The ComFoRT Reasoning Framework

Similar documents
CS 510/13. Predicate Abstraction

Precise Buffer Overflow Detection via Model Checking

Software Model Checking. Xiangyu Zhang

Carnegie Mellon Software Engineering Institute. SAT-Based Predicate Abstraction of Programs

Verifying Periodic Programs with Priority Inheritance Locks

Formal Verification of SystemC by Automatic Hardware/Software Partitioning

Formal Verification by Model Checking

Certified Binaries for Software Components

Verifying Concurrent Programs

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Using Counterexample Analysis to Minimize the Number of Predicates for Predicate Abstraction

Fall 2014 SEI Research Review Verifying Evolving Software

Model Checking: Back and Forth Between Hardware and Software

Model Checking with Automata An Overview

Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification

Lecture1: Symbolic Model Checking with BDDs. Edmund M. Clarke, Jr. Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213

Lecture 2: Symbolic Model Checking With SAT

Sérgio Campos, Edmund Clarke

F-Soft: Software Verification Platform

Introduction to CBMC. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel December 5, 2011

Model checking Timber program. Paweł Pietrzak

Predicate Abstraction Daniel Kroening 1

Reasoning Frameworks 1)IS TR 13U T 10 S TAT PFF N TA. Approved for Public Release Distribution Unlimited

Distributed Systems Programming (F21DS1) Formal Verification

Lecture 1: Model Checking. Edmund Clarke School of Computer Science Carnegie Mellon University

Learning-Based Assume-Guarantee Verification (Tool Paper)

Predicate Abstraction of ANSI C Programs using SAT Λ

Static Program Analysis

Interpolation-based Software Verification with Wolverine

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

Lecture 6. Abstract Interpretation

OpenSMT2. A Parallel, Interpolating SMT Solver. Antti Hyvärinen, Matteo Marescotti, Leonardo Alt, Sepideh Asadi, and Natasha Sharygina

Sciduction: Combining Induction, Deduction and Structure for Verification and Synthesis

Model Checking and Its Applications

Over-Approximating Boolean Programs with Unbounded Thread Creation

Verifying Multithreaded Software with Impact

A Counterexample Guided Abstraction Refinement Framework for Verifying Concurrent C Programs

Introduction to CBMC: Part 1

Equivalence Checking of C Programs by Locally Performing Symbolic Simulation on Dependence Graphs

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets)

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Xuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata

Petri Nets ~------~ R-ES-O---N-A-N-C-E-I--se-p-te-m--be-r Applications.

Linear Temporal Logic. Model Checking and. Based on slides developed by Natasha Sharygina. Carnegie Mellon University.

Counterexample Guided Abstraction Refinement in Blast

CS453: Software Verification Techniques

Outline. Introduction SDV Motivation Model vs Real Implementation SLIC SDVRP SLAM-2 Comparisons Conclusions

More on Verification and Model Checking

Model Checking with Abstraction for Web Services

Model Checking. Dragana Cvijanovic

Verified Secure Routing

Scalable Program Verification by Lazy Abstraction

Fully Automatic and Precise Detection of Thread Safety Violations

Efficient Predicate Abstraction Using Parallel Assignments for Software Verification Systems

KRATOS A Software Model Checker for SystemC

Double Header. Two Lectures. Flying Boxes. Some Key Players: Model Checking Software Model Checking SLAM and BLAST

Flight Systems are Cyber-Physical Systems

4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271

Seminar in Software Engineering Presented by Dima Pavlov, November 2010

Design and Analysis of Distributed Interacting Systems

Software Model Checking. From Programs to Kripke Structures

Introduction to Model Checking

Error Explanation with Distance Metrics

A Modal Specification Approach for Assuring the Safety of On-Demand Medical Cyber-Physical Systems

Model-checking with the TimeLine formalism

Having a BLAST with SLAM

Having a BLAST with SLAM

SPIN: Part /614 Bug Catching: Automated Program Verification. Sagar Chaki November 12, Carnegie Mellon University

Edmund Clarke Computer Science Dept., Carnegie Mellon University Pittsburgh, PA, USA

Abstraction techniques for Floating-Point Arithmetic

Modal Logic: Implications for Design of a Language for Distributed Computation p.1/53

Scenario Graphs Applied to Security (Summary Paper)

Having a BLAST with SLAM

A Tutorial on Runtime Verification and Assurance. Ankush Desai EECS 219C

A Theory of Consistency for Modular Synchronous Systems

Main Goal. Language-independent program verification framework. Derive program properties from operational semantics

CalFuzzer: An Extensible Active Testing Framework for Concurrent Programs Pallavi Joshi 1, Mayur Naik 2, Chang-Seo Park 1, and Koushik Sen 1

The Maude LTL Model Checker and Its Implementation

Verification of Tree-Based Hierarchical Read-Copy Update in the Linux Kernel

Runtime assertion checking of multithreaded Java programs

Counterexample Guided Abstraction Refinement via Program Execution

Software Model Checking with Abstraction Refinement

Certified Memory Usage Analysis

Having a BLAST with SLAM

Time-Bounded Analysis of Real- Time Systems

Regression Verification - a practical way to verify programs

CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan

CoVaC: Compiler Verification by Program Analysis of the Cross-Product. Anna Zaks, Amir Pnueli. May 28, FM 08, Turku, Finland

Symbolic Trajectory Evaluation - A Survey

MURPHY S COMPUTER LAWS

Curriculum 2013 Knowledge Units Pertaining to PDC

Scalable Program Analysis Using Boolean Satisfiability: The Saturn Project

Predicate Abstraction of ANSI C Programs using SAT

Predicate Abstraction and Refinement Techniques for Verifying Verilog

From IMP to Java. Andreas Lochbihler. parts based on work by Gerwin Klein and Tobias Nipkow ETH Zurich

Efficient Verification of Sequential and Concurrent C Programs

Applying Idioms for Synchronization Mechanisms Synchronizing communication components for the One-dimensional Heat Equation

! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !

Binary Decision Diagrams and Symbolic Model Checking

Transcription:

Pittsburgh, PA 15213-3890 The ComFoRT Reasoning Framework Sagar Chaki James Ivers Natasha Sharygina Kurt Wallnau

Predictable Assembly from Certifiable Components Enable the development of software systems from software components where: critical runtime attributes e.g., performance and safety, are reliably predicted (predictable assembly) properties of software components needed for prediction are trusted (certifiable components)

PACC Component Technology Idiom Custom code Prefabricated containers Standard interface Interaction constraints Component Runtime Environment Standard runtime Platform The Construction and Composition Language (CCL) formalizes this idiom

PACC Reasoning Frameworks development of analysis techniques Construction and Composition Language (CCL) interpretation transitioning of analysis to practitioners Performance Rate Monotonic Analysis Scheduling Analysis Real Time Queuing Theory Formal Analysis Model Checking

ComFoRT Reasoning Framework Contains a software model checker Copper: - provides new model checking techniques developed for verification of component software - builds on academic tool MAGIC Analysis models are automatically extracted from programs Claims and verification results (counterexamples) are mapped to programs

Verification Domain High-level designs (CCL programs) and C programs Sequential and concurrent Communication via shared actions Synchronous communication Asynchronous execution

Copper Capabilities State/Event-based Verification leverages distinction between data and communication actions Compositional Deadlock Detection automated deadlock detection that ensures sound abstractions and acts as a space reduction procedure Verification of Evolving Systems automated component substitutability checks

ComFoRT Underlying Framework CCL/C Program Abstraction Model Checker No error or bug found Counterexample Refinement Validation Validation sucessful Bug found Spurious counterexample

ComFoRT Underlying Framework CCL/C Program Abstraction Model Checker No error or bug found Counterexample Refinement Validation Validation sucessful Bug found Spurious counterexample

State/Event-based Model Checking (IFM04) Labeled Kripke Structures Every state is labeled with a set of atomic propositions, P, true in the state Every LKS comes with an alphabet of actions, Σ b a b 0,1 a 1,1 1,0 c State/Event LTL and State/Event AW formalisms 0,0 Efficient model checking algorithms for SE-LTL and SE-AW employing the compositional abstractionrefinement framework

State/Event-based Model Checking Labeled Kripke Structures Every state is labeled with a set of atomic propositions, P, true in the state Every LKS comes with an alphabet of actions, Σ b a b 0,1 a 1,1 1,0 c State/Event LTL and State/Event AW formalisms 0,0 State/Event-based Software Model Checking, In Proceedings of IFM Integrated Formal Methods 2004 Conference, by Sagar Chaki, Edmund Clarke, Joel Ouaknine, Natasha Sharygina and Nishant Sinha.

Surge Protector : State/Event m2 m1 c0 c1 m0 c0 m1 m2 m=0 m=1 m=2 m0 m1 m0 m2 c0 c1 c2 Changes of current beyond threshold are disallowed G ((c2 m=2) & (c1 (m=1 V m=2)))

Surge Protector : State Only m=0 m=1 m=2 c=0 c=0 c=0 m=0 m=1 m=2 c=1 c=1 c=1 m=0 m=1 m=2 c=2 c=2 c=2 G (((c=0 V c=2) & X (c=1)) (m=1 V m=2)) & G (((c=0 V c=1) & X (c=2)) m=2)

Deadlock Detection (MEMOCODE 04) Deadlocks are not preserved by abstraction Abstraction refinement does not work c a 1 2 b 3 a,b,c [1,2,3] {b} {a,c} {a,b,c} AbsRef={a,b,c} Copper: Deadlock=AbsRef(s) = Σ to preserve deadlock the abstract model over-approximates not just what concrete program can do but also what it refuses

Compositional Deadlock Detection Deadlock is inherently non-compositional Can t say anything by looking at components individually Copper: AbsRef(A 1,A 2 ) = AbsRef(A 1 ) U AbsRef( A 2 ) Abstract deadlock - reachable state s such that AbsRef(s) = Σ Copper: No abstract deadlock in abstract models deadlock in concrete models No Automated, compositional and iterative deadlock detection, In Proceedings of the Conference on Formal Methods for Codesign (MEMOCODE) 2004, by Sagar Chaki, Edmund Clarke, Joel Ouaknine and Natasha Sharygina

Component Substitutability Check Original Component Upgraded Component Lost Behaviors Identical Behaviors New Behaviors Containment check (Local correctness) Are all local old services (properties) of the verified component contained in the upgraded component?

Component Substitutability Check Original Component Upgraded Component Lost Behaviors Identical Behaviors New Behaviors Compatibility Check (Global safety check) Are new services of the upgraded component safe with respect to other components in assembly: all global specifications still hold?

Substitutability Check Approach Procedure for checking simultaneous upgrades of multiple components (FM 04) - Abstraction (under- and over- approximations) for the component containment check - Compositional reasoning + learning regular sets for automated compatibility check Procedure for checking individual component upgrades (SAVCBS 04) - Algorithms based on learning regular sets technique for the component containment and compatibility tests

Substitutability Check Approach Procedure for checking simultaneous upgrades of multiple components - Abstraction (under- and over- approximations) for the component containment check - Compositional reasoning + learning regular sets for automated compatibility check Dynamic Component Substitutability Analysis, In Proceedings of FM 2005 Formal Methods Conference, by Sagar Chaki, Ed Clarke, Natasha Sharygina and Nishant Sinha. Verification of Evolving Software, In Proceedings of SAVCBS 2004 by Sagar Chaki, Natasha Sharygina and Nishant Sinha

Applications IPC Module Deployed by a world leader in robotics Discovered synchronization bug under which senders would receive the wrong answer to their requests Problem had remained undetected for seven years prior to independent discovery by business unit Case Study: Micro-C OS Real-time OS for embedded applications - 6000+ LOC, widely used Verified locking discipline Found four bugs - Missing unlock and return - Three already reported

Ongoing and Future Work Use a SAT solver for computing abstraction - Semantics of bit-wise operators is taken into account Use of pattern languages for specifying properties Integrated Abstraction and Compositional reasoning Component certification

ComFoRT Resources ComFoRT tools http://www.sei.cmu.edu/pacc/comfort.html Ongoing industrial & academic collaborations Prof. Edmund Clarke and his model checking group, Prof. Peter Lee at CMU Prof. Dr. Daniel Kroening from ETH Zurich Industrial corporate research centers developing embedded controllers Conference and Journal publications

References Overview of ComFoRT: A Model Checking Reasoning Framework, CMU/SEI Tech. Report SEI-2004-TN-018 by James Ivers and Natasha Sharygina State/Event-based Software Model Checking, In Proceedings of IFM Integrated Formal Methods 2004 International Conference, by Sagar Chaki, Edmund Clarke, Joel Ouaknine, Natasha Sharygina and Nishant Sinha. Automated, compositional and iterative deadlock detection, In Proceedings of the Second ACM-IEEE International Conference on Formal Methods for Codesign (MEMOCODE) 2004, by Sagar Chaki, Edmund Clarke, Joel Ouaknine and Natasha Sharygina Dynamic Component Substitutability Analysis, In Proceedings of FM 2005 Formal Methods Conference, by Sagar Chaki, Ed Clarke, Natasha Sharygina and Nishant Sinha.

References Verification of Evolving Software, In Proceedings of SAVCBS 2004 by Sagar Chaki, Natasha Sharygina and Nishant Sinha Snapshot of CCL: A Language for Predictable Assembly, In CMU/SEI TR-2002-TR-031, by James Ivers and Kurt Wallnau A Technology for Predictable Assembly from Certifiable Components (PACC), In CMU/SEI-TR-2003-TR-009, by Kurt Wallnau SAT-based predicate abstraction for ANSI-C, In Formal Methods System Design Journal, Vol. 25(2), 2004, by Daniel Kroening, Ed Clarke, Natasha Sharygina and Karen Yorav.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback