regression verification proving partial equivalence
play

Regression Verification: Proving Partial Equivalence Talk by Dennis - PowerPoint PPT Presentation

Jul 31, 2023 •47 likes •457 views

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the Projektgruppe Formale Methoden der Softwareentwicklung WS 2012/2013 1 / 24 Introduction Formal Verification Formally prove correctness of

  1. Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the Projektgruppe Formale Methoden der Softwareentwicklung WS 2012/2013 1 / 24

  2. Introduction Formal Verification Formally prove correctness of software ⇒ Requires formal specification Regression Testing Discover new bugs by testing for them ⇒ Requires test cases 2 / 24

  3. Introduction Formal Verification Formally prove correctness of software ⇒ Requires formal specification Regression Testing Discover new bugs by testing for them ⇒ Requires test cases Regression Verification Formally prove there are no new bugs 2 / 24

  4. Regression Verification Formally prove there are no new bugs • Goal: Proving the equivalence of two closely related programs • No formal specification or test cases required • Instead use old program version • Make use of similarity between programs 3 / 24

  5. Overview 1 Theoretical Framework 2 Practical Framework 3 Limitations 4 / 24

  6. Theoretical Framework Overview Partially Equivalent? Program P 1 Program P 2 (val a , b ; ret g ) (val y , x ; ret z ) Apply Proc-P-Eq Program P 1 Program P 2 without recursions without recursions Static Single Static Single Assignment S P 1 Assignment S P 2 ( a = y ∧ b = x ∧ S P 1 ∧ S P 2 ) → g = z Theorem Prover True / False 5 / 24

  7. Linear Procedure Language Overview Partially Equivalent? Program P 1 Program P 2 (val a , b ; ret g ) (val y , x ; ret z ) Apply Proc-P-Eq Program P 1 Program P 2 without recursions without recursions Static Single Static Single Assignment S P 1 Assignment S P 2 ( a = y ∧ b = x ∧ S P 1 ∧ S P 2 ) → g = z Theorem Prover True / False 6 / 24

  8. Linear Procedure Language Example procedure gcd3 ( val x , y , z ; ret w) : gcd ( x , y ; a ) ; c a l l c a l l gcd (a , z ; w) ; return procedure gcd ( val a , b ; ret g ) : b = 0 then i f g := a else a := a%b ; gcd (b , a ; g ) c a l l f i ; return 7 / 24

  9. Linear Procedure Language Syntax Program :: � procedure p( val arg − r p ; ret arg − w p ): S p � p ∈ Proc :: x := e S | S ; S | if B then S else S fi | if B then S fi | call p ( e ; x ) | return ⇒ No loops 8 / 24

  10. Partial Equivalence Overview Partially Equivalent? Program P 1 Program P 2 (val a , b ; ret g ) (val y , x ; ret z ) Apply Proc-P-Eq Program P 1 Program P 2 without recursions without recursions Static Single Static Single Assignment S P 1 Assignment S P 2 ( a = y ∧ b = x ∧ S P 1 ∧ S P 2 ) → g = z Theorem Prover True / False 9 / 24

  11. Partial Equivalence Partial Equivalence : Given the same inputs, any two terminating executions of programs P 1 and P 2 return the same value. ⇒ Partial Equivalence is undecidable In LPL: part-equiv( P 1 , P 2 ) = in [ P 1 ] = in [ P 2 ] → out [ P 1 ] = out [ P 2 ] 10 / 24

  12. Uninterpreted Procedures Given the same inputs an Uninterpreted Procedure always produces the same outputs. In LPL: procedure U( val r1 , r2 , . . . ; ret w1 , w2 , . . . ) : return 11 / 24

  13. Mappings Programs P 1 and P 2 consist of procedures Map equivalent procedures onto each other In LPL: map : Proc [ P 1 ] �→ Proc [ P 2 ] UP maps procedures to their respective uninterpreted procedures: � F , G � ∈ map ⇐ ⇒ UP ( F ) = UP ( G ) 12 / 24

  14. Rule for Proving Partial Equivalence Overview Partially Equivalent? Program P 1 Program P 2 (val a , b ; ret g ) (val y , x ; ret z ) Apply Proc-P-Eq Program P 1 Program P 2 without recursions without recursions Static Single Static Single Assignment S P 1 Assignment S P 2 ( a = y ∧ b = x ∧ S P 1 ∧ S P 2 ) → g = z Theorem Prover True / False 13 / 24

  15. Example part-equiv(gcd1, gcd2) ⊢ part-equiv( gcd 1 body , gcd 2 body ) part-equiv( gcd 1 , gcd 2) procedure gcd1 procedure gcd2 ( val a , b ; ret g ) : ( val x , y ; z ) : ret i f b = 0 then g := a z := x ; else a := a%b ; y > 0 then i f call gcd1 (b , a ; g ) call gcd2 ( y , z%y ; z ) f i ; f i ; return return 14 / 24

  16. Example part-equiv(gcd1, gcd2) ⊢ part-equiv( gcd 1 body , gcd 2 body ) part-equiv( gcd 1 , gcd 2) procedure gcd1 procedure gcd2 ( val a , b ; ret g ) : ( val x , y ; z ) : ret i f b = 0 then g := a z := x ; else a := a%b ; y > 0 then i f call gcd1 (b , a ; g ) call gcd2 ( y , z%y ; z ) f i ; f i ; return return 14 / 24

  17. Example ⊢ L UP part-equiv( gcd 1 [ gcd 1 ← UP ( gcd 1)] , gcd 2 [ gcd 2 ← UP ( gcd 2)] ) part-equiv( gcd 1 , gcd 2) procedure gcd1 procedure gcd2 ( val a , b ; ret g ) : ( val x , y ; z ) : ret i f b = 0 then g := a z := x ; else a := a%b ; y > 0 then i f call gcd1 (b , a ; g ) call gcd2 call gcd2 ( y , z%y ; z ) call gc f i ; f i ; return return 15 / 24

  18. Example ⊢ L UP part-equiv( gcd 1 [ gcd 1 ← UP ( gcd 1)] , gcd 2 [ gcd 2 ← UP ( gcd 2)] ) part-equiv( gcd 1 , gcd 2) procedure gcd1 procedure gcd2 ( val a , b ; ret g ) : ( val x , y ; z ) : ret i f b = 0 then g := a z := x ; else a := a%b ; y > 0 then i f call U (b , a ; g ) call gcd2 call U ( y , z%y ; z ) call gcd2 f i ; f i ; return return 15 / 24

  19. Rule Proc-P-Eq ∀� F , G � ∈ map . {⊢ L UP part-equiv( F UP , G UP ) } ∀� F , G � ∈ map . part-equiv( F , G ) • L UP is a sound proof system for a non-recursive LPL • F UP = F [ f ← UP ( f ) | f ∈ Proc [ P ]] is an isolated procedure 16 / 24

  20. Rule Proc-P-Eq ∀� F , G � ∈ map . {⊢ L UP part-equiv( F UP , G UP ) } ∀� F , G � ∈ map . part-equiv( F , G ) • L UP is a sound proof system for a non-recursive LPL • F UP = F [ f ← UP ( f ) | f ∈ Proc [ P ]] is an isolated procedure F G Y B X A 16 / 24

  21. Rule Proc-P-Eq ∀� F , G � ∈ map . {⊢ L UP part-equiv( F UP , G UP ) } ∀� F , G � ∈ map . part-equiv( F , G ) • L UP is a sound proof system for a non-recursive LPL • F UP = F [ f ← UP ( f ) | f ∈ Proc [ P ]] is an isolated procedure F UP UP F F G UP Y Y B UP X G UP X A 16 / 24

  22. Rule Proc-P-Eq ∀� F , G � ∈ map . {⊢ L UP part-equiv( F UP , G UP ) } ∀� F , G � ∈ map . part-equiv( F , G ) • L UP is a sound proof system for a non-recursive LPL • F UP = F [ f ← UP ( f ) | f ∈ Proc [ P ]] is an isolated procedure F UP UP F F G UP Y Y B UP X G UP X A ⇒ Proc-P-Eq is sound, not complete 16 / 24

  23. Static Single Assignment Overview Partially Equivalent? Program P 1 Program P 2 (val a , b ; ret g ) (val y , x ; ret z ) Apply Proc-P-Eq Program P 1 Program P 2 without recursions without recursions Static Single Static Single Assignment S P 1 Assignment S P 2 ( a = y ∧ b = x ∧ S P 1 ∧ S P 2 ) → g = z Theorem Prover True / False 17 / 24

  24. Static Single Assignment • Translate procedures to formulas • No loops or recursions • In assignments x := exp replace x with a new variable x 1 • Represents the states of the program 18 / 24

  25. Static Single Assignment • Translate procedures to formulas • No loops or recursions • In assignments x := exp replace x with a new variable x 1 • Represents the states of the program Example procedure gcd2  x 0 = x ∧ ( val x , y ; ret z ) : z := x ; y 0 = y   i f y > 0 then  S gcd 2 =  c a l l U( y , z%y ; z )   f i ;  return 18 / 24

  26. Static Single Assignment • Translate procedures to formulas • No loops or recursions • In assignments x := exp replace x with a new variable x 1 • Represents the states of the program Example procedure gcd2  x 0 = x ∧ ( val x , y ; ret z ) : z := x ; y 0 = y ∧   z 0 = x 0 i f y > 0 then  S gcd 2 =  c a l l U( y , z%y ; z )   f i ;  return 18 / 24

  27. Static Single Assignment • Translate procedures to formulas • No loops or recursions • In assignments x := exp replace x with a new variable x 1 • Represents the states of the program Example procedure gcd2  x 0 = x ∧ ( val x , y ; ret z ) : z := x ; y 0 = y ∧   z 0 = x 0 ∧ i f y > 0 then  S gcd 2 =  c a l l U( y , z%y ; z ) y 0 > 0 → z 1 = U ( y 0 , ( z 0 % y 0 ))   f i ;  return 18 / 24

  28. Static Single Assignment • Translate procedures to formulas • No loops or recursions • In assignments x := exp replace x with a new variable x 1 • Represents the states of the program Example procedure gcd2  x 0 = x ∧ ( val x , y ; ret z ) : z := x ; y 0 = y ∧   z 0 = x 0 ∧ i f y > 0 then  S gcd 2 =  c a l l U( y , z%y ; z ) y 0 > 0 → z 1 = U ( y 0 , ( z 0 % y 0 )) ∧   y 0 ≤ 0 → z 1 = z 0 f i ;  return 18 / 24

  29. Static Single Assignment • Translate procedures to formulas • No loops or recursions • In assignments x := exp replace x with a new variable x 1 • Represents the states of the program Example procedure gcd2   x 0 = x ∧ ( val x , y ; ret z ) : z := x ; y 0 = y ∧     z 0 = x 0 ∧ i f y > 0 then   S gcd 2 =   c a l l U( y , z%y ; z ) y 0 > 0 → z 1 = U ( y 0 , ( z 0 % y 0 )) ∧     y 0 ≤ 0 → z 1 = z 0 ∧ f i ;   z = z 1 return 18 / 24

  30. Formula Overview Partially Equivalent? Program P 1 Program P 2 (val a , b ; ret g ) (val y , x ; ret z ) Apply Proc-P-Eq Program P 1 Program P 2 without recursions without recursions Static Single Static Single Assignment S P 1 Assignment S P 2 ( a = y ∧ b = x ∧ S P 1 ∧ S P 2 ) → g = z � �� � � �� � Equal inputs Equal outputs 19 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet

piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet

piCoq: Parallel Regression Proving for Large-Scale Verification Projects piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet Celik, and Milos Gligoric The University of Texas at Austin, USA 1 / 29

891 views • 65 slides
Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Introduction Proving properties of programs Proving equality and equivalence Applications Summary Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and Sergei Romanenko Keldysh Institute of Applied

588 views • 31 slides
I t Introduction to d ti t Partial Least Square Regression Dr. Leonardo Ciaccheri PhD

I t Introduction to d ti t Partial Least Square Regression Dr. Leonardo Ciaccheri PhD

Institute of Applied Physics Nello Carrara I t Introduction to d ti t Partial Least Square Regression Dr. Leonardo Ciaccheri PhD Regression analysis This lesson is focused on two popular regression tools Principal Component

394 views • 17 slides
Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs Birkbeck, University of London joint work with Cynthia Kop (U Copenhagen) and Naoki Nishida (U Nagoya) Workshop on Program Equivalence, London, UK 11

2.1k views • 197 slides
Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program Transformations VPT 2018 Thessaloniki 20 April 2018 Bernhard Beckert, Timo Bingman, Moritz Kiefer, Peter Sanders, Mattias Ulbrich , Alexander Weigl www.kit.edu

968 views • 60 slides
Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for general theorem proving Set theory vs. higher-order logic Herbrand-based approaches

475 views • 18 slides
CS137: Today Electronic Design Automation Sequential Verification DFA equivalence

CS137: Today Electronic Design Automation Sequential Verification DFA equivalence

CS137: Today Electronic Design Automation Sequential Verification DFA equivalence Issues Extracting STG Day 9: February 10, 2006 Valid state reduction FSM Equivalence Checking Incomplete Specification

99 views • 5 slides
Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal University 13th October 2012 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point

971 views • 73 slides
Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV

Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV

Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV tutorial) Portland 16th September 2008 (10:30 12:00) 0 Formal verification Formal verification: mathematically prove the correctness of a design

738 views • 53 slides
Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
201ab Quantitative methods Multiple regression (b) With great illustrations from Julian Parris. E

201ab Quantitative methods Multiple regression (b) With great illustrations from Julian Parris. E

201ab Quantitative methods Multiple regression (b) With great illustrations from Julian Parris. E D V UL | UCSD Psychology Multiple regression Review Coefficient of partial determination (partial R 2 , partial eta 2 ) Nested

673 views • 43 slides
Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th May 2006 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point arithmetic Division

1.14k views • 86 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July 2008 0 Formal verification Formal verification: mathematically prove the correctness of a design with respect to a mathematical formal specification

570 views • 53 slides
Can Charlie distinguish Alice and Bob? Automated verification of equivalence properties Steve

Can Charlie distinguish Alice and Bob? Automated verification of equivalence properties Steve

Can Charlie distinguish Alice and Bob? Automated verification of equivalence properties Steve Kremer joint work with: Myrto Arapinis, David Baelde, Rohit Chadha, Vincent Cheval, S tefan Ciob ac a, V eronique Cortier, St ephanie

1.09k views • 87 slides
Design Verification Sequential Equivalence Checking Virendra Singh Associate Professor

Design Verification Sequential Equivalence Checking Virendra Singh Associate Professor

Design Verification Sequential Equivalence Checking Virendra Singh Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology Bombay

397 views • 24 slides
Procurement Under Grants Federal Requirements for Recipients and Subrecipients of Public

Procurement Under Grants Federal Requirements for Recipients and Subrecipients of Public

Procurement Under Grants Federal Requirements for Recipients and Subrecipients of Public Assistance Funding COVID-19 Support FEMA Procurement Disaster Assistance Team (PDAT) 2 Game Plan You will: Hot Topics Well Discuss: Sole-sourcing

492 views • 24 slides
Practical Complex x Event Processing Using JBoss Mi iddleware Stack Case Study by y Freedom

Practical Complex x Event Processing Using JBoss Mi iddleware Stack Case Study by y Freedom

Practical Complex x Event Processing Using JBoss Mi iddleware Stack Case Study by y Freedom OSS Practical Open Source Solu olutions For Your Business What is Complex Event Proce cessing (CEP)? CEP is a technology that provides s us

281 views • 13 slides
Using active video watching to teach presentation skills Report Professor Antonija Mitrovic Dr

Using active video watching to teach presentation skills Report Professor Antonija Mitrovic Dr

Using active video watching to teach presentation skills Report Professor Antonija Mitrovic Dr Moff at Mathews June 2017 Research Team University of Canterbury Prof Antonija Mitrovic Dr Moffat Mathews Jay Holland University of Leeds

500 views • 20 slides
Deteriorating Residential Concrete Foundations Call in number: 1.888.331.8226 Access code:

Deteriorating Residential Concrete Foundations Call in number: 1.888.331.8226 Access code:

Deteriorating Residential Concrete Foundations Call in number: 1.888.331.8226 Access code: 7766268 Joseph McCarthy CPA IRS Senior Stakeholder Liaison 203.415.1015 Casualty loss defined A casualty is damage, destruction, or loss of property

431 views • 18 slides
Using Crowdsourcing for Labelling Emotional Speech Assets Alexey Tarasov, Charlie Cullen, Sarah

Using Crowdsourcing for Labelling Emotional Speech Assets Alexey Tarasov, Charlie Cullen, Sarah

Using Crowdsourcing for Labelling Emotional Speech Assets Alexey Tarasov, Charlie Cullen, Sarah Jane Delany Digital Media Centre Dublin Institute of Technology W3C Workshop on Emotion Language Markup - Oct 2010 2 Project Introduction !

533 views • 24 slides
A Short Talk on A CCS and MCRL2 Case-Study: A Safety Critical System R a m C h a n d r a B h u s

A Short Talk on A CCS and MCRL2 Case-Study: A Safety Critical System R a m C h a n d r a B h u s

A Short Talk on A CCS and MCRL2 Case-Study: A Safety Critical System R a m C h a n d r a B h u s h a n Ph.D Semester-III Supervisor - Dr. D. K. Yadav Department of Computer Science and Engineering Motilal Nehru National Institute of Technology

429 views • 31 slides
IRS Appeals David Fischer Eleanor Moran Crowell & Moring | 2 1 9/13/2019 Agenda IRS

IRS Appeals David Fischer Eleanor Moran Crowell & Moring | 2 1 9/13/2019 Agenda IRS

9/13/2019 Crowell & Moring | 1 IRS Appeals David Fischer Eleanor Moran Crowell & Moring | 2 1 9/13/2019 Agenda IRS Appeals Part One: Overview of the Appeals Process IRS Appeals Principles 30Day Letter Protest

408 views • 11 slides
Purpose & Content of the Presentation Purpose of the presentation: Provide clarity on

Purpose & Content of the Presentation Purpose of the presentation: Provide clarity on

SQM- Dunnattor CNC Site Clarification Meeting Quality Presentation Category 3 Date: 2017/07/07 Author / Compiler : Bongi Tshabalala Presenter : Purpose & Content of the Presentation Purpose of the

557 views • 11 slides

More recommend