automated software analysis
play

Automated Software Analysis Andreas Podelski University of Freiburg - PowerPoint PPT Presentation

Nov 16, 2023 •112 likes •696 views

Automated Software Analysis Andreas Podelski University of Freiburg Germany Dienstag, 12. Juli 16 1 new paradigm for automatic verification given a program P , learn a set of correct programs P 1 , ... , P n check whether every behavior

  1. Automated Software Analysis Andreas Podelski University of Freiburg Germany Dienstag, 12. Juli 16 1

  2. • new paradigm for automatic verification • given a program P , learn a set of correct programs P 1 , ... , P n check whether every behavior of P is covered: P ⊆ P 1 ⋃ ... ⋃ P n • program = automaton, check = inclusion between automata • safety and liveness for sequential/concurrent/parametrized programs Dienstag, 12. Juli 16 2

  3. program P construct A n +1 such that 1. w ∈ A n +1 { infeasible traces } 2. A n +1 ⊆ Σ ∗ \ C ORRECT yes w infeasible? w ∈ Σ ∗ \ C ORRECT ? A P ⊆ A 1 ∪ · · · ∪ A n ? no yes no take w such that w ∈ A P \A 1 ∪ · · · ∪ A n P is correct P is incorrect Dienstag, 12. Juli 16 3

  4. Home Video Themen Forum English DER SPIEGEL SPIEGEL TV Abo Shop Schlagzeilen Wetter TV-Programm mehr ▼ Login | Registrierung WIRTSCHAFT Suche Kurse Politik Wirtschaft Panorama Sport Kultur Netzwelt Wissenschaft Gesundheit einestages Karriere Uni Reise Auto Stil Nachrichten > Wirtschaft > Staat & Soziales > Abgasaffäre bei Volkswagen > Bosch weist Mitschuld an VW-Abgasaffäre von sich VW-Abgas-Affäre: Bosch weist Mitschuld von sich Die Technik für die umstrittenen Dieselmodelle in der VW-Abgas-Affäre lieferte Bosch. Doch an der Manipulation will das Unternehmen nicht beteiligt gewesen sein: Die Verantwortung liege allein beim Autobauer. Dienstag, 12. Juli 16 4

  5. global int len; // length of array global int array(len) : tasks; // array of tasks global int next; // position of next available task block global lock m; // lock protecting next thread T: local int : c; // position of current task local int : end; // position of last task in acquired block // acquire block of tasks 1 lock(m); 2 if(next + 10 < = len) 3 { c := next; next := next + 10; end := next; } 4 else 5 { c := next; next := next + 10; end := len; } 6 unlock(m); // perform block of tasks 7 while (c < end): 8 tasks[c] := 0; // mark task c as started . . . // work on the task c 9 tasks[c] := 1; // mark task c as finished 10 assert(tasks[c] == 1); // no other thread has started task c 11 c := c + 1; Dienstag, 12. Juli 16 5

  6. thread T: local int : c; // position of current task local int : end; // position of last task in acquired block // acquire block of tasks 1 lock(m); 2 if(next + 10 < = len) 3 { c := next; next := next + 10; end := next; } 4 else 5 { c := next; next := next + 10; end := len; } 6 unlock(m); end(1) end(35) end ( 34 ) end(2) len . . . . . . c(1) c(2) c(3) c(35) next threads 1 , 2 , . . . , 35 have acquired block of tasks have not yet started working Dienstag, 12. Juli 16 6

  7. global int len; // length of array global int array(len) : tasks; // array of tasks global int next; // position of next available task block global lock m; // lock protecting next thread T: local int : c; // position of current task local int : end; // position of last task in acquired block // acquire block of tasks 1 lock(m); 2 if(next + 10 < = len) 3 { c := next; next := next + 10; end := next; } 4 else 5 { c := next; next := next + 10; end := len; } 6 unlock(m); // perform block of tasks 7 while (c < end): 8 tasks[c] := 0; // mark task c as started . . . // work on the task c 9 tasks[c] := 1; // mark task c as finished 10 assert(tasks[c] == 1); // no other thread has started task c 11 c := c + 1; Dienstag, 12. Juli 16 7

  8. Next ... • learn correct programs from unsatisfiability proofs • learn correct programs from Hoare triples Dienstag, 12. Juli 16 8

  9. • learn correct programs from unsatisfiability proofs • learn correct programs from Hoare triples Dienstag, 12. Juli 16 9

  10. ` 0 : assume p != 0; correct? ` 1 : while(n >= 0) { assert p != 0; ` 2 : if(n == 0) { p := 0; ` 3 : } n--; ` 4 : } Dienstag, 12. Juli 16 10

  11. ` 0 ` 0 : assume p != 0; p != 0 ` 1 : while(n >= 0) { assert p != 0; ` 1 ` 5 n < 0 ` 2 : if(n == 0) n >= 0 { p := 0; ` 3 : n-- ` 2 p == 0 ` err } n == 0 n--; ` 4 : n != 0 ` 3 } p := 0 ` 5 : ` 4 Dienstag, 12. Juli 16 11

  12. ` 0 ` 0 : assume p != 0; p != 0 ` 1 : while(n >= 0) { assert p != 0; ` 1 ` 5 n < 0 ` 2 : if(n == 0) n >= 0 { p := 0; ` 3 : n-- ` 2 p == 0 ` err } n == 0 n--; ` 4 : n != 0 ` 3 } p := 0 ` 5 : ` 4 Dienstag, 12. Juli 16 12

  13. ` 0 p != 0 ` 1 ` 5 n < 0 automaton n >= 0 alphabet: {statements} ` 2 ` err n-- p == 0 n == 0 n != 0 ` 3 p := 0 ` 4 Dienstag, 12. Juli 16 13

  14. ` 0 ` 0 : assume p != 0; p != 0 ` 1 : while(n >= 0) { assert p != 0; ` 1 ` 5 n < 0 ` 2 : if(n == 0) n >= 0 { p := 0; ` 3 : n-- ` 2 p == 0 ` err } n == 0 n--; ` 4 : n != 0 ` 3 } p := 0 ` 5 : ` 4 no execution violates assertion = no execution reaches error location Dienstag, 12. Juli 16 14

  15. all inter-reducible: validity of assert statement non-reachability of error location validity of safety property validity of invariant infeasibility of control flow traces partial correctness partial correctness for pre/postcondition ( true , false ) Dienstag, 12. Juli 16 15

  16. ` 0 p != 0 ` 1 ` 5 n < 0 (p != 0) n >= 0 (n >= 0) (p == 0) ` 2 ` err n-- p == 0 n == 0 n != 0 ` 3 p := 0 ` 4 Dienstag, 12. Juli 16 16

  17. unsatisfiable formula infeasible trace x == 1 ; x == -1 ; x = 1 ∧ x = − 1 x 0 = 1 ∧ x 0 = − 1 x := 1 ; x == -1 ; Dienstag, 12. Juli 16 17

  18. ` 0 p != 0 ` 1 ` 5 n < 0 ( p != 0) (p != 0) n >= 0 (n >= 0) (p == 0) (p==0) ` 2 ` err n-- p == 0 n == 0 n != 0 ` 3 p := 0 ` 4 Dienstag, 12. Juli 16 18

  19. ( p != 0) (p==0) Dienstag, 12. Juli 16 19

  20. Σ q 0 p != 0 ( p != 0) Σ \{ p := 0 } q 1 (p==0) p == 0 Σ q 2 Dienstag, 12. Juli 16 20

  21. Σ q 0 p != 0 ( p != 0) Σ \{ p := 0 } q 1 (p==0) p == 0 Σ q 2 Dienstag, 12. Juli 16 21

  22. Σ q 0 p != 0 ( p != 0) Σ \{ p := 0 } q 1 (p==0) p == 0 Σ q 2 Dienstag, 12. Juli 16 22

  23. Σ q 0 p != 0 ( p != 0) Σ \{ p := 0 } q 1 (p==0) p == 0 Σ q 2 Dienstag, 12. Juli 16 23

  24. correct program (error location is not reachable) Σ q 0 p != 0 (p != 0) (n >= 0) Σ \{ p := 0 } q 1 (p == 0) p == 0 Σ q 2 all error traces of program have the same proof as sample trace (same unsatisfiable core of unsatisfiability proof) Dienstag, 12. Juli 16 24

  25. ⊆ ` 0 Σ q 0 p != 0 p != 0 ` 1 ` 5 n < 0 ? n >= 0 Σ \{ p := 0 } q 1 ` 2 ` err n-- p == 0 n == 0 p == 0 n != 0 ` 3 p := 0 ` 4 Σ q 2 does a proof exist for every error trace ? Dienstag, 12. Juli 16 25

  26. program P construct A n +1 such that 1. w ∈ A n +1 { infeasible traces } 2. A n +1 ⊆ Σ ∗ \ C ORRECT yes w infeasible? w ∈ Σ ∗ \ C ORRECT ? A P ⊆ A 1 ∪ · · · ∪ A n ? no yes no take w such that w ∈ A P \A 1 ∪ · · · ∪ A n P is correct P is incorrect Dienstag, 12. Juli 16 26

  27. new trace: ` 0 p != 0 ` 1 ` 5 n < 0 n >= 0 ` 2 ` err n-- p == 0 n == 0 n != 0 ` 3 p := 0 ` 4 Dienstag, 12. Juli 16 27

  28. new trace: ` 0 p != 0 (p != 0) ` 1 ` 5 n < 0 (n >= 0) (n == 0) n >= 0 (p := 0) (n--) ` 2 ` err n-- p == 0 n == 0 (n >= 0) n != 0 ` 3 (p == 0) p := 0 ` 4 Dienstag, 12. Juli 16 27

  29. ` 0 p != 0 ` 1 ` 5 n < 0 ( n == 0) n >= 0 (n--) ` 2 ` err n-- p == 0 n == 0 (n >= 0) n != 0 ` 3 p := 0 ` 4 Dienstag, 12. Juli 16 28

  30. ` 0 p != 0 (p != 0) ` 1 ` 5 n < 0 (n >= 0) ( n == 0) (n == 0) n >= 0 (p := 0) (n--) (n--) ` 2 ` err n-- p == 0 n == 0 (n >= 0) (n >= 0) n != 0 ` 3 (p == 0) p := 0 ` 4 Dienstag, 12. Juli 16 28

  31. ( n == 0) (n--) (n >= 0) Dienstag, 12. Juli 16 29

  32. p 0 Σ n == 0 ( n == 0) Σ \{ n-- } p 1 (n--) n-- (n >= 0) Σ \{ n-- } p 2 n >= 0 Σ p 3 Dienstag, 12. Juli 16 30

  33. p 0 Σ n == 0 ( n == 0) Σ \{ n-- } p 1 (n--) n-- (n >= 0) Σ \{ n-- } p 2 n >= 0 Σ p 3 Dienstag, 12. Juli 16 31

  34. program constructed from unsatisfiability proof p 0 Σ n == 0 Σ \{ n-- } p 1 n-- Σ \{ n-- } p 2 n >= 0 Σ p 3 all traces with the same unsatisfiability proof Dienstag, 12. Juli 16 32

  35. program constructed from unsatisfiability proof p 0 Σ n == 0 (p != 0) (n >= 0) Σ \{ n-- } p 1 (n == 0) (p := 0) n-- (n--) (n >= 0) Σ \{ n-- } p 2 (p == 0) n >= 0 Σ p 3 all traces with the same unsatisfiability proof Dienstag, 12. Juli 16 32

  36. ⊆ Σ Σ q 0 p 0 ` 0 n == 0 p != 0 p != 0 Σ \{ n-- } ? p 1 ` 1 ` 5 n < 0 ⋃ Σ \{ p := 0 } n-- q 1 n >= 0 Σ \{ n-- } p 2 n-- ` 2 p == 0 ` err p == 0 n == 0 n >= 0 ` 3 n != 0 p := 0 q 2 Σ p 3 Σ ` 4 does a proof exist for every trace ? Dienstag, 12. Juli 16 33

  37. program P construct A n +1 such that 1. w ∈ A n +1 { infeasible traces } 2. A n +1 ⊆ Σ ∗ \ C ORRECT yes w infeasible? w ∈ Σ ∗ \ C ORRECT ? A P ⊆ A 1 ∪ · · · ∪ A n ? no yes no take w such that w ∈ A P \A 1 ∪ · · · ∪ A n P is correct P is incorrect Dienstag, 12. Juli 16 34

  38. previous example: automata from unsatisfiable core (for proof of infeasibility of error trace) add self-loop for each irrelevant statement (does not modify variables in unsatisfiable core) Dienstag, 12. Juli 16 35

  39. automata constructed from unsatisfiable core are not sufficient in general (verification algorithm not complete) Dienstag, 12. Juli 16 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Semi-Automated Analysis Software for a Novel Biochemistry Assay A thesis submitted in partial

Semi-Automated Analysis Software for a Novel Biochemistry Assay A thesis submitted in partial

Semi-Automated Analysis Software for a Novel Biochemistry Assay A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Computer Science Joseph Vesco Special Thanks Dr. Frederick C. Harris, Jr.

785 views • 54 slides
Automated Analysis of Probabilistic Programs Joost-Pieter Katoen Software Modeling and

Automated Analysis of Probabilistic Programs Joost-Pieter Katoen Software Modeling and

ISCAS Beijing Automated Analysis of Probabilistic Programs Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University joint work with Friedrich Gretz and Annabelle McIver September 24, 2013 Joost-Pieter Katoen

477 views • 45 slides
Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu Hou 1 , Jakub Breier 2 , Fuyuan Zhang 3 , and Yang Liu 2 1 National University of Singapore, Singapore 2 HP-NTU Digital Manufacturing Corporate Lab,

513 views • 26 slides
Automated Aspect Recommendation through Clustering-Based Fan-in Analysis Danfeng Zhang , Yao Guo,

Automated Aspect Recommendation through Clustering-Based Fan-in Analysis Danfeng Zhang , Yao Guo,

Automated Aspect Recommendation through Clustering-Based Fan-in Analysis Danfeng Zhang , Yao Guo, Xiangqun Chen Institute of Software, Peking University Talk Outline Background Motivation Clustering-Based Fan-in Analysis (CBFA)

485 views • 30 slides
Towards Automated Software Project Planning Extending Palladio for the Simulation of Software

Towards Automated Software Project Planning Extending Palladio for the Simulation of Software

KPD Symposium 2013 Position Paper Towards Automated Software Project Planning Extending Palladio for the Simulation of Software Processes Oliver Hummel &amp; Robert Heinrich sdq.ipd.kit.edu SOFTWARE DESIGN AND QUALITY GROUP INSTITUTE FOR

233 views • 11 slides
Searching for the Best Tests An Introduction to Automated Software Testing with

Searching for the Best Tests An Introduction to Automated Software Testing with

Searching for the Best Tests An Introduction to Automated Software Testing with Search-Based Techniques Gregory M. Kapfhammer Department of Computer Science Allegheny College March 31, 2015 Software is Everywhere Software is

1.71k views • 144 slides
Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad Ureche, Cristian Zamfir, George Candea School of Computer and Communication Sciences Automated Software Testing Automated Industrial Techniques

1.25k views • 59 slides
Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some

Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some

Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some slides adapted from those by Trent Jaeger Prevention: Program Analysis Any automated analysis at compile or dynamic time to find potential bugs

798 views • 61 slides
Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE SECURITY SPECIALIST Agenda Software Security Overview Software Security Methodologies Security Test Methods Analysis Tools Tools

497 views • 25 slides
Automated Topic Naming to Support Cross-project Analysis of Software Maintenance Activities

Automated Topic Naming to Support Cross-project Analysis of Software Maintenance Activities

Automated Topic Naming to Support Cross-project Analysis of Software Maintenance Activities Abram Hindle Neil A. Ernst Dept. of Computer Science Dept. of Computer Science University of California, Davis University of Toronto Davis, CA, USA

1.11k views • 42 slides
Automated Reasoning for Systems Engineering Laura Kov acs Vienna University of Technology

Automated Reasoning for Systems Engineering Laura Kov acs Vienna University of Technology

Automated Reasoning for Systems Engineering Laura Kov acs Vienna University of Technology Future and Our Motivation 1. Automated reasoning, in particular theorem proving will remain central in software verification and program analysis.

881 views • 69 slides
Evolution of Automated Testing for Enterprise Systems BNSF BNSF Automation Time Line Automated

Evolution of Automated Testing for Enterprise Systems BNSF BNSF Automation Time Line Automated

P R E S E N T A T I O N Presentation Bios F8 Friday, November 2, 2001 11:15 AM E VOLUTION OF A UTOMATED T ESTING FOR E NTERPRISE S YSTEMS Cherie Coles BNSF Railroad International Conference On Software Testing Analysis &amp; Review October

348 views • 22 slides
Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and Algorithms Martin Monperrus, Ph.D. version of Oct 15, 2012 Creative Commons Attribution License Copying and modifying are authorized as long as

818 views • 34 slides
S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical

S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical

S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical Systems Lionel Briand NUS, Singapore, 2019 Dependable Breakfast 2 SnT Center: Mandate 3 SnT Center: Overview 101 M 287 employees 51

1.36k views • 94 slides
Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr

Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr

Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr Harman Jia Marginean Petke CREST, University College London Justyna Petke Automated Software Transplantation Genetic Improvement of Software

418 views • 22 slides
Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution Eric Schulte Department of Computer Science University of New Mexico Albuquerque, NM July 2014 Neutral Networks and Automated Software Evolution

1.51k views • 147 slides
Module 5 Converting incunabula: Practice Uwe Springmann Centrum fr Informations- und

Module 5 Converting incunabula: Practice Uwe Springmann Centrum fr Informations- und

Module 5 Converting incunabula: Practice Uwe Springmann Centrum fr Informations- und Sprachverarbeitung (CIS) Ludwig-Maximilians-Universitt Mnchen (LMU) 2015-09-14 Uwe Springmann Module 5 Converting incunabula: Practice 2015-09-14 1 /

395 views • 8 slides
R&amp;D activities in German nuclear sector A. Schwenk-Ferrero 1) and Th. W. Tromm 2) , A.

R&amp;D activities in German nuclear sector A. Schwenk-Ferrero 1) and Th. W. Tromm 2) , A.

23 rd WiN Global Annual Conference, August 24-29 2015, IAEA HQ Vienna R&amp;D activities in German nuclear sector A. Schwenk-Ferrero 1) and Th. W. Tromm 2) , A. Bohnstedt 2) 1) Institute for Nuclear and Energy Technologies (IKET) 2) NUSAFE: Nuclear

699 views • 25 slides
TextTool.cs Tools Docking UI Effects Core CSharpCommandLineParser.cs JenkinsRule.java /

TextTool.cs Tools Docking UI Effects Core CSharpCommandLineParser.cs JenkinsRule.java /

TextTool.cs Tools Docking UI Effects Core CSharpCommandLineParser.cs JenkinsRule.java / HudsonTestCase.java

829 views • 59 slides
Patients rights have no borders European Communication Campaign European Parliament ,

Patients rights have no borders European Communication Campaign European Parliament ,

Patients rights have no borders European Communication Campaign European Parliament , Brussels 3 May 2016 What? A European communication campaign with online, offline and on-the-spot initiatives on cross-border healthcare rights

498 views • 15 slides
Markov Jabberwocky: Through the Sporking Glass John Kerl Department of Mathematics, University of

Markov Jabberwocky: Through the Sporking Glass John Kerl Department of Mathematics, University of

Markov Jabberwocky: Through the Sporking Glass John Kerl Department of Mathematics, University of Arizona Two Sigma Investments August 26, 2009 January 25, 2012 J. Kerl (Arizona Two Sigma) Markov Jabberwocky: Through the Sporking Glass August

747 views • 31 slides
Introduction: day 2 Alfonso Lara Montero Chief Executive European Social Network HEADING.

Introduction: day 2 Alfonso Lara Montero Chief Executive European Social Network HEADING.

Introduction: day 2 Alfonso Lara Montero Chief Executive European Social Network HEADING. DONT EXCEED LENGTH. JOIN. SHARE. LEARN. Subtitle. Lower case. Dont exceed the length of this. Demographic ageing care in Nordic countries

1.13k views • 80 slides
Computing to the max Last hw? The not-so-subtle art of singling out N-step sleepwalking? the

Computing to the max Last hw? The not-so-subtle art of singling out N-step sleepwalking? the

This would make me hungry but I ate breakfast this morning! Computing to the max Last hw? The not-so-subtle art of singling out N-step sleepwalking? the best (and worst) of anything Turtle graphics?? Artistic renderings!!! a comparison

981 views • 77 slides
Literature for Landscape Management Inhalt 1. Landscape analyses, landscape assessments,

Literature for Landscape Management Inhalt 1. Landscape analyses, landscape assessments,

Joint Master Programme Sustainable Development 2011, Module Land Management 22/03/2011 Literature for Landscape Management Inhalt 1. Landscape analyses, landscape assessments, and landscape changes in Europe ........ 1 2. Impacts

542 views • 7 slides

More recommend