automatic verification of counter systems via domain
play

Automatic verification of counter systems via domain-specific - PowerPoint PPT Presentation

Sep 09, 2022 •424 likes •843 views

Automatic verification of counter systems via domain-specific multi-result supercompilation Andrei V. Klimov Ilya G. Klyuchnikov Sergei A. Romanenko Keldysh Institute of Applied Mathematics Russian Academy of Sciences 2012-07 / Meta 2012

  1. Automatic verification of counter systems via domain-specific multi-result supercompilation Andrei V. Klimov Ilya G. Klyuchnikov Sergei A. Romanenko Keldysh Institute of Applied Mathematics Russian Academy of Sciences 2012-07 / Meta 2012 1/40

  2. Outline SC + filtering/selection = ⇒ analysis/verification 1 Domain-specific supercompilation (DSSC): what are the benefits? 2 Multi-result supercompilation (MRSC): selecting the best results 3 DSSC + MRSC = ⇒ synergistic effect: less CPU and memory resources 4 Conclusions 5 2/40

  3. Outline SC + filtering/selection = ⇒ analysis/verification 1 Domain-specific supercompilation (DSSC): what are the benefits? 2 Multi-result supercompilation (MRSC): selecting the best results 3 DSSC + MRSC = ⇒ synergistic effect: less CPU and memory resources 4 Conclusions 5 3/40

  4. SC + filtering/selection = ⇒ analysis/verification Suppose that sc is a supercompiler such that sc p is semantically equivalent to p . good is a program checker (a human or an algorithm). ( good p = true means that the program p is “good”.) Let us construct a “problem solver”. Problem: let p be such that good p = false . Supercompilation: sc p = p’ . Checking: good p’ = true . (Thus p’ is “more understandable” than p ). Automation: let p’ = sc p in if good p’ then Just p’ else Nothing . Conclusion SC + filtering/selection = ⇒ analysis/verification 4/40

  5. MESI protocol: its model in form of a counter system Initial states: ( i , 0 , 0 , 0) Transitions: ( i , e , s , m ) | i ≥ 1 − → ( i − 1 , 0 , s + e + m + 1 , 0) ( i , e , s , m ) | e ≥ 1 − → ( i , e − 1 , s , m + 1) ( i , e , s , m ) | s ≥ 1 − → ( i + e + s + m − 1 , 1 , 0 , 0) ( i , e , s , m ) | i ≥ 1 − → ( i + e + s + m − 1 , 1 , 0 , 0) Unsafe states: ( i , e , s , m ) | m ≥ 2 ( i , e , s , m ) | s ≥ 1 ∧ m ≥ 1 5/40

  6. MESI protocol: its model in form of a Refal program (1) *$MST_FROM_ENTRY; *$STRATEGY Applicative; *$LENGTH 0; $ENTRY Go {e.A (e.I) = <Loop (e.A) (Invalid e.I)(Modified )(Shared )(Exclusive ) >;} Loop { () (Invalid e.1)(Modified e.2)(Shared e.3)(Exclusive e.4) = <Result (Invalid e.1)(Modified e.2)(Shared e.3)(Exclusive e.4)>; (s.A e.A) (Invalid e.1)(Modified e.2)(Shared e.3)(Exclusive e.4) = <Loop (e.A) <RandomAction s.A (Invalid e.1)(Modified e.2)(Shared e.3)(Exclusive e.4)>>;} Result{ (Invalid e.1)(Modified s.2 e.2)(Shared s.3 e.3)(Exclusive e.4) = False; (Invalid e.1)(Modified s.21 s.22 e.2)(Shared e.3)(Exclusive e.4) = False; (Invalid e.1)(Modified e.2)(Shared e.3)(Exclusive e.4) = True;} ... 6/40

  7. MESI protocol: its model in form of a Refal program (2) ... RandomAction { * rh Trivial * rm A (Invalid s.1 e.1) (Modified e.2) (Shared e.3) (Exclusive e.4) = (Invalid e.1) (Modified ) (Shared s.1 e.2 e.3 e.4 ) (Exclusive ); * wh1 Trivial * wh2 B (Invalid e.1)(Modified e.2)(Shared e.3)(Exclusive s.4 e.4) = (Invalid e.1)(Modified s.4 e.2)(Shared e.3)(Exclusive e.4); * wh3 C (Invalid e.1)(Modified e.2)(Shared s.3 e.3)(Exclusive e.4) = (Invalid e.4 e.3 e.2 e.1)(Modified )(Shared )(Exclusive s.3); * wm D (Invalid s.1 e.1)(Modified e.2)(Shared e.3)(Exclusive e.4) = (Invalid e.4 e.3 e.2 e.1)(Modified )(Shared )(Exclusive s.1); } 7/40

  8. MESI protocol: the residual Refal program (1) * InputFormat: <Go e.41 > $ENTRY Go { (e.101 ) = True ; A e.41 (s.103 e.101 ) = <F24 (e.41 ) (e.101 ) s.103 > ; D e.41 (s.104 e.101 ) = <F35 (e.41 ) (e.101 ) s.104 > ;} * InputFormat: <F24 (e.109 ) (e.110 ) s.111 e.112 > F24 { () (e.110 ) s.111 e.112 = True ; (A e.109 ) (s.114 e.110 ) s.111 e.112 = <F24 (e.109 ) (e.110 ) s.114 s.111 e.112 > ; (C e.109 ) (e.110 ) s.111 e.112 = <F35 (e.109 ) (e.110 ) s.111 e.112 >; (D e.109 ) (s.115 e.110 ) s.111 e.112 = <F35 (e.109 ) (s.111 e.112 e.110) s.115 > ;} ... 8/40

  9. MESI protocol: the residual Refal program (2) ... * InputFormat: <F35 (e.109 ) (e.110 ) s.111 e.112 > F35 { () (e.110 ) s.111 e.112 = True ; (A e.109 ) (e.110 ) s.111 s.118 e.112 = <F24 (e.109 ) (e.112 e.110 ) s.118 s.111 > ; (A e.109 ) (s.119 e.110 ) s.111 = <F24 (e.109 ) (e.110 ) s.119 s.111 >; (B ) (e.110 ) s.111 e.112 = True ; (B A e.109 ) (e.110 ) s.111 s.125 e.112 = <F24 (e.109 ) (e.112 e.110 ) s.125 s.111 > ; (B A e.109 ) (s.126 e.110 ) s.111 = <F24 (e.109 ) (e.110 ) s.126 s.111> ; (B D e.109 ) (e.110 ) s.111 s.127 e.112 = <F35 (e.109 ) (s.111 e.112 e.110) s.127 > ; (B D e.109 ) (s.128 e.110 ) s.111 = <F35 (e.109 ) (s.111 e.110 ) s.128> ; (D e.109 ) (e.110 ) s.111 s.120 e.112 = <F35 (e.109 ) (s.111 e.112 e.110) s.120 > ; (D e.109 ) (s.121 e.110 ) s.111 = <F35 (e.109 ) (s.111 e.110 ) s.121 >;} 9/40

  10. MESI protocol: the residual Refal program (3) Thesis The residual program is unable to return False . Justification (1) The symbol False does not appear in the program. (2) Refal programs do not produce new symbols dynamically. Insufficiency of the above justification Refal is dynamically typed. Thus False can leak in via the input data! This trick is known as “injection” (and is very popular with hackers). Zhendong Su and Gary Wassermann. 2006. The essence of command injection attacks in web applications. In Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages (POPL ’06) . ACM, New York, NY, USA, 372–382. http://doi.acm.org/10.1145/1111037.1111070 10/40

  11. MESI protocol: the residual Refal program (4) A solution Residual programs can be submitted to a data flow analysis algorithm. Neil D. Jones and Nils Andersen. 2007. Flow analysis of lazy higher-order functional programs. Theor. Comput. Sci. 375, 1–3 (April 2007), 120–136. http://dx.doi.org/10.1016/j.tcs.2006.12.030 Is the game worth the candle? Yes, for example, it makes sense under the two following conditions. We have to consider a lot of residual programs (hundreds or thousands). In 1 this case the analysis has to be automated. The algorithm good is smart enough to “understand” sc p , but is unable to 2 “understand” p . Namely, good (sc p) is true, but good p is false. 11/40

  12. Weaknesses of general-purpose supercompilation A general-purpose supercompiler cannot be used as a “black-box”. The representation of data has to conform to subtle details of the internal machinery of SCP4, rather than comply with the problem domain. (For example, natural numbers are represented by strings of symbols, and their addition by string concatenation.) Input programs have to be supplemented with some directions (in form of comments) for SCP4, thereby providing SCP4 with certain information about the problem domain. Thus again the user needs to understand the internals of SCP4. The problem of correctness. To what extent can we trust the results produced by SCP4? The internals of SCP4 are complicated and the source code is big. Thus the problem of formally verifying SCP4 seems to be intractable. 12/40

  13. Outline SC + filtering/selection = ⇒ analysis/verification 1 Domain-specific supercompilation (DSSC): what are the benefits? 2 Multi-result supercompilation (MRSC): selecting the best results 3 DSSC + MRSC = ⇒ synergistic effect: less CPU and memory resources 4 Conclusions 5 13/40

  14. Domain-specific supercompilation Abstractly speaking, suppose we have: A domain-specific language. A domain-specific supercompilation algorithm. Hence, we can throw a nice Slogan “Domain-specific supercompilation for domain-specific languages!” Why? What for? What are potential benefits? 14/40

  15. DSSC: advantages Input tasks can be written in a domain-specific language. Hence, in a more natural way. The machinery of supercompilation can be simplified. The supercompiler is easier to implement. The correctness is easier to prove. Exploiting the specifics of the problem domain. Specific data structures. Specific operations. Some mathematical properties of the operations are known in advance. Some classes of problems can be shown to be solvable by supercompilation. Here is an example of a simplified supercompiler that was formally verified. Dimitur Krustev. A simple supercompiler formally verified in Coq. In Second International Workshop on Metacomputation in Russia , 2010. 15/40

  16. DSSC: counter systems (Klimov) The supercompilation algorithm can be be simplified in the following ways. Configurations have the form ( a 1 , . . . , a n ), where a i is either a natural number N or the symbol ω (a wildcard, representing an arbitrary natural number). Driving deals only with tests of the form either e = N or e ≥ N , where e is an arithmetic expression and N a natural number. Arithmetic expressions can only contain the operators +, − , natural numbers and the symbol ω . Thus There are no nested function calls. Generalization of configurations is performed by replacing some numbers N with ω . Andrei Klimov. Solving coverability problem for monotonic counter systems by supercompilation. In Ershov Informatics Conference, volume 7162 of LNCS, pages 193–209, 2011. 16/40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automatic Verification of Automatic Verification of Automatic Verification of Automatic

Automatic Verification of Automatic Verification of Automatic Verification of Automatic

Automatic Verification of Automatic Verification of Automatic Verification of Automatic Verification of Competitive Stochastic Systems Competitive Stochastic Systems Competitive Stochastic Systems Competitive Stochastic Systems Marta

500 views • 29 slides
A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio Lomuscio and Edoardo Pirovano Imperial College London, UK 18 September 2019 Highlights 2019 Based on a paper at AAMAS19 Robot Swarms Introduction

1.1k views • 22 slides
Model Checking Game System Model Reqs + Init States (undesired/desired states) Param. Ranges

Model Checking Game System Model Reqs + Init States (undesired/desired states) Param. Ranges

Automatic Verification of Embedded Automatic Verification of Embedded Systems Systems Enrico Tronci Dipartimento di Informatica Universit di Roma La Sapienza WIRTES 2007 Pisa, Italy July 2, 2007 Enrico Tronci 1 WIRTES 2007

654 views • 17 slides
Automatic Verification of Finite State Concurrent Systems Edmund M. Clarke, Jr. Computer Science

Automatic Verification of Finite State Concurrent Systems Edmund M. Clarke, Jr. Computer Science

Automatic Verification of Finite State Concurrent Systems Edmund M. Clarke, Jr. Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213 1 Temporal Logic Model Checking Specification Language: A propositional temporal

710 views • 41 slides
Automatic Verification of Real-Time Systems with Rich Data Ernst-R udiger Olderog RTS+D

Automatic Verification of Real-Time Systems with Rich Data Ernst-R udiger Olderog RTS+D

Automatic Verification of Real-Time Systems with Rich Data Ernst-R udiger Olderog RTS+D p.1/59 Motivation Embedded system = system where computer is invisible part of it to control its function ECUs on board of a cars: Mercedes S

996 views • 77 slides
Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA ESSLLI 2010, Copenhagen, August 2010 What is in the course? Analysis of Counter Systems

778 views • 65 slides
Counter-Example Complete Verification for Higher-Order Functions N. Voirol, E. Kneuss, V. Kuncak

Counter-Example Complete Verification for Higher-Order Functions N. Voirol, E. Kneuss, V. Kuncak

Counter-Example Complete Verification for Higher-Order Functions N. Voirol, E. Kneuss, V. Kuncak EPFL Scala Symposium 2015 Program Verification Aims to guarantee (or disprove) properties about programs Performed statically at

768 views • 21 slides
Decidability and complexity issues for subclasses of counter systems Lecture 1 Vector Addition

Decidability and complexity issues for subclasses of counter systems Lecture 1 Vector Addition

Decidability and complexity issues for subclasses of counter systems Lecture 1 Vector Addition Systems with States St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9 MPRI 2010/2011 Verification of

1.02k views • 64 slides
Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA ESSLLI 2010, Copenhagen, August 2010 Plan of the talk Previous lectures: CS,

823 views • 59 slides
+ proof obligations Automatic Verification of TLA with SMT solvers Stephan Merz and Hern an

+ proof obligations Automatic Verification of TLA with SMT solvers Stephan Merz and Hern an

+ proof obligations Automatic Verification of TLA with SMT solvers Stephan Merz and Hern an Vanzetto LPAR-18, M erida, Venezuela March 12th, 2012 1 + language The TLA Specification and verification language for (concurrent and

735 views • 27 slides
Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata with finite monoid property and flatness St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9 MPRI

921 views • 56 slides
Methods for Automatic Term Recognition in Domain-Specific Text Collections: A Survey N. A.

Methods for Automatic Term Recognition in Domain-Specific Text Collections: A Survey N. A.

Methods for Automatic Term Recognition in Domain-Specific Text Collections: A Survey N. A. Astrakhantsev, D. G. Fedorenko and D. Yu. Turdakov Haohao Hu, student ID:215448889 Agenda Definitions for term and domain Present surveys

1.08k views • 61 slides
Decidable Problems for Counter Systems Day 3 Vector Addition Systems St ephane Demri

Decidable Problems for Counter Systems Day 3 Vector Addition Systems St ephane Demri

Decidable Problems for Counter Systems Day 3 Vector Addition Systems St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA ESSLLI 2010, Copenhagen, August 2010 Plan of the talk Previous lectures: Classes of counter

1.09k views • 63 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Leveraging Automatic Deduction for Verification Antoine Defourn 11-14 th of June, 2019 Antoine

Leveraging Automatic Deduction for Verification Antoine Defourn 11-14 th of June, 2019 Antoine

Context Projects Leveraging Automatic Deduction for Verification Antoine Defourn 11-14 th of June, 2019 Antoine Defourn Leveraging Automatic Deduction for Verification Context Projects Summary Supervisors: Stephan Merz, Pascal Fontaine

379 views • 16 slides
Set-based methods in programs and systems verification Sylvie Putot and Eric Goubault Cosynus

Set-based methods in programs and systems verification Sylvie Putot and Eric Goubault Cosynus

Set-based methods in programs and systems verification Sylvie Putot and Eric Goubault Cosynus team, LIX, Ecole Polytechnique Workshop COVERIF 2016, I3S, Sophia Automatic validation of numerical programs and systems Validation of programs

633 views • 60 slides
1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

Introduction [Coalition/presenter intro] Safe Kids is raising awareness and educating families about keeping kids safe around medicine. Safe Kids has done research and developed materials about safe storage, dosing and disposal of medicine.

281 views • 27 slides
2009 Strategy Presentation: 3 March 2009 Fergus MacLeod: Head of Investor Relations Ladies and

2009 Strategy Presentation: 3 March 2009 Fergus MacLeod: Head of Investor Relations Ladies and

BP 2009 Strategy Presentation 2009 Strategy Presentation: 3 March 2009 Fergus MacLeod: Head of Investor Relations Ladies and gentlemen, welcome to BPs 2009 Strategy Presentation, both to those here in London and those joining us through the

392 views • 27 slides
Thomas Neff Project Director 26 June 2017 UNCLASSIFIED// FOUO Acquisition Sensitive Business

Thomas Neff Project Director 26 June 2017 UNCLASSIFIED// FOUO Acquisition Sensitive Business

UNCLASSIFIED// FOUO Acquisition Sensitive Thomas Neff Project Director 26 June 2017 UNCLASSIFIED// FOUO Acquisition Sensitive Business Management Division Mr. Thomas Neff Ms. Venetta Carter Project Director, Acquisition Management Division

454 views • 30 slides
Audio COTS Nick Walton March 2018 What is it? Additional tool to enable assessment of

Audio COTS Nick Walton March 2018 What is it? Additional tool to enable assessment of

31/05/2018 Audio COTS Nick Walton March 2018 What is it? Additional tool to enable assessment of telephone consultation skills 1 31/05/2018 Why? General Practice has evolved, and more and more consultations are being carried out by

125 views • 8 slides
Safe harbor and non-GAAP measures This presentation contains statements as to Walmart management's

Safe harbor and non-GAAP measures This presentation contains statements as to Walmart management's

Safe harbor and non-GAAP measures This presentation contains statements as to Walmart management's guidance regarding earnings per share for the three months ending October 31, 2017 and fiscal year ending January 31, 2018, adjusted earnings per

521 views • 29 slides
FEDERATION UNIVERSITY AUSTRALIA BUGEN 2630 Principles of Responsible Business ASSESSMENT 1 PART

FEDERATION UNIVERSITY AUSTRALIA BUGEN 2630 Principles of Responsible Business ASSESSMENT 1 PART

FEDERATION UNIVERSITY AUSTRALIA BUGEN 2630 Principles of Responsible Business ASSESSMENT 1 PART B: Individual Action Plans and Group Script Submitted by: Name- student number Name- student number Name- student number Submitted to:

306 views • 8 slides
The criteria: Sent to me and presented in class: it is offered to the class in a 8-10 minute

The criteria: Sent to me and presented in class: it is offered to the class in a 8-10 minute

HA 222 Fall 2016 - Presentation Criteria Myths &amp; Legends The goal: To explore the continuing significance of Greco-Roman mythologies, legends and history in visual culture. Choose a myth or legend that was originated and/or significant in the

88 views • 4 slides
The Canterbury Catch Club a performance of class Introduction Ladies and gentlemen, good

The Canterbury Catch Club a performance of class Introduction Ladies and gentlemen, good

The Canterbury Catch Club a performance of class Introduction Ladies and gentlemen, good morning, thank you all for coming, especially at this early hour on a Friday morning, and can I say a special thank you to the organisers of this

330 views • 20 slides

More recommend