HOL-Boogie An Interactive Prover for the Boogie Program-Verifier

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HOL-Boogie An Interactive Prover for the Boogie Program-Verifier"

Transcription

1 HOL-Boogie An Interactive Prover for the Boogie Program-Verifier Sascha Böhme 1, K. Rustan M. Leino 2 and Burkhart Wolff 3 1 Technische Universität München, 2 Microsoft Research, 3 Université Paris-Sud TPHOLs 2008, Montréal

2 Outline 1 Motivation 2 Overview of Boogie 3 HOL-Boogie 4 Applications 5 Conclusion

3 Background Verifying compiler toolchain developed by Microsoft Research: Motivation Overview of Boogie HOL-Boogie Applications Conclusion 3/19

4 Background C# with specification Spec# Verifying compiler toolchain developed by Microsoft Research: Spec#: compiler for annotated C# (with method contracts, object invariants) Motivation Overview of Boogie HOL-Boogie Applications Conclusion 3/19

5 Background C# with specification Spec# BoogiePL Verifying compiler toolchain developed by Microsoft Research: Spec#: compiler for annotated C# (with method contracts, object invariants) Boogie: static program verifier Boogie Motivation Overview of Boogie HOL-Boogie Applications Conclusion 3/19

6 Background C# with specification Spec# Boogie BoogiePL Verifying compiler toolchain developed by Microsoft Research: Spec#: compiler for annotated C# (with method contracts, object invariants) Boogie: static program verifier Z3: automated SMT solver Z3 verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 3/19

7 Background C with specification VCC BoogiePL Verifying compiler toolchain developed by Microsoft Research: VCC: Verifying C Compiler Boogie: static program verifier Z3: automated SMT solver Boogie Z3 verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 3/19

8 Motivation C code with specification Failures of proof attempts: VCC Boogie Z3 BoogiePL verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 4/19

9 Motivation C code with specification Failures of proof attempts: caused by the prover? VCC Boogie Z3 BoogiePL verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 4/19

10 Motivation C code with specification VCC Failures of proof attempts: caused by the prover? the program? Boogie Z3 BoogiePL verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 4/19

11 Motivation C code with specification VCC Failures of proof attempts: caused by the prover? the program? the specification? Boogie Z3 BoogiePL verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 4/19

12 Motivation C code with specification VCC Boogie Z3 BoogiePL verification condition verified / error Failures of proof attempts: caused by the prover? the program? the specification? In particular with: recursive data structures recursive algorithms complex invariants Apparently: reaching the limits of the automated tools Motivation Overview of Boogie HOL-Boogie Applications Conclusion 4/19

13 Motivation C code with specification VCC Solution: interactive proofs automated solvers as backends Boogie BoogiePL verification condition Motivation Overview of Boogie HOL-Boogie Applications Conclusion 5/19

14 Motivation C code with specification VCC Boogie BoogiePL Solution: interactive proofs automated solvers as backends HOL-Boogie: based on Isabelle/HOL verification condition HOL-Boogie Motivation Overview of Boogie HOL-Boogie Applications Conclusion 5/19

15 Motivation C code with specification VCC Boogie BoogiePL verification condition Solution: interactive proofs automated solvers as backends HOL-Boogie: based on Isabelle/HOL combines automated and interactive tools HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 5/19

16 Motivation C code with specification VCC Boogie BoogiePL verification condition HOL-Boogie Solution: interactive proofs automated solvers as backends HOL-Boogie: based on Isabelle/HOL combines automated and interactive tools includes features to make interactive proofs manageable subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 5/19

17 Overview of Boogie C code with specification VCC Boogie BoogiePL verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 6/19

18 Overview of Boogie Boogie BoogiePL verification condition Motivation Overview of Boogie HOL-Boogie Applications Conclusion 6/19

19 BoogiePL example function max(a:int, b:int) returns (m:int); Motivation Overview of Boogie HOL-Boogie Applications Conclusion 7/19

20 BoogiePL example function max(a:int, b:int) returns (m:int); axiom ( a:int, b:int :: max(a,b) a max(a,b) b); Motivation Overview of Boogie HOL-Boogie Applications Conclusion 7/19

21 BoogiePL example function max(a:int, b:int) returns (m:int); axiom ( a:int, b:int :: max(a,b) a max(a,b) b); procedure Max(array:[int]int, length:int) returns (m:int); requires (0 < length); ensures ( k:int :: 0 k k < length array[k] m); Motivation Overview of Boogie HOL-Boogie Applications Conclusion 7/19

22 BoogiePL example function max(a:int, b:int) returns (m:int); axiom ( a:int, b:int :: max(a,b) a max(a,b) b); procedure Max(array:[int]int, length:int) returns (m:int); requires (0 < length); ensures ( k:int :: 0 k k < length array[k] m); implementation Max(array:[int]int, length:int) returns (m:int) { var p:int; m := 0; p := 0; while (p < length) invariant ( k:int :: 0 k k < p array[k] m); { m := max(m, array[p]); p := p + 1; } } Motivation Overview of Boogie HOL-Boogie Applications Conclusion 7/19

23 BoogiePL example function max(a:int, b:int) returns (m:int); axiom ( a:int, b:int :: max(a,b) a max(a,b) b); procedure Max(array:[int]int, length:int) returns (m:int); requires (0 < length); ensures ( k:int :: 0 k k < length array[k] m); implementation Max(array:[int]int, length:int) returns (m:int) { var p:int; m := 0; p := 0; while (p < length) invariant ( k:int :: 0 k k < p array[k] m); { m := max(m, array[p]); p := p + 1; } } Motivation Overview of Boogie HOL-Boogie Applications Conclusion 7/19

24 BoogiePL example function max(a:int, b:int) returns (m:int); axiom ( a:int, b:int :: max(a,b) a max(a,b) b); procedure Max(array:[int]int, length:int) returns (m:int); requires (0 < length); ensures ( k:int :: 0 k k < length array[k] m); implementation Max(array:[int]int, length:int) returns (m:int) { var p:int; m := 0; p := 0; while (p < length) invariant ( k:int :: 0 k k < p array[k] m); { m := max(m, array[p]); p := p + 1; } } Motivation Overview of Boogie HOL-Boogie Applications Conclusion 7/19

25 BoogiePL example function max(a:int, b:int) returns (m:int); axiom ( a:int, b:int :: max(a,b) a max(a,b) b); procedure Max(array:[int]int, length:int) returns (m:int); requires (0 < length); ensures ( k:int :: 0 k k < length array[k] m); implementation Max(array:[int]int, length:int) returns (m:int) { var p:int; m := 0; p := 0; while (p < length) invariant ( k:int :: 0 k k < p array[k] m); { m := max(m, array[p]); p := p + 1; } } Motivation Overview of Boogie HOL-Boogie Applications Conclusion 7/19

26 Internal transformation requires (0 < length); m := 0; p := 0; while (p < length) invariant ( k:int :: 0 k k < p array[k] m); Motivation Overview of Boogie HOL-Boogie Applications Conclusion 8/19

27 Internal transformation requires (0 < length); m := 0; p := 0; while (p < length) invariant ( k:int :: 0 k k < p array[k] m); Init: assume 0 < length; assert ( k:int :: 0 k k < 0 array[k] 0); goto LoopHead; LoopHead: assume 0 p 0 ; assume ( k:int :: 0 k k < p 0 array[k] m 0 ); goto LoopDone, LoopBody; Motivation Overview of Boogie HOL-Boogie Applications Conclusion 8/19

28 Internal transformation requires (0 < length); m := 0; p := 0; while (p < length) invariant ( k:int :: 0 k k < p array[k] m); Init: assume 0 < length; assert ( k:int :: 0 k k < 0 array[k] 0); goto LoopHead; LoopHead: assume 0 p 0 ; assume ( k:int :: 0 k k < p 0 array[k] m 0 ); goto LoopDone, LoopBody; Motivation Overview of Boogie HOL-Boogie Applications Conclusion 8/19

29 VC generation Init: assume 0 < length; assert ( k:int :: 0 k k < 0 array[k] 0); goto LoopHead; Motivation Overview of Boogie HOL-Boogie Applications Conclusion 9/19

30 VC generation Init: assume 0 < length; assert ( k:int :: 0 k k < 0 array[k] 0); goto LoopHead; A 1 block (11,5) True 0 < length assert (13,5) ( k : int :: 0 k k < 0 array[k] 0) LoopHead correct Init correct Motivation Overview of Boogie HOL-Boogie Applications Conclusion 9/19

31 VC generation Init: assume 0 < length; assert ( k:int :: 0 k k < 0 array[k] 0); goto LoopHead; A 1 block (11,5) True Positional labels 0 < length assert (13,5) ( k : int :: 0 k k < 0 array[k] 0) LoopHead correct Init correct Motivation Overview of Boogie HOL-Boogie Applications Conclusion 9/19

32 VC generation Init: assume 0 < length; assert ( k:int :: 0 k k < 0 array[k] 0); goto LoopHead; A 1 block (11,5) True 0 < length assert (13,5) ( k : int :: 0 k k < 0 array[k] 0) LoopHead correct Init correct Structural labels Motivation Overview of Boogie HOL-Boogie Applications Conclusion 9/19

33 VC generation Init: assume 0 < length; assert ( k:int :: 0 k k < 0 array[k] 0); goto LoopHead; A 1 block (11,5) True 0 < length assert (13,5) ( k : int :: 0 k k < 0 array[k] 0) LoopHead correct Init correct complete VC: A 1... A n Init correct Motivation Overview of Boogie HOL-Boogie Applications Conclusion 9/19

34 HOL-Boogie Boogie BoogiePL verification condition Motivation Overview of Boogie HOL-Boogie Applications Conclusion 10/19

35 HOL-Boogie Boogie BoogiePL verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 10/19

36 HOL-Boogie verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 10/19

37 The HOL-Boogie approach take a VC generated by Boogie Motivation Overview of Boogie HOL-Boogie Applications Conclusion 11/19

38 The HOL-Boogie approach take a VC generated by Boogie split the VC into subgoals for each assertion Motivation Overview of Boogie HOL-Boogie Applications Conclusion 11/19

39 The HOL-Boogie approach take a VC generated by Boogie split the VC into subgoals for each assertion apply an SMT solver (Z3) or some Isabelle tactics to every subgoal remaining subgoals: interactive proofs in Isabelle/HOL Motivation Overview of Boogie HOL-Boogie Applications Conclusion 11/19

40 The HOL-Boogie approach Expectation (and experience): take a VC generated by Boogie split the VC into subgoals for each assertion apply an SMT solver (Z3) or some Isabelle tactics to every subgoal remaining subgoals: interactive proofs in Isabelle/HOL SMT solvers and Isabelle tactics discharge most subgoals remaing subgoals are usually the critical ones (incorrect or complicated) Motivation Overview of Boogie HOL-Boogie Applications Conclusion 11/19

41 Integration of SMT solvers Currently: oracle mechanism (i.e. without verification by Isabelle) proof reconstruction is work in progress supported solvers: Z3 and any SMT solver understanding the standardized SMT-LIB format Motivation Overview of Boogie HOL-Boogie Applications Conclusion 12/19

42 Integration of SMT solvers Currently: oracle mechanism (i.e. without verification by Isabelle) proof reconstruction is work in progress supported solvers: Z3 and any SMT solver understanding the standardized SMT-LIB format Challenges: preserve semantics pass through solver instrumentation from Boogie: triggers: instances for quantifier instantiation efficiency Motivation Overview of Boogie HOL-Boogie Applications Conclusion 12/19

43 Applications of HOL-Boogie verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 13/19

44 Applications of HOL-Boogie debug annotations verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 13/19

45 Applications of HOL-Boogie debug annotations verify programs not manageable by automated tools verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 13/19

46 Applications of HOL-Boogie debug annotations verify programs not manageable by automated tools verify consistency of background theories verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 13/19

47 Back to automated tools Boogie Z3 BoogiePL verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 14/19

48 Back to automated tools Boogie Z3 BoogiePL verification condition Specifications get easily wrong: incorrect function contracts missing loop invariants... verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 14/19

49 Back to automated tools Specifications get easily wrong: incorrect function contracts missing loop invariants... Boogie BoogiePL How does Boogie respond? Z3 verification condition verified / error Motivation Overview of Boogie HOL-Boogie Applications Conclusion 14/19

50 Back to automated tools Boogie error message max.bpl(12,3): Error: A postcondition might not hold at this return statement. max.bpl(6,3): Related location: This is the postcondition that might not hold. Execution trace: max.bpl(11,5): Init max.bpl(12,3): LoopHead max.bpl(12,3): LoopDone Motivation Overview of Boogie HOL-Boogie Applications Conclusion 15/19

51 Back to automated tools Boogie error message max.bpl(12,3): Error: A postcondition might not hold at this return statement. max.bpl(6,3): Related location: This is the postcondition that might not hold. Execution trace: max.bpl(11,5): Init max.bpl(12,3): LoopHead max.bpl(12,3): LoopDone How to find the cause for the error? Motivation Overview of Boogie HOL-Boogie Applications Conclusion 15/19

52 HOL-Boogie: Debugging annotations Boogie BoogiePL verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 16/19

53 HOL-Boogie: Debugging annotations complete execution path available 0 < length ( i. 0 i i < 0 array[i] 0) 0 p 0 ( i. 0 i i < p 0 array[i] m 0 ) p 0 length ( i. 0 i i < length array[i] m 0 ) Motivation Overview of Boogie HOL-Boogie Applications Conclusion 17/19

54 HOL-Boogie: Debugging annotations complete execution path available execution path and subgoals are related to the source code block (11,5) True 0 < length ( i. 0 i i < 0 array[i] 0) block (12,3) True 0 p 0 ( i. 0 i i < p 0 array[i] m 0 ) block (12,3) True p 0 length assert (6,3) ( i. 0 i i < length array[i] m 0 ) Motivation Overview of Boogie HOL-Boogie Applications Conclusion 17/19

55 HOL-Boogie: Verifying C programs Boogie BoogiePL verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 18/19

56 HOL-Boogie: Verifying C programs C code with specification VCC Boogie BoogiePL verification condition HOL-Boogie subgoals Z3 Same approach, but with specifics of C: Motivation Overview of Boogie HOL-Boogie Applications Conclusion 18/19

57 HOL-Boogie: Verifying C programs C code with specification Same approach, but with specifics of C: explicit memory and ghost memory VCC Boogie BoogiePL verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 18/19

58 HOL-Boogie: Verifying C programs C code with specification VCC Same approach, but with specifics of C: explicit memory and ghost memory explicit control flow Boogie BoogiePL verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 18/19

59 HOL-Boogie: Verifying C programs C code with specification VCC BoogiePL Same approach, but with specifics of C: explicit memory and ghost memory explicit control flow explicit checks for arithmetic overflows, null-pointer dereferencing,... Boogie verification condition HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 18/19

60 HOL-Boogie: Verifying C programs C code with specification VCC Boogie BoogiePL verification condition Same approach, but with specifics of C: explicit memory and ghost memory explicit control flow explicit checks for arithmetic overflows, null-pointer dereferencing,... large background theory (around 900 axioms): x64 bitvector model C memory model HOL-Boogie subgoals Z3 Motivation Overview of Boogie HOL-Boogie Applications Conclusion 18/19

61 Conclusion Motivation Overview of Boogie HOL-Boogie Applications Conclusion 19/19

62 Conclusion HOL-Boogie: interactive backend for Boogie uses automated solvers, especially SMT solvers (Z3) Motivation Overview of Boogie HOL-Boogie Applications Conclusion 19/19

63 Conclusion HOL-Boogie: interactive backend for Boogie uses automated solvers, especially SMT solvers (Z3) Advantages: HOL-Boogie overcomes incompleteness of automated tools HOL-Boogie helps to debug and verify complex specifications labels make interactive proofs manageable Motivation Overview of Boogie HOL-Boogie Applications Conclusion 19/19

64 Conclusion HOL-Boogie: interactive backend for Boogie uses automated solvers, especially SMT solvers (Z3) Advantages: HOL-Boogie overcomes incompleteness of automated tools HOL-Boogie helps to debug and verify complex specifications labels make interactive proofs manageable Future work: larger case studies: linked lists, quicksort, red-black-trees improved user interface: specialized tactics, structural labels improved SMT solver binding Motivation Overview of Boogie HOL-Boogie Applications Conclusion 19/19

Boogie: A Modular Reusable Verifier for Object-Oriented Programs

Boogie: A Modular Reusable Verifier for Object-Oriented Programs Boogie: A Modular Reusable Verifier for Object-Oriented Programs M. Barnett, B.E. Chang, R. DeLine, B. Jacobs, K.R.M. Leino Lorenzo Baesso ETH Zurich Motivation Abstract Domains Modular Architecture Automatic

More information

Extended Static Checking for Java

Extended Static Checking for Java Lukas TU München - Seminar Verification 14. Juli 2011 Outline 1 Motivation 2 ESC/Java example 3 ESC/JAVA architecture VC generator Simplify 4 JML + ESC/Java annotation language JML What ESC/Java checks

More information

Automated Program Behavior Analysis

Automated Program Behavior Analysis Automated Program Behavior Analysis Stacy Prowell sprowell@cs.utk.edu March 2005 SQRL / SEI Motivation: Semantics Development: Most engineering designs are subjected to extensive analysis; software is

More information

Rigorous Software Engineering Hoare Logic and Design by Contracts

Rigorous Software Engineering Hoare Logic and Design by Contracts Rigorous Software Engineering Hoare Logic and Design by Contracts Simão Melo de Sousa RELEASE (UBI), LIACC (Porto) Computer Science Department University of Beira Interior, Portugal 2010-2011 S. Melo de

More information

Java+ITP: A Verification Tool Based on Hoare Logic and Algebraic Semantics

Java+ITP: A Verification Tool Based on Hoare Logic and Algebraic Semantics : A Verification Tool Based on Hoare Logic and Algebraic Semantics Department of Computer Science University of Illinois at Urbana-Champaign 6th International Workshop on Rewriting Logic and its Applications,

More information

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia Chair of Software Engineering Software Verification Assertion Inference Carlo A. Furia Proving Programs Automatically The Program Verification problem: Given: a program P and a specification S = [Pre,

More information

Interactive Software Verification

Interactive Software Verification Interactive Software Verification Spring Term 2013 Holger Gast gasth@in.tum.de 25.6.2013 1 H.Gast gasth@in.tum.de Interactive Software Verification, 25.6.2013 Today Manipulating lists on the heap Ghost

More information

The Boogie Verification Debugger (Tool Paper)

The Boogie Verification Debugger (Tool Paper) The Boogie Verification Debugger (Tool Paper) Claire Le Goues 0, K. Rustan M. Leino 1, and Michał Moskal 1 0 University of Virginia, Charlottesville, VA, USA legoues@cs.virginia.edu 1 Microsoft Research,

More information

On Automation in the Verification of Software Barriers: Experience Report

On Automation in the Verification of Software Barriers: Experience Report Journal Of Automated Reasoning manuscript No. (will be inserted by the editor) On Automation in the Verification of Software Barriers: Experience Report Alexander Malkis Anindya Banerjee 23 August 2013

More information

Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development

Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development Leonardo de Moura and Nikolaj Bjørner Microsoft Research, One Microsoft Way, Redmond, WA, 98052, USA {leonardo, nbjorner@microsoft.com

More information

Specification and Analysis of Contracts Lecture 1 Introduction

Specification and Analysis of Contracts Lecture 1 Introduction Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.

More information

Regression Verification: Status Report

Regression Verification: Status Report Regression Verification: Status Report Presentation by Dennis Felsing within the Projektgruppe Formale Methoden der Softwareentwicklung 2013-12-11 1/22 Introduction How to prevent regressions in software

More information

Reasoning about Safety Critical Java

Reasoning about Safety Critical Java Reasoning about Safety Critical Java Chris Marriott 27 th January 2011 Motivation Safety critical systems are becoming part of everyday life Failure can potentially lead to serious consequences Verification

More information

Department of Computing Science and Mathematics University of Stirling

Department of Computing Science and Mathematics University of Stirling Department of Computing Science and Mathematics University of Stirling Push-Button Tools for Application Developers, Full Formal Verification for Component Vendors Thomas Wilson, Savi Maharaj, Robert G.

More information

EMSCRIPTEN - COMPILING LLVM BITCODE TO JAVASCRIPT (?!)

EMSCRIPTEN - COMPILING LLVM BITCODE TO JAVASCRIPT (?!) EMSCRIPTEN - COMPILING LLVM BITCODE TO JAVASCRIPT (?!) ALON ZAKAI (MOZILLA) @kripken JavaScript..? At the LLVM developer's conference..? Everything compiles into LLVM bitcode The web is everywhere, and

More information

Rigorous. Development. Software. Program Verification. & Springer. An Introduction to. Jorge Sousa Pinto. Jose Bacelar Almeida Maria Joao Frade

Rigorous. Development. Software. Program Verification. & Springer. An Introduction to. Jorge Sousa Pinto. Jose Bacelar Almeida Maria Joao Frade Jose Bacelar Almeida Maria Joao Frade Jorge Sousa Pinto Simao Melo de Sousa Rigorous Software Development An Introduction to Program Verification & Springer Contents 1 Introduction 1 1.1 A Formal Approach

More information

Bridging Formal Methods and Data Science

Bridging Formal Methods and Data Science Bridging Formal Methods and Data Science Vijay Murali Rice University IEEE 2015 Slides courtesy of Swarat Chaudhuri Data Science / Data mining Algorithms and tools to extract knowledge or insights from

More information

Advances in Programming Languages

Advances in Programming Languages Advances in Programming Languages Lecture 13: Certifying Correctness Ian Stark School of Informatics The University of Edinburgh Tuesday 4 November 2014 Semester 1 Week 8 http://www.inf.ed.ac.uk/teaching/courses/apl

More information

Design by Contract beyond class modelling

Design by Contract beyond class modelling Design by Contract beyond class modelling Introduction Design by Contract (DbC) or Programming by Contract is an approach to designing software. It says that designers should define precise and verifiable

More information

Towards practical reactive security audit using extended static checkers 1

Towards practical reactive security audit using extended static checkers 1 Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted

More information

GameTime: A Toolkit for Timing Analysis of Software

GameTime: A Toolkit for Timing Analysis of Software GameTime: A Toolkit for Timing Analysis of Software Sanjit A. Seshia and Jonathan Kotker EECS Department, UC Berkeley {sseshia,jamhoot}@eecs.berkeley.edu Abstract. Timing analysis is a key step in the

More information

The cheap Program Verifier 1

The cheap Program Verifier 1 The cheap Program Verifier 1 Etienne Lozes 19 july 2012 2012. 1 Work supported by and developed for the french ANR Project Veridyc, 2009 Contents 1 Overview 2 1.1 What is cheap...........................

More information

Static Program Transformations for Efficient Software Model Checking

Static Program Transformations for Efficient Software Model Checking Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major

More information

LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS

LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS CEA S SOFTWARE SAFETY LABORATORY 1995: LEAP FROM DYNAMIC TO STATIC CODE ANALYSIS! CAVEAT: ARCHITECTURE C source code VC Generator Formal specifications

More information

Verification of Imperative Programs in Theorema

Verification of Imperative Programs in Theorema Verification of Imperative Programs in Theorema Laura Ildikó Kovács, Nikolaj Popov, Tudor Jebelean 1 Research Institute for Symbolic Computation, Johannes Kepler University, A-4040 Linz, Austria Institute

More information

Outline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References

Outline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References Outline Computer Science 331 Introduction to Testing of Programs Mike Jacobson Department of Computer Science University of Calgary Lecture #3-4 1 Denitions 2 3 4 Implementation and Evaluation 5 Debugging

More information

Know or Go Practical Quest for Reliable Software

Know or Go Practical Quest for Reliable Software Know or Go Practical Quest for Reliable Software Dr.-Ing. Jörg Barrho Dr.-Ing. Ulrich Wünsche AVACS Project meeting 25.09.2014 2014 Rolls-Royce Power Systems AG The information in this document is the

More information

Automated Theorem Proving - summary of lecture 1

Automated Theorem Proving - summary of lecture 1 Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of

More information

Model-based Security Testing of a Health-Care System Architecture:

Model-based Security Testing of a Health-Care System Architecture: Model-based Security Testing of a Health-Care System Architecture: A Case Study Achim Brucker (SAP), Lukas Brügger (ETH), Paul Kearney(BT) and Burkhart Wolff* *Université Paris-Sud, Laboratoire de Recherche

More information

Deductive Program Verification

Deductive Program Verification ORSAY N o d ordre : 1448 UNIVERSITÉ DE PARIS-SUD 11 CENTRE D ORSAY THÈSE présentée pour obtenir L HABILITATION À DIRIGER DES RECHERCHES DE L UNIVERSITÉ PARIS-SUD 11 PAR Jean-Christophe Filliâtre SUJET

More information

Towards a Formally Verified Kernel Module

Towards a Formally Verified Kernel Module Towards a Formally Verified Kernel Module Joaquim Tojal 1,2, Carlos Carloto 1, José Miguel Faria 2, and Simão Melo de Sousa 1,3 1 University of Beira Interior,Dept. of Computer Science, Covilhã, Portugal

More information

Computing Concepts with Java Essentials

Computing Concepts with Java Essentials 2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Computing Concepts with Java Essentials 3rd Edition Cay Horstmann

More information

A Case Study on Verification of a Cloud Hypervisor by Proof and Structural Testing

A Case Study on Verification of a Cloud Hypervisor by Proof and Structural Testing A Case Study on Verification of a Cloud Hypervisor by Proof and Structural Testing Nikolai Kosmatov 1, Matthieu Lemerre 1, and Céline Alec 2 1 CEA, LIST, Software Reliability Laboratory, PC 174, 91191

More information

Introduction to Programming (in C++) Conclusions. Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC

Introduction to Programming (in C++) Conclusions. Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC Introduction to Programming (in C++) Conclusions Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC Why is programming hard? Part of the difficulty is that we have many requirements.

More information

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science updated 03/08/2012 Unit 1: JKarel 8 weeks http://www.fcps.edu/is/pos/documents/hs/compsci.htm

More information

An overview of JML tools and applications

An overview of JML tools and applications This article appears in Software Tools for Technology Transfer. The original version is available at www.springerlink.com An overview of JML tools and applications Lilian Burdy 1, Yoonsik Cheon 2, David

More information

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER Comprehensive Static Analysis Using Polyspace Products A Solution to Today s Embedded Software Verification Challenges WHITE PAPER Introduction Verification of embedded software is a difficult task, made

More information

Interpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters

Interpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters Interpreters and virtual machines Michel Schinz 2007 03 23 Interpreters Interpreters Why interpreters? An interpreter is a program that executes another program, represented as some kind of data-structure.

More information

Usable Verification of Object-Oriented Programs by Combining Static and Dynamic Techniques

Usable Verification of Object-Oriented Programs by Combining Static and Dynamic Techniques Usable Verification of Object-Oriented Programs by Combining Static and Dynamic Techniques Julian Tschannen, Carlo A. Furia, Martin Nordio, and Bertrand Meyer Chair of Software Engineering, ETH Zurich,

More information

The CompCert verified C compiler

The CompCert verified C compiler The CompCert verified C compiler Compiler built and proved by Xavier Leroy et al. Talk given by David Pichardie - Harvard University / INRIA Rennes Slides largely inspired by Xavier Leroy own material

More information

Computer-Assisted Theorem Proving for Assuring the Correct Operation of Software

Computer-Assisted Theorem Proving for Assuring the Correct Operation of Software 1 Computer-Assisted Theorem Proving for Assuring the Correct Operation of Software Amy Felty University of Ottawa Introduction to CSI5110 2 The General Problem From Evan I. Schwartz, Trust Me, I m Your

More information

InvGen: An Efficient Invariant Generator

InvGen: An Efficient Invariant Generator InvGen: An Efficient Invariant Generator Ashutosh Gupta and Andrey Rybalchenko Max Planck Institute for Software Systems (MPI-SWS) Abstract. In this paper we present InvGen, an automatic linear arithmetic

More information

Automated Detection of Non-Termination and NullPointerExceptions for Java Bytecode

Automated Detection of Non-Termination and NullPointerExceptions for Java Bytecode Automated Detection of Non-Termination and NullPointerExceptions for Java Bytecode Marc Brockschmidt, Thomas Ströder, Carsten Otto, and Jürgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany Abstract.

More information

Combining Theorem Proving with Static Analysis for Data Structure Consistency

Combining Theorem Proving with Static Analysis for Data Structure Consistency Combining Theorem Proving with Static Analysis for Data Structure Consistency Karen Zee, Patrick Lam, Viktor Kuncak, and Martin Rinard Computer Science and Artificial Intelligence Laboratory Massachusetts

More information

Computer Arithmetic Aliasing issues: Call by reference, Pointer programs

Computer Arithmetic Aliasing issues: Call by reference, Pointer programs Computer Arithmetic Aliasing issues: Call by reference, Pointer programs Claude Marché Cours MPRI 2-36-1 Preuve de Programme 24 janvier 2014 Outline Exercises from last lecture Computer Arithmetic Handling

More information

Software Engineering and Automated Deduction

Software Engineering and Automated Deduction Software Engineering and Automated Deduction Willem Visser Stellenbosch University Stellenbosch, South Africa visserw@sun.ac.za Nikolaj Bjørner Microsoft Research Redmond, WA, USA nbjorner@microsoft.com

More information

Verifying Spec# Delegates. Samuele Gantner

Verifying Spec# Delegates. Samuele Gantner Verifying Spec# Delegates Samuele Gantner Master s Thesis Chair of Programming Methodology Department of Computer Science ETH Zurich pm.inf.ethz.ch March 2008 - September 2008 Supervised by: Joseph N.

More information

Lecture Notes on Linear Search

Lecture Notes on Linear Search Lecture Notes on Linear Search 15-122: Principles of Imperative Computation Frank Pfenning Lecture 5 January 29, 2013 1 Introduction One of the fundamental and recurring problems in computer science is

More information

Obfuscation: know your enemy

Obfuscation: know your enemy Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Prelude Prelude Plan 1 Introduction What is obfuscation? 2 Control flow obfuscation 3 Data flow

More information

AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS

AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS TKK Reports in Information and Computer Science Espoo 2009 TKK-ICS-R26 AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS Kari Kähkönen ABTEKNILLINEN KORKEAKOULU TEKNISKA HÖGSKOLAN HELSINKI UNIVERSITY OF

More information

Software Engineering Reference Framework

Software Engineering Reference Framework Software Engineering Reference Framework Michel Chaudron, Jan Friso Groote, Kees van Hee, Kees Hemerik, Lou Somers, Tom Verhoeff. Department of Mathematics and Computer Science Eindhoven University of

More information

Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm

Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm David Crocker Escher Technologies Ltd. Aldershot, United Kingdom dcrocker@eschertech.com Abstract. In recent years, large sectors

More information

Towards practical reactive security audit using extended static checkers

Towards practical reactive security audit using extended static checkers Towards practical reactive security audit using extended static checkers Julien Vanegue Bloomberg L.P. New York, NY, USA jvanegue@bloomberg.net Shuvendu K. Lahiri Microsoft Research Redmond, WA, USA shuvendu@microsoft.com

More information

Formal Verification of Software

Formal Verification of Software Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification

More information

HOL-TestGen/fw An Environment for Specification-Based Firewall Conformance Testing

HOL-TestGen/fw An Environment for Specification-Based Firewall Conformance Testing HOL-TestGen/fw An Environment for Specification-Based Firewall Conformance Testing Achim D. Brucker 1, Lukas Brügger 2, and Burkhart Wolff 3 1 SAP AG, Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany

More information

Intro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work

Intro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work Intro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work DNS (internet Domain Name System) is the protocol for

More information

Software Engineering Techniques

Software Engineering Techniques Software Engineering Techniques Low level design issues for programming-in-the-large. Software Quality Design by contract Pre- and post conditions Class invariants Ten do Ten do nots Another type of summary

More information

Habanero Extreme Scale Software Research Project

Habanero Extreme Scale Software Research Project Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead

More information

Data Model Bugs. Ivan Bocić and Tevfik Bultan

Data Model Bugs. Ivan Bocić and Tevfik Bultan Data Model Bugs Ivan Bocić and Tevfik Bultan Department of Computer Science University of California, Santa Barbara, USA bo@cs.ucsb.edu bultan@cs.ucsb.edu Abstract. In today s internet-centric world, web

More information

Introduction to Promela and SPIN. LACL, Université Paris 12

Introduction to Promela and SPIN. LACL, Université Paris 12 Introduction to Promela and SPIN LACL, Université Paris 12 Promela = Process Meta Language A specification language! No programming language! Used for system description : Specify an abstraction of the

More information

Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors

Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors Klaus Wissing PolySpace Technologies GmbH Argelsrieder Feld 22 82234 Wessling-Oberpfaffenhofen

More information

FORMALLY CERTIFIED SATISFIABILITY SOLVING. Duck Ki Oe. An Abstract

FORMALLY CERTIFIED SATISFIABILITY SOLVING. Duck Ki Oe. An Abstract FORMALLY CERTIFIED SATISFIABILITY SOLVING by Duck Ki Oe An Abstract Of a thesis submitted in partial fulfillment of the requirements for the Doctor of Philosophy degree in Computer Science in the Graduate

More information

Monitoring Java Code Using ConGu

Monitoring Java Code Using ConGu Monitoring Java Code Using ConGu V.T. Vasconcelos, I. Nunes, A. Lopes, N. Ramiro, P. Crispim Departamento de Informática, Faculdade de Ciências, Universidade de Lisboa 1749 016 Lisboa, Portugal Abstract

More information

VDM vs. Programming Language Extensions or their Integration

VDM vs. Programming Language Extensions or their Integration VDM vs. Programming Language Extensions or their Integration Alexander A. Koptelov and Alexander K. Petrenko Institute for System Programming of Russian Academy of Sciences (ISPRAS), B. Communisticheskaya,

More information

Automated Formal Analysis of Internet Routing Systems

Automated Formal Analysis of Internet Routing Systems Automated Formal Analysis of Internet Routing Systems Boon Thau Loo University of Pennsylvania [Joint work with Anduo Wang (Penn -> UIUC), Wenchao Zhou (Georgetown), Andre Scedrov (Penn), Limin Jia (CMU),

More information

https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois Runtime Verification, Inc. (RV): startup company aimed at bringing the best

More information

Loop Invariants and Binary Search

Loop Invariants and Binary Search Loop Invariants and Binary Search Chapter 4.3.3 and 9.3.1-1 - Outline Ø Iterative Algorithms, Assertions and Proofs of Correctness Ø Binary Search: A Case Study - 2 - Outline Ø Iterative Algorithms, Assertions

More information

Managing Proof Documents for Asynchronous Processing

Managing Proof Documents for Asynchronous Processing Managing Proof Documents for Asynchronous Processing Holger Gast Wilhelm-Schickard-Institut für Informatik University of Tübingen 22.8.2008 UITP 08, Montreal H. Gast Asynchronous Proof Document Management

More information

Rigorous Software Development CSCI-GA 3033-009

Rigorous Software Development CSCI-GA 3033-009 Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 5 Disclaimer. These notes are derived from notes originally developed by Joseph Kiniry, Gary Leavens, Erik Poll,

More information

4 PSP DC : An Adaptation of the PSP to Incorporate Verified Design by Contract

4 PSP DC : An Adaptation of the PSP to Incorporate Verified Design by Contract 4 PSP DC : An Adaptation of the PSP to Incorporate Verified Design by Contract Silvana Moreno, Universidad de la República Álvaro Tasistro, Universidad ORT Uruguay Diego Vallespir, Universidad de la República

More information

Optimizing the User Experience of a Social Content Management Software for Casual Users

Optimizing the User Experience of a Social Content Management Software for Casual Users Optimizing the User Experience of a Social Content Management Software for Casual Users 10.08.2015, TU München Florian Katenbrink, Thomas Reschenhofer, Prof. Dr. Florian Matthes Software Engineering for

More information

Model Driven Security: Foundations, Tools, and Practice

Model Driven Security: Foundations, Tools, and Practice Model Driven Security: Foundations, Tools, and Practice David Basin, Manuel Clavel, and ETH Zurich, IMDEA Software Institute Thursday 1st, 2011 Outline I 1 Models Analysis. Types. 2 The Object Constraint

More information

Rigorous Software Development CSCI-GA 3033-009

Rigorous Software Development CSCI-GA 3033-009 Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 11 Semantics of Programming Languages Denotational Semantics Meaning of a program is defined as the mathematical

More information

µz An Efficient Engine for Fixed points with Constraints

µz An Efficient Engine for Fixed points with Constraints µz An Efficient Engine for Fixed points with Constraints Kryštof Hoder, Nikolaj Bjørner, and Leonardo de Moura Manchester University and Microsoft Research Abstract. The µz tool is a scalable, efficient

More information

Introduction to Static Analysis for Assurance

Introduction to Static Analysis for Assurance Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis?

More information

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java Jesús Mauricio Chimento 1, Wolfgang Ahrendt 1, Gordon J. Pace 2, and Gerardo Schneider 3 1 Chalmers University of Technology, Sweden.

More information

Semantic Analysis: Types and Type Checking

Semantic Analysis: Types and Type Checking Semantic Analysis Semantic Analysis: Types and Type Checking CS 471 October 10, 2007 Source code Lexical Analysis tokens Syntactic Analysis AST Semantic Analysis AST Intermediate Code Gen lexical errors

More information

Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers

Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers TIMOTHY S. GEGG-HARRISON Winona State University Although computer scientists understand the importance of discrete

More information

Glossary of Object Oriented Terms

Glossary of Object Oriented Terms Appendix E Glossary of Object Oriented Terms abstract class: A class primarily intended to define an instance, but can not be instantiated without additional methods. abstract data type: An abstraction

More information

Software testing. Objectives

Software testing. Objectives Software testing cmsc435-1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating

More information

Software Verification and System Assurance

Software Verification and System Assurance Software Verification and System Assurance John Rushby Based on joint work with Bev Littlewood (City University UK) Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Verification

More information

Test Automation Architectures: Planning for Test Automation

Test Automation Architectures: Planning for Test Automation Test Automation Architectures: Planning for Test Automation Douglas Hoffman Software Quality Methods, LLC. 24646 Heather Heights Place Saratoga, California 95070-9710 Phone 408-741-4830 Fax 408-867-4550

More information

1. Properties of Transactions

1. Properties of Transactions Department of Computer Science Software Development Methodology Transactions as First-Class Concepts in Object-Oriented Programming Languages Boydens Jeroen Steegmans Eric 13 march 2008 1. Properties of

More information

A case study of C source code verification: the Schorr-Waite algorithm

A case study of C source code verification: the Schorr-Waite algorithm A case study of C source code verification: the Schorr-Waite algorithm Thierry Hubert Claude Marché PCRI LRI (CNRS UMR 8623) INRIA Futurs Université Paris 11 Bât 490, Université Paris-sud, 91405 Orsay

More information

Building SMT-based Software Model Checkers: an Experience Report

Building SMT-based Software Model Checkers: an Experience Report Building SMT-based Software Model Checkers: an Experience Report Alessandro Armando Artificial Intelligence Laboratory (AI-Lab) Dipartimento di Informatica Sistemistica e Telematica (DIST) University of

More information

Provably Secure DNS: A Case Study in Reliable Software

Provably Secure DNS: A Case Study in Reliable Software Provably Secure DNS: A Case Study in Reliable Software Barry Fagin and Martin Carlisle Department of Computer Science US Air Force Academy Colorado Springs, CO 80840 USA {barry.fagin, martin.carlisle}@usafa.edu

More information

Tool Support for Invariant Based Programming

Tool Support for Invariant Based Programming Tool Support for Invariant Based Programming Ralph-Johan Back and Magnus Myreen Abo Akademi University, Department of Computer Science Lemminkainenkatu 14 A, FIN-20520 Turku, Finland Email: backrj@abo.fi,

More information

Oracle PL/SQL Programming

Oracle PL/SQL Programming FOURTH EDITION Oracle PL/SQL Programming Steven Feuerstein with Bill Pribvl O'REILLY' Beijing Cambridge Farnham Köln Paris Sebastopol Taipei Tokyo Table of Contents Preface xiii Part 1. Programming in

More information

Best Practices for Verification, Validation, and Test in Model- Based Design

Best Practices for Verification, Validation, and Test in Model- Based Design 2008-01-1469 Best Practices for Verification, Validation, and in Model- Based Design Copyright 2008 The MathWorks, Inc. Brett Murphy, Amory Wakefield, and Jon Friedman The MathWorks, Inc. ABSTRACT Model-Based

More information

AURA: A language with authorization and audit

AURA: A language with authorization and audit AURA: A language with authorization and audit Steve Zdancewic University of Pennsylvania WG 2.8 2008 Security-oriented Languages Limin Jia, Karl Mazurak, Jeff Vaughan, Jianzhou Zhao Joey Schorr and Luke

More information

Applications of formal verification for secure Cloud environments at CEA LIST

Applications of formal verification for secure Cloud environments at CEA LIST Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,... SEC2, Lille, June 30 th, 2015 N. Kosmatov (CEA LIST) Formal

More information

Static vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together. Outline

Static vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together. Outline Static vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together S. Tucker Taft and Brian Lesuer SQGNE December 2006 Outline The Challenges Facing Software Testing A Software Testing

More information

PROBLEM SOLVING SEVENTH EDITION WALTER SAVITCH UNIVERSITY OF CALIFORNIA, SAN DIEGO CONTRIBUTOR KENRICK MOCK UNIVERSITY OF ALASKA, ANCHORAGE PEARSON

PROBLEM SOLVING SEVENTH EDITION WALTER SAVITCH UNIVERSITY OF CALIFORNIA, SAN DIEGO CONTRIBUTOR KENRICK MOCK UNIVERSITY OF ALASKA, ANCHORAGE PEARSON PROBLEM SOLVING WITH SEVENTH EDITION WALTER SAVITCH UNIVERSITY OF CALIFORNIA, SAN DIEGO CONTRIBUTOR KENRICK MOCK UNIVERSITY OF ALASKA, ANCHORAGE PEARSON Addison Wesley Boston San Francisco New York London

More information

Overview presentation, CIEL, Bordeaux, 9 June 2015. Means Eidgenösische Technische Hochschule (German)

Overview presentation, CIEL, Bordeaux, 9 June 2015. Means Eidgenösische Technische Hochschule (German) Chair of Software Engineering, ETH Zurich Overview presentation, CIEL, Bordeaux, 9 June 2015 Bertrand Meyer 1 ETH Means Eidgenösische Technische Hochschule (German) The only federal university in Switzerland

More information

Global Constraints in Software Testing Applications

Global Constraints in Software Testing Applications Global Constraints in Software Testing Applications Arnaud Gotlieb Simula Research Laboratory Norway 1/34 The Certus Centre Software Validation and Verification Cisco Systems Norway Hosted by SIMULA Established

More information

The Click2NetFPGA Toolchain. Teemu Rinta-aho, Mika Karlstedt, Madhav P. Desai USENIX ATC 12, Boston, MA, 13 th of June, 2012

The Click2NetFPGA Toolchain. Teemu Rinta-aho, Mika Karlstedt, Madhav P. Desai USENIX ATC 12, Boston, MA, 13 th of June, 2012 The Click2NetFPGA Toolchain Teemu Rinta-aho, Mika Karlstedt, Madhav P. Desai USENIX ATC 12, Boston, MA, 13 th of June, 2012 Click2NetFPGA We have explored the possibilities of High Level Synthesis (HLS)

More information

Runtime Checking for Program Verification

Runtime Checking for Program Verification Runtime Checking for Program Verification Karen Zee 1, Viktor Kuncak 2, Michael Taylor 3, and Martin Rinard 1 1 MIT Computer Science and Artificial Intelligence Laboratory; Cambridge, USA 2 École Polytechnique

More information

340368 - FOPR-I1O23 - Fundamentals of Programming

340368 - FOPR-I1O23 - Fundamentals of Programming Coordinating unit: 340 - EPSEVG - Vilanova i la Geltrú School of Engineering Teaching unit: 723 - CS - Department of Computer Science Academic year: Degree: 2015 BACHELOR'S DEGREE IN INFORMATICS ENGINEERING

More information

Smallfoot: Modular Automatic Assertion Checking with Separation Logic

Smallfoot: Modular Automatic Assertion Checking with Separation Logic In: FMCO 2005, LNCS 4111, pp. 115 137. Smallfoot: Modular Automatic Assertion Checking with Separation Logic Josh Berdine 1, Cristiano Calcagno 2, and Peter W. O Hearn 3 1 Microsoft Research 2 Imperial

More information