Having a BLAST with SLAM

Similar documents
Having a BLAST with SLAM

Having a BLAST with SLAM

Having a BLAST with SLAM

Scalable Program Verification by Lazy Abstraction

Software Model Checking with Abstraction Refinement

CS 510/13. Predicate Abstraction

Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement. Having a BLAST with SLAM. Combining Strengths. SLAM Overview SLAM

Software Model Checking. Xiangyu Zhang

Double Header. Two Lectures. Flying Boxes. Some Key Players: Model Checking Software Model Checking SLAM and BLAST

Counterexample Guided Abstraction Refinement in Blast

Predicate Abstraction Daniel Kroening 1

Static Program Analysis

On Reasoning about Finite Sets in Software Checking

No model may be available. Software Abstractions. Recap on Model Checking. Model Checking for SW Verif. More on the big picture. Abst -> MC -> Refine

Verifying Multithreaded Software with Impact

Predicate Refinement Heuristics in Program Verification with CEGAR

Introduction to Axiomatic Semantics (1/2)

Software Model Checking. From Programs to Kripke Structures

Introduction to Axiomatic Semantics (1/2)

Proofs from Tests. Nels E. Beckman, Aditya V. Nori, Sriram K. Rajamani, Robert J. Simmons, SaiDeep Tetali, Aditya V. Thakur

4/24/18. Overview. Program Static Analysis. Has anyone done static analysis? What is static analysis? Why static analysis?

Formal Systems Tutorial Hybrid System Modeling, Program Analysis

Outline. Introduction SDV Motivation Model vs Real Implementation SLIC SDVRP SLAM-2 Comparisons Conclusions

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Model Checking with Abstract State Matching

F-Soft: Software Verification Platform

More on Verification and Model Checking

Type Theory meets Effects. Greg Morrisett

Program Static Analysis. Overview

Program Verification. Aarti Gupta

Proofs from Tests. Sriram K. Rajamani. Nels E. Beckman. Aditya V. Nori. Robert J. Simmons.

Sliced Path Prefixes: An Effective Method to Enable Refinement Selection

The software model checker BLAST

Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification

Software Model Checking with SLAM

Using Counterexample Analysis to Minimize the Number of Predicates for Predicate Abstraction

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

TRACER: A Symbolic Execution Tool for Verification

Towards a Software Model Checker for ML. Naoki Kobayashi Tohoku University

The Pointer Assertion Logic Engine

School of Computer & Communication Sciences École Polytechnique Fédérale de Lausanne

CUTE: A Concolic Unit Testing Engine for C

Verifying Concurrent Programs

Automatically Validating Temporal Safety Properties of Interfaces

Areas related to SW verif. Trends in Software Validation. Your Expertise. Research Trends High level. Research Trends - Ex 2. Research Trends Ex 1

An Eclipse Plug-in for Model Checking

In Our Last Exciting Episode

CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan

Program verification. Generalities about software Verification Model Checking. September 20, 2016

Basic Verification Strategy

Programming Languages

Abstract Interpretation

Reachability Analysis for Annotated Code

TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS*

Checking Memory Safety with Blast

Automatic Software Verification

Lecture 2: Symbolic Model Checking With SAT

Introduction to Axiomatic Semantics

Reasoning about programs

Main Goal. Language-independent program verification framework. Derive program properties from operational semantics

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise

Permissive Interfaces

Program Verification (6EC version only)

4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271

Propositional Calculus. Math Foundations of Computer Science

Symbolic Evaluation/Execution

Introduction. Preliminaries. Original IC3. Tree-IC3. IC3 on Control Flow Automata. Conclusion

Model Checking Embedded C Software using k-induction and Invariants

PROGRAM ANALYSIS & SYNTHESIS

SYNERGY : A New Algorithm for Property Checking

Finite State Verification. CSCE Lecture 14-02/25/2016

Static program checking and verification

Formal Methods. CITS5501 Software Testing and Quality Assurance

Bounded Model Checking Of C Programs: CBMC Tool Overview

Part II: Atomicity for Software Model Checking. Analysis of concurrent programs is difficult (1) Transaction. The theory of movers (Lipton 75)

Automated Debugging with Error Invariants

Verifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China

Lecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning

Interpolation-based Software Verification with Wolverine

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

Lecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning

Softwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24

Ivy: Safety Verification by Interactive Generalization

Static Program Analysis Part 1 the TIP language

CS521 \ Notes for the Final Exam

Hoare Logic: Proving Programs Correct

On partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency

Lazy Abstraction with Interpolants

Reading Assignment. Symbolic Evaluation/Execution. Move from Dynamic Analysis to Static Analysis. Move from Dynamic Analysis to Static Analysis

Tree Interpolation in Vampire

Symbolic Execution and Verification Conditions. Review of Verification Conditions. Survey from Homework 4. Time spent: 7.1 hrs (mean), 6 hrs (median)

Finite State Verification. CSCE Lecture 21-03/28/2017

Overview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Abstraction Learning

Distributed Systems Programming (F21DS1) Formal Verification

Hoare logic. A proof system for separation logic. Introduction. Separation logic

Model Checking with Automata An Overview

Synchronizing the Asynchronous

On Reasoning About Finite Sets in Software Model Checking

Advances in Programming Languages

Transcription:

Having a BLAST with SLAM #

#2 Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement There are easily two dozen SLAM/BLAST/MAGIC papers; I will skim.

#3 SLAM Overview INPUT: Program and Specification Standard C Program (pointers, procedures) Specification = Partial Correctness Given as a finite state machine (typestate) I use locks correctly, not I am a webserver OUTPUT: Verified or Counterexample Verified = program does not violate spec Can come with proof! Counterexample = concrete bug instance A path through the program that violates the spec

# Take-Home Message SLAM is a software model checker. It abstracts C programs to boolean programs and model-checks the boolean programs. No errors in the boolean program implies no errors in the original. An error in the boolean program may be a real bug. Or SLAM may refine the abstraction and start again.

#5 Property : Double Locking lock unlock unlock lock An attempt to re-acquire an acquired lock or release a released lock will cause a deadlock. Calls to lock and unlock must alternate.

Property 2: Drop Root Privilege [Chen-Dean-Wagner 02] User applications must not run with root privilege When execv is called, must have suid 0 #6

Property 3 : IRP Handler IRP accessible MPR2 start NP MPR3 synch not pending returned CallDriver MPR NP MPR completion Skip prop completion no prop completion SKIP CallDriver PPC N/A CallDriver CallDriver Complete request CallDriver SKIP2 IPC DC N/A synch return child status return not Pend MPR3 CallDriver start P synch MPR MPR2not pending returned NP MPR completion Mark Pending Skip prop completion CallDriver SKIP PPC CallDriver CallDriver Complete request SKIP2 IPC DC return Pending no prop completion N/A CallDriver [Fahndrich] #7

#8 Example SLAM Input Example ( ) { : do{ lock(); old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; unlock(); new ++; : while(new!= old); 5: unlock (); return; unlock lock unlock lock

#9 SLAM in a Nutshell SLAM(Program p, Spec s) = Program q = incorporate_spec(p,s); mutable PredicateSet abs = { ; while true do BooleanProgram b = abstract(q,abs); match model_check(b) with No_Error! printf( no bug ); exit(0) Counterexample(c)! if is_valid_path(c, p) then printf( real bug ); exit() else abs à abs [ new_preds(c) done // program // slic // c2bp // bebop // newton // newton

Incorporating Specs Example ( ) { : : do{ lock(); old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new ++; : : while(new!=!= old); 5: 5: unlock (); return; lock unlock 0 unlock ERR lock Example ( ) { : do{ if if L= goto ERR; else L=; old = new; q = q->next; 2: if (q!= NULL){ 3: q->data = new; if if L=0 goto ERR; else L=0; new ++; : while(new!= old); 5: if if L=0 goto ERR; else L=0; Original program return; violates spec iff ERR: abort(); new program reaches ERR #0

Program As Labeled Transition System State Transition pc lock old new q 3 5 5 0x33a 3: 3: unlock(); new++; : pc lock old new q 5 6 0x33a Example ( ) { : : do do { lock(); old old = new; new; q = q->next; 2: 2: if if (q (q!=!= NULL){ NULL){ 3: 3: q->data = new; new; unlock(); new new ++; ++; : : while(new!=!= old); old); 5: 5: unlock unlock (); (); return; #

The Safety Verification Problem Error (e.g., states with PC = Err) Safe States (never reach Error) Initial Is there a path from an initial to an error state? Problem: Infinite state graph (old=, old=2, old= ) Solution : Set of states ' logical formula #2

Representing [Sets of States] as Formulas [F] states satisfying F {s s ² F F FO fmla over prog. vars [F ] Å [F 2 ] F Æ F 2 [F ] [ [F 2 ] F Ç F 2 [F] : F [F ] µ [F 2 ] F ) F 2 i.e. F Æ: F 2 unsatisfiable #3

# Idea : Predicate Abstraction Predicates on program state: lock (i.e., lock=true) old = new States satisfying same predicates are equivalent Merged into one abstract state #abstract states is finite Thus model-checking the abstraction will be feasible!

#5 Abstract States and Transitions State pc lock old new q 3 5 5 0x33a 3: 3: unlock(); new++; : pc lock old new q 5 6 0x33a lock old=new Theorem Prover : lock : old=new

Abstraction State c c 2 pc lock old new q 3 5 5 0x33a 3: 3: unlock(); new++; : pc lock old new q 5 6 0x33a A A 2 Existential Lifting (i.e., A!A 2 iff 9c 2A. 9c 2 2A 2. c!c 2 ) lock old=new Theorem Prover : lock : old=new #6

#7 Abstraction State pc lock old new q 3 5 5 0x33a 3: 3: unlock(); new++; : pc lock old new q 5 6 0x33a lock old=new : lock : old=new

#8 Analyze Abstraction Analyze finite graph Over Approximate: Safe ) System Safe No false negatives Problem Spurious counterexamples

#9 Idea 2: Counterex.-Guided Refinement Solution Use spurious counterexamples to refine abstraction!

#20 Idea 2: Counterex.-Guided Refinement Solution Use spurious counterexamples to refine abstraction. Add predicates to distinguish states across cut 2. Build refined abstraction Imprecision due to merge

#2 Iterative Abstraction-Refinement Solution Use spurious counterexamples to refine abstraction [Kurshan et al 93] [Clarke et al 00] [Ball-Rajamani 0]. Add predicates to distinguish states across cut 2. Build refined abstraction -eliminates counterexample 3. Repeat search Untill real counterexample or system proved safe

#22 Problem: Abstraction is Expensive Reachable Problem #abstract states = 2 #predicates Exponential Thm. Prover queries Observe Fraction of state space reachable #Preds ~ 00 s, #States ~ 2 00, #Reach ~ 000 s

#23 Solution: Only Abstract Reachable States Safe Problem #abstract states = 2 #predicates Exponential Thm. Prover queries Solution Build abstraction during search

#2 Solution2: Don t Refine Error-Free Regions Error Free Problem #abstract states = 2 #predicates Exponential Thm. Prover queries Solution Don t refine error-free regions

Q: Books (70 / 82) In T.S. Eliot's 939 Old Possum's Book Of Pratical Cats, this "mystery cat is called the hidden paw / for he's a master criminal who can defy the law."

Q: Computer Science This American Turing award winner is sometimes called the father of analysis of algorithms, and is known for popularizing asymptotic notation, creating TeX, and codeveloping a popular a string search algorithm. His most famous work is The Art of Computer Programming.

#27 Key Idea: Reachability Tree Initial 2 Unroll Abstraction. Pick tree-node (=abs. state) 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off 3 3 5 Find min infeasible suffix - Learn new predicates - Rebuild subtree with new preds.

#28 Key Idea: Reachability Tree Initial 2 Unroll Abstraction. Pick tree-node (=abs. state) 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off 3 6 5 3 3 7 Find min infeasible suffix - Learn new predicates - Rebuild subtree with new preds. Error Free

#29 Key Idea: Reachability Tree Initial 2 Unroll. Pick tree-node (=abs. state) 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off 3 6 5 3 3 7 8 8 Find min spurious suffix - Learn new predicates - Rebuild subtree with new preds. Error Free SAFE S: Only Abstract Reachable States S2: Don t refine error-free regions

Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); : LOCK Predicates: LOCK Reachability Tree #30

Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); lock() old = new q=q->next 2 : LOCK LOCK 2 Predicates: LOCK Reachability Tree #3

Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); [q!=null] 3 2 LOCK : LOCK LOCK 2 3 Predicates: LOCK Reachability Tree #32

Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); q->data = new unlock() new++ 3 2 LOCK : LOCK : LOCK LOCK 2 3 Predicates: LOCK Reachability Tree #33

Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); 3 2 LOCK : LOCK : LOCK LOCK [new==old] 5 5 : LOCK 2 3 Predicates: LOCK Reachability Tree #3

Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); 3 2 LOCK : LOCK : LOCK LOCK 5 2 3 Predicates: LOCK 5 : LOCK unlock() : LOCK Reachability Tree #35

Analyze Counterexample Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); 3 2 LOCK : LOCK : LOCK LOCK lock() old = new q=q->next [q!=null] q->data = new unlock() new++ [new==old] 5 5 : LOCK unlock() 2 3 Predicates: LOCK : LOCK Reachability Tree #36

Analyze Counterexample Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); 5 2 3 Predicates: LOCK 3 5 2 LOCK : LOCK : LOCK : LOCK : LOCK LOCK old = new new++ [new==old] Inconsistent new == old Reachability Tree #37

Repeat Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); : LOCK Predicates: LOCK, new==old Reachability Tree #38

Repeat Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); LOCK, new==old 2 : LOCK lock() old = new q=q->next 2 Predicates: LOCK, new==old Reachability Tree #39

Repeat Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); LOCK, new==old 2 LOCK, new==old 3 : LOCK, : new = old : LOCK q->data = new unlock() new++ 2 3 Predicates: LOCK, new==old Reachability Tree #0

Repeat Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); LOCK, new==old 2 LOCK, new==old 3 : LOCK, : new = old [new==old] : LOCK 2 3 Predicates: LOCK, new==old Reachability Tree #

Repeat Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); : LOCK LOCK, new==old 2 LOCK, new==old 3 : LOCK, : new = old [new!=old] 2 3 Predicates: LOCK, new==old : LOCK, : new == old Reachability Tree #2

Repeat Build-and-Search Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); LOCK, new==old LOCK, new==old 3 : LOCK, : new = old 2 : LOCK LOCK, new=old SAFE 5 2 3 Predicates: LOCK, new==old : LOCK, : new == old 5 : LOCK, new==old Reachability Tree #3

# Key Idea: Reachability Tree Initial 2 Unroll. Pick tree-node (=abs. state) 2. Add children (=abs. successors) 3. On re-visiting abs. state, cut-off 3 6 5 3 3 7 8 8 Find min spurious suffix - Learn new predicates - Rebuild subtree with new preds. Error Free SAFE S: Only Abstract Reachable States S2: Don t refine error-free regions

Two handwaves Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); LOCK, new==old LOCK, new==old 3 : LOCK, : new = old 2 : LOCK LOCK, new=old SAFE 5 2 3 Predicates: LOCK, new==old : LOCK, : new == old 5 : LOCK, new==old Reachability Tree #5

Two handwaves Example ( ) { : : do{ do{ lock(); old old = new; : LOCK q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: Q. 3: q->data How = new; to compute successors? unlock(); LOCK, new==old 2 new new ++; ++; :while(new!=!= old); LOCK, new==old 3 5: 5: unlock (); q->data (); = new unlock() : LOCK, : new = old new++ LOCK, new=old SAFE 5 2 3 Predicates: LOCK, new==old : LOCK, : new == old 5 : LOCK, new==old Reachability Tree #6

Two handwaves Example ( ) { : : do{ do{ lock(); old old = new; : LOCK q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: Q. 3: q->data How = new; to compute successors? unlock(); LOCK, new==old 2 new new ++; ++; :while(new!=!= old); LOCK, new==old 3 5: 5: unlock (); (); : LOCK, : new = old LOCK, new=old SAFE Q. How to find predicates? 5 Refinement : LOCK, new==old 2 3 Predicates: LOCK, new==old : LOCK, : new == old 5 #7

Two handwaves Example ( ) { : : do{ do{ lock(); old old = new; : LOCK q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: Q. 3: q->data How = new; to compute successors? unlock(); LOCK, new==old 2 new new ++; ++; :while(new!=!= old); LOCK, new==old 3 5: 5: unlock (); (); : LOCK, : new = old LOCK, new=old SAFE 5 Refinement 2 3 Predicates: LOCK, new==old : LOCK, : new == old 5 : LOCK, new==old #8

#9 Weakest Preconditions WP(P,OP) Weakest formula P s.t. if P is true before OP then P is true after OP OP [WP(P, OP)] [P]

#50 Weakest Preconditions WP(P,OP) Weakest formula P s.t. if P is true before OP then P is true after OP OP [WP(P, OP)] [P] Assign x = e P[e/x] P new+ = old new = old new = new+

How to compute successor? Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); LOCK, new==old : LOCK, : new = old 3 F OP? For each p Check if p is true (or false) after OP Q: When is p true after OP? - If WP(p, OP) is true before OP! - We know F is true before OP - Thm. Pvr. Query: F ) WP(p, OP) Predicates: LOCK, new==old #5

How to compute successor? Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); 7 7 LOCK, new==old 3 F OP? For each p Check if p is true (or false) after OP Q: When is p false after OP? - If WP(: p, OP) is true before OP! - We know F is true before OP - Thm. Pvr. Query: F ) WP(: p, OP) Predicates: LOCK, new==old #52

How to compute successor? Example ( ) { : : do{ do{ lock(); old old = new; q = q->next; 2: 2: if if (q (q!=!= NULL){ 3: 3: q->data = new; unlock(); new new ++; ++; :while(new!=!= old); 5: 5: unlock (); (); Predicate: new==old LOCK, new==old : LOCK, : new = old 3 F OP? For each p Check if p is true (or false) after OP Q: When is p false after OP? - If WP(: p, OP) is true before OP! - We know F is true before OP - Thm. Pvr. Query: F ) WP(: p, OP) True? (LOCK, new==old) ) (new + = old) NO False? (LOCK, new==old) ) (new + old) YES #53

#5 Advanced SLAM/BLAST Too Many Predicates - Use Predicates Locally Counter-Examples - Craig Interpolants Procedures - Summaries Concurrency - Thread-Context Reasoning

#55 SLAM Summary ) Instrument Program With Safety Policy 2) Predicates = { 3) Abstract Program With Predicates Use Weakest Preconditions and Theorem Prover Calls ) Model-Check Resulting Boolean Program Use Symbolic Model Checking 5) Error State Not Reachable? Original Program Has No Errors: Done! 6) Check Counterexample Feasibility Use Symbolic Execution 7) Counterexample Is Feasible? Real Bug: Done! 8) Counterexample Is Not Feasible? ) Find New Predicates (Refine Abstraction) 2) Goto Line 3

Optional: SLAM Weakness : F() { 2: int x=0; 3: lock(); : do x++; 5: while (x 88); 6: if (x < 77) 7: lock(); 8: Preds = {, Path = 23567 [x=0, :x+ 88, x+<77] Preds = {x=0, Path = 23567 [x=0, :x+ 88, x+<77] Preds = {x=0, x+=88 Path = 235567 [x=0, :x+2 88, x+2<77] Preds = {x=0,x+=88,x+2=88 Path = 2355567 Result: the predicates count the loop iterations #56

#57 Homework Read Winskel Chapter 2 Read Hoare paper Read Spolsky article

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback