Automa Automatic V tic Verif erifica ication f tion for or - - PowerPoint PPT Presentation

automa automatic v tic verif erifica ication f tion for
SMART_READER_LITE
LIVE PREVIEW

Automa Automatic V tic Verif erifica ication f tion for or - - PowerPoint PPT Presentation

Jan 08, 2024 92 likes •491 views

Automa Automatic V tic Verif erifica ication f tion for or Inter Interactiv active Gr Graphical phical Pr Prog ograms ams Car Carl Eastlund l Eastlund Ma Matthias F tthias Felleisen elleisen cce@ccs.neu.edu

slide-1
SLIDE 1

Automa Automatic V tic Verif erifica ication f tion for

  • r

Inter Interactiv active Gr Graphical phical Pr Prog

  • grams

ams

Car Carl Eastlund l Eastlund cce@ccs.neu.edu Ma Matthias F tthias Felleisen elleisen matthias@ccs.neu.edu Northeastern University Boston, Massachusetts

1

slide-2
SLIDE 2

Verification for I/O and Interactive Programs

  • Davis. Reasoning about ACL2 file input. ACL2 ’06.

Dowse et al. Reasoning about deterministic concurrent functional I/O. IFL ’04. Dwyer et al. Analyzing interaction orderings with model checking. ASE ’04. Krishnamurthi and Licata. Verifying interactive web programs. ASE ’04. Godefroid et al. VeriWeb: automatically testing dynamic web sites. WWW ’02.

  • Memon. An event-flow model of GUI-based

applications for testing. STVR ’07.

2

slide-3
SLIDE 3

Cr Crea eating W ting Wor

  • rlds

lds

3

slide-4
SLIDE 4

Dart Game

4

slide-5
SLIDE 5

Dart Game

; A World is either a Natural Number or 'win (big-bang 3 ; : World (on-draw show-game 600 600) (on-mouse throw-dart) (stop-when win-or-lose))

5

slide-6
SLIDE 6

Dart Game

; show-game : World -> Image (defun show-game (w) (cond ((equal w 'win) (text "You win!" 120 'blue)) ((equal w 0) (text "You lose." 120 'blue)) (t (show-darts w (show-target))))) ; throw-dart : ActiveWorld Int Int -> World (defun throw-dart (w x y a) (if (equal a 'button-down) (if (dart-hits x y) 'win (1- w)) w)) ; win-or-lose : World -> Boolean (defun win-or-lose (w) (or (equal w 'win) (equal w 0)))

6

slide-7
SLIDE 7

The W he Wor

  • rld Mac

ld Machine hine

7

slide-8
SLIDE 8

(big-bang *WORLD_0* (on-draw RENDER *WIDTH* *HEIGHT*) (on-tick TOCK *RATE*) (on-key REACT) (on-mouse CLICK) (stop-when DONE))

8

slide-9
SLIDE 9

(on-draw RENDER *WIDTH* *HEIGHT*) ; RENDER : World -> Image ; *WIDTH*, *HEIGHT* : Nat (stop-when DONE) ; DONE : World -> Boolean

9

slide-10
SLIDE 10

(on-tick TOCK *RATE*) ; TOCK : ActiveWorld -> World ; *RATE* : Rational (on-key REACT) ; REACT : ActiveWorld String -> World (on-mouse CLICK) ; CLICK : ActiveWorld Int Int Symbol -> World

10

slide-11
SLIDE 11

11

slide-12
SLIDE 12

; event-loop : World EventList -> World (defun event-loop (w es) (cond ((endp es) w) ((DONE w) w) (t (event-loop (event-handler w (car es)) (cdr es)))))

12

slide-13
SLIDE 13

; event-handler : ActiveWorld Event -> World (defun event-handler (w e) (cond ((tickp e) (TOCK w)) ((keyp e) (REACT w e)) ((mousep e) (CLICK w (mouse-x e) (mouse-y e) (mouse-action e))) (t w)))

13

slide-14
SLIDE 14

Modeling Darts

; event-handler : ActiveWorld Event -> World (defun event-handler (w e) (cond ((mousep e) (throw-dart w (mouse-x e) (mouse-y e) (mouse-action e))) (t w))) ; event-loop : ActiveWorld EventList -> World (defun event-loop (w es) (cond ((endp es) w) ((win-or-lose w) w) (t (event-loop (event-handler w (car es)) (cdr es)))))

14

slide-15
SLIDE 15

No Chea No Cheating! ting!

15

slide-16
SLIDE 16

No Cheating!

(defthm big-bang-darts-left (implies (>= (count-clicks es) 3) (win-or-lose (event-loop 3 es))))

16

slide-17
SLIDE 17

No Cheating!

; count-clicks : EventList -> Nat (defun count-clicks (es) (cond ((endp es) 0) ((clickp (car es)) (1+ (count-clicks (cdr es)))) (t (count-clicks (cdr es))))) (defthm big-bang-darts-left (implies (>= (count-clicks es) 3) (win-or-lose (event-loop 3 es))))

17

slide-18
SLIDE 18

No Cheating!

; clickp : Event -> Boolean (defun clickp (e) (and (mousep e) (equal (mouse-action e) 'button-down))) ; count-clicks : EventList -> Nat (defun count-clicks (es) (cond ((endp es) 0) ((clickp (car es)) (1+ (count-clicks (cdr es)))) (t (count-clicks (cdr es))))) (defthm big-bang-darts-left (implies (>= (count-clicks es) 3) (win-or-lose (event-loop 3 es))))

18

slide-19
SLIDE 19

No Cheating!

(defthm event-loop-darts-left (implies (and (dart-gamep w) (>= (count-clicks es) (darts-left w))) (win-or-lose (event-loop w es))))

19

slide-20
SLIDE 20

No Cheating!

; darts-left : World -> Nat (defun darts-left (w) (if (natp w) w 0)) (defthm event-loop-darts-left (implies (and (dart-gamep w) (>= (count-clicks es) (darts-left w))) (win-or-lose (event-loop w es))))

20

slide-21
SLIDE 21

No Cheating!

; dart-gamep : Any -> Boolean (defun dart-gamep (w) (or (natp w) (equal w 'win))) ; darts-left : World -> Nat (defun darts-left (w) (if (natp w) w 0)) (defthm event-loop-darts-left (implies (and (dart-gamep w) (>= (count-clicks es) (darts-left w))) (win-or-lose (event-loop w es))))

21

slide-22
SLIDE 22

No Cheating!

(defthm event-loop-dart-gamep (implies (dart-gamep w) (dart-gamep (event-loop w es)))) (defthm big-bang-dart-gamep (dart-gamep (event-loop 3 es)))

22

slide-23
SLIDE 23

No Cheating!

(defthm big-bang-dart-gamep (dart-gamep (event-loop 3 es)) :hints (("Goal" :in-theory (disable event-loop-dart-gamep) :use (:instance event-loop-dart-gamep (w 3))))) (defthm big-bang-darts-left (implies (>= (count-clicks es) 3) (win-or-lose (event-loop 3 es))) :hints (("Goal" :in-theory (disable event-loop-darts-left) :use (:instance event-loop-darts-left (w 3)))))

23

slide-24
SLIDE 24

Extending Big Bang

(big-bang *WORLD_0* (on-draw RENDER *WIDTH* *HEIGHT*) (on-tick TOCK *RATE*) (on-key REACT) (on-mouse CLICK) (stop-when DONE) (world-invariant GOOD) (world-measure MEASURE PROGRESS))

24

slide-25
SLIDE 25

Extending Big Bang

(world-invariant GOOD) ; becomes: (defthm event-loop-GOOD (implies (GOOD w) (GOOD (event-loop w es)))) (defthm big-bang-GOOD (GOOD (event-loop *WORLD_0* es)) :hints (("Goal" :in-theory (disable event-loop-GOOD) :use (:instance event-loop-GOOD (w *WORLD_0*)))))

25

slide-26
SLIDE 26

Extending Big Bang

(world-measure MEASURE PROGRESS) ; becomes: (defun count-PROGRESS (es) ...) (defthm event-loop-MEASURE ...) (defthm big-bang-MEASURE ...)

26

slide-27
SLIDE 27

Extending Big Bang

(world-measure MEASURE PROGRESS) ; becomes: (defun count-PROGRESS (es) (cond ((endp es) 0) ((PROGRESS (car es)) (1+ (count-PROGRESS (cdr es)))) (t (count-PROGRESS (cdr es))))) (defthm event-loop-MEASURE ...) (defthm big-bang-MEASURE ...)

27

slide-28
SLIDE 28

Extending Big Bang

(world-measure MEASURE PROGRESS) ; becomes: (defun count-PROGRESS (es) ...) (defthm event-loop-MEASURE (implies (and (GOOD w) (>= (count-PROGRESS es) (MEASURE w))) (DONE (event-loop w es)))) (defthm big-bang-MEASURE ...)

28

slide-29
SLIDE 29

Extending Big Bang

(world-measure MEASURE PROGRESS) ; becomes: (defun count-PROGRESS (es) ...) (defthm event-loop-MEASURE ...) (defthm big-bang-MEASURE (implies (>= (count-PROGRESS es) (MEASURE *WORLD_0*)) (DONE (event-loop *WORLD_0* es))) :hints (("Goal" :in-theory (disable event-loop-MEASURE) :use (:instance event-loop-MEASURE (w *WORLD_0*)))))

29

slide-30
SLIDE 30

Experiments Experiments

30

slide-31
SLIDE 31

Experiments

Worm:

  • all segments are adjacent
  • all segments are on-screen
  • no segments overlap

Blocks:

  • no blocks overlap
  • all blocks are on-screen

Bikes:

  • trails run in cardinal directions

31

slide-32
SLIDE 32

Experiments

UFO:

  • all objects stay on-screen.
  • UFO’s descent acts as a time limit.

Hangman:

  • limit of 5 (failed) + word-length

(successful) keystrokes

32

slide-33
SLIDE 33

Experiments

Editor:

  • partial correctness of

typing, selecting, deleting, and navigating

  • no partial letters are

displayed

  • displayed text is

maximal prefix

33

slide-34
SLIDE 34

Experiments

Pr Project

  • ject

Lines Lines Lemmas Lemmas CPU seconds CPU seconds Hangman 365 11 1.48 Blocks 450 16 0.86 UFO 696 23 13.97 Worm 824 34 4.90 Editor 1,117 59 5.04 Bikes 1,354 84 202.11

34

slide-35
SLIDE 35

Thank Y hank You.

  • u.

35

slide-36
SLIDE 36

Images

; Basic shape constructors: (circle radius mode color) (rectangle width height mode color) (triangle size mode color) (star inner outer points mode color) ; Combining shapes: (add-line image x1 y1 x2 y2 color) (empty-scene width height) (place-image image x y scene) ; Predicates and accessors: (image? x) (image-width image) (image-height image)

36

slide-37
SLIDE 37

Images

(defthm circle/image? (implies (and (natp r) (mode? m) (image-color? c)) (image? (circle r m c)))) (defthm circle/image-width (equal (image-width (circle radius mode color)) (* radius 2))) (defthm circle/image-height (equal (image-height (circle radius mode color)) (* radius 2)))

37

slide-38
SLIDE 38

Images

(defthm empty-text-image-width (implies (and (font-size? size) (image-color? color)) (= (image-width (text "" size color)) 0))) (defthm append-right-text-image-width (implies (and (stringp a) (stringp b) (font-size? size) (image-color? color)) (>= (image-width (text (string-append a b) size color)) (image-width (text a size color))))) (defthm append-left-text-image-width (implies (and (stringp a) (stringp b) (font-size? size) (image-color? color)) (>= (image-width (text (string-append a b) size color)) (image-width (text b size color)))))

38