model checking for symbolic heap separation logic with
play

Model Checking for Symbolic-Heap Separation Logic with Inductive - PowerPoint PPT Presentation

Sep 16, 2022 •392 likes •1.02k views

. POPL 2016, St Petersburg, Florida, USA, 1 Programming Principles, Logic & Verification Group Department of Computer Science, University College London 2 Foundations of Computing Group Department of Computer Science, Middlesex University

  1. . POPL 2016, St Petersburg, Florida, USA, 1 Programming Principles, Logic & Verification Group Department of Computer Science, University College London 2 Foundations of Computing Group Department of Computer Science, Middlesex University Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1 Max Kanovich 1 Nikos Gorogiannis 2 Reuben N. S. Rowe 1 Wednesday 20 th January 2016

  2. • More generally, S could be any kind of mathematical structure • Model checking is the problem of checking whether a structure • Typically, S is a Kripke structure representing a program, and a formula of modal or temporal logic describing its behaviour. and a formula in a language describing such structures. 1/12 Model Checking in General S satisfies, or is a model of, some formula ϕ : does S | = ϕ ?

  3. • More generally, S could be any kind of mathematical structure • Model checking is the problem of checking whether a structure and a formula in a language describing such structures. 1/12 Model Checking in General S satisfies, or is a model of, some formula ϕ : does S | = ϕ ? • Typically, S is a Kripke structure representing a program, and ϕ a formula of modal or temporal logic describing its behaviour.

  4. 1/12 • Model checking is the problem of checking whether a structure Model Checking in General S satisfies, or is a model of, some formula ϕ : does S | = ϕ ? • Typically, S is a Kripke structure representing a program, and ϕ a formula of modal or temporal logic describing its behaviour. • More generally, S could be any kind of mathematical structure and ϕ a formula in a language describing such structures.

  5. • Typically, we do static analysis: given an annotated program, • When static analysis fails, we might try run-time verification: • We focus on the popular symbolic-heap fragment of SL, • Separation logic (SL) facilitates verification of imperative pointer programs by describing program memory. prove that it meets its specification. run the program and check that it does not violate the spec. • In that case, we need to compare memory states S against a specification : does S ? allowing arbitrary sets of inductive predicates. 2/12 Model Checking for Separation Logic

  6. • We focus on the popular symbolic-heap fragment of SL, • Separation logic (SL) facilitates verification of imperative pointer programs by describing program memory. prove that it meets its specification. • When static analysis fails, we might try run-time verification: run the program and check that it does not violate the spec. • In that case, we need to compare memory states S against a specification : does S ? allowing arbitrary sets of inductive predicates. 2/12 Model Checking for Separation Logic • Typically, we do static analysis: given an annotated program,

  7. • We focus on the popular symbolic-heap fragment of SL, • Separation logic (SL) facilitates verification of imperative pointer programs by describing program memory. prove that it meets its specification. run the program and check that it does not violate the spec. • In that case, we need to compare memory states S against a specification : does S ? allowing arbitrary sets of inductive predicates. 2/12 Model Checking for Separation Logic • Typically, we do static analysis: given an annotated program, • When static analysis fails, we might try run-time verification:

  8. • Separation logic (SL) facilitates verification of imperative pointer programs by describing program memory. prove that it meets its specification. run the program and check that it does not violate the spec. • In that case, we need to compare memory states S against a • We focus on the popular symbolic-heap fragment of SL, allowing arbitrary sets of inductive predicates. 2/12 Model Checking for Separation Logic • Typically, we do static analysis: given an annotated program, • When static analysis fails, we might try run-time verification: specification ϕ : does S | = ϕ ?

  9. • Separation logic (SL) facilitates verification of imperative pointer programs by describing program memory. prove that it meets its specification. run the program and check that it does not violate the spec. • In that case, we need to compare memory states S against a • We focus on the popular symbolic-heap fragment of SL, allowing arbitrary sets of inductive predicates. 2/12 Model Checking for Separation Logic • Typically, we do static analysis: given an annotated program, • When static analysis fails, we might try run-time verification: specification ϕ : does S | = ϕ ?

  10. • complexity is EXPTIME • These reduce the complexity to NP or PTIME For symbolic-heap SL with arbitrary inductive predicates: • the model checking problem is decidable • We identify three natural syntactic criteria for restricting inductive definitions • We provide a prototype tool implementation and experimental evaluation 3/12 Overview of our Results

  11. • These reduce the complexity to NP or PTIME For symbolic-heap SL with arbitrary inductive predicates: • the model checking problem is decidable • We identify three natural syntactic criteria for restricting inductive definitions • We provide a prototype tool implementation and experimental evaluation 3/12 Overview of our Results • complexity is EXPTIME

  12. • These reduce the complexity to NP or PTIME For symbolic-heap SL with arbitrary inductive predicates: • the model checking problem is decidable • We identify three natural syntactic criteria for restricting inductive definitions • We provide a prototype tool implementation and experimental evaluation 3/12 Overview of our Results • complexity is EXPTIME

  13. For symbolic-heap SL with arbitrary inductive predicates: • the model checking problem is decidable • We identify three natural syntactic criteria for restricting inductive definitions • We provide a prototype tool implementation and experimental evaluation 3/12 Overview of our Results • complexity is EXPTIME • These reduce the complexity to NP or PTIME

  14. For symbolic-heap SL with arbitrary inductive predicates: • the model checking problem is decidable • We identify three natural syntactic criteria for restricting inductive definitions • We provide a prototype tool implementation and experimental evaluation 3/12 Overview of our Results • complexity is EXPTIME • These reduce the complexity to NP or PTIME

  15. emp t P t ( P a predicate symbol, t a tuple of terms) • emp is the empty heap ("points to") denotes a pointer to a single heap record x a set of pure formulas) ( Symbolic heaps F given by domain-disjoint heaps ("separating conjunction") describes the combining of two • • 4/12 Terms: x Spatial Formulas: t t t t Pure Formulas: Symbolic Heaps with Inductive Predicates t ::= x | nil

  16. emp t P t ( P a predicate symbol, t a tuple of terms) • emp is the empty heap x • a set of pure formulas) ( Symbolic heaps F given by domain-disjoint heaps ("separating conjunction") describes the combining of two 4/12 ("points to") denotes a pointer to a single heap record • Terms: x Spatial Formulas: Pure Formulas: Symbolic Heaps with Inductive Predicates t ::= x | nil π ::= t = t | t ̸ = t

  17. • emp is the empty heap ("points to") denotes a pointer to a single heap record x 4/12 a set of pure formulas) ( Symbolic heaps F given by domain-disjoint heaps ("separating conjunction") describes the combining of two • • Terms: Spatial Formulas: Pure Formulas: Symbolic Heaps with Inductive Predicates t ::= x | nil π ::= t = t | t ̸ = t Σ ::= emp | x �→ t | P t | Σ ∗ Σ ( P a predicate symbol, t a tuple of terms)

  18. ("points to") denotes a pointer to a single heap record x 4/12 a set of pure formulas) ( Symbolic heaps F given by domain-disjoint heaps ("separating conjunction") describes the combining of two • • Terms: Spatial Formulas: Pure Formulas: Symbolic Heaps with Inductive Predicates t ::= x | nil π ::= t = t | t ̸ = t Σ ::= emp | x �→ t | P t | Σ ∗ Σ ( P a predicate symbol, t a tuple of terms) • emp is the empty heap

  19. x 4/12 ("separating conjunction") describes the combining of two a set of pure formulas) Pure Formulas: ( Spatial Formulas: Symbolic heaps F given by domain-disjoint heaps Terms: • Symbolic Heaps with Inductive Predicates t ::= x | nil π ::= t = t | t ̸ = t Σ ::= emp | x �→ t | P t | Σ ∗ Σ ( P a predicate symbol, t a tuple of terms) • emp is the empty heap • �→ ("points to") denotes a pointer to a single heap record

  20. x 4/12 domain-disjoint heaps a set of pure formulas) Pure Formulas: ( Spatial Formulas: Symbolic heaps F given by Terms: Symbolic Heaps with Inductive Predicates t ::= x | nil π ::= t = t | t ̸ = t Σ ::= emp | x �→ t | P t | Σ ∗ Σ ( P a predicate symbol, t a tuple of terms) • emp is the empty heap • �→ ("points to") denotes a pointer to a single heap record • ∗ ("separating conjunction") describes the combining of two

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 Reuben Rowe 1 1 UCL 2 Middlesex University Australian National University, Canberra, 9 December 2015 1/ 24 Model

1.13k views • 81 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. This lecture will Kasper Svendsen University of Cambridge introduce a formal proof system for Separation

740 views • 10 slides
02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute Technical University of Denmark Spring 2020 Model Checking M | = Models M are Kripke structures Formulas are Computational Tree Logic

509 views • 22 slides
Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge Academic year

1.15k views • 48 slides
Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

The Mu-Calculus Model Checking Example Results Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal Papers in Verification March 23, 2012 Andrena Francisco Symbolic Model Checking The Mu-Calculus

196 views • 15 slides
Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group, University of Cambridge Academic year

972 views • 41 slides
Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

833 views • 61 slides
Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of compiling one into the other? Both have very different models of time How do they compare? We have seen two widely used temporal logics Relative

510 views • 10 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/ Was popular in semiconductor industry via Cadence SMV Could handle large models A re-implementation of the SMV model checker: Good

110 views • 10 slides
Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or software Temporal logic provides a language for specifying functional properties Model checking checks whether a given property holds

1.56k views • 131 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Higher Order Functions 1 Shell CSCE 314 TAMU Higher-order Functions A function is called

Higher Order Functions 1 Shell CSCE 314 TAMU Higher-order Functions A function is called

Shell CSCE 314 TAMU CSCE 314: Programming Languages Dr. Dylan Shell Higher Order Functions 1 Shell CSCE 314 TAMU Higher-order Functions A function is called higher-order if it takes a function as an argument or returns a function as a

262 views • 23 slides
Coding Theorems for Reversible Embedding Frans Willems and Ton Kalker T.U. Eindhoven, Philips

Coding Theorems for Reversible Embedding Frans Willems and Ton Kalker T.U. Eindhoven, Philips

Coding Theorems for Reversible Embedding Frans Willems and Ton Kalker T.U. Eindhoven, Philips Research DIMACS, March 16-19, 2003 Outline 1. Gelfand-Pinsker coding theorem 2. Noise-free embedding 3. Reversible embedding 4. Robust and

507 views • 33 slides
Lecture 14 Jan-Willem van de Meent TOPIC MODELS Borrowing from : David Blei (Columbia)

Lecture 14 Jan-Willem van de Meent TOPIC MODELS Borrowing from : David Blei (Columbia)

Unsupervised Machine Learning and Data Mining DS 5230 / DS 4420 - Fall 2018 Lecture 14 Jan-Willem van de Meent TOPIC MODELS Borrowing from : David Blei (Columbia) Word Mixtures Idea: Model text as a mixture over words (ignore

899 views • 13 slides
DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing

DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing

DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing Streams Diogo Barradas Nuno Santos Lus Rodrigues INESC-ID, Instituto Superior Tcnico, Universidade de Lisboa

468 views • 29 slides
Computation-as-deduction in Abella: work in progress Kaustuv Chaudhuri, Ulysse G erard and Dale

Computation-as-deduction in Abella: work in progress Kaustuv Chaudhuri, Ulysse G erard and Dale

Computation-as-deduction in Abella: work in progress Kaustuv Chaudhuri, Ulysse G erard and Dale Miller LFMTP, July 7, 2018 Inria Saclay Palaiseau France Introduction Abella is an interactive theorem prover in which relations, and not

569 views • 23 slides
Installation Installation Procedures Procedures for Clusters for Clusters PART 2 NETBOOT

Installation Installation Procedures Procedures for Clusters for Clusters PART 2 NETBOOT

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY Installation Installation Procedures Procedures for Clusters for Clusters PART 2 NETBOOT Environment and Troubleshooting Agenda Agenda Cluster Services Overview on Installation

437 views • 21 slides
Build Your Cluster with Rocks Build Your Cluster with Rocks Yu Fu Yu Fu University of Florida

Build Your Cluster with Rocks Build Your Cluster with Rocks Yu Fu Yu Fu University of Florida

Build Your Cluster with Rocks Build Your Cluster with Rocks Yu Fu Yu Fu University of Florida University of Florida 2011 OSG Summer Workshop 2011 OSG Summer Workshop Lubbock, TX Lubbock, TX You need a cluster You need a cluster

653 views • 52 slides
Further Experiences Teaching an FPGA-based Embedded Systems Class Stephen A. Edwards Columbia

Further Experiences Teaching an FPGA-based Embedded Systems Class Stephen A. Edwards Columbia

Further Experiences Teaching an FPGA-based Embedded Systems Class Stephen A. Edwards Columbia University WESE, Torino, Italy, October 4, 2018 What is an FPGA? A Field Programmble Gate Array: A configurable circuit; not a stored-program

521 views • 14 slides

More recommend