering
CSC40232: SOFTWARE ENGINEERING Professor: Jane Cleland Huang : Introduction Wednesday, January 18 th sarec.nd.edu/courses/se2017 Department of Computer Science and Engineering Software Engineering Software
More informationChapter 5 Concurrency: Mutual Exclusion and Synchronization
Operating Systems: Internals and Design Principles Chapter 5 Concurrency: Mutual Exclusion and Synchronization Seventh Edition By William Stallings Designing correct routines for controlling concurrent
More informationAnalyzing BlobFlow: A Case Study Using Model Checking to Verify Parallel Scientific Software
Analyzing BlobFlow: A Case Study Using Model Checking to Verify Parallel Scientific Software Stephen F. Siegel 1 and Louis F. Rossi 2 1 Verified Software Laboratory, Department of Computer and Information
More informationIntroduction In Practice State Explosion Problem Infinity and Uncomputability Techniques References. Model Checking. Toryn Qwyllyn Klassen
Model Checking Toryn Qwyllyn Klassen April 13, 2010 Limitations of testing Testing cannot in general prove that a program works. Some program states are usually not covered. Concurrent systems are particularly
More informationWelcome to Software Analysis and Testing.
Welcome to Software Analysis and Testing. In this course, we will be diving deep into the theory and practice of software analysis, which lies at the heart of many software development processes such as
More informationAssertions. Assertions - Example
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 11/13/2003 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationSoftware Model Checking
20 ans de Recherches sur le Software Model Checking 1989 1994 2006 2009 Université de Liège Bell Labs Microsoft Research Patrice Godefroid Page 1 Mars 2009 Model Checking A B C Each component is modeled
More informationSoftware Testing. 1. Testing is the process of demonstrating that errors are not present.
What is Testing? Software Testing Many people understand many definitions of testing :. Testing is the process of demonstrating that errors are not present.. The purpose of testing is to show that a program
More informationCITS5501 Software Testing and Quality Assurance Formal methods
CITS5501 Software Testing and Quality Assurance Formal methods Unit coordinator: Arran Stewart May 1, 2018 1 / 49 Sources Pressman, R., Software Engineering: A Practitioner s Approach, McGraw-Hill, 2005
More informationTesting. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?
Testing ECE/CS 5780/6780: Embedded System Design Scott R. Little Lecture 24: Introduction to Software Testing and Verification What is software testing? Running a program in order to find bugs (faults,
More informationPROCESS SYNCHRONIZATION
PROCESS SYNCHRONIZATION Process Synchronization Background The Critical-Section Problem Peterson s Solution Synchronization Hardware Semaphores Classic Problems of Synchronization Monitors Synchronization
More informationSoftware Testing: Introduction
Software Testing: Introduction Mohammad Mousavi Halmstad University, Sweden http://bit.ly/tav16 Testing and Verification, January 22, 2016 Outline Organization Why? What? How?, When? Contact information
More informationChapter 3. Set Theory. 3.1 What is a Set?
Chapter 3 Set Theory 3.1 What is a Set? A set is a well-defined collection of objects called elements or members of the set. Here, well-defined means accurately and unambiguously stated or described. Any
More informationTHEORY OF COMPUTATION
Chapter Eleven THEORY OF COMPUTATION Chapter Summary This chapter introduces the subjects of computability as well as problem classification according to (time) complexity. It begins by presenting the
More informationScientific Computing. Error Analysis
ECE257 Numerical Methods and Scientific Computing Error Analysis Today s s class: Introduction to error analysis Approximations Round-Off Errors Introduction Error is the difference between the exact solution
More informationLeveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group
Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group 2014 The MathWorks, Inc. 1 The Cost of Failure News reports: Recall Due to ECU software
More informationSoftware Quality Assurance. David Janzen
Software Quality Assurance David Janzen What is quality? Crosby: Conformance to requirements Issues: who establishes requirements? implicit requirements Juran: Fitness for intended use Issues: Who defines
More informationThe UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN
The UPPAAL Model Checker Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN The aim of this presentation Introduce the basic concepts of model checking from a practical perspective Describe
More informationWHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development
WHITE PAPER 10 Reasons to Use Static Analysis for Embedded Software Development Overview Software is in everything. And in many embedded systems like flight control, medical devices, and powertrains, quality
More informationContext-Switch-Directed Verification in DIVINE
Context-Switch-Directed Verification in DIVINE MEMICS 2014 Vladimír Štill Petr Ročkai Jiří Barnat Faculty of Informatics Masaryk University, Brno October 18, 2014 Vladimír Štill et al. Context-Switch-Directed
More informationPetri Nets ~------~ R-ES-O---N-A-N-C-E-I--se-p-te-m--be-r Applications.
Petri Nets 2. Applications Y Narahari Y Narahari is currently an Associate Professor of Computer Science and Automation at the Indian Institute of Science, Bangalore. His research interests are broadly
More informationFormal Methods in Practice: Tools and Examples
Formal Methods in Practice: Tools and Examples Alessio Ferrari 1 alessio.ferrari@ge.com 1 University of Florence, D.S.I., Florence, Italy November 29, 2009 Ferrari (University of Florence) Formal Methods
More informationMath 340 Fall 2014, Victor Matveev. Binary system, round-off errors, loss of significance, and double precision accuracy.
Math 340 Fall 2014, Victor Matveev Binary system, round-off errors, loss of significance, and double precision accuracy. 1. Bits and the binary number system A bit is one digit in a binary representation
More informationManuel Oriol, CHCRC-C, Software Testing ABB
Manuel Oriol, CHCRC-C, 08.11.2017 Software Testing Slide 1 About me 1998 2004 2005 2008 2011 Slide 2 Introduction Why do we test? Did you have to deal with testing in the past? Slide 3 Ariane 5 http://www.youtube.com/watch?v=kyurqduyepi
More informationUsing TLC to Check Inductive Invariance
Using TLC to Check Inductive Invariance Leslie Lamport 23 August 2018 1 Inductive Invariance Suppose we have a specification with initial predicate Init and next-state predicate Next, so its specification
More information