verification
play

Verification Suvam Mukherjee Programming Languages Laboratory, - PowerPoint PPT Presentation

Mar 06, 2023 •112 likes •743 views

Fun with Program Analysis and Verification Suvam Mukherjee Programming Languages Laboratory, Department of Computer Science and Automation, Indian Institute of Science, Bangalore 560012 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 1

  1. Fun with Program Analysis and Verification Suvam Mukherjee Programming Languages Laboratory, Department of Computer Science and Automation, Indian Institute of Science, Bangalore 560012 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 1

  2. BACKGROUND I’m from the Programming Languages Laboratory!  7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 2

  3. What’s done in the PL Lab? If doubts encompass you regarding Java, Python or C, T o end your quest, in PL Lab you should be… 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 3

  4. Deepak D’Souza K V Raghavan Aravind Aastha Raghavendra Tejas Narendran Girish Raveendra Remish Suvam 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 4

  5. Related Laboratories • SEAL (Software Engineering and Analysis Laboratory): Dr. Aditya Kanade • Scalable Software Systems Lab: Dr. Murali Krishna Ramanathan • Compilers Laboratory: Prof. Y N Srikant • Multicore Computing Laboratory: Dr. Uday Kumar Reddy 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 5

  6. Why analyze/verify programs? Ariane-5 Rocket Explosion 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 6

  7. Suvam Mukherjee, CSA 7/8/2013 11:56:35 AM 7 Courtesy: YouTube

  8. Ariane 5 Rocket Explosion • Crashed on June 4, 1996 • “…it crashed 36 seconds after the launch due to a conversion of a 64-bit floating point to a 16- bit integer value” [ Principles of Model Checking, Baier and Katoen] 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 8

  9. Why analyze/verify programs? Therac 25 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 9

  10. 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 10

  11. Therac-25 • Radiation Therapy Machine • Caused the death of 6 cancer patients between 1985-87 due to radiation overdose • “ The accidents occurred when the high-power electron beam was activated instead of the intended low power beam…Therac -25 had removed them, depending instead on software interlocks for safety. The software interlock could fail due to a race condition. “ [Wikipedia] 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 11

  12. Races temp = x; x = 0 if (temp >= 0) x = -1 { // Operation } 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 12

  13. Races temp = x; x = 0 if (temp >= 0) x = -1 { // Operation } 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 13

  14. Why analyze/verify programs? I could go on forever… 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 14

  15. Why analyze/verify programs? • Information and Communication T echnologies have become ubiquitious • Incorrect software could have catastrophic consequences • Formal techniques to analyze/verify programs, to either improve performance or to make sure it doesn’t do something bad 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 15

  16. Analysis of Flow of Data Abstract Interpretation 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 16

  17. Example int i = 0; while(true) { i++; } 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 17

  18. Control Flow Graph A i = 0 B [true] C id Is i ever negative at this program i++ location? D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 18

  19. A Iteration #1 i = 0 B [true] C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 19

  20. A Iteration #2 i = 0 B [true] C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 20

  21. A Iteration #3 i = 0 B [true] C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 21

  22. A Iteration #3 i = 0 When do we B stop? [true] NEV EVER!!! ER!!! C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 22

  23. Issue • Variable i takes a value from an infinite domain: Integers • The more paths we cover, the more information we obtain • But we don’t need such precision! • Solution: Over-approximate the values i can assume at any program point -2 3 >-3 99 0 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 23

  24. 7/8/2013 11:56:36 AM Courtesy: Deepak D’Souza 24

  25. A Over- approximations i = 0 B Join Over [true] All Paths (JOP) C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 25

  26. Depends on what kind of analysis you are interested in How do we over-approximate? There are several “candidate” over - approximated values (possibly infinite). Which one to choose? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 28

  27. T ailoring Values to the Property odd/even odd even Exercise : {odd} x++ {?} 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 30

  28. Definition • Concrete State: a snapshot of the memory x = x + y x = 0, x = 5, y = 5 y = 5 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 31

  29. What We Need 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 33

  30. x = 5 x >= 0 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 34

  31. What we need • Doma main in of over-approximated values Is that enough? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 35

  32. x = 5 x >= 0 x ++ x >= 1 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 36

  33. What we need • Doma main in of over-approximated values • Transfer sfer Function nctions: Is that enough? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 37

  34. x = 5 x >= 0 x ++ x >= 1 x >= 0 x >= 0 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 38

  35. What we need • Doma main in La Latt ttice ice of over-approximated values • Transfer sfer Function nctions: 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 39

  36. Lattice • A lattice is a partially ordered set, where every pair of elements has a least upper bound and a greatest lower bound. 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 42

  37. Lattice Upper Bound Least Upper Bound 7/8/2013 11:56:36 AM Courtesy: Deepak D’Souza 43

  38. Lattice Exercise 7/8/2013 11:56:36 AM Courtesy: Deepak D’Souza 44

  39. Lattice • A lattice is a partially ordered set, where every pair of elements has a least upper bound and a greatest lower bound. Is that enough? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 45

  40. . . . What is the least upper bound of the set of Natural Numbers? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 46

  41. Complete Lattice • A complete lattice is a partially ordered set, where any subset of elements has a least upper bound and a greatest lower bound. 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 47

  42. . . . 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 48

  43. What we need • Doma main in Comp mplet lete e La Lattic ttice of over- approximated values. Lattice must be of finite height for termination. • Transfer sfer Function nctions: Is that enough? 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 51

  44. Concretization Function i = 3 3 i = 87 i = 0 0 i = 88 i >= 0 i = 5 599 i = 10 i = 1 1 i = 100 i = 14 i = 2 2 i = 99 i = 33 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 52

  45. Concretization Function 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 53

  46. What we need • Doma main in Comp mplet lete e La Lattic ttice of over- approximated values. Lattice must be of finite height for termination. • Transfer sfer Function nctions: • Concr ncretizati etization on Funct nction: ion: Is that enough? YES  7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 54

  47. Summary • Usual way of viewing programs: evolution of states • Given a property, “tailor” an abstract domain • Run the program with abstract values • Have fun • What if I need a proof of program correctness? 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 55

  48. Proving Programs Correct Hoare Style Proofs Weakest Preconditions and Interpolants 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 56

  49. Problem Given a program, with a given pre-condition and post-condition, give a proof of correctness of the program 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 57

  50. Proof of Correctness • Consider any state satisfying P . Then, on executing S , if S terminates, we will be in a state satisfying Q . • Also known an a “ Hoare Triple ” 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 58

  51. Hoare Style Proofs • An Axiomatic Basis for Computer Programming: C.A.R Hoare • Annotate each vertex of the CFG with a formula • Key to the proof are the Hoare Triples {P {P} } S {Q {Q} 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 59

  52. Hoare Triples x = 1 x > -5 x = 2 P Q S x++ x >= 0 x >= 1 Q over-approximates the set of states reachable from P on executing S . 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 60

  53. Hoare Triple: Example int i = 0; y = 1; {y = i 3 } {True} for(; i<3; i++) y = y * i 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 61

  54. Example 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 63

  55. n>0 i = 0 n>0 (n>0, i = 0) int i =0; [i<n] while (i < n) [i>=n] { id n >= i i++; } i++ (i = n) n >= i (i = n) 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 64

  56. TRUE TRUE TRUE 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 65

  57. Weakest Precondition/Strongest Postcondition 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 66

  58. Verification Condition 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 67

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification regulations Verification Code Extension (draft-gould-eppext-verificationcode) Purpose Separate verification details from registry interface

167 views • 6 slides
Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems &amp; Applications Nancy France August 2018 Outline 1 Formal Models 2

1.01k views • 81 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Asset Verification Service Kick-Off 11/8/18 Introduce Project Team

253 views • 14 slides
Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying SV-based VIP DV Club Presentation (23 April 2012) NEED FOR VERIFICATION IP Why do we need VIPs? Time To Market Ready-to-integrate models

403 views • 22 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (11/26/07) I E S R C E O V

UMBC A B M A L T F O U M B C I M Y O R T 1 (11/26/07) I E S R C E O V

VLSI Design Verification and Test Simulation CMPE 646 Design Verification Simulation used for 1) design verification : verify the correctness of the design and 2) test verification. Design verification: Specification Critical or

426 views • 15 slides
Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary for a complete verification tool Allows objects in the verification environment to be extended Needs to express constraints Coverage

946 views • 80 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Reminder: Please turn up your volume! Asset Verification Service

244 views • 9 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Reminder: Please turn up your volume! AVS Project Update 12/27/2018 AVS

245 views • 8 slides
9/24/2020 Verification SY 2020-2021 Objectives Identify the steps required for Verification

9/24/2020 Verification SY 2020-2021 Objectives Identify the steps required for Verification

9/24/2020 Verification SY 2020-2021 Objectives Identify the steps required for Verification Calculate an accurate sample size and verify the correct number of applications Learn and follow the Verification timelines and procedures

123 views • 11 slides
SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification now hot Used here in Sweden since 1989 mostly in safety critical applications (railway control program verification) Bounded Model Checking a

468 views • 25 slides
Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Structured Sets CS1200, CSE IIT Madras Meghana Nasre April 21, 2020 CS1200, CSE IIT Madras

Structured Sets CS1200, CSE IIT Madras Meghana Nasre April 21, 2020 CS1200, CSE IIT Madras

Structured Sets CS1200, CSE IIT Madras Meghana Nasre April 21, 2020 CS1200, CSE IIT Madras Meghana Nasre Structured Sets Structured Sets Relational Structures Properties and closures Equivalence Relations Partially

1.09k views • 85 slides
Concurrency Theory Winter Semester 2019/20 Lecture 4: Hennessy-Milner Logic with Recursion

Concurrency Theory Winter Semester 2019/20 Lecture 4: Hennessy-Milner Logic with Recursion

Concurrency Theory Winter Semester 2019/20 Lecture 4: Hennessy-Milner Logic with Recursion Joost-Pieter Katoen and Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-19-20/ct/

1.03k views • 58 slides
Sets &amp; Relations Posets Landscape of Transitive: Transitive Relations Path from a to b

Sets &amp; Relations Posets Landscape of Transitive: Transitive Relations Path from a to b

Sets &amp; Relations Posets Landscape of Transitive: Transitive Relations Path from a to b implies edge (a,b) Acyclic Cannot follow a sequence of non-self-loop edges Anti-symmetric: Symmetric: and get back to where No bidirectional Only

381 views • 14 slides
M obius Functions of Posets I: Introduction to Partially Ordered Sets Bruce Sagan Department

M obius Functions of Posets I: Introduction to Partially Ordered Sets Bruce Sagan Department

M obius Functions of Posets I: Introduction to Partially Ordered Sets Bruce Sagan Department of Mathematics Michigan State University East Lansing, MI 48824-1027 sagan@math.msu.edu www.math.msu.edu/ sagan June 25, 2007 Motivating

1.56k views • 124 slides
Order and lattices from graphs Spring School SGT 2018 Set e, June 11-15, 2018 Stefan Felsner

Order and lattices from graphs Spring School SGT 2018 Set e, June 11-15, 2018 Stefan Felsner

Order and lattices from graphs Spring School SGT 2018 Set e, June 11-15, 2018 Stefan Felsner Technische Universit at Berlin Outline Orders and Lattices Definitions The Fundamental Theorem Dimension and Planarity Lattices and Graphs

251 views • 10 slides
Forcing consequences of PFA together with the continuum large David Asper o (joint work with

Forcing consequences of PFA together with the continuum large David Asper o (joint work with

Forcing consequences of PFA together with the continuum large David Asper o (joint work with Miguel Angel Mota) ICREA at U. Barcelona RIMS Workshop, Kyoto, 2009 Nov. 1619 PFA implies 2 0 = 2 . All known proofs of this

1.12k views • 90 slides
Optimizing Compilers Data Flow Analysis Frameworks and Algorithms Markus Schordan Institut f

Optimizing Compilers Data Flow Analysis Frameworks and Algorithms Markus Schordan Institut f

Optimizing Compilers Data Flow Analysis Frameworks and Algorithms Markus Schordan Institut f ur Computersprachen Technische Universit at Wien Markus Schordan October 2, 2007 1 Towards a General Framework The analyses operate over

221 views • 21 slides
Probability and Random Processes Lecture 0 Course introduction Some basics Mikael

Probability and Random Processes Lecture 0 Course introduction Some basics Mikael

Probability and Random Processes Lecture 0 Course introduction Some basics Mikael Skoglund, Probability. . . 1/9 Why This Course? Provide a first principles introduction to measure theory, probability and random processes Tailor

296 views • 5 slides

More recommend