Model Checking Software, Solving Horn Clauses and IC3. Nikolaj Bjørner Microsoft Research SAT/SMT Summer School 2014, Semmering
|
|
- Amice Burke
- 7 years ago
- Views:
Transcription
1 Model Checking Software, Solving Horn Clauses and IC3 Nikolaj Bjørner Microsoft Research SAT/SMT Summer School 2014, Semmering
2 Takeaways Symbolic Software Model Checking = SMT for Horn Clauses Simplification and pre-processing A Solver using clues from IC3 An Algorithmic Overview (separate slides)
3 Horn Clauses mc(x) = x-10 if x > 100 mc(x) = mc(mc(x+11)) if x 100 assert (x 101 mc(x) = 91) X. X > 100 mc(x, X 10) X, Y, R. X 100 mc(x + 11, Y) mc(y, R) mc(x, R) X, R. mc(x, R) X 101 R = 91 Solver finds solution for mc [Hoder, B. SAT 2012]
4 Transition System V init(v) step(v, V ) safe(v) - program variables - initial states - transition relation - safe states
5 Safe Transition System Inv. V. init(v) Inv(V) V, V. Inv V step(v, V ) Inv(V ) V. Inv(V) safe(v) [Rybalchenko et.al. PLDI 2012, POPL 2014] Termination and reactivity are also handled in framework of solving systems of logical formulas.
6 Recursive Procedures Formulate as Horn clauses: X. X > 100 mc(x, X 10) X, Y, R. X 100 mc(x + 11, Y) mc(y, R) mc(x, R) X, R. mc(x, R) X 101 R = 91 Solve for mc
7 Recursive Procedures Formulate as Predicate Transformer: F (mc)(x,r) = X > 100 R = X 10 X 100 Y. mc X + 11, Y mc(y, R) Check: μf mc X,R X 101 R = 91
8 Recursive Procedures Instead of computing μf mc X,R, then checking μf mc X,R X 101 R = 91 Suffices to find post-fixed point mc post satisfying: X, R. F mc post X, R mc post X, R X, R. mc post X, R X 101 R = 91
9 Program Verification as SMT - aka A Crusade for Hornish Satisfaction Program Verification (Safety) as as Solving fixed-points Satisfiability of Horn clauses [Bjørner, McMillan, Rybalchenko, SMT workshop 2012] Hilbert Sausage Factory: [Grebenshchikov, Lopes, Popeea, Rybalchenko, PLDI 2012]
10 Procedures Horn Formulas Summary as commands Verifying procedure calls
11 Modular Concurrency Horn Clauses Init Initial condition Safe Safety assertion ρ i X i, Y, X i, Y Transition relation of process i R i X i, Y E i Y, Y Summary of process i Summary of process i s environment Init R i X i, Y R i X i, Y ρ i X i, Y, X i, Y R i X i, Y R i X i, Y E i Y, Y R i X i, Y R i X i, Y ρ i X i, Y, X i, Y E j Y, Y j i R 1 X 1 R N X N Safe [Predicate Abstraction and Refinement for Verifying Multi-Threaded Programs Gupta, Popeea, Rybalchenko, POPL 2011]
12 Horn Clauses Γ x: τ P(x)} y: σ Q(x, y) } x: τ P (x)} y: σ Q (x, y) } Extract sufficient Horn Conditions Γ P x P x Γ P x Q x, y Q x, y
13 Generalized Horn Formulas Handling background axioms: R, f. Background R, f P x P i x P j x φ R, f, x P k x Remark: Abductive Logic Programming amounts to symbolic simulation: - Program + Abducibles ans. Query(ans) - Abducibles + Integrity Constraints is consistent eg. solve for negation of above formula: Ab. IC Ab ( P. Program Ab, P ans. Query(ans, Ab, P))
14
15 Simplifying Horn Clauses
16 A model checking Example
17 Abstraction as Boolean Program b := count == old_count [SLAM, BLAST, Graf & Saidi, Uribe,..]
18 (Predicate) Abstraction/Refinement SMT solver used to synthesize (strongest) abstract transition relation F: ρ x, x F(b 1 x, b n x, b 1 x, b n x )
19 Control as Horn Clauses (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Loop ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test (=> (Loop count old_count lock_state) (WhileTest count count true)))) ; Loop with if-test (=> (Loop count old_count lock_state) (WhileTest (+ 1 count ) count false)))) (=> (and (not (= old_count count )) (WhileTest count old_count lock_state)) (Loop count old_count lock_state)))) While Test (=> (and (= old_count count ) (WhileTest count old_count lock_state)) (= lock_state true)))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model)
20 Solving Horn Clauses Pre-processing HornClauses HornClauses Search Find model M such that M HornClauses Or Find refutation proof π: HornClauses π
21 Pre-processing Cone of Influence Simplification Subsumption Inlining Slicing Unfolding
22 Cone of Influence top down P x Q y false R x x > 0 P x R x x < 0 P x P x S x T x S x S is not used S x true x = 2y R x Q y y x Q x
23 Cone of Influence bottom up P x Q y, 0 false R x x > 0 P x R x x < 0 P x There is no rule to produce Q(x,1) Q x, y y = 1 x = 2y R x Q y, z y x Q x, 1
24 Inlining (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test (=> (Loop count old_count lock_state) (WhileTest count count true)))) ; Loop with if-test (=> (Loop count old_count lock_state) (WhileTest (+ 1 count ) count false)))) (=> (and (not (= old_count count )) (WhileTest count old_count lock_state)) (Loop count old_count lock_state)))) (=> (and (= old_count count ) (WhileTest count old_count lock_state)) (= lock_state true)))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= true true))) ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model)
25 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Simplification ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop ; Loop without if test + loop exit (=> (Loop count old_count lock_state) (= true true))) ; Loop with if-test + repeat loop (=> (Loop count old_count lock_state) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model)
26 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Simplification ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop ; Loop without if test + loop exit ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) ; Loop with if-test + repeat loop (=> (Loop count old_count lock_state) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (=> (Loop count old_count true) false))) (check-sat) (get-model)
27 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Cone of Influence ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop ; Loop without if test + loop exit ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) ; Loop with if-test + repeat loop (=> (Loop count old_count lock_state) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (=> (Loop count old_count true) false))) (check-sat) (get-model)
28 (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) Result ; Loop is entered in arbitrary values of count, old_count (assert (forall ((count Int) (old_count Int)) (Loop count old_count false))) ; Loop without if test + repeat loop (=> (and (Loop count old_count lock_state) (not (= count count))) (Loop count count true))) ; Loop without if test + loop exit (=> (and (Loop count old_count lock_state) (= count count)) (= truetrue))) ; Loop with if-test + repeat loop (=> (and (Loop count old_count lock_state) (not (= (+ 1 count ) count )) (Loop (+ 1 count) count false))) ; Loop with if-test + loop exit (=> (and (Loop count old_count lock_state) (= (+ 1 count ) count ) (= false true))) (=> (Loop count old_count lock_state) (= lock_state false)))) (check-sat) (get-model) (set-logic HORN) (declare-fun Loop (Int Int Bool) Bool) (declare-fun WhileTest (Int Int Bool) Bool) ; Loop is entered in arbitrary values of count, old_count ; Loop without if test + repeat loop ; Loop without if test + loop exit ; Loop with if-test + repeat loop ; Loop with if-test + loop exit (check-sat) (get-model)
29 Slicing Remove variables that have no effect
30 Unfolding = more aggressive in-lining Also applied to predicates that are not eliminated
31 A Horn Clause Solver
32 Algorithm Objective is to solve for R such that F R X R X, R X Safe X, X Key elements of PDR algorithm: Over-approximate reachable states R 0 F Propagate back from Safe Resolve conflicts Strengthen/propagate using induction false, R 1 R 2 R N true
33 Algorithm Objective is to solve for R such that F R X R X, R X Safe X, X Initialize: Safe R 1 true R 0 F false F R 0 Main invariant: Safe R i+1 R i F R i
34 Main invariant: Algorithm F R i X R i+1 X R i X Safe X R i X R i+1 X
35 Search: Mile-high perspective Modern SMT solver Decisions: Assignments Conflict Resolution Conflict Clauses Fixedpoint solver Bad WP Bad Conflict SP Init Init Resolution
36 Conflict resolution with arithmetic R(0,0,0,0). Initial states T(L,M,Y1,Y2,L,M,Y1,Y2 ) R(L,M,Y1,Y2) R(L,M,Y1,Y2 ) Reachable states R(2,2,Y1,Y2) false Is unsafe state reachable? Step(L,L,Y1,Y2,Y1 ) T(L,M,Y1,Y2,L,M,Y1,Y2) Step(M,M,Y2,Y1,Y2 ) T(L,M,Y1,Y2,L,M,Y1,Y2 ) Step(0,1,Y1,Y2,Y2+1). P 1 takes a step P 2 takes a step l 0 : y y + 1; goto l 1 (Y1 Y2 Y2 = 0) Step(1,2,Y1,Y2,Y1). l 1 : await y = 0 y y ; goto l 2 Step(2,3,Y1,Y2,Y1). l 2 : critical ; goto l 3 Step(3,0,Y1,Y2,0). l 3 : y 0; goto l 0
37 Search: Mile-high perspective I F (I) F 2 (I) B 2 S B S S Conflict Resolution Conflict Propagation Conflict Propagation
38 Interpolating Conflicts L = 0 M = 0 Y2 = 0 Y1 = 0 L = 0 M = 1 Y2 = 0 Conflict Resolution L = 1 M = 1 Y1 = 1 Y2 = 0 L = 1 M = 2 Y2 = 0 L = 2 M = 2 Y2 Y1 + 1 Y1 0 Y2 0 Y2 1 Y2 0 Conflict Resolution Get Generalization from Farkas Lemma Eg., resolve away blue internal variables
39 Interpolating Conflicts L = 1 L 0 L 1 M = 1 M M = 1 M = 1 M = 1 M 2 Y1 = 1 Y2 Y2= 0 1 Y2 1 Y2 1 Y2 = 0 Y2 = 0 Conflict Resolution Conflict Propagation Conflict Propagation L = 0 M = 0 Y2 = 0 Y1 = 0 L = 2 M = 2
40 Generalization from T-lemmas Can we satisfy? R(0, 0, 0, 0). Initial states T L, M, Y1, Y2, L, M, Y1, Y2, R L, M, Y1, Y2 R L, M, Y1, Y2 Reachable states R L, M, Y1, Y2 L = 2 M = 2. Unsafe state is unreachable L = 0 M = 1 Y2 = 0 M F R 0 Pre is unsatisfiable E.g., there is unsat core of: j c j x j c j M F R i Pre Unsat proof uses T-lemmas 5 > x 1 3 < x 3 From M x 1 x 2 > 2 2x 2 x 3 > 1 From Pre
41 Generalization from T-lemmas Can we satisfy? R(0, 0, 0, 0). Initial states T L, M, Y1, Y2, L, M, Y1, Y2, R L, M, Y1, Y2 R L, M, Y1, Y2 Reachable states R L, M, Y1, Y2 L = 2 M = 2. Unsafe state is unreachable Unsat proof uses T-lemmas 5 > x 1 3 < x 3 From M x 1 x 2 > 2 2x 2 x 3 > 1 From Pre 2 x 1 5 x (x 1 x 2 2) 2x 2 x 3 1 2x 1 10 x 3 3 2x 1 2x 2 4 2x 2 x x 1 x 3 5 Block any model satisfying this
Regression Verification: Status Report
Regression Verification: Status Report Presentation by Dennis Felsing within the Projektgruppe Formale Methoden der Softwareentwicklung 2013-12-11 1/22 Introduction How to prevent regressions in software
More informationµz An Efficient Engine for Fixed points with Constraints
µz An Efficient Engine for Fixed points with Constraints Kryštof Hoder, Nikolaj Bjørner, and Leonardo de Moura Manchester University and Microsoft Research Abstract. The µz tool is a scalable, efficient
More informationInvGen: An Efficient Invariant Generator
InvGen: An Efficient Invariant Generator Ashutosh Gupta and Andrey Rybalchenko Max Planck Institute for Software Systems (MPI-SWS) Abstract. In this paper we present InvGen, an automatic linear arithmetic
More informationAutomated Theorem Proving - summary of lecture 1
Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of
More informationNon-Monotonic Program Analysis
Non-Monotonic Program Analysis Daniel Schwartz-Narbonne Philipp Rümmer Martin Schäf Ashish Tiwari New York University Uppsala University SRI International SRI International Thomas Wies New York University
More informationFormal Verification by Model Checking
Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking
More informationA Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation
PLDI 03 A Static Analyzer for Large Safety-Critical Software B. Blanchet, P. Cousot, R. Cousot, J. Feret L. Mauborgne, A. Miné, D. Monniaux,. Rival CNRS École normale supérieure École polytechnique Paris
More informationBuilding SMT-based Software Model Checkers: an Experience Report
Building SMT-based Software Model Checkers: an Experience Report Alessandro Armando Artificial Intelligence Laboratory (AI-Lab) Dipartimento di Informatica Sistemistica e Telematica (DIST) University of
More informationModel Driven Security: Foundations, Tools, and Practice
Model Driven Security: Foundations, Tools, and Practice David Basin, Manuel Clavel, and ETH Zurich, IMDEA Software Institute Thursday 1st, 2011 Outline I 1 Models Analysis. Types. 2 The Object Constraint
More informationRigorous Software Engineering Hoare Logic and Design by Contracts
Rigorous Software Engineering Hoare Logic and Design by Contracts Simão Melo de Sousa RELEASE (UBI), LIACC (Porto) Computer Science Department University of Beira Interior, Portugal 2010-2011 S. Melo de
More informationModel Checking: An Introduction
Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI
More informationFORMALLY CERTIFIED SATISFIABILITY SOLVING. Duck Ki Oe. An Abstract
FORMALLY CERTIFIED SATISFIABILITY SOLVING by Duck Ki Oe An Abstract Of a thesis submitted in partial fulfillment of the requirements for the Doctor of Philosophy degree in Computer Science in the Graduate
More informationUFO: Verification with Interpolants and Abstract Interpretation
: Verification with Interpolants and Abstract Interpretation and Sagar Chaki Software Engineering Institute Carnegie Mellon University Aws Albarghouthi, Yi i and Marsha Chechik University of Toronto A
More informationRigorous Software Development CSCI-GA 3033-009
Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 11 Semantics of Programming Languages Denotational Semantics Meaning of a program is defined as the mathematical
More informationSatisfiability Checking
Satisfiability Checking SAT-Solving Prof. Dr. Erika Ábrahám Theory of Hybrid Systems Informatik 2 WS 10/11 Prof. Dr. Erika Ábrahám - Satisfiability Checking 1 / 40 A basic SAT algorithm Assume the CNF
More informationReasoning About the Unknown in Static Analysis
Reasoning About the Unknown in Static Analysis Isil Dillig Thomas Dillig Alex Aiken {isil, tdillig, aiken}@cs.stanford.edu Computer Science Department Stanford University ABSTRACT Static program analysis
More informationFoundational Proof Certificates
An application of proof theory to computer science INRIA-Saclay & LIX, École Polytechnique CUSO Winter School, Proof and Computation 30 January 2013 Can we standardize, communicate, and trust formal proofs?
More informationSoftware safety - DEF-STAN 00-55
Software safety - DEF-STAN 00-55 Where safety is dependent on the safety related software (SRS) fully meeting its requirements, demonstrating safety is equivalent to demonstrating correctness with respect
More informationCoverability for Parallel Programs
2015 http://excel.fit.vutbr.cz Coverability for Parallel Programs Lenka Turoňová* Abstract We improve existing method for the automatic verification of systems with parallel running processes. The technique
More informationOn the Use of Logical Abduction in Software Engineering
On the Use of Logical Abduction in Software Engineering ALESSANDRA RUSSO and BASHAR NUSEIBEH Department of Computing, Imperial College of Science, Technology and Medicine London SW7 2BZ, U.K. E-mail:{ar3,
More informationLecture 9 verifying temporal logic
Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models
More informationA Classification of Model Checking-based Verification Approaches for Software Models
A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software
More informationBoolean Expressions, Conditions, Loops, and Enumerations. Precedence Rules (from highest to lowest priority)
Boolean Expressions, Conditions, Loops, and Enumerations Relational Operators == // true if two values are equivalent!= // true if two values are not equivalent < // true if left value is less than the
More informationPretty-big-step semantics
Pretty-big-step semantics Arthur Charguéraud INRIA October 2012 1 / 34 Motivation Formalization of JavaScript with Sergio Maeis, Daniele Filaretti, Alan Schmitt, Martin Bodin. Previous work: Semi-formal
More informationSudoku as a SAT Problem
Sudoku as a SAT Problem Inês Lynce IST/INESC-ID, Technical University of Lisbon, Portugal ines@sat.inesc-id.pt Joël Ouaknine Oxford University Computing Laboratory, UK joel@comlab.ox.ac.uk Abstract Sudoku
More informationIntroduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN
Acknowledgments Introduction to SPIN Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck Ralf Huuck COMP 4152 1 Ralf Huuck COMP 4152 2 PROMELA/SPIN PROMELA (PROcess MEta
More informationMEMORY MODEL SENSITIVE ANALYSIS OF CONCURRENT DATA TYPES. Sebastian Burckhardt. Computer and Information Science
MEMORY MODEL SENSITIVE ANALYSIS OF CONCURRENT DATA TYPES Sebastian Burckhardt A DISSERTATION in Computer and Information Science Presented to the Faculties of the University of Pennsylvania in Partial
More informationHECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London
HECTOR a software model checker with cooperating analysis plugins Nathaniel Charlton and Michael Huth Imperial College London Introduction HECTOR targets imperative heap-manipulating programs uses abstraction
More informationProblem Sheet 9: Software Model Checking Sample Solutions
Problem Sheet 9: Software Model Checking Sample Solutions Chris Poskitt ETH Zürich 1 Predicate Abstraction i. Let us first visualise c and not c in a Venn diagram: not c c P red(not c) gives the weakest
More informationCS510 Software Engineering
CS510 Software Engineering Propositional Logic Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-cs510-se
More informationRepair of Boolean Programs with an Application to C
Repair of Boolean Programs with an Application to C Andreas Griesmayer 1, Roderick Bloem 1, and Byron Cook 2 1 Graz University of Technology 2 Microsoft Research Abstract. We show how to find and fix faults
More informationInteractive Software Verification
Interactive Software Verification Spring Term 2013 Holger Gast gasth@in.tum.de 25.6.2013 1 H.Gast gasth@in.tum.de Interactive Software Verification, 25.6.2013 Today Manipulating lists on the heap Ghost
More informationPROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE
International Journal of Computer ScienceandCommunication Vol. 2, No. 1, January-June2011, pp. 153-157 PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE Neeraj Kumar Singhania University,
More informationStatic Program Transformations for Efficient Software Model Checking
Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major
More informationFundamentals of Software Engineering
Fundamentals of Software Engineering Model Checking with Temporal Logic Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner
More informationVerification of Imperative Programs in Theorema
Verification of Imperative Programs in Theorema Laura Ildikó Kovács, Nikolaj Popov, Tudor Jebelean 1 Research Institute for Symbolic Computation, Johannes Kepler University, A-4040 Linz, Austria Institute
More informationBugs, Moles and Skeletons: Symbolic Reasoning for Software Development
Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development Leonardo de Moura and Nikolaj Bjørner Microsoft Research, One Microsoft Way, Redmond, WA, 98052, USA {leonardo, nbjorner@microsoft.com
More informationFormal verification of contracts for synchronous software components using NuSMV
Formal verification of contracts for synchronous software components using NuSMV Tobias Polzer Lehrstuhl für Informatik 8 Bachelorarbeit 13.05.2014 1 / 19 Problem description and goals Problem description
More informationIntroduction to Logic in Computer Science: Autumn 2006
Introduction to Logic in Computer Science: Autumn 2006 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Plan for Today Now that we have a basic understanding
More informationVerifying Refutations with Extended Resolution
Verifying Refutations with Extended Resolution Marijn J. H. Heule, Warren A. Hunt Jr., and Nathan Wetzler The University of Texas at Austin Abstract. Modern SAT solvers use preprocessing and inprocessing
More informationBoogie: A Modular Reusable Verifier for Object-Oriented Programs
Boogie: A Modular Reusable Verifier for Object-Oriented Programs M. Barnett, B.E. Chang, R. DeLine, B. Jacobs, K.R.M. Leino Lorenzo Baesso ETH Zurich Motivation Abstract Domains Modular Architecture Automatic
More informationChair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia
Chair of Software Engineering Software Verification Assertion Inference Carlo A. Furia Proving Programs Automatically The Program Verification problem: Given: a program P and a specification S = [Pre,
More informationA Formal Approach for Network Security Management Based on Qualitative Risk Analysis
A Formal Approach for Network Security Management Based on Qualitative Risk Analysis Mohammad Ashiqur Rahman and Ehab Al-Shaer CyberDNA Research Center, University of North Carolina Charlotte, USA Emails:
More information2 Temporal Logic Model Checking
Bounded Model Checking Using Satisfiability Solving Edmund Clarke 1, Armin Biere 2, Richard Raimi 3, and Yunshan Zhu 4 1 Computer Science Department, CMU, 5000 Forbes Avenue Pittsburgh, PA 15213, USA,
More informationInfer: An Automatic Program Verifier for Memory Safety of C Programs
Infer: An Automatic Program Verifier for Memory Safety of C Programs Cristiano Calcagno and Dino Distefano Monoidics Ltd, UK Abstract. Infer 1 is a new automatic program verification tool aimed at proving
More informationChapter 7 Uncomputability
Chapter 7 Uncomputability 190 7.1 Introduction Undecidability of concrete problems. First undecidable problem obtained by diagonalisation. Other undecidable problems obtained by means of the reduction
More informationAn Integrated Data Model Verifier with Property Templates
An Integrated Data Model Verifier with Property Templates Jaideep Nijjar Ivan Bocic Tevfik Bultan University of California, Santa Barbara {jaideepnijjar, bo, bultan}@cs.ucsb.edu Abstract Most modern web
More informationHabanero Extreme Scale Software Research Project
Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead
More informationPREDICATE GENERATION FOR LEARNING-BASED QUANTIFIER-FREE LOOP INVARIANT INFERENCE
PREDICATE GENERATION FOR LEARNING-BASED QUANTIFIER-FREE LOOP INVARIANT INFERENCE YUNGBUM JUNG, WONCHAN LEE, BOW-YAW WANG, AND KWANGKUEN YI Seoul National University, Korea e-mail address: dreameye@ropas.snu.ac.kr
More informationSoftware Engineering and Automated Deduction
Software Engineering and Automated Deduction Willem Visser Stellenbosch University Stellenbosch, South Africa visserw@sun.ac.za Nikolaj Bjørner Microsoft Research Redmond, WA, USA nbjorner@microsoft.com
More informationConstructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers
Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers TIMOTHY S. GEGG-HARRISON Winona State University Although computer scientists understand the importance of discrete
More informationThere is no degree invariant half-jump
There is no degree invariant half-jump Rod Downey Mathematics Department Victoria University of Wellington P O Box 600 Wellington New Zealand Richard A. Shore Mathematics Department Cornell University
More informationSolver- aided DSL with. Rui Zhao (rz2290)
Solver- aided DSL with Rui Zhao (rz2290 Solver- aided Programming So>ware is widely used We all want to build programs, not only so>ware engineers Solver- aided Programming 1960 - So>ware crisis 1970 -
More informationWelcome to... Problem Analysis and Complexity Theory 716.054, 3 VU
Welcome to... Problem Analysis and Complexity Theory 716.054, 3 VU Birgit Vogtenhuber Institute for Software Technology email: bvogt@ist.tugraz.at office hour: Tuesday 10:30 11:30 slides: http://www.ist.tugraz.at/pact.html
More informationSoftware Engineering using Formal Methods
Software Engineering using Formal Methods Model Checking with Temporal Logic Wolfgang Ahrendt 24th September 2013 SEFM: Model Checking with Temporal Logic /GU 130924 1 / 33 Model Checking with Spin model
More informationThe software model checker BLAST
Int J Softw Tools Technol Transfer (2007) 9:505 525 DOI 10.1007/s10009-007-0044-z SPECIAL SECTION FASE 04/05 The software model checker BLAST Applications to software engineering Dirk Beyer Thomas A. Henzinger
More informationIncremental Analysis of Evolving Administrative Role Based Access Control Policies
Incremental Analysis of Evolving Administrative Role Based Access Control Policies Silvio Ranise 1 and Anh Truong 1,2 1 Security and Trust Unit, FBK-Irst, Trento, Italia 2 DISI, Università degli Studi
More informationThe Software Model Checker BLAST: Applications to Software Engineering
International Journal on Software Tools Technology Transfer manuscript No. (will be inserted by the editor) Dirk Beyer Thomas A. Henzinger Ranjit Jhala Rupak Majumdar The Software Model Checker BLAST:
More informationFormal Verification Coverage: Computing the Coverage Gap between Temporal Specifications
Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications Sayantan Das Prasenjit Basu Ansuman Banerjee Pallab Dasgupta P.P. Chakrabarti Department of Computer Science & Engineering
More informationLEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS
LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS CEA S SOFTWARE SAFETY LABORATORY 1995: LEAP FROM DYNAMIC TO STATIC CODE ANALYSIS! CAVEAT: ARCHITECTURE C source code VC Generator Formal specifications
More informationComputational Methods for Database Repair by Signed Formulae
Computational Methods for Database Repair by Signed Formulae Ofer Arieli (oarieli@mta.ac.il) Department of Computer Science, The Academic College of Tel-Aviv, 4 Antokolski street, Tel-Aviv 61161, Israel.
More informationCHAPTER 7 GENERAL PROOF SYSTEMS
CHAPTER 7 GENERAL PROOF SYSTEMS 1 Introduction Proof systems are built to prove statements. They can be thought as an inference machine with special statements, called provable statements, or sometimes
More informationHow To Prove That A Program Is Terminating
I N F O R M A T I K Software Model Checking of Liveness Properties via Transition Invariants Andreas Podelski Andrey Rybalchenko MPI I 2003 2 004 December 2003 FORSCHUNGSBERICHT RESEARCH REPORT M A X -
More informationIntroduction to Promela and SPIN. LACL, Université Paris 12
Introduction to Promela and SPIN LACL, Université Paris 12 Promela = Process Meta Language A specification language! No programming language! Used for system description : Specify an abstraction of the
More informationCORRECTNESS of computer systems is critical in today s
IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 27, NO. 7, JULY 2008 1165 Keynote Paper A Survey of Automated Techniques for Formal Software Verification Vijay D Silva,
More informationAutomated Detection of Non-Termination and NullPointerExceptions for Java Bytecode
Automated Detection of Non-Termination and NullPointerExceptions for Java Bytecode Marc Brockschmidt, Thomas Ströder, Carsten Otto, and Jürgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany Abstract.
More informationLecture Notes on Linear Search
Lecture Notes on Linear Search 15-122: Principles of Imperative Computation Frank Pfenning Lecture 5 January 29, 2013 1 Introduction One of the fundamental and recurring problems in computer science is
More informationVerifying Specifications with Proof Scores in CafeOBJ
Verifying Specifications with Proof Scores in CafeOBJ FUTATSUGI, Kokichi 二 木 厚 吉 Chair of Language Design Graduate School of Information Science Japan Advanced Institute of Science and Technology (JAIST)
More informationThe Designer's Guide to VHDL
The Designer's Guide to VHDL Third Edition Peter J. Ashenden EDA CONSULTANT, ASHENDEN DESIGNS PTY. LTD. ADJUNCT ASSOCIATE PROFESSOR, ADELAIDE UNIVERSITY AMSTERDAM BOSTON HEIDELBERG LONDON m^^ yj 1 ' NEW
More informationlogic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?
5. LTL, CTL Last part: Alloy logic language, static/dynamic models SAT solvers Today: Temporal Logic (LTL, CTL) Verified Software Systems 1 Overview How can we model check of a program or system? Modeling
More informationTest Case Generation for Ultimately Periodic Paths Joint work with Saddek Bensalem Hongyang Qu Stavros Tripakis Lenore Zuck Accepted to HVC 2007 How to find the condition to execute a path? (weakest precondition
More informationAUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS
TKK Reports in Information and Computer Science Espoo 2009 TKK-ICS-R26 AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS Kari Kähkönen ABTEKNILLINEN KORKEAKOULU TEKNISKA HÖGSKOLAN HELSINKI UNIVERSITY OF
More informationSlot machines. an approach to the Strategy Challenge in SMT solving. Stéphane Graham-Lengrand CNRS - Ecole Polytechnique - SRI International,
Slot machines an approach to the Strategy Challenge in SMT solving Stéphane Graham-Lengrand CNRS - Ecole Polytechnique - SRI International, SMT-Workshop, 19th July 2015 2 Disclaimer This talk will not
More informationFormal Reasoning about Fine-Grained Access Control Policies
Formal Reasoning about Fine-Grained Access Control Policies Miguel A. García de Dios Carolina Dania Manuel Clavel IMDEA Software Institute, Spain {miguelangel.garcia,carolina.dania,manuel.clavel}@imdea.org
More informationPOLYTYPIC PROGRAMMING OR: Programming Language Theory is Helpful
POLYTYPIC PROGRAMMING OR: Programming Language Theory is Helpful RALF HINZE Institute of Information and Computing Sciences Utrecht University Email: ralf@cs.uu.nl Homepage: http://www.cs.uu.nl/~ralf/
More informationINF5140: Specification and Verification of Parallel Systems
INF5140: Specification and Verification of Parallel Systems Lecture 7 LTL into Automata and Introduction to Promela Gerardo Schneider Department of Informatics University of Oslo INF5140, Spring 2007 Gerardo
More informationSoftware Engineering Techniques
Software Engineering Techniques Low level design issues for programming-in-the-large. Software Quality Design by contract Pre- and post conditions Class invariants Ten do Ten do nots Another type of summary
More informationFormal Verification Toolkit for Requirements and Early Design Stages
Formal Verification Toolkit for Requirements and Early Design Stages Julia M. Badger 1 and Sheena Judson Miller 2 1 NASA Johnson Space Center, Houston, TX 77058, USA 2 Barrios Technology, Houston, TX 77058,
More informationTr ends in Software Verification
Tr ends in Software Verification Gerard J. Holzmann JPL Laboratory for Reliable Software California Institute of Technology 4800 Oak Grove Drive Pasadena, CA 91006 gerard.j.holzmann@jpl.nasa.gov Abstract.
More informationOptimizing Description Logic Subsumption
Topics in Knowledge Representation and Reasoning Optimizing Description Logic Subsumption Maryam Fazel-Zarandi Company Department of Computer Science University of Toronto Outline Introduction Optimization
More informationMinimum Satisfying Assignments for SMT
Minimum Satisfying Assignments for SMT Isil Dillig 1, Thomas Dillig 1, Kenneth L. McMillan 2, and Alex Aiken 3 1 College of William & Mary 2 Microsoft Research 3 Stanford University Abstract. A minimum
More informationConsolidation of Queries with User-Defined Functions
Consolidation of Queries with User-Defined Functions Marcelo Sousa University of Oxford marcelo.sousa@cs.ox.ac.uk Thomas Dillig UT Austin tdillig@cs.utexas.edu Isil Dillig UT Austin isil@cs.utexas.edu
More informationLehrstuhl für Informatik 2
Analytical Learning Introduction Lehrstuhl Explanation is used to distinguish the relevant features of the training examples from the irrelevant ones, so that the examples can be generalised Introduction
More informationA Semantical Perspective on Verification of Knowledge
A Semantical Perspective on Verification of Knowledge Paul Leemans, Jan Treur, Mark Willems Vrije Universiteit Amsterdam, Department of Artificial Intelligence De Boelelaan 1081a, 1081 HV Amsterdam The
More informationModel Checking LTL Properties over C Programs with Bounded Traces
Noname manuscript No. (will be inserted by the editor) Model Checking LTL Properties over C Programs with Bounded Traces Jeremy Morse 1, Lucas Cordeiro 2, Denis Nicole 1, Bernd Fischer 1,3 1 Electronics
More informationAutomated Quantitative Software Verification
Automated Quantitative Software Verification by Mark Kattenbelt A thesis submitted for the degree of Doctor of Philosophy Trinity College, Oxford Trinity Term 2010 Abstract Many software systems exhibit
More informationThe Course. http://www.cse.unsw.edu.au/~cs3153/
The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,
More informationThomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation
Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science updated 03/08/2012 Unit 1: JKarel 8 weeks http://www.fcps.edu/is/pos/documents/hs/compsci.htm
More informationIntroduction to Static Analysis for Assurance
Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis?
More informationSoftware Engineering
Software Engineering Lecture 04: The B Specification Method Peter Thiemann University of Freiburg, Germany SS 2013 Peter Thiemann (Univ. Freiburg) Software Engineering SWT 1 / 50 The B specification method
More informationThe Classes P and NP
The Classes P and NP We now shift gears slightly and restrict our attention to the examination of two families of problems which are very important to computer scientists. These families constitute the
More informationGameTime: A Toolkit for Timing Analysis of Software
GameTime: A Toolkit for Timing Analysis of Software Sanjit A. Seshia and Jonathan Kotker EECS Department, UC Berkeley {sseshia,jamhoot}@eecs.berkeley.edu Abstract. Timing analysis is a key step in the
More informationModel Checking of Software
Model Checking of Software Patrice Godefroid Bell Laboratories, Lucent Technologies SpecNCheck Page 1 August 2001 A Brief History of Model Checking Prehistory: transformational programs and theorem proving
More informationEngineering a EIA - 632
es for Engineering a System EIA - 632 SE Tutorial es for Engr Sys - 1 Fundamental es for Engineering a System Acquisition and Supply Supply Acquisition es for Engineering A System Technical Management
More informationAnalysis of Boolean Programs
Analysis of Boolean Programs Patrice Godefroid 1 Mihalis Yannakakis 2 1 Microsoft Research, pg@microsoft.com 2 Columbia University, mihalis@cs.columbia.edu Abstract. Boolean programs are a popular abstract
More informationComplexity Theory. Jörg Kreiker. Summer term 2010. Chair for Theoretical Computer Science Prof. Esparza TU München
Complexity Theory Jörg Kreiker Chair for Theoretical Computer Science Prof. Esparza TU München Summer term 2010 Lecture 8 PSPACE 3 Intro Agenda Wrap-up Ladner proof and time vs. space succinctness QBF
More informationIntroduction to Programming (in C++) Loops. Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC
Introduction to Programming (in C++) Loops Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC Example Assume the following specification: Input: read a number N > 0 Output:
More informationFully Abstract Operation Contracts
Fully Abstract Operation Contracts Richard Bubel, Reiner Hähnle, and Maria Pelevina Department of Computer Science Technical University of Darmstadt bubel haehnle@cs.tu-darmstadt.de m.pelevina@gmail.com
More informationExample. Introduction to Programming (in C++) Loops. The while statement. Write the numbers 1 N. Assume the following specification:
Example Introduction to Programming (in C++) Loops Assume the following specification: Input: read a number N > 0 Output: write the sequence 1 2 3 N (one number per line) Jordi Cortadella, Ricard Gavaldà,
More informationChapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm.
Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm. We begin by defining the ring of polynomials with coefficients in a ring R. After some preliminary results, we specialize
More information