modelling specification and formal analysis of complex
play

Modelling, Specification and Formal Analysis of Complex Software - PowerPoint PPT Presentation

Feb 20, 2024 •173 likes •861 views

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

  1. Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 149

  2. Outline Introduction 1 Formal Models and Semantics for IMPR 2 Foundations of Static Analysis by Abstract Interpretation 3 Application: Programs with Lists and Data 4 Application: Decision Procedures by Static Analysis 5 Elements of Inter-procedural Analysis 6 Application: Programs with Lists, Data, and Procedures 7 Extension: Programs with Complex Data Structures 8 Extension: Programs with Inductive Data Structures 9 99 / 149

  3. Formal Semantics for Procedure Call Stacks � [ � � ∗ ] ∋ S Stack CP × P × ( DV � → L ) → D ∪ RV � Mem � Stacks × Heaps ∋ m Memory Config � CP × ( Mem ∪ { merr } ) ∋ C Configurations ∀ v i ∈ − → vin . ( S , H ) ⊢ v i � c i � = merr ⊢ v = P ( − vin, − − start P , ( push ( S , ℓ + 1, P, v, − − → vout, − → → → � � vout ) � � � ℓ, ( S , H ) c i , lv P ) , H ) top ( S ) = ( ℓ, P, v, . . . ) ( S , H )( v ′ ) = c ⊢ return v ′ � � � � � ℓ ′ , ( S , H ) ℓ, ( pop ( S ) , H )[ v ← c ] Another source of infinity is the unbounded stack that usually stores locations in the heap. 100 / 149

  4. Inter-procedural Analyses Aim Compute an abstraction of the relation between the input and output configurations of a procedure, i.e. the procedure summary or contract. Context sensitive: the summary depends on an abstraction of the calling stack “If p is called before q , it returns 0, otherwise 1.” → insight on the full program behaviour, expressive − − → analysis done for each call point Context insensitive: the summary is independent of the calling stack “If p is called it returns 0 or 1.” − → insight on the procedure behaviour, but less precise − → analysis done independently of callers 101 / 149

  5. Context-Sensitive Approaches Main steps: Case 1: Compute summary information for each procedure ... at each calling point with “equivalent stack” runs Case 2: Use summary information at procedure calls... ... if the abstraction of reaching stack fits the already computed ones 102 / 149

  6. Context-Sensitive Approaches Main steps: Case 1: Compute summary information for each procedure ... at each calling point with “equivalent stack” runs Case 2: Use summary information at procedure calls... ... if the abstraction of reaching stack fits the already computed ones Classic approaches for summary computation: Functional approach: [Sharir&Pnueli,81],[Knoop&Steffen,92] Summary is a function mapping abstract input to abstract output Relational approach: [Cousot&Cousot,77] Summary is a relation between input and output Call string approach: [Sharir&Pnueli,81], [Khedker&Karkare,08] Maps string abstractions of the call stack to abstract configs. 102 / 149

  7. Functional Context-Sensitive Aim Compute a function summary P : CP � → ( A H → A mH ) mapping each control point of the procedure q ∈ CP to a function which associates every ( G 0 , W 0 ) abstract heap reachable at start P to the abstract heap ( G q , W q ) reachable at q . q ( G 0 , W 0 ) ( G q , W q ) int length(list* l) { l = ⊠ l = ⊠ 2 1: int len = 0; ls + ( l, ⊠ ) ls + ( l, ⊠ ) 2: if (l == NULL) . . . . . . . . . 3: len=0; l = ⊠ $ ret = 0 ∧ l = ⊠ 4: else { 8 ls + ( l, ⊠ ) $ ret � 1 ∧ ls + ( l, ⊠ ) 5: len=1+length(l->next); 6: } 7: return len; 8: } 103 / 149

  8. Inter-procedural Analysis with Heap Problem The local heap of a procedure may be accessed from the stack bypassing the actual parameters. Bad Consequence Context sensitive analyses shall track also these interferences! 104 / 149

  9. Particular Case of Programs Observation In a large class of programs with procedure calls, the local heap is reachable from the stack by passing through the actual parameters. Consequence For this class, the computation of summaries is compositional. 105 / 149

  10. Cut-point Free Programs [Rinetzky et al ,05] Definition A call is cut point free if all local heap cut nodes are reachable from the stack through the procedure parameters. A cut point free program has only cut point free procedure calls. 106 / 149

  11. Abstraction of Summaries Let V be the set of formal parameters and local variables. Definition A concrete inter-procedural configurations is a pair of heap configurations ( H 0 , H q ) where: H 0 is the local heap at start P over a new vocabulary V 0 − → similar to old notation in JML H is the heap at the control point q of the procedure over V ∪ { $ ret } Definition A concrete procedure summary is the set { ( H 0 , H end P ) } . 107 / 149

  12. Outline Introduction 1 Formal Models and Semantics for IMPR 2 Foundations of Static Analysis by Abstract Interpretation 3 Application: Programs with Lists and Data 4 Application: Decision Procedures by Static Analysis 5 Elements of Inter-procedural Analysis 6 Application: Programs with Lists, Data, and Procedures 7 Extension: Programs with Complex Data Structures 8 Extension: Programs with Inductive Data Structures 9 108 / 149

  13. Application Programs with Lists and Data — Inter-procedural Analysis — joint work with A. Bouajjani, C. Drăgoi, C. Enea PLDI’11 109 / 149

  14. Running Example: Quicksort on Lists (with Copy) 110 / 149

  15. Running Example: Quicksort on Lists (with Copy) 110 / 149

  16. Running Example: Quicksort on Lists (with Copy) 110 / 149

  17. Running Example: Quicksort on Lists (with Copy) 110 / 149

  18. Running Example: Quicksort on Lists (with Copy) 110 / 149

  19. Running Example: Quicksort on Lists (with Copy) 110 / 149

  20. Representing Summaries in A HS � ( G 0 ∗ G, W 0 ∧ W ) � ( H 0 , H ) � α 111 / 149

  21. Analysing Quicksort: A U Domain 112 / 149

  22. Analysing Quicksort: A M Domain 113 / 149

  23. Quicksort: Loss of Precision 114 / 149

  24. Quicksort: Loss of Precision 114 / 149

  25. Quicksort: Loss of Precision 114 / 149

  26. Quicksort: Loss of Precision 114 / 149

  27. Strengthen Procedure 115 / 149

  28. Strengthen Procedure: Example 116 / 149

  29. Strengthen Procedure: Example 116 / 149

  30. Strengthen Procedure: Example 116 / 149

  31. Strengthen Procedure: Example 116 / 149

  32. Experimental Results class fun nesting A M A U Examples of summaries synthesized (loop,rec) t (s) P t (s) create ( 0 , − ) < 1 P = , P 1 < 1 addfst – < 1 P = < 1 ρ # sll addlst ( 0 , 1 ) < 1 P = < 1 U ( create ( & x ,� )) : hd ( x ) = 0 ∧ len ( x ) = � ∧∀ y ∈ tl ( x ) ⇒ x [ y ] = 0 delfst – < 1 P = < 1 ( 0 , 1 ) < 1 < 1 dellst P = ρ # U ( init ( v , x )) : len ( x 0 ) = len ( x ) ∧ hd ( x ) = v ∧∀ y ∈ tl ( x ) . x [ y ] = v init (v) ( 0 , 1 ) < 1 P = , P 1 < 1 ( 0 , 1 ) < 1 P = , P 1 < 1 ρ # U ( add ( v , x )) : len ( x 0 ) = len ( x ) ∧ hd ( x ) = hd ( x 0 )+ v ∧ map initSeq ∀ y 1 ∈ tl ( x ) , y 2 ∈ tl ( x 0 ) . y 1 = y 2 ⇒ x [ y 1 ] = x 0 [ y 2 ]+ v add (v) ( 0 , 1 ) < 1 P = < 1 ρ # U ( add ( v , x , z )) : len ( x 0 ) = len ( x ) ∧ len ( z 0 ) = len ( z ) ∧ eq ( x , x 0 ) ∧ map2 add (v) ( 0 , 1 ) < 1 P = < 1 ( 0 , 1 ) < 1 < 1 ∀ y 1 ∈ tl ( x ) , y 2 ∈ tl ( z ) . y 1 = y 2 ⇒ x [ y 1 ]+ v = z [ y 2 ] copy P = ρ # M ( split ( v , x , & l , & u )) : ms ( x ) = ms ( x 0 ) = ms ( l ) ∪ ms ( u ) ( 0 , 1 ) < 1 P = , P 1 < 1 del Pred ρ # U ( split ( v , x , & l , & u )) : equal ( x , x 0 ) ∧ len ( x ) = len ( l )+ len ( u ) ∧ fold max ( 0 , 1 ) < 1 P = , P 1 < 1 ( 0 , 1 ) < 1 < 1 l [ 0 ] ≤ v ∧∀ y ∈ tl ( l ) ⇒ l [ y ] ≤ v ∧ clone P = ( 0 , 1 ) u [ 0 ] > v ∧∀ y ∈ tl ( u ) ⇒ u [ y ] > v split < 1 P = , P 1 < 1 ( 0 , 1 ) ρ # M ( merge ( x , z , & r )) : ms ( x ) ∪ ms ( z ) = ms ( r ) ∧ ms ( x 0 ) = ms ( x ) ∧ ... equal < 1 P = < 1 ρ # U ( merge ( x , z , & r )) : equal ( x , x 0 ) ∧ equal ( z , z 0 ) ∧ sorted ( x 0 ) ∧ sorted ( z 0 ) ∧ ( 0 , 1 ) < 1 P = , P 1 , P 2 < 3 fold2 concat ( 0 , 1 ) sorted ( r ) ∧ len ( x )+ len ( z ) = len ( r ) merge < 1 P = , P 1 , P 2 < 3 bubble ( 1 , − ) < 1 P = , P 1 , P 2 < 3 ρ # M ( quicksort ( x )) : ms ( x ) = ms ( x 0 ) = ms ( res ) sort insert ( 1 , − ) < 1 P = , P 1 , P 2 < 3 ( − , 2 ) ρ # U ( quicksort ( x )) : equal ( x , x 0 ) ∧ sorted ( res ) quick < 2 P = , P 1 , P 2 < 4 merge ( − , 2 ) < 2 P = , P 1 , P 2 < 4 117 / 149

  33. Outline Introduction 1 Formal Models and Semantics for IMPR 2 Foundations of Static Analysis by Abstract Interpretation 3 Application: Programs with Lists and Data 4 Application: Decision Procedures by Static Analysis 5 Elements of Inter-procedural Analysis 6 Application: Programs with Lists, Data, and Procedures 7 Extension: Programs with Complex Data Structures 8 Extension: Programs with Inductive Data Structures 9 118 / 149

  34. Application Reasoning about Composite Data Structures — using a FO Logic Framework — joint work with A. Bouajjani, C. Drăgoi, C. Enea CONCUR’09 119 / 149

  35. Properties of Complex Data Structures 120 / 149

  36. Recall: Heap Graph Model 121 / 149

  37. A Very Expressive Logic 122 / 149

  38. Reachability Predicates 123 / 149

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript PLRG@KAIST Hongki Lee , Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu Contents Introduction Big Picture Formal Specification

631 views • 25 slides
Formal Specification and Verification Formal specification Temporal logic 12.06.2012

Formal Specification and Verification Formal specification Temporal logic 12.06.2012

Formal Specification and Verification Formal specification Temporal logic 12.06.2012 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Formal specification Specification for program/system Specification for

443 views • 21 slides
Formal Specification Techniques Knowledge of typical approaches to formal software specification

Formal Specification Techniques Knowledge of typical approaches to formal software specification

Goals Understanding of the motivation of mathematical approaches to software specification Formal Specification Techniques Knowledge of typical approaches to formal software specification CAS 707 and verification McMaster University, Winter

106 views • 6 slides
Towards Specification, Modelling and Analysis of Fault Tolerance in Self Managed Systems Tom

Towards Specification, Modelling and Analysis of Fault Tolerance in Self Managed Systems Tom

Towards Specification, Modelling and Analysis of Fault Tolerance in Self Managed Systems Tom Maibaum (joint work with Jeff Magee, ICL) McMaster University Department of Computing and Software tom@maibaum.org Introduction We describe

494 views • 16 slides
Discrete EVent System specification (DEVS) Bernard Zeigler (1976 Theory of Modelling and

Discrete EVent System specification (DEVS) Bernard Zeigler (1976 Theory of Modelling and

Discrete EVent System specification (DEVS) Bernard Zeigler (1976 Theory of Modelling and Simulation) A formal basis for (low-level) representation of all discrete event modelling formalisms and simulator implementations

492 views • 26 slides
Discrete EVent System specification (DEVS) Bernard Zeigler (1976 Theory of Modelling and

Discrete EVent System specification (DEVS) Bernard Zeigler (1976 Theory of Modelling and

Discrete EVent System specification (DEVS) Bernard Zeigler (1976 Theory of Modelling and Simulation) A formal basis for (low-level) representation of all discrete event modelling formalisms (and even others, after approximation)

660 views • 30 slides
DevOps Meets Formal Modelling in High-Criticality Complex Systems Marta Olszewska, Marina Wald

DevOps Meets Formal Modelling in High-Criticality Complex Systems Marta Olszewska, Marina Wald

DevOps Meets Formal Modelling in High-Criticality Complex Systems Marta Olszewska, Marina Wald n 1 st International Workshop on Quality-Aware DevOps (QUDOS 2015) 1 st September 2015, Bergamo, Italy Roadmap Why? Motivation and goals

638 views • 31 slides
HIERATIC Hierarchical Analysis of Complex Dynamical Systems WP6 Formal theoretical

HIERATIC Hierarchical Analysis of Complex Dynamical Systems WP6 Formal theoretical

HIERATIC Hierarchical Analysis of Complex Dynamical Systems WP6 Formal theoretical results concerning network dynamics John Haslegrave, Chris Cannings The University of Sheffield December 11, 2014 Overview 1 Tournament process 2 Cyclic

517 views • 27 slides
Lecture 1: Introduction The UML Standard Documents The Map A Brief History of UML

Lecture 1: Introduction The UML Standard Documents The Map A Brief History of UML

Content An Analogy: Construction Engineering Floorplans as Formal Specification Language The Notion of Model Software Design, Modelling and Analysis in UML Floorplans for Software Goals, Content and Non-Content of the

256 views • 7 slides
Feature Modelling: A Survey, a Formalism and a Transformation for Analysis Thomas De Vylder

Feature Modelling: A Survey, a Formalism and a Transformation for Analysis Thomas De Vylder

Feature Modelling: A Survey, a Formalism and a Transformation for Analysis Thomas De Vylder Content Feature Modelling Origins Feature Modelling Notations &amp; Definitions AToM Meta-Model Formal Analysis of Feature Models +

568 views • 27 slides
Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type Checking Statistic Analysis Requirements definition Inspections, Reviews 15-313 Integration/System/Acceptance/Regression/GUI/Bl

608 views • 45 slides
CLASSI C CLASSI C CLASSI C Modelling , Specification , and Verification using UPPAAL Kim

CLASSI C CLASSI C CLASSI C Modelling , Specification , and Verification using UPPAAL Kim

CLASSI C CLASSI C CLASSI C Modelling , Specification , and Verification using UPPAAL Kim Guldstrand Larsen Finite State Machines Modelling using UC UC b Modelling processes A process is the execution of a sequential program.

1.41k views • 108 slides
Formal Specification and Analysis of Robust Adaptive Distributed Cyber-Physical Systems Carolyn

Formal Specification and Analysis of Robust Adaptive Distributed Cyber-Physical Systems Carolyn

Formal Specification and Analysis of Robust Adaptive Distributed Cyber-Physical Systems Carolyn Talcott (and the Soft Agents Team) SFM Quantitative Evaluation of Collective Adaptive Systems June 2016 1 Vision Multiple agents with

1.11k views • 92 slides
GENDER PAY GAP REPORT A member of the Frasers Hospitality Group GENERAL STATEMENT The Malmaison

GENDER PAY GAP REPORT A member of the Frasers Hospitality Group GENERAL STATEMENT The Malmaison

GENDER PAY GAP REPORT A member of the Frasers Hospitality Group GENERAL STATEMENT The Malmaison &amp; Hotel Du Vin Brands employee over 2500 employees and is committed to gender diversity. Through development and internal training we will

251 views • 6 slides
Tracing the origins of inflection in creoles A quantitative analysis Olivier Bonami 1 Fabiola

Tracing the origins of inflection in creoles A quantitative analysis Olivier Bonami 1 Fabiola

Tracing the origins of inflection in creoles A quantitative analysis Olivier Bonami 1 Fabiola Henri 2 s 3 Ana R. Lu 1 U. Paris-Sorbonne &amp; IUF &amp; LLF olivier.bonami@paris-sorbonne.fr 2 U. Lille 3 &amp; STL &amp; LLF

720 views • 29 slides
Individual Vehicle Approval How to improve your application process 23 June 2015 Nigel Base,

Individual Vehicle Approval How to improve your application process 23 June 2015 Nigel Base,

Individual Vehicle Approval How to improve your application process 23 June 2015 Nigel Base, Commercial Vehicle Manager , SMMT Peter Hearn, Head of Policy Development , DVSA Karen Pitt, Operations Manager Testing and Support Services , DVSA

423 views • 31 slides
Shared content-vocabularies: Ontologies Formal, machine processable explicit specification

Shared content-vocabularies: Ontologies Formal, machine processable explicit specification

Semantic Web Languages: RDF, RDF Schema, OWL Frank van Harmelen Vrije Universiteit Amsterdam Shared content-vocabularies: Ontologies Formal, machine processable explicit specification concepts, properties, relations, functions of a

382 views • 17 slides
Opamp Design Project Help Session Boise, 19/Apr/2014 Vishal Saxena Vishal Saxena

Opamp Design Project Help Session Boise, 19/Apr/2014 Vishal Saxena Vishal Saxena

Opamp Design Project Help Session Boise, 19/Apr/2014 Vishal Saxena Vishal Saxena &lt;vishalsaxena@boisestate.edu&gt; Design Specifications Vishal Saxena &lt;vishalsaxena@boisestate.edu&gt; Two-Stage Opamp Vishal Saxena

856 views • 42 slides
Overview/Questions What are objects, and how do they help us program more effectively?

Overview/Questions What are objects, and how do they help us program more effectively?

CS108 Lecture 11: Objects and Graphics Objects and Classes Graphics Concepts Aaron Stevens 9 February 2009 1 Overview/Questions What are objects, and how do they help us program more effectively? An overview of computer graphics

440 views • 13 slides
Database Programming in SQL/O RACLE SQL-3 Standard/ORACLE 8: ER-Modeling Schema

Database Programming in SQL/O RACLE SQL-3 Standard/ORACLE 8: ER-Modeling Schema

Database Programming in SQL/ORACLE Database Programming in SQL/O RACLE SQL-3 Standard/ORACLE 8: ER-Modeling Schema Generation Queries Views Complex attributes, nested tables Database Optimization Access

1.6k views • 147 slides
Mixture Models Simulation-based Estimation Michel Bierlaire Transport and Mobility Laboratory

Mixture Models Simulation-based Estimation Michel Bierlaire Transport and Mobility Laboratory

Mixture Models Simulation-based Estimation Michel Bierlaire Transport and Mobility Laboratory School of Architecture, Civil and Environmental Engineering Ecole Polytechnique F ed erale de Lausanne M. Bierlaire (TRANSP-OR ENAC EPFL)

1.11k views • 78 slides

More recommend