cse507
play

CSE507 Computer-Aided Reasoning for Software Bounded Verification - PowerPoint PPT Presentation

Mar 10, 2024 •267 likes •809 views

CSE507 Computer-Aided Reasoning for Software Bounded Verification courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Full functional verification with Dafny, Boogie, and Z3 2

  1. CSE507 Computer-Aided Reasoning for Software Bounded Verification courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu

  2. Today 2

  3. Today Last lecture • Full functional verification with Dafny, Boogie, and Z3 2

  4. Today Last lecture • Full functional verification with Dafny, Boogie, and Z3 Today • Bounded verification with Kodkod (Forge, Miniatur, TACO) 2

  5. Today Last lecture • Full functional verification with Dafny, Boogie, and Z3 Today • Bounded verification with Kodkod (Forge, Miniatur, TACO) Announcements • Homework 2 is due today at 11pm • Homework 3 has been released 2

  6. The spectrum of program validation tools Static Analysis Verification Extended Static Bounded Verification Confidence Checking & Symbolic Execution Concolic Testing & Whitebox Fuzzing Ad-hoc Testing Cost (programmer effort, time, expertise) 3

  7. The spectrum of program validation tools Static Analysis Verification Extended E.g., Dafny, Coq, Leon: Static • support for rich (FOL+) Bounded Verification Confidence Checking & Symbolic Execution correctness properties • high annotation overhead (pre/post conditions, Concolic Testing & invariants, etc.) Whitebox Fuzzing Ad-hoc Testing Cost (programmer effort, time, expertise) 3

  8. The spectrum of program validation tools Static Analysis Verification Extended E.g., Astree: Static • small set of fixed Bounded Verification Confidence Checking & Symbolic Execution properties (e.g., “no null dereferences”) • no annotations but must Concolic Testing & deal with false positives Whitebox Fuzzing Ad-hoc Testing Cost (programmer effort, time, expertise) 3

  9. The spectrum of program validation tools Static Analysis Verification Extended E.g., Calysto, Saturn: Static • user-defined assertions Bounded Verification Confidence Checking & Symbolic Execution supported but optional • no annotations • some/low false positives Concolic Testing & Whitebox Fuzzing Ad-hoc Testing Cost (programmer effort, time, expertise) 3

  10. The spectrum of program validation tools Static Analysis Verification Extended E.g., CBMC, Miniatur, Forge, Static TACO, JPF, Klee: Bounded Verification Confidence Checking & Symbolic Execution • optional user-defined harnesses, assertions, and/or FOL+ properties Concolic Testing & • no/low annotations Whitebox Fuzzing • no/low false positives Ad-hoc Testing Cost (programmer effort, time, expertise) 3

  11. The spectrum of program validation tools Static Analysis Verification Extended E.g., SAGE, Pex, CUTE, Static DART: Bounded Verification Confidence Checking & Symbolic Execution • test harnesses and/or user-defined assertions • no annotations Concolic Testing & • no false positives Whitebox Fuzzing Ad-hoc Testing Cost (programmer effort, time, expertise) 3

  12. The spectrum of program validation tools Static Analysis Verification Extended Static Bounded Verification Confidence Checking & Symbolic Execution Concolic Testing & Whitebox Fuzzing Ad-hoc Testing Cost (programmer effort, time, expertise) 3

  13. Bounded verification Bound everything • Execution length • Bitwidth • Heap size (number of objects per type) Sound counterexamples but no proof • Exhaustive search within bounded scope Empirical “small-scope hypothesis” • Bugs usually have small manifestations 4

  14. Bounded verification by example class List { Node head; void reverse() { Node near = head; n2 n1 n0 head next next next Node mid = near.next; this null data: s1 data: s2 data: null Node far = mid.next; near.next = far; while (far != null ) { mid.next = near; near = mid; mid = far; far = far.next; } n2 n1 n0 next next next head mid.next = near; null this data: s1 data: s2 data: null head = mid; } } class Node { Node next; String data; } 5

  15. Bounded verification by example class List { Node head; void reverse() { Node near = head; n2 n1 n0 head next next next Node mid = near.next; this null data: s1 data: s2 data: null Node far = mid.next; near.next = far; while (far != null ) { mid.next = near; near = mid; mid = far; far = far.next; } n2 n1 n0 next next next head mid.next = near; null this data: s1 data: s2 data: null head = mid; } } Express the property either by writing a test class Node { Node next; harness or by providing FOL+ contracts . String data; } 5

  16. Pre/post/frame conditions & data invariants class List { Node head; @requires void reverse() { this.head != null && Node near = head; this.head.next != null Node mid = near.next; Node far = mid.next; n2 n1 n0 head next next next this null data: s1 data: s2 data: null near.next = far; while (far != null ) { mid.next = near; near = mid; mid = far; far = far.next; } mid.next = near; head = mid; } n2 n1 n0 next next next head null this } data: s1 data: s2 data: null class Node { Node next; String data; } 6

  17. Pre/post/frame conditions & data invariants class List { Node head; @requires void reverse() { this.head != null && Node near = head; this.head.next != null Node mid = near.next; Node far = mid.next; n2 n1 n0 head next next next this null data: s1 data: s2 data: null near.next = far; while (far != null ) { mid.next = near; near = mid; mid = far; far = far.next; } mid.next = near; head = mid; } n2 n1 n0 next next next head null this } data: s1 data: s2 data: null class Node { @invariant no ^next ∩ iden Node next; String data; } 6

  18. Pre/post/frame conditions & data invariants class List { Node head; @requires void reverse() { this.head != null && Node near = head; this.head.next != null Node mid = near.next; Node far = mid.next; n2 n1 n0 head next next next this null data: s1 data: s2 data: null near.next = far; while (far != null ) { mid.next = near; @ensures near = mid; this.head.*next = this.old(head).*old(next) && mid = far; far = far.next; } mid.next = near; head = mid; } n2 n1 n0 next next next head null this } data: s1 data: s2 data: null class Node { @invariant no ^next ∩ iden Node next; String data; } 6

  19. Pre/post/frame conditions & data invariants class List { Node head; @requires void reverse() { this.head != null && Node near = head; this.head.next != null Node mid = near.next; Node far = mid.next; n2 n1 n0 head next next next this null data: s1 data: s2 data: null near.next = far; while (far != null ) { mid.next = near; @ensures near = mid; this.head.*next = this.old(head).*old(next) && mid = far; let N = this.old(head).*old(next) - null | far = far.next; } next = old(next) ++ this.old(head) × null ++ ~(old(next) ∩ N × N) mid.next = near; head = mid; } n2 n1 n0 next next next head null this } data: s1 data: s2 data: null class Node { @invariant no ^next ∩ iden Node next; String data; } 6

  20. Pre/post/frame conditions & data invariants class List { Node head; @requires Pre(this, head, next) void reverse() { this.head != null && Node near = head; this.head.next != null Node mid = near.next; Node far = mid.next; near.next = far; while (far != null ) { mid.next = near; Post(this, old(head), head, old(next), next) @ensures near = mid; this.head.*next = this.old(head).*old(next) && mid = far; let N = this.old(head).*old(next) - null | far = far.next; } next = old(next) ++ this.old(head) × null ++ ~(old(next) ∩ N × N) mid.next = near; head = mid; } } class Node { @invariant no ^next ∩ iden Inv(next) Node next; String data; } 6

  21. A relational model of memory (heap) @invariant Inv(next) @requires Pre(this, head, next) @ensures Post(this, old(head), head, old(next), next) void reverse() { Node near = head; Node mid = near.next; Node far = mid.next; near.next = far; while (far != null ) { mid.next = near; near = mid; mid = far; far = far.next; } mid.next = near; head = mid; } n2 n1 n0 head next next next this null data: s1 data: s2 data: null 7

  22. A relational model of memory (heap) @invariant Inv(next) Fields as binary relations @requires Pre(this, head, next) @ensures Post(this, old(head), head, old(next), next) ‣ head : { ⟨ this, n2 ⟩ }, next : { ⟨ n2, n1 ⟩ , … } void reverse() { Node near = head; Node mid = near.next; Node far = mid.next; near.next = far; while (far != null ) { mid.next = near; near = mid; mid = far; far = far.next; } mid.next = near; head = mid; } n2 n1 n0 head next next next this null data: s1 data: s2 data: null 7

  23. A relational model of memory (heap) @invariant Inv(next) Fields as binary relations @requires Pre(this, head, next) @ensures Post(this, old(head), head, old(next), next) ‣ head : { ⟨ this, n2 ⟩ }, next : { ⟨ n2, n1 ⟩ , … } Types as sets (unary relations) void reverse() { Node near = head; ‣ List : { ⟨ this ⟩ }, Node : { ⟨ n0 ⟩ , ⟨ n1 ⟩ , ⟨ n2 ⟩ } Node mid = near.next; Node far = mid.next; near.next = far; while (far != null ) { mid.next = near; near = mid; mid = far; far = far.next; } mid.next = near; head = mid; } n2 n1 n0 head next next next this null data: s1 data: s2 data: null 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE507 Computer-Aided Reasoning for Software Symbolic Execution

CSE507 Computer-Aided Reasoning for Software Symbolic Execution

CSE507 Computer-Aided Reasoning for Software Symbolic Execution courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Bounded verification: forward VCG for finitized programs 2

851 views • 45 slides
CSE507 Computer-Aided Reasoning for Software Finite Model Finding

CSE507 Computer-Aided Reasoning for Software Finite Model Finding

CSE507 Computer-Aided Reasoning for Software Finite Model Finding courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture The DPPL(T) framework for deciding quantifier-free SMT

986 views • 69 slides
CSE507 Computer-Aided Reasoning for Software Program Synthesis

CSE507 Computer-Aided Reasoning for Software Program Synthesis

CSE507 Computer-Aided Reasoning for Software Program Synthesis courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today Last lecture Angelic nondeterminism and execution Today Program synthesis:

645 views • 15 slides
CSE507 Computer-Aided Reasoning for Software Model Checking I

CSE507 Computer-Aided Reasoning for Software Model Checking I

CSE507 Computer-Aided Reasoning for Software Model Checking I courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Symbolic execution and concolic testing 2 Today Last lecture

776 views • 62 slides
CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages

CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages

CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Program synthesis 2 Today Last lecture Program

1.77k views • 127 slides
CSE507 Computer-Aided Reasoning for Software Model Checking II

CSE507 Computer-Aided Reasoning for Software Model Checking II

CSE507 Computer-Aided Reasoning for Software Model Checking II courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Model checking basics 2 Today Last lecture Model

831 views • 55 slides
Quality quality di fg ers from one person to another. Also, it di fg ers in the customers and

Quality quality di fg ers from one person to another. Also, it di fg ers in the customers and

From Pressman, Software Engineering a practitioner s approach, Chapter 13 and Pezze + Young, Software Testing and Analysis, Chapters 14 Testing Strategies Software Engineering Andreas Zeller Saarland University 1 2

600 views • 23 slides
Simulation Simulation Modeling and Performance Analysis with Discrete-Event Simulation g y Dr.

Simulation Simulation Modeling and Performance Analysis with Discrete-Event Simulation g y Dr.

Computer Science, Informatik 4 Communication and Distributed Systems Simulation Simulation Modeling and Performance Analysis with Discrete-Event Simulation g y Dr. Mesut Gne Computer Science, Informatik 4 Communication and Distributed

587 views • 33 slides
A S P O Verification and Validation of AMGs Joint IAEA-ICTP Essential Knowladge Workshop on

A S P O Verification and Validation of AMGs Joint IAEA-ICTP Essential Knowladge Workshop on

A S P O Verification and Validation of AMGs Joint IAEA-ICTP Essential Knowladge Workshop on Nuclear Power Plant Design Safety Updated IAEA Safety Standards 9- 20 October 2017 Presented by Ivica Basic APoSS d.o.o. A S P O Overview

641 views • 44 slides
Verification and Validation in Cyber-Physical Systems: Research Challenges and a Way Forward Xi

Verification and Validation in Cyber-Physical Systems: Research Challenges and a Way Forward Xi

Verification and Validation in Cyber-Physical Systems: Research Challenges and a Way Forward Xi (James) Zheng Christine Julien The Center for Advanced Research in Software Engineering The University of Texas at Austin Does this look

167 views • 14 slides
Chapter 10 Verification and Validation of Simulation Models Banks, Carson, Nelson & Nicol

Chapter 10 Verification and Validation of Simulation Models Banks, Carson, Nelson & Nicol

Chapter 10 Verification and Validation of Simulation Models Banks, Carson, Nelson & Nicol Discrete-Event System Simulation Purpose & Overview The goal of the validation process is: To produce a model that represents true

518 views • 28 slides
Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural

Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural

Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural Abstraction Tolerant Architectural Abstraction Fault Patrick H. S. Brito - Unicamp, Brazil Rogrio de Lemos - University of Kent, UK Eliane

381 views • 21 slides
Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we

Recap Hoare logic Lecture 3: Formalising the semantics of Hoare logic In the previous lecture, we specified and verified some example programs using the syntactic rules of Hoare logic that we introduced in the first lecture. Jean

477 views • 13 slides
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language for Java Used for the

620 views • 41 slides
Proving Invariances CS256/Spring 2008 Lecture #6 Zohar Manna Definitions Recall: the

Proving Invariances CS256/Spring 2008 Lecture #6 Zohar Manna Definitions Recall: the

Proving Invariances CS256/Spring 2008 Lecture #6 Zohar Manna Definitions Recall: the variables of assertion: free (flexible) system variables V = Y { } Chapter 1 where Y are the program variables and is the control

292 views • 10 slides
Systeme Hoher Qualitt und Sicherheit Vorlesung 10 vom 06.01.2014: Verification Condition

Systeme Hoher Qualitt und Sicherheit Vorlesung 10 vom 06.01.2014: Verification Condition

Systeme Hoher Qualitt und Sicherheit Vorlesung 10 vom 06.01.2014: Verification Condition Generation Christoph Lth & Christian Liguda Universitt Bremen Wintersemester 2013/14 Rev. 2421 1 [19] Frohes Neues Jahr! 2 [19] Where are we?

478 views • 23 slides
Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011 mechanization of correctness proof given a Hoare triple { } C { } , mechanization of correctness proof given a Hoare triple { } C { } ,

633 views • 18 slides
Asynchronous Communication II 2 / 41 INF4140 - Models of concurrency Asynchronous Communication,

Asynchronous Communication II 2 / 41 INF4140 - Models of concurrency Asynchronous Communication,

Asynchronous Communication II 2 / 41 INF4140 - Models of concurrency Asynchronous Communication, lecture 11 Hsten 2013 11.11.2013 3 / 41 Overview: Last time semantics: histories and trace sets specification: invariants over histories

517 views • 41 slides
Viper A Verification Infrastructure for Permission based Reasoning Peter Mller, ETH Zurich

Viper A Verification Infrastructure for Permission based Reasoning Peter Mller, ETH Zurich

Viper A Verification Infrastructure for Permission based Reasoning Peter Mller, ETH Zurich Joint work with Pietro Ferrara, Uri Juhasz, Ioannis Kassios, Milos Novacek, Malte Schwerhoff, and Alex Summers 2 Automatic Program Verification

134 views • 10 slides
Chalice to Boogie Program Verification for ObjectOriented Programs Chinmay Kakatkar

Chalice to Boogie Program Verification for ObjectOriented Programs Chinmay Kakatkar

(star) (no star) Chalice to Boogie Program Verification for ObjectOriented Programs Chinmay Kakatkar

1.12k views • 75 slides
Compositional Verification of Events and Observers Cynthia Disenfeld and Shmuel Katz Technion -

Compositional Verification of Events and Observers Cynthia Disenfeld and Shmuel Katz Technion -

Compositional Verification of Events and Observers Cynthia Disenfeld and Shmuel Katz Technion - Israel Institute of Technology March 21, 2011 Standard Aspect Model Pointcuts determine the places where aspects should be woven. Aspect

464 views • 20 slides
MATH 676 Finite element methods in scientific computing Wolfgang Bangerth, Texas A&M

MATH 676 Finite element methods in scientific computing Wolfgang Bangerth, Texas A&M

MATH 676 Finite element methods in scientific computing Wolfgang Bangerth, Texas A&M University http://www.dealii.org/ Wolfgang Bangerth Lecture 32.5: Learning to use modern tools, part 5a: Version control systems (VCSs) Subversion

653 views • 14 slides
VANDEN BOUT 9:30 section (52130) BUR 106 version numbers 1 - 250 WELCH 3.502 versions numbers 251

VANDEN BOUT 9:30 section (52130) BUR 106 version numbers 1 - 250 WELCH 3.502 versions numbers 251

Unit1Day6-VandenBout Monday, September 16, 2013 3:53 PM Vanden Bout/LaBrake/Crawford CH301 GAS WRAP Day 6 CH301 Vanden Bout/LaBrake Spring 2013 Important Information EXAM REVIEW EXAM ROOMS VANDEN BOUT 9:30 section (52130) BUR 106

352 views • 11 slides
1 What makes consensus hard? Fischer, Lynch and Patterson Fundamentally, the issue revolves

1 What makes consensus hard? Fischer, Lynch and Patterson Fundamentally, the issue revolves

Consensus a classic problem Consensus, impossibility Consensus abstraction underlies many results and Paxos distributed systems and protocols N processes They start execution with inputs { 0,1} Ken Birman Asynchronous,

255 views • 8 slides

More recommend