Ruzica Piskac Yale University

Similar documents
Lecture Notes on Real-world SMT

Writing better code Loop invariants Correctness. John Edgar 2

From Z3 to Lean, Efficient Verification

Synthesis using Variable Elimination

Software Security: Vulnerability Analysis

Warm-Up Problem. Let be a set of well-formed Predicate logic formulas. Let be well-formed Predicate logic formulas. Prove or disprove the following.

Basic Verification Strategy

Computer-Aided Program Design

Static program checking and verification

6. Hoare Logic and Weakest Preconditions

Program Verification. Aarti Gupta

Cover Page. The handle holds various files of this Leiden University dissertation

SMT-based Verification of Heap-manipulating Programs

On Interactive Synthesis of Code Snippets

Verification Condition Generation

CS 161 Computer Security

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Introduction to CS 270 Math Foundations of CS

Advances in Programming Languages

Lecture 10 Design by Contract

Introduction & Formal Methods

Program verification. Generalities about software Verification Model Checking. September 20, 2016

Formal methods What are they? Uses Tools Application to software development

Intro to Proving Absence of Errors in C/C++ Code

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Model Checking. Automatic Verification Model Checking. Process A Process B. when not possible (not AI).

Chapter 3 (part 3) Describing Syntax and Semantics

Automatic Generation of Program Specifications

Softwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24

Outline. software testing: search bugs black-box and white-box testing static and dynamic testing

C07: Testing and JUnit

Proof Carrying Code(PCC)

Functional Programming in Coq. Nate Foster Spring 2018

Basic Definitions: Testing

A Case Study on Model Checking and Deductive Verification Techniques of Safety-Critical Software

Decision Procedures in First Order Logic

Lecture 5 - Axiomatic semantics

Reachability Analysis for Annotated Code

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Software Testing Lecture 1. Justin Pearson

Introduction: Software Testing and Quality Assurance

Reasoning about programs

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise

FreePascal changes: user documentation

An Annotated Language

a correct statement? You need to know what the statement is supposed to do.

Principles of Program Analysis. Lecture 1 Harry Xu Spring 2013

Java Modelling Language (JML) References

Advances in Programming Languages

Softwaretechnik. Program verification. Software Engineering Albert-Ludwigs-University Freiburg. June 30, 2011

9.5 Equivalence Relations

Program Validation and Testing

Software Quality Assurance

Chapter 1. Introduction

Correctness of specifications. Correctness. Correctness of specifications (2) Example of a Correctness Proof. Testing versus Correctness Proofs

Runtime Checking for Program Verification Systems

An Approach to Behavioral Subtyping Based on Static Analysis

The experimental guide: comparing automatic test generation with manual test generation from UML state machine diagrams of a vending machine program

Java Modelling Language (JML) References

Formal Systems II: Applications

Program Verification (6EC version only)

Program Static Analysis. Overview

Abstract Interpretation

Combining Coq and Gappa for Certifying FP Programs

Outline. Introduction. 2 Proof of Correctness. 3 Final Notes. Precondition P 1 : Inputs include

Testing, Debugging, and Verification

Formal Verification. Lecture 10

Rethinking Automated Theorem Provers?

Specification and Analysis of Contracts Tutorial

Specifications. Prof. Clarkson Fall Today s music: Nice to know you by Incubus

Push-button verification of Files Systems via Crash Refinement

JML tool-supported specification for Java Erik Poll Radboud University Nijmegen

There are three basic elements in object oriented programming: encapsulation, inheritance and polymorphism.

Solving Computations. Viktor Kuncak. PhD MIT,

Review for Test 1 (Chapter 1-5)

[Ch 6] Set Theory. 1. Basic Concepts and Definitions. 400 lecture note #4. 1) Basics

Modules and Representation Invariants

4/24/18. Overview. Program Static Analysis. Has anyone done static analysis? What is static analysis? Why static analysis?

Plan of the lecture. Quick-Sort. Partition of lists (or using extra workspace) Quick-Sort ( 10.2) Quick-Sort Tree. Partitioning arrays

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Lecture 11 Lecture 11 Nov 5, 2014

The University of Iowa Fall CS:5810 Formal Methods in Software Engineering. Introduction

Generalized Verification Support for Magic Wands

Lectures 20, 21: Axiomatic Semantics

Model Checking and Its Applications

A greedy, partially optimal proof of the Heine-Borel Theorem

Integrating verification in programming languages

Automating Construction of Provably Correct Software Viktor Kuncak

Combining Static and Dynamic Contract Checking for Curry

Testing, Debugging, and Verification

Verifying Java Programs Verifying Java Programs with KeY

A short manual for the tool Accumulator

On Resolution Proofs for Combinational Equivalence Checking

Seminar in Software Engineering Presented by Dima Pavlov, November 2010

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Static Analysis Techniques

Main Goal. Language-independent program verification framework. Derive program properties from operational semantics

Verifying the Safety of Security-Critical Applications

CSE 331 Midterm Exam Sample Solution 2/18/15

From OCL to Propositional and First-order Logic: Part I

Transcription:

Ruzica Piskac Yale University

Why Software Verification? Maiden flight of the Ariane 5 rocket on the 4th of June 1996 The reason for the explosion was a software error Financial loss: $500,000,000 (including indirect costs: $2,000,000,000)

Air Transport

Examples of Software Errors Radio Therapy Machine software error 6 people overdosed Year 2010 Bug 30 million debit and credit cards have been rendered unreadable by the software bug software in modern cars >100K LOC 2006: error in pump control software 128000 vehicles recalled link

Financial Impact of Software Errors Recent research at Cambridge University (2013, link) showed that the global cost of software bugs is around 312 billion of dollars annually Goal: to increase software reliability

How to obtain Software Reliability? Testing, testing, testing, Many software errors are detected this way Does not provide any correctness guarantee Murphy s Law Verification Provides a formal mathematical proof that a program is correct w.r.t. a certain property A formally verified program will work correctly for every given input Verification is algorithmically very hard task (problem is in general undecidable)

A Mathematical Proof of Program Correctness? public void add (Object x) Can you verify my program? { Node e = new Node(); e.data = x; Which property are you interested in? e.next = root; root = e; size = size + 1; }

Example Questions in Verification Will the program crash? Does it compute the correct result? Does it leak private information? How long does it take to run? How much power does it consume? Will it turn off automated cruise control?

A Mathematical Proof of Program Correctness? I just want to be sure that public void add (Object x) no element is lost in the list if I insert an element, it { is really there Node e = new Node(); e.data = x; e.next = root; root = e; size = size + 1; }

A Mathematical Proof of Program Correctness? //: L = data[root.next*] public void add (Object x) { } Node e = new Node(); e.data = x; e.next = root; root = e; size = size + 1; Let L be a set (a multiset) of all elements stored in the list

A Mathematical Proof of Program Correctness? Annotations //: L = data[root.next*] //: invariant: size = card L public void add (Object x) //: ensures L = old L + {x} { Node e = new Node(); e.data = x; e.next = root; root = e; size = size + 1; }

Annotations Written by a programmer or a software analyst Added to the original program code to express properties that allow reasoning about the programs Examples: Preconditions: Describe properties of an input Postconditions: Describe what the program is supposed to do Invariants: Describe properties that have to hold in every program point

Decision Procedures for Collections //: L = data[root.next*] //: invariant: size = card L public void add (Object x) //: ensures L = old L + {x} { Node e = new Node(); e.data = x; e.next = root; root = e; size = size + 1; } Prove that the following formula always holds: X. L. X = 1 L X = L + 1 Verification condition

Verification Conditions Mathematical formulas derived based on: Code Annotations If a verification condition always holds (valid), then to code is correct w.r.t. the given property It does not depend on the input variables If a verification condition does not hold, we should be able to detect an error in the code

Verification Condition: Example //: assume (x > 0) def simple (Int x) //: ensures y > 0 {?? return y }

Verification Condition: Example //: assume (x > 0) def simple (Int x) //: ensures y > 0 { val y = x - 2 return y } Verification condition: x. y. x > 0 y = x - 2 y > 0

Verification Condition: Example //: assume (x > 0) def simple (Int x) //: ensures y > 0 { val y = x - 2 return y } Verification condition: x. y. x > 0 y = x - 2 y > 0 Preconditions

Verification Condition: Example //: assume (x > 0) def simple (Int x) //: ensures y > 0 { val y = x - 2 return y } Verification condition: x. y. x > 0 y = x - 2 y > 0 Program

Verification Condition: Example //: assume (x > 0) def simple (Int x) //: ensures y > 0 { val y = x - 2 return y } Verification condition: x. y. x > 0 y = x - 2 y > 0 Postconditions

Verification Condition: Example //: assume (x > 0) def simple (Int x) //: ensures y > 0 { val y = x - 2 return y } Verification condition: Formula does not hold for input x = 1 x. y. x > 0 y = x - 2 y > 0

Automation of Verification Windows XP has approximately 45 millions lines of source code 300.000 DIN A4 papers 12m high paper stack Verification should be automated!!!

Software Verification correct annotations program verifier formulas theorem prover no Prove formulas automatically! 22

Decision Procedures satisfiable(model) formula in some logic theorem prover unsatisfiable (proof) A decision procedure is an algorithm which answers whether the input formula is satisfiable or not formula x y is satisfiable for x=0, y=1 formula x y x 1 y 1 is unsatisfiable 23

Combining Various Logics //: L = data[root.next*] //: invariant: size = card L public void add (Object x) //: ensures L = old L + {x} { Node e = new Node(); e.data = x; e.next = root; root = e; size = size + 1; } 24

Combining Various Logics //: L = data[root.next*] //: invariant: size = card L public void add (Object x) //: ensures L = old L + {x} { } Node e = new Node(); e.data = x; e.next = root; root = e; size = size + 1; Verification condition: next 0 *(root 0,n) x {data 0 (v) next 0 *(root 0,v)} next=next 0 [n:=root 0 ] data=data 0 [n:=x] {data(v). next*(n,v)} = {data 0 (v). next 0 *(root 0,v)} + 1 25

Another Application of Decision Procedures: Software Synthesis Software synthesis = a technique for automatically generating code given a specification Why? ease software development increase programmer productivity fewer bugs Challenges synthesis is often a computationally hard task new algorithms are needed

Software Synthesis val bigset =... val (seta, setb) = choose((a: Set, b: Set) ) => ( a.size == b.size && a union b == bigset && a intersect b == empty)) Code assert (bigset.size % 2 == 0) val n = bigset.size/2 val seta = take(n, bigset) val setb = bigset seta 27

Course Textbooks Aaron R. Bradley, Zohar Manna: The calculus of computation - decision procedures with applications to verification. Springer 2007 Daniel Kroening, Ofer Strichman: Decision Procedures: An Algorithmic Point of View. Springer 2008

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback