automata in infinite state formal verification
play

Automata in Infinite-State Formal Verification Ond rej Leng al - PowerPoint PPT Presentation

Dec 10, 2022 •127 likes •562 views

Automata in Infinite-State Formal Verification Ond rej Leng al Advisor: prof. Ing. Tom a s Vojnar, Ph.D. (Co-supervised by: Mgr. Luk a s Hol k, Ph.D.) Faculty of Information Technology Brno University of Technology Ond

  1. Automata in Infinite-State Formal Verification Ondˇ rej Leng´ al Advisor: prof. Ing. Tom´ aˇ s Vojnar, Ph.D. (Co-supervised by: Mgr. Luk´ aˇ s Hol´ ık, Ph.D.) Faculty of Information Technology Brno University of Technology Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 1 / 29

  2. Introduction Scope of the Thesis Formal verification of programs with complex dynamic data structures, e.g. lists, trees, skip lists, . . . used in OS kernels, standard libraries, . . . decision procedures of logics: WS1S, separation logic, using the theory of automata, � development of efficient automata manipulation techniques. Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 2 / 29

  3. Forest Automata-based Verification of Heap Programs Introduction Forest Automata-based Verification Verification of memory-safety of heap-manipulating programs, infinitely many heap configurations � symbolic representation, representation mostly based on logics, graphs, automata. Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 3 / 29

  4. Forest Automata-based Verification of Heap Programs Introduction Forest Automata-based Verification Our approach: decompose heap into cutpoint-free tree components (a forest) right y ⊥ x 1 2 3 right right left left next next right ⊥ next ⊥ x: 1 l ⇒ right e left right right right f left left left next t next next ⊥ y: 3 2 left right ⊥ ⊥ ⊥ ⊥ ⊥ 2 2 right left left ⊥ ⊥ ⊥ a) a graph, and b) its forest representation Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 4 / 29

  5. Forest Automata-based Verification of Heap Programs Introduction Forest Automata-based Verification Our approach: decompose heap into cutpoint-free tree components (a forest) right y ⊥ x 1 2 3 right right left left next next right ⊥ next ⊥ x: 1 l ⇒ right e left right right right f left left left next t next next ⊥ y: 3 2 left right ⊥ ⊥ ⊥ ⊥ ⊥ 2 2 right left left ⊥ ⊥ ⊥ a) a graph, and b) its forest representation sets of heaps: • collect 1 st , 2 nd , . . . trees from all forests into sets of trees, • represent each set of trees by a tree automaton, • tuple of tree automata � a forest automaton : FA = ( TA 1 , . . . , TA n ) . Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 4 / 29

  6. Forest Automata-based Verification of Heap Programs Introduction Forest Automata-based Verification The analysis: based on abstract interpretation: for every line of code, compute forest automata representing reachable heap configurations at this line, until fixpoint, program statements are substituted by abstract transformers performing the corresponding operation on forest automata, at loop points, do widening (over-approximation). Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 5 / 29

  7. Forest Automata-based Verification of Heap Programs Introduction Forest Automata-based Verification Hierarchical Forest Automata • deal with families of graphs with unbounded number of cutpoints, ◮ doubly linked lists, skip lists, red-black trees, . . . • FAs are symbols ( boxes ) of FAs of a higher level • a hierarchy of FAs • intuition: replace repeated subgraphs by a symbol, hide cut-points Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 6 / 29

  8. Forest Automata-based Verification of Heap Programs Introduction Forest Automata-based Verification Hierarchical Forest Automata • deal with families of graphs with unbounded number of cutpoints, ◮ doubly linked lists, skip lists, red-black trees, . . . • FAs are symbols ( boxes ) of FAs of a higher level • a hierarchy of FAs • intuition: replace repeated subgraphs by a symbol, hide cut-points doubly linked segment   next     in out   Example: a box DLS : L ( DLS ) = 1 2       prev next next next next next . . . x: 1 2 3 4 5 prev prev prev prev prev Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 6 / 29

  9. Forest Automata-based Verification of Heap Programs Introduction Forest Automata-based Verification Hierarchical Forest Automata • deal with families of graphs with unbounded number of cutpoints, ◮ doubly linked lists, skip lists, red-black trees, . . . • FAs are symbols ( boxes ) of FAs of a higher level • a hierarchy of FAs • intuition: replace repeated subgraphs by a symbol, hide cut-points doubly linked segment   next     in out   Example: a box DLS : L ( DLS ) = 1 2       prev DLS DLS DLS DLS DLS . . . x: 1 Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 6 / 29

  10. Forest Automata-based Verification of Heap Programs Fully Automated Shape Analysis with Forest Automata Result 1 Fully Automated Shape Analysis with Forest Automata Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 7 / 29

  11. Forest Automata-based Verification of Heap Programs Fully Automated Shape Analysis with Forest Automata Fully Automated Shape Analysis with Forest Automata The need to construct automatically a good hierarchy of boxes; finding the right boxes is hard, Contribution: an algorithm that finds suitable subgraphs to fold into boxes, works for a large class of data structures • (nested) lists, trees, skip lists, . . . Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 8 / 29

  12. Forest Automata-based Verification of Heap Programs Fully Automated Shape Analysis with Forest Automata Fully Automated Shape Analysis with Forest Automata The need to construct automatically a good hierarchy of boxes; finding the right boxes is hard, Contribution: an algorithm that finds suitable subgraphs to fold into boxes, works for a large class of data structures • (nested) lists, trees, skip lists, . . . Suitable subgraphs: a compromise: smaller subgraphs are better, • can be reused, bigger subgraphs are better, • can hide cutpoints, � find small enough subgraphs that effectively hide cutpoints. Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 8 / 29

  13. Forest Automata-based Verification of Heap Programs Fully Automated Shape Analysis with Forest Automata Fully Automated Shape Analysis with FAs—Results implemented in Forester tool Table: comparison with Predator (many SV-COMP medals) [s] Example FA Predator Example FA Predator SLL (delete) 0.04 0.04 DLL (reverse) 0.06 0.03 SLL (bubblesort) 0.04 0.03 DLL (insert) 0.07 0.05 SLL (mergesort) 0.15 0.10 DLL (insertsort 1 ) 0.40 0.11 SLL (insertsort) 0.05 0.04 DLL (insertsort 2 ) 0.12 0.05 SLL (reverse) 0.03 0.03 DLL of CDLLs 1.25 0.22 SLL+head 0.05 0.03 DLL+subdata 0.09 T SLL of 0/1 SLLs 0.03 0.11 CDLL 0.03 0.03 SLL Linux 0.03 0.03 tree 0.14 Err SLL of CSLLs 0.73 0.12 tree+parents 0.21 T SLL of 2CDLLs Linux 0.17 0.25 tree+stack 0.08 Err Deutsch- skip list 2 0.42 T tree (DSW) 0.40 Err Schorr-Waite skip list 3 9.14 T tree of CSLLs 0.42 Err false positive timeout al, Rogalewicz, ˇ Hol´ ık, Leng´ Sim´ aˇ cek, and Vojnar. Fully Automated Shape Analysis Based on Forest Automata. In Proc. of CAV’13 , LNCS 8044. Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 9 / 29

  14. Forest Automata-based Verification of Heap Programs Verification of Heap Programs with Ordered Data Result 2 Verification of Heap Programs with Ordered Data Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 10 / 29

  15. Forest Automata-based Verification of Heap Programs Verification of Heap Programs with Ordered Data Verification of Heap Programs with Ordered Data Sometimes, correctness of programs manipulating heap depends on relations among data values stored inside, verification of sorting algorithms, search trees, skip lists, . . . Contribution: extension of the formalism of FAs with ordering constraints, extension of the FA-based shape analysis for the extended FAs. Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 11 / 29

  16. Forest Automata-based Verification of Heap Programs Verification of Heap Programs with Ordered Data Verification of Heap Programs with Ordered Data 2 types of constraints: Local: • stored in symbols of tree automata, • encode relations between neighbouring nodes. q → a ( r , s ) : 0 ≺ 1 Global: • stored separately, • encode relations between distant nodes. TA 1 ≺ TA 2 Ondˇ rej Leng´ al (FIT BUT) Automata in Infinite-State Formal Verification July 2, 2015 12 / 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011

Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011

Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011 Florent Jacquemard INRIA Saclay & LSV (UMR CNRS/ENS Cachan) florent.jacquemard@inria.fr http://www.lsv.ens-cachan.fr/~jacquema TATA book

2.19k views • 200 slides
B uchi Automata and their Application to Software Verification Finite Automata Theory and

B uchi Automata and their Application to Software Verification Finite Automata Theory and

B uchi Automata and their Application to Software Verification Finite Automata Theory and Formal Languages Wolfgang Ahrendt 22nd April 2013 B uchi Automata: TMV027/DIT321 / GU 130423 1 / 25 Motivating Temporal Logic? But How to

832 views • 64 slides
Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova -

Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova -

Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova - November 2002 1 Why Consider Infinite-State Systems ? Real-time Constraints Embedded systems, telecommunication protocols, etc. Infinite Data

850 views • 73 slides
Weak Singular Hybrid Automata Formal Modeling and Verification for Cyber-Physical Systems Krishna

Weak Singular Hybrid Automata Formal Modeling and Verification for Cyber-Physical Systems Krishna

Weak Singular Hybrid Automata Formal Modeling and Verification for Cyber-Physical Systems Krishna S. Umang Mathur Ashutosh Trivedi Department of Computer Science and Engineering IIT Bombay, Mumbai, India January 18, 2014 Krishna S., Umang

929 views • 58 slides
Algebraic Decomposition of Finite State Automata and Formal Models of Understanding University

Algebraic Decomposition of Finite State Automata and Formal Models of Understanding University

Attila Egri-Nagy, Chrystopher L. Nehaniv Algebraic Decomposition of Finite State Automata and Formal Models of Understanding University of Hertfordshire, United Kingdom Outline Krohn-Rhodes Theory Formal models of understanding,

193 views • 16 slides
Formal Verification of Real Time Systems Timed Automata Radek Pel anek Basic Concepts

Formal Verification of Real Time Systems Timed Automata Radek Pel anek Basic Concepts

Basic Concepts Theoretical Results Practical Verification Summary Formal Verification of Real Time Systems Timed Automata Radek Pel anek Basic Concepts Theoretical Results Practical Verification Summary Aim of the Lecture knowledge of

849 views • 67 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1 Computer Systems Institute, ETH Z urich 2 Institute for Formal Models and Verification, JKU Linz http://www.inf.ethz.ch/schuppan/

1.23k views • 18 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Finite-State Automata Formal Languages in brief Regular Expressions Finite-State

Finite-State Automata Formal Languages in brief Regular Expressions Finite-State

Formal Languages, Regular Expressions and Finite-State Automata Formal Languages in brief Regular Expressions Finite-State Automata (FSA) Non-Deterministic FSA (NFSA or NFA) Regular and Non-Regular Languages Speech and

1.16k views • 52 slides
Modal -Calculus and Alternating Tree Automata Seminar Automata, Logics, and Infinite

Modal -Calculus and Alternating Tree Automata Seminar Automata, Logics, and Infinite

Department of Computer Science Institute for Theoretical Computer Science Modal -Calculus and Alternating Tree Automata Seminar Automata, Logics, and Infinite Games Patrick Bahr s0404888@inf.tu-dresden.de Dresden, February 1, 2008

461 views • 45 slides
Infinite Automata, Logics and Games Angeliki Chalki NTUA March 28, 2017 . . . . . . . .

Infinite Automata, Logics and Games Angeliki Chalki NTUA March 28, 2017 . . . . . . . .

Outline -Automata Nondeterministic Tree Automata Ehrenfeucht-Frass Games Infinite Automata, Logics and Games Angeliki Chalki NTUA March 28, 2017 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

293 views • 26 slides
Automata and Formal Languages Grammars Regular Expressions Example of Peter Wood Research

Automata and Formal Languages Grammars Regular Expressions Example of Peter Wood Research

Automata and Formal Languages Peter Wood Motivation and Background Automata Automata and Formal Languages Grammars Regular Expressions Example of Peter Wood Research Conclusion Department of Computer Science and Information Systems

625 views • 46 slides
Automata and Formal Languages Grammars Regular Expressions Example of Peter Wood Research

Automata and Formal Languages Grammars Regular Expressions Example of Peter Wood Research

Automata and Formal Languages Peter Wood Motivation and Background Automata Automata and Formal Languages Grammars Regular Expressions Example of Peter Wood Research Conclusion Department of Computer Science and Information Systems

750 views • 55 slides
Combining Data Structures with Arithmetic Constraints C. Ringeissen j.w.w. Enrica Nicolini and

Combining Data Structures with Arithmetic Constraints C. Ringeissen j.w.w. Enrica Nicolini and

Combining Data Structures with Arithmetic Constraints C. Ringeissen j.w.w. Enrica Nicolini and Michal Rusinowitch LORIA & INRIA Nancy Grand Est Sophia, June 2010 inrialoria-logo C. Ringeissen (LORIA & INRIA Nancy) Combining Data

498 views • 33 slides
Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law of Information Reconstruction The release of too many overly accurate statistics gives privacy violations. ( , )-Differential Privacy

1.26k views • 76 slides
Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification with Hoare calculus Hoare calculus is based on proof rules manipulating Hoare triples. { P } C { Q } where C is a program P and Q are assertions in some

417 views • 30 slides
Herbrand Theory 1 Herbrand universe The Herbrand universe T ( F ) of a closed formula F in Skolem

Herbrand Theory 1 Herbrand universe The Herbrand universe T ( F ) of a closed formula F in Skolem

First-order Predicate Logic Herbrand Theory 1 Herbrand universe The Herbrand universe T ( F ) of a closed formula F in Skolem form is the set of all terms that can be constructed using the function symbols in F . In the special case that F

539 views • 15 slides
Chapter Eighteen: Uncomputability Formal Language, chapter 18, slide 1 1 The Church-Turing

Chapter Eighteen: Uncomputability Formal Language, chapter 18, slide 1 1 The Church-Turing

Chapter Eighteen: Uncomputability Formal Language, chapter 18, slide 1 1 The Church-Turing Thesis gives a definition of computability, like a border surrounding the algorithmically solvable problems. L ( a * b *) regular languages { a n b

1.23k views • 120 slides
FDCC: a Combined Approach for Solving Constraints over Finite Domains and Arrays ebastien Bardin

FDCC: a Combined Approach for Solving Constraints over Finite Domains and Arrays ebastien Bardin

FDCC: a Combined Approach for Solving Constraints over Finite Domains and Arrays ebastien Bardin (1) , Arnaud Gotlieb (2) S (1) CEA LIST (Paris, France) (2) INRIA (Rennes, France) - Certus V&V Center, Simula (Oslo, Norway) CPAIOR 2012

756 views • 51 slides
Curves and semigroups Ralf Fr oberg 1 Even if one is interested in singularities of alge-

Curves and semigroups Ralf Fr oberg 1 Even if one is interested in singularities of alge-

Curves and semigroups Ralf Fr oberg 1 Even if one is interested in singularities of alge- braic curves, one is lead to analytic functions. The standard example is the irreducible curve y 2 x 2 x 3 = 0 . This has a double point in

490 views • 26 slides
On evolution semigroups and Trotter product operator-norm estimates Artur Stephan joint work

On evolution semigroups and Trotter product operator-norm estimates Artur Stephan joint work

Weierstrass Institute for Applied Analysis and Stochastics On evolution semigroups and Trotter product operator-norm estimates Artur Stephan joint work with Hagen Neidhardt and Valentin Zagrebnov Workshop on Operator Theory and Krein Spaces

448 views • 25 slides

More recommend