integrating verification components the evidential tool
play

Integrating Verification Components: The Evidential Tool Bus John - PowerPoint PPT Presentation

Nov 22, 2022 •238 likes •554 views

Integrating Verification Components: The Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I VSTTE: Integrating Verification Components1 Integrating (Deductive)

  1. Integrating Verification Components: The Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I VSTTE: Integrating Verification Components–1

  2. Integrating (Deductive) Verification Components • In the beginning there was just (interactive) theorem proving • Then there were VC generators, decision procedures, model checkers, abstract interpretation, predicate abstraction, fast SAT solvers,. . . • Now there are systems that use several of these (SDV, Blast,. . . ) • And in 15 years time. . . ? • We need an architecture that allows us to make opportunistic use of whatever is out there ◦ And to assemble customized tool chains easily • It should be robust to changes (in problems and tools) • And should deliver evidence John Rushby, SR I VSTTE: Integrating Verification Components–2

  3. Two Kinds of Architecture Backends Bus John Rushby, SR I VSTTE: Integrating Verification Components–3

  4. And Two Kinds of Backends Integrated Endgame John Rushby, SR I VSTTE: Integrating Verification Components–4

  5. A Simple Case: Endgame Verifiers • A higher level proof manager calls components (typically, decision procedures) to discharge subgoals • Components return only verified or unverified ◦ Embellishments: proof objects and counterexamples • But the information returned on failure does not guide the higher-level proof search ◦ Other than to cause it to try something else ◦ Hence endgame verifiers John Rushby, SR I VSTTE: Integrating Verification Components–5

  6. Endgame Verifier Examples 1979: Stanford Pascal Verifier and STP used decision procedures for combinations of theories including arithmetic (STP gave rise to Ehdm, then PVS) 1995: PVS used a BDD-based symbolic model checker 2000: PVS used Mona for WS1S Not only did theorem provers use model checkers as backends, some model checkers grew a front-end theorem prover 1998: Cadence SMV had a proof assistant that generated model checking subproblems by abstraction and composition And some other systems used an entire interactive theorem prover for the endgame 1999: VSDITLU: used PVS backend to check side conditions on Symbolic Definite Integral Table Look-Up in Maple John Rushby, SR I VSTTE: Integrating Verification Components–6

  7. Integrating Endgame Verifiers It’s pretty simple • Provide higher level proof strategies that decompose proof goals into subgoals that can be steered towards the competence of the endgame verifier(s) • Provide a recognizer for proof goals within the competence of an endgame verifier • Provide glue code to translate suitable proof goals into the input of an endgame verifier and to interpret its output Many classes of endgame verifiers are being honed through competition • Improves performance (be careful) • Standardizes interfaces • FO provers, BDD packages, SAT solvers, SMT solvers John Rushby, SR I VSTTE: Integrating Verification Components–7

  8. Evolution of Endgame Verifiers John Rushby, SR I VSTTE: Integrating Verification Components–8

  9. Evolution of Endgame Verifiers • One path grows the endgame verifier and specializes and shrinks the higher-level proof manager • Example: ◦ SAL language has a type system similar to PVS, but is specialized for specification of state machines (as transition relations) ◦ The SAL infinite-state bounded model checker uses an SMT solver (ICS), so handles specifications over reals and integers, uninterpreted functions ◦ Often used as a model checker (i.e., for refutation) ◦ But can perform verification with a single higher level proof rule: k -induction (with lemmas) ◦ Note that counterexamples help debug invariant John Rushby, SR I VSTTE: Integrating Verification Components–9

  10. Performance of Evolved Endgame Verifiers • Biphase Mark Protocol is an algorithm for asynchronous communication ◦ Clocks at either end may be skewed and have different rates, jitter ◦ So have to encode a clock in the data stream ◦ Used in CDs, Ethernet ◦ Verification identifies parameter values for which data is reliably transmitted • Verified in ACL2 by J Moore (1994) • Three different verifications used PVS ◦ One by Groote and Vaandrager used PVS + UPPAAL ◦ Required 37 invariants, 4,000 proof steps, hours of prover time to check John Rushby, SR I VSTTE: Integrating Verification Components–10

  11. Performance of Evolved Endgame Verifiers (ctd.) • Brown and Pike recently did it with sal-inf-bmc ◦ Used timeout automata to model timed aspects ◦ Statement of theorem discovered systematically using disjunctive invariants (7 disjuncts) ◦ Three lemmas proved automatically with 1-induction, ◦ Theorem proved automatically using 5-induction ◦ Verification takes seconds to check • Adapted verification to 8-N-1 protocol (used in UARTs) ◦ Additional lemma proved with 13-induction ◦ Theorem proved with 3-induction (7 disjuncts) John Rushby, SR I VSTTE: Integrating Verification Components–11

  12. Recap: Two Kinds of Backends Integrated Endgame John Rushby, SR I VSTTE: Integrating Verification Components–12

  13. A Difficult Case: Tightly Integrated Components • Endgame verifiers are easy to integrate because they do not interact with higher level proof search (nor with each other) • In fact, they are barely integrated • Classic Boyer-Moore 1986 paper describes tight integration of linear arithmetic decision procedure with Nqthm ◦ Two pages of code for endgame decision procedure ◦ Became 60 for integrated version • PVS takes an intermediate path ◦ Decision procedures are integrated with the rewriter ◦ And used in simplification • A tractable case is the integration of decision procedures with each other John Rushby, SR I VSTTE: Integrating Verification Components–13

  14. Integrated Decision Procedures and SMT Solvers • Long line of research on integrating decision procedures for separate theories so they decide the combined theory ◦ Starts with Nelson-Oppen and Shostak methods ◦ Activity continues today: theory, presentation, verification, and pragmatics • Recently extended through integration with SAT solving to yield SMT solvers ◦ Interactions are intense (millions per verification) ◦ Information from decision procedures must be used efficiently to prune SAT search ◦ Impacts design of individual decision procedures ◦ Engineering choices explored through benchmarking and competition • Homogeneous integration: not quite solved, but on the way John Rushby, SR I VSTTE: Integrating Verification Components–14

  15. SMT Solver Backend ARITH EQUALITY SAT ARRAYS SMT Solver John Rushby, SR I VSTTE: Integrating Verification Components–15

  16. Recap: Two Kinds of Architecture Backends Bus John Rushby, SR I VSTTE: Integrating Verification Components–16

  17. A New Case: Integration of Heterogeneous Components • Modern formal methods tools do more than verification • They also do refutation (bug finding) • And test-case generation • And controller synthesis • And construction of abstractions • And generation of invariants • And . . . • Observe that these tools can return objects other than verification outcomes ◦ Counterexamples, test cases, abstractions, invariants ◦ Hence, heterogeneous John Rushby, SR I VSTTE: Integrating Verification Components–17

  18. Integration of Heterogeneous Components • The tools that perform these computations can be used in opportunistic combination ◦ E.g., use static analysis and model checking to find bugs before attempting verification • And can use each other as (scripted) components ◦ E.g., use a model checker in test case generation • And can be used in integrated combinations ◦ E.g., software model checkers generally have a C front end with CFG analyzer, a predicate abstractor (which uses decision procedures and possibly a model checker), a model checker and counterexample generator, a counterexample concretizer and refinement generator (using Craig interpolation), and a control loop around the whole lot John Rushby, SR I VSTTE: Integrating Verification Components–18

  19. Customized (Re)integration • LAST (Xia, DiVito, Mu˜ noz) generates MC/DC tests for avionics code involving nonlinear arithmetic (with floating point numbers, trigonometric functions etc.) • It’s built on Blast (Henzinger et al) • But extends it to handle nonlinear arithmetic using RealPaver (a numerical nonlinear constraint unsatisfiability checker) ◦ Added 1,000 lines to CIL front end for MC/DC ◦ Added 2,000 lines to RealPaver to integrate with CVC-Lite (Nelson-Oppen style) ◦ Changed 2,000 lines in Blast to tie it all together • Applied it to Boeing autopilot simulator ◦ Modules with upto 1,000 lines of C ◦ 220 decisions Generated tests to (almost) full MC/DC coverage in minutes John Rushby, SR I VSTTE: Integrating Verification Components–19

  20. A Tool Bus • How can we construct these customized combinations and integrations easily and rapidly? • The integrations are coarse-grained (hundreds, not millions of interactions per analysis), so they do not need to share state • So we could take the outputs of one tool, massage it suitably and pass it to another and so on • A combination of XML descriptions, translations, and a scripting language could probably do it • Suitably engineered, we could call it a tool bus John Rushby, SR I VSTTE: Integrating Verification Components–20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park,

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park,

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I ICFEM05 An Evidential Tool Bus1 Formal Methods Integration No one notation, method, tool, or technology

504 views • 47 slides
Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning , (observations to a theory) followed by causal reasoning (theory to predictions). Diagnosis Given symptoms, evidential reasoning leads to hypotheses about

243 views • 8 slides
Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet

Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet

Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet University of British Columbia Vancouver, CA July 09, 2014 Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 1 / 21 Outline

472 views • 22 slides
Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary for a complete verification tool Allows objects in the verification environment to be extended Needs to express constraints Coverage

946 views • 80 slides
Integrating Moodle with an external tool Hubert Chathi MuchLearning May 26 & 29, 2012

Integrating Moodle with an external tool Hubert Chathi MuchLearning May 26 & 29, 2012

Integrating Moodle with an external tool Hubert Chathi MuchLearning May 26 & 29, 2012 Hubert Chathi Integrating Moodle with an external tool About me Programmer/Analyst at MuchLearning developed integration with the MuchLearning platform

934 views • 45 slides
Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

Introduction and motivation Foundations Temporal properties of functional programs CPPCC: Correctness of mobile components Summary Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

494 views • 45 slides
Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University

Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University

Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University Tilburg University Lecture overview 14 April: a logical model of stories and arguments in evidential reasoning 15 April: the strength of

1.05k views • 76 slides
Integrating new major Integrating new major components on fast and slow components on fast and

Integrating new major Integrating new major components on fast and slow components on fast and

Integrating new major Integrating new major components on fast and slow components on fast and slow moving distributions moving distributions How latest GNOME desktop was integrated into latest How latest GNOME desktop was integrated into

616 views • 23 slides
Tool-Assisted Specification and Verification of the JavaCard Platform Gilles

Tool-Assisted Specification and Verification of the JavaCard Platform Gilles

Tool-Assisted Specification and Verification of the JavaCard Platform Gilles Barthe INRIA Sophia-Antipolis, France Joint work with: P . Courtieu, G. Dufay, M. Huisman, L. Jakubiec, B. Serpette, S. Melo de Sousa, S.

694 views • 55 slides
Mind Maps: Useful Schematic Tool for Organizing and Integrating Concepts of Complex Patient Care

Mind Maps: Useful Schematic Tool for Organizing and Integrating Concepts of Complex Patient Care

Mind Maps: Useful Schematic Tool for Organizing and Integrating Concepts of Complex Patient Care in the Clinic and Classroom But But what are student perceptions? Dr. Genevieve Pinto Zipp Dr. Catherine Maher Dr. Anthony D Antoni 1

666 views • 34 slides
Machine tool Tools, components and equipment Assembly Welding-brazing -cutting

Machine tool Tools, components and equipment Assembly Welding-brazing -cutting

Machine tool Tools, components and equipment Assembly Welding-brazing -cutting Woodworking machinery Paper machines Printing machiner Packaging machinery Metrology CNC and Software Robotics Vision Machine tool

578 views • 3 slides
UPPAAL tutorial Modeling Verification 1 2 Architecture of UPPAAL Whats inside UPPAAL

UPPAAL tutorial Modeling Verification 1 2 Architecture of UPPAAL Whats inside UPPAAL

UPPAAL Tool Simulation UPPAAL tutorial Modeling Verification 1 2 Architecture of UPPAAL Whats inside UPPAAL Linux, Windows, Solaris, MacOS 3 4 All Operations on Zones Inside the UPPAAL tool (needed for verification)

468 views • 13 slides
Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool Reiner H ahnle (joint work with Richard Bubel and Ran Ji) Chalmers University of Technology Department of Computer Science and Engineering 10

1.11k views • 82 slides
Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir

Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir

Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir le titre de Docteur en Sciences de l'Universit de Nice-Sophia Antipolis Jean-Paul R IGAULT Prsident Rapporteurs Carlos C ANAL Frantisek P

711 views • 55 slides
Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de

Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de

Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de Technologie de Compigne HEUDIASYC (UMR CNRS 6599) https://www.hds.utc.fr/tdenoeux 4th International Conference on Belief Functions Prague, CZ

814 views • 80 slides
A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena

A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena

A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena Philip Daian Grigore Rosu Nov 7, 2018 @ FSE18 Smart contracts Programs that run on blockchain Usually written in a high-level

537 views • 28 slides
3 DERIVATIVES By measuring slopes at points on the sine curve, we get strong visual evidence

3 DERIVATIVES By measuring slopes at points on the sine curve, we get strong visual evidence

3 DERIVATIVES By measuring slopes at points on the sine curve, we get strong visual evidence that the derivative of the sine function is the cosine function. In this chapter we begin our study of differential calculus, which is concerned with

161 views • 3 slides
DOUBLE INTEGRALS MATH 200 GOALS Be able to compute double integral calculations over

DOUBLE INTEGRALS MATH 200 GOALS Be able to compute double integral calculations over

MATH 200 WEEK 7 - FRIDAY DOUBLE INTEGRALS MATH 200 GOALS Be able to compute double integral calculations over rectangular regions using partial integration. Know how to inspect an integral to decide if the order of integration is

676 views • 31 slides
A Radical Approach To Calculus David Bressoud Electronic Math Education St. Paul, MN Seminar

A Radical Approach To Calculus David Bressoud Electronic Math Education St. Paul, MN Seminar

A Radical Approach To Calculus David Bressoud Electronic Math Education St. Paul, MN Seminar MIT April 17, 2018 A pdf file of this PowerPoint is available at Conference Board of the www.macalester.edu/~bressoud/talks Mathematical Sciences

405 views • 21 slides
d Definite Integrals i E 2 Lectures a l l u d b Dr. Abdulla Eid A . College of

d Definite Integrals i E 2 Lectures a l l u d b Dr. Abdulla Eid A . College of

Section 14.7 d Definite Integrals i E 2 Lectures a l l u d b Dr. Abdulla Eid A . College of Science r D MATHS 104: Mathematics for Business II Dr. Abdulla Eid (University of Bahrain) Integrals 1 / 15 Definite Integral Recall:

289 views • 15 slides
Gauss composition and integral arithmetic invariant theory David Zureick-Brown (Emory University)

Gauss composition and integral arithmetic invariant theory David Zureick-Brown (Emory University)

Gauss composition and integral arithmetic invariant theory David Zureick-Brown (Emory University) Anton Gerschenko (Google) Connections in Number Theory Fall Southeastern Sectional Meeting University of North Carolina at Greensboro,

469 views • 28 slides
Static Model Simulation - Monte Carlo Simulation Examples Examples 1 Coin-tossing experiment.

Static Model Simulation - Monte Carlo Simulation Examples Examples 1 Coin-tossing experiment.

Static Model Simulation - Monte Carlo Simulation Examples Examples 1 Coin-tossing experiment. Toss the coin for 1 million times and note down the outcomes. 1 2 Rolling-die experiment. Roll the die for 1 million times and note down the

1.15k views • 10 slides
Lecture 13 - BRDFs Welcome! , = (, ) ,

Lecture 13 - BRDFs Welcome! , = (, ) ,

INFOMAGR Advanced Graphics Jacco Bikker - November 2017 - February 2018 Lecture 13 - BRDFs Welcome! , = (, ) , + , , ,

566 views • 52 slides
Variational measures generated by functions and associated with local systems of sets Luisa Di

Variational measures generated by functions and associated with local systems of sets Luisa Di

Variational measures generated by functions and associated with local systems of sets Luisa Di Piazza University of Palermo Department of Mathematics ITALY In recent years several authors have been in- terest in the variational measures

539 views • 20 slides

More recommend