verification techniques for
play

Verification Techniques for Object Invariants Peter Mller - PowerPoint PPT Presentation

Dec 03, 2023 •311 likes •503 views

A Unified Framework for Verification Techniques for Object Invariants Peter Mller Microsoft Research Joint work with Sophia Drossopoulou and Adrian Francalanza 2 Object Invariants Express consistency criteria of objects Support

  1. A Unified Framework for Verification Techniques for Object Invariants Peter Müller Microsoft Research Joint work with Sophia Drossopoulou and Adrian Francalanza

  2. 2 Object Invariants  Express consistency criteria of objects  Support induction scheme - Established by constructors - Preserved by all methods - Potentially broken within method body  Challenges - Call-backs - Multi-object invariants - Subclass invariants Peter Müller – FOOL 2008

  3. 3 Textbook Solution class C { class Client { int a, b; C c; invariant 0 ≤ a < b; invariant c.a ≤ 10 ; } C( ) { a := 0; b := 3; } Assume invariant  void m( ) { class Sub extends C { int k := 10 / ( b – a ); invariant a ≤ 10 ; Prove a := a + 3; } invariant of n( ); C and its b := ( k + 4 ) * b; subclasses } class Client { void set(C c) { c.a := -1; } n( ) { m( ); } } } Peter Müller – FOOL 2008

  4. 4 Verification Techniques Differ in  Invariant semantics - When are which invariants expected to hold?  Admissible invariants - Which objects may an invariant depend on  Proof obligations - What has to be proven when?  Program restrictions - Which objects may receive method calls or field updates?  Type systems Peter Müller – FOOL 2008

  5. 5 Approach  Develop formal framework - Independent of type system and verification logic - Characterize techniques in terms of 7 framework parameters  Define soundness - Identify 5 criteria on framework parameters that are sufficient for soundness  Instantiate framework - Obtain six techniques from the literature Peter Müller – FOOL 2008

  6. 6 Areas and Regions  Object areas - Describe sets of objects - Assume (do not define) interpretation [[ a ]]h,o  dom( h )  Invariant regions - Describe sets of object-class pairs - Assume (do not define) interpretation [[ r ]]h,o  { (o’, C) | class(o’) <: C } Peter Müller – FOOL 2008

  7. 7 Areas and Regions: Example  Areas a ::= self | any [[ self ]]h,o = { o } [[ any ]]h,o = dom( h )  Regions r ::= emp | self | any [[ emp ]]h,o = { } [[[ self ]]h,o = { (o, C) | class(o) <: C } [[ any ]]h,o = { (o’, C) | class(o’) <: C } Peter Müller – FOOL 2008

  8. 8 Framework Parameters  Invariant semantics - X (C) Invariants expected at visible states of C.m - V (C) Invariants possibly violated by C.m  Admissible invariants - D (C) Invariants depending on C fields  Proof obligations - P (C, a ) Proof obligation for C.m before calls in a - E (C) Proof obligation C.m before end  Program restrictions - U (C,D) Objects whose D-fields may be updated by C.m - C (C,D) Objects whose D-methods may be called from C.m Peter Müller – FOOL 2008

  9. 9 Meaning of Parameters: Example invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; void m( ) { void m( ) { void m( ) { void m( ) { void m( ) { // assume X // assume X int k := 10 / ( b – a ); int k := 10 / ( b – a ); int k := 10 / ( b – a ); int k := 10 / ( b – a ); int k := 10 / ( b – a ); // check this is in U // check this is in U // check this is in U this .a := this .a + 3; this .a := this .a + 3; this .a := this .a + 3; this .a := this .a + 3; this .a := this .a + 3; // prove P X \ V holds // check this is in C // check this is in C // check this is in C this .n( ); this .n( ); this .n( ); this .n( ); this .n( ); this .b := ( k + 4 ) * this .b; // check this is in U this .b := ( k + 4 ) * this .b; // check this is in U this .b := ( k + 4 ) * this .b; // check this is in U this .b := ( k + 4 ) * this .b; this .b := ( k + 4 ) * this .b; // prove E // assume X // assume X } } } } } Peter Müller – FOOL 2008

  10. 10 Parameters: Textbook Invariants Textbook X (C) any V (C) self D (C) self P (C, a ) emp E (C) self U (C,D) self C (C,D) any Peter Müller – FOOL 2008

  11. 11 Programming Language  Expressions and types e ::= this | x | … | e& prove r t ::= C a  Runtime expressions e ::= o| s∙e | … | FatalExc | VerifExc  Assume judgment: h ╞ o,C  Assume (do not define) type system  ├ e : C a - Main judgment - Make requirements (soundness, etc.) Peter Müller – FOOL 2008

  12. 12 Invariant Semantics  Method calls h ╞ [[ X ]]h,s( this ) h ╞ [[ X ]]h,s( this ) s ∙ call e,h → s ∙ ret e,h s ∙ call e,h → FatalExc,h  Method termination h ╞ [[ X ]]h,s( this ) h ╞ [[ X ]]h,s( this ) s ∙ ret v,h → v,h s ∙ ret v,h → FatalExc,h  Proof obligation h ╞ [[ r ]]h,s( this ) h ╞ [[ r ]]h,s( this ) s ∙v& prove r ,h → v,h s ∙v& prove r ,h → VerifExc,h Peter Müller – FOOL 2008

  13. 13 Verified Programs  Field updates: check area  ├ e : C a a  U (class(  ),C’) C has field f defined in C’ …  ├ vf e.f := e’  Method calls: check area, verify invariants  ├ e : C a a  C (class(  ),C’) C inherits m from C’ …  ├ vf e.m(e’ & prove P (C’, a )) Peter Müller – FOOL 2008

  14. 14 Soundness  A verification technique is sound if the following properties hold for each well-typed, verified program P:  Execution of P does not lead to FatalExc  In each execution state  of P, the following properties hold for each stack frame for a method C.m: - The invariants in X (C) \ V (C) hold - If  is a visible state of m, the invariants in X (C) hold Peter Müller – FOOL 2008

  15. 15 Soundness Criteria S1: a  C (C,D)  ( a  X (D)) \ ( X (C) \ V (C))  P (C, a ) S2: V (C)  X (C)  E (C) C (C,D)  ( V (D) \ X (D) )  V (C) S3: U (C,D)  D (D)  V (C) S4: X (C)  X (D) C <: D  S5: V (C) \ X (C)  V (D) \ X (D) Peter Müller – FOOL 2008

  16. 16 Soundness Theorem A verification technique that satisfies S1 – S5 is sound Peter Müller – FOOL 2008

  17. 17 Soundness: Textbook Invariants any \ ( X (C) \ V (C))  P (C, a ) any \ (any \ self)  emp a  C (C,D)  ( a  X (D)) \ ( X (C) \ V (C))  P (C, a ) X (C) any V (C) self self  any  self V (C)  X (C)  E (C) D (C) self any  (self \ any)  self P (C, a ) C (C,D)  ( V (D) \ X (D) )  V (C) emp E (C) self self  self  self U (C,D)  D (D)  V (C) U (C,D) self C (C,D) any any  any X (C)  X (D) C <: D  C <: D  self \ any  self \ any V (C) \ X (C)  V (D) \ X (D) Peter Müller – FOOL 2008

  18. 18 Summary  Parametric w.r.t. underlying type system and verification logic  Abstract explanation how technique works  Criteria for comparisons  Guidelines for the development of further techniques  Instantiation for six techniques from the literature, found one unsoundness Peter Müller – FOOL 2008

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique Cortier INRIA project Cassis, Loria CNRS, Nancy, France French/Japanese Symposium on Computer Security - Sept. 6th, 2005 Verification of

605 views • 46 slides
Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja,

Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja,

Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja, Borut Zupan ci c EOOLT10, Oslo, 3. 10. 2010 Introduction Model verification assures that implemented model corresponds to the conceptual

562 views • 17 slides
State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

Title Page State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct Circuits, European Joint Conference on Theory and Practice of Software, Grenoble, France april 6-7 2002 Yannis Bres, CMA-EMP / INRIA

422 views • 20 slides
SMT-based model checking techniques for formal software verification of synchronous dataflow

SMT-based model checking techniques for formal software verification of synchronous dataflow

An insight into SMT-based model checking techniques for formal software verification of synchronous dataflow programs Jonathan Laurent Ecole Normale Sup erieure, National Institute of Aerospace, NASA Langley Research Center August 11 th ,

1.01k views • 67 slides
Practical Techniques for Verification and Validation of Robots Kerstin Eder with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder with a demo by Dejanira Araiza Illan University of Bristol and Bristol Robotics Laboratory Would you swallow a robot? The Safety Challenge Autonomous Systems

705 views • 48 slides
Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1 WARNING This talk contains no research content.

284 views • 15 slides
Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Introduction Formal models Adding equational theories Towards more guarantees Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS - INRIA Cassis project, Nancy Universities 1/45 V eronique

785 views • 76 slides
Using Machine Learning Techniques for Verification of Configuration Files DAGSTUHL SEMINAR 18121

Using Machine Learning Techniques for Verification of Configuration Files DAGSTUHL SEMINAR 18121

Using Machine Learning Techniques for Verification of Configuration Files DAGSTUHL SEMINAR 18121 RUZICA PISKAC YALE UNIVERSITY Configuration errors mean downtime php.ini with Apache and MySQL ; Engine register_globals = Off ; We do not want

518 views • 39 slides
Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica

Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica

Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica Hadi-Tanovi, Grigore Rou, Darko Marinov ICST 2019 4/26/2019 CCF-1421503, CCF-1421575, CCF-1763788, CNS-1619275, CNS-1646305, CNS-1740916 Runtime

448 views • 30 slides
Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by Dejanira Araiza Illan University of Bristol and Bristol Robotics Laboratory Simulation-based testing Why and how? D. Araiza Illan, D. Western, A.

989 views • 52 slides
Software Verification : Introduction Ranjit Jhala, UC San Diego April 4, 2013 What is

Software Verification : Introduction Ranjit Jhala, UC San Diego April 4, 2013 What is

Software Verification : Introduction Ranjit Jhala, UC San Diego April 4, 2013 What is Algorithmic Verification? Algorithms, Techniques and Tools to ensure that Programs Dont Have Bugs (What does that mean ? Stay tuned. . . )

875 views • 41 slides
Verification of Robotic Code and Autonomous Systems Kerstin Eder University of Bristol and

Verification of Robotic Code and Autonomous Systems Kerstin Eder University of Bristol and

Verification of Robotic Code and Autonomous Systems Kerstin Eder University of Bristol and Bristol Robotics Laboratory Verification and Validation for Safety in Robots To develop techniques and methodologies that can be used to design

840 views • 51 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

911 views • 63 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011

Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011

Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011 Florent Jacquemard INRIA Saclay &amp; LSV (UMR CNRS/ENS Cachan) florent.jacquemard@inria.fr http://www.lsv.ens-cachan.fr/~jacquema TATA book

2.19k views • 200 slides
Bounded independence plus noise fools products Chin Ho Lee Northeastern University Elad

Bounded independence plus noise fools products Chin Ho Lee Northeastern University Elad

Bounded independence plus noise fools products Chin Ho Lee Northeastern University Elad Haramaty Emanuele Viola Harvard University Northeastern University 1 Outline 1. Bounded independence, noise, product tests 2. Main Result 3.

1.03k views • 38 slides
Repeated Arguments 7 January 2019 OSU CSE 1 Sources of Aliasing Aliased references for

Repeated Arguments 7 January 2019 OSU CSE 1 Sources of Aliasing Aliased references for

Repeated Arguments 7 January 2019 OSU CSE 1 Sources of Aliasing Aliased references for mutable types can cause trouble, so it is important to know how aliases might arise One way (which is easy to recognize and easy to record in a

751 views • 28 slides
Wha What is s a modul dule? Technically, it is any file containing Python code Can

Wha What is s a modul dule? Technically, it is any file containing Python code Can

4/13/20 CS 224 Introduction to Python Spring 2020 Class #30: Modules Wha What is s a modul dule? Technically, it is any file containing Python code Can define functions, classes, and variables Can contain runnable code

505 views • 7 slides
12 Part I Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science

12 Part I Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science

Query Execution 12 Part I Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science Carnegie Mellon University Fall 2019 2 ADM IN ISTRIVIA Homework #3 is due Wed Oct 9 th @ 11:59pm Mid-Term Exam is Wed Oct 16th @ 12:00pm

891 views • 56 slides
Atheist Day What Type of Fool Are You? The Fool Proper The fool says in his heart, There

Atheist Day What Type of Fool Are You? The Fool Proper The fool says in his heart, There

Atheist Day What Type of Fool Are You? The Fool Proper The fool says in his heart, There is no God. Psalm 14:1 (ESV) What Type of Fool Are You? The Fool Proper And he[Jesus] told them a parable, saying, The land of a rich

417 views • 16 slides
Scientific Computing I Conclusion and Outlook Michael Bader Lehrstuhl Informatik V Winter

Scientific Computing I Conclusion and Outlook Michael Bader Lehrstuhl Informatik V Winter

Scientific Computing I Michael Bader The Simulation Pipeline Scientific Computing I Conclusion and Outlook Michael Bader Lehrstuhl Informatik V Winter 2005/2006 Scientific The Simulation Pipeline Computing I Michael Bader The

522 views • 20 slides
Adversarial Regression with Multiple Learners Liang Tong 1 Sixie Yu 1 Scott Alfeld 2

Adversarial Regression with Multiple Learners Liang Tong 1 Sixie Yu 1 Scott Alfeld 2

Adversarial Regression with Multiple Learners Liang Tong 1 Sixie Yu 1 Scott Alfeld 2 Yevgeniy Vorobeychik 1 1 Electrical Engineering and Computer Science Vanderbilt University 2 Computer Science Amherst College ICML 2018 ( Electrical

3.32k views • 27 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Online Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Stack-based buffer overflow-1 a. Brief history of buffer overflow b.

873 views • 73 slides

More recommend