static program checking and verification correctness
play

Static program checking and verification Correctness class ArraySet - PowerPoint PPT Presentation

Sep 13, 2022 •251 likes •445 views

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Mller Static program checking and verification Correctness class ArraySet

  1. Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Slides: Based on KSE06 – With kind permission of Peter Müller Static program checking and verification

  2. Correctness class ArraySet implements Set { class ArraySet implements Set { class ArraySet implements Set { class ArraySet implements Set { class ArraySet implements Set { Behavioral private int [ ] array; private int [ ] array; private int [ ] array; private int [ ] array; private int [ ] array; Specification private int next; private int next; private int next; private int next; private int next; … … … … … Semantic Rules public void insert( int i ) { public void insert( int i ) { public void insert( int i ) { public void insert( int i ) { public void insert( int i ) { for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) if array[ j ] == i then return true ; if array[ j ] == i then return true ; if array[ j ] == i then return true ; if array[ j ] == i then return true ; if array[ j ] == i then return true ; Context return false ; return false ; return false ; return false ; return false ; Conditions } } } } } } } } } } Syntax Rules Software Engineering, lecture 20: Static program checking and verification 2

  3. Aspects of correctness Behavioral Specification Test, Semantics Verification Semantic Rules Context Semantic Analysis, Conditions Type Checking Syntax Syntax Rules Scanning, Parsing Software Engineering, lecture 20: Static program checking and verification 3

  4. Test and verification Test Verification Objective Objective � Detect bugs � Prove correctness Examples Examples � White box test � Formal verification based on a logic � Black box test � Symbolic execution Problems Problems � Expensive � Successful test does not guarantee correctness � Formal specification of behavior is required Software Engineering, lecture 20: Static program checking and verification 4

  5. Levels of coverage Coverage Program verification Extended static checking Decidability ceiling Type checking Effort Software Engineering, lecture 20: Static program checking and verification 5

  6. Extended static checking ESC/Java developed at DEC, Compaq, and HP Research Fully automated tool Tries to verify � Absence of runtime exceptions and common mistakes e.g. null dereference, array bounds, type cast errors, deadlocks � Simple user-specified contracts invariants, pre/postconditions, loop invariants, assertions Program Program with Error Program with Error specifications Checker/Verifier messages specifications messages Bag.java:18: Array index possibly too large Software Engineering, lecture 20: Static program checking and verification 6

  7. Program checker design tradeoffs Objectives � Fully automated reasoning � As little annotation overhead as possible � Performance Main reason why it’s Not sound called checker and � Errors may be missed not verifier Not complete � Warnings do not always report errors (false alarms) Goal � Cost-effective tool � Find source of possible bugs quickly Software Engineering, lecture 20: Static program checking and verification 7

  8. Tool architecture Annotated Java program Annotated Java program Translator Translator Verification condition Verification condition Valid Automatic Theorem Prover Automatic Theorem Prover Resource exhausted Counterexample context Counterexample context Post Processor Post Processor Warning messages Warning messages Software Engineering, lecture 20: Static program checking and verification 8

  9. Theorem prover: “Simplify” Automatic: No user interaction Refutation based : To prove ϕ it will attempt to satisfy ¬ ϕ � If this is possible, a counterexample is found, and we know a reason why ϕ is invalid � If it fails to satisfy ¬ ϕ then ϕ is considered to be valid Software Engineering, lecture 20: Static program checking and verification 9

  10. Time limits Logic used in Simplify is semi-decidable � Each procedure that proves all valid formulas loops forever on some invalid ones Simplify works with a time limit � When time limit is reached, counterexample is returned � Longer computation might show that returned counterexample is inconsistent Time limits are a source of incompleteness � Spurious counterexamples lead to spurious warnings Software Engineering, lecture 20: Static program checking and verification 10

  11. ESC/ Java2 Successor of ESC/Java Eclipse integration Made specification language compatible with JML Made open source Give it a try! http://secure.ucd.ie/products/opensource/escjava2 Software Engineering, lecture 20: Static program checking and verification 11

  12. Spec# Program verification tool developed at MS Research Superset of C# � non-null types contracts C# everywhere � pre- and postconditions into the future � object invariants Tool support type run-time static checking checks verification � more type checking degree of checking, � compiler-emitted run-time checks effort � static program verification � fully integrated into Visual Studio .NET 2005 Software Engineering, lecture 20: Static program checking and verification 12

  13. Spec# vs. ESC/ Java(2) Similarities � Architecture � Full automation (even theorem prover is the same) � Essential contract language Differences � Spec# is sound � Spec# does modular reasoning price to pay: need to understand methodology Software Engineering, lecture 20: Static program checking and verification 13

  14. Non-null types T x; The value of x is - null or - reference to object whose type is a subtype of T. T ! y; The value of y is - reference to object whose type is a subtype of T, and not null . Software Engineering, lecture 20: Static program checking and verification 14

  15. Types versus assertions Without non-null types: Person(string name) requires name != null; With non-null types: Person(string! name) Software Engineering, lecture 20: Static program checking and verification 15

  16. Comparing against null public void M(T x){ if (x == null) { … } else { T! y = x; … } } Spec# performs a data-flow analysis to allow this Software Engineering, lecture 20: Static program checking and verification 16

  17. Spec# DEMO

  18. References ESC/Java � Flanagan et al.: Extended Static Checking for Java ESC/Java2 � http://secure.ucd.ie/products/opensource/ESCJava2 Spec# � Barnett et al.: Boogie: A Modular Reusable Verifier for Object-Oriented Programs � http://research.microsoft.com/specsharp Rustan Leino’s lectures � http://research.microsoft.com/~leino/talks.html Software Engineering, lecture 20: Static program checking and verification 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &amp;

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &amp;

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &amp; Postconditions Program Verification Assignments Composition Conditionals Loops Proofs about Programs Why

537 views • 36 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable; user friendly; well documented; . . . but first of all, CORRECT dont forget though: also, executable. . . Correctness

202 views • 19 slides
The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe Kiniry, University College Dublin Joe Kiniry, University College Dublin http://mobius.inria.fr/ http://mobius.inria.fr/ Contract n IST 015905

534 views • 21 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type Checking Statistic Analysis Requirements definition Inspections, Reviews 15-313 Integration/System/Acceptance/Regression/GUI/Bl

608 views • 45 slides
Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

Fachgebiet RechnerSysteme Technische Universitt Verification Technology Darmstadt 3. Satisfiability Checking Computer Systems Lab 1 3. Satisfiability Checking 3 3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification

278 views • 11 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli

Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli

Motivation Example Architecture Discussion Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli 2011 Erlacher Extended Static Checking for Java Motivation Example Architecture Discussion Outline

662 views • 32 slides
Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R.

Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R.

Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R. Apt, Frank S. de Boer, Ernst-R udiger Olderog. Series: Texts in Computer Science. Springer. 3rd ed. 2nd Printing. ISBN: 978-1-84882-744-8. Te

1.23k views • 112 slides
Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan

Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan

Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan (UPenn) Andrew McGregor (UCSD) Memory Checking Memory Checking Your resources: A lot of cheap unreliable memory and a little expensive reliable

1.11k views • 70 slides
Automated Program Verification Winter 2011 Guaranteeing Program Correctness Programs should

Automated Program Verification Winter 2011 Guaranteeing Program Correctness Programs should

Automated Program Verification Winter 2011 Guaranteeing Program Correctness Programs should behave how we want them to Example: not crashing with an unexpected exception To guarantee this: 1. Specify what a programs behavior should

389 views • 21 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security Part I: Types and Recursion Schemes for Higher-Order Program Verification Part II: Higher-Order Program Verification and Language-Based Security

836 views • 54 slides
DocBook Documentation at SUSE and Automated Document Quality Assurance Stefan Knorr

DocBook Documentation at SUSE and Automated Document Quality Assurance Stefan Knorr

DocBook Documentation at SUSE and Automated Document Quality Assurance Stefan Knorr sknorr@suse.de Technical Writer Content 1. Meet the Team, Meet the Workfmow 2. Documentation: Client-Based Checks 3. Documentation: Server-Based Checks 4.

403 views • 22 slides
CSc 337 LECTURE 2: MORE HTML AND CSS Activity: match this page Page Text xt: Koala Bears

CSc 337 LECTURE 2: MORE HTML AND CSS Activity: match this page Page Text xt: Koala Bears

CSc 337 LECTURE 2: MORE HTML AND CSS Activity: match this page Page Text xt: Koala Bears Koalas are marsupials and not actually bears. Food Koalas eat eucalyptus. Dangers (Koalas are an endangered species) Dingos &amp; Deforestation &amp;

776 views • 39 slides
XLIFF 2.0 the Easy Way: The Okapi XLIFF Toolkit FEISGILTT Dublin June 2014 Yves Savourel ENLASO

XLIFF 2.0 the Easy Way: The Okapi XLIFF Toolkit FEISGILTT Dublin June 2014 Yves Savourel ENLASO

XLIFF 2.0 the Easy Way: The Okapi XLIFF Toolkit FEISGILTT Dublin June 2014 Yves Savourel ENLASO Corporation This presentation was made possible by In a few words Goal: Facilitate creating, reading, manipulating and writing of XLIFF 2.0

724 views • 4 slides
Mining E-mail Content for Author Identification Forensics O. de Vel, A. Anderson, M. Corney and G.

Mining E-mail Content for Author Identification Forensics O. de Vel, A. Anderson, M. Corney and G.

Mining E-mail Content for Author Identification Forensics O. de Vel, A. Anderson, M. Corney and G. Mohay A presentation by Fabian Duffhau Reasons for Author Identification of E-mails Everyday 200 billions of e-mails are sent 90 % spam

630 views • 12 slides
Modern client-side defenses Deian Stefan Today How can we use sophisticated isolation

Modern client-side defenses Deian Stefan Today How can we use sophisticated isolation

Modern client-side defenses Deian Stefan Today How can we use sophisticated isolation and interaction between components to develop flexible, interesting web applications, while protecting confidentiality and integrity Today

1.46k views • 110 slides
Tizen Web Application Checker Xu Zhang (xu.u.zhang@intel.com) Agenda Tizen Compliance and

Tizen Web Application Checker Xu Zhang (xu.u.zhang@intel.com) Agenda Tizen Compliance and

Tizen Web Application Checker Xu Zhang (xu.u.zhang@intel.com) Agenda Tizen Compliance and Application Compatibility Tool Features Design Overview Checker Modules Getting Started Contributing to Tizen Web

521 views • 20 slides
Not All Patterns, But Enough Neil Mitchell, Colin Runciman York University Catch An Example

Not All Patterns, But Enough Neil Mitchell, Colin Runciman York University Catch An Example

Not All Patterns, But Enough Neil Mitchell, Colin Runciman York University Catch An Example Is the following code safe?* risers :: Ord [ ] [[ ]] risers [] = [] risers [x] = [[x]] risers (x:y:etc) = if x y then (x:s) :

875 views • 28 slides
ICFEM98, Brisbane Australia, 11 Decemb er 1998, 9am Ubiquitous Abstraction: A New App

ICFEM98, Brisbane Australia, 11 Decemb er 1998, 9am Ubiquitous Abstraction: A New App

ICFEM98, Brisbane Australia, 11 Decemb er 1998, 9am Ubiquitous Abstraction: A New App roach T o Mechanized F o rmal V erication John Rushb y Computer Science Lab o rato ry SRI International Menlo P a rk, CA

644 views • 33 slides

More recommend