verimap
play

VeriMAP A Tool for Verifying Programs through Transformations - PowerPoint PPT Presentation

Sep 28, 2023 •309 likes •508 views

VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti University of Chieti Pescara G. dAnnunzio, University of Rome Tor Vergata, and

  1. VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti University of Chieti – Pescara ‘G. d’Annunzio’, University of Rome ‘Tor Vergata’, and IASI – CNR of Rome Milano, 26 September 2014 De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  2. What is VeriMAP? a tool for the verification of safety properties of C programs manipulating integers and integer arrays based on Constraint Logic Programs (CLP) as a metalanguage for representing: the operational semantics of the C language the proof rules for safety the C program to be verified the safety property to be checked satisfiability preserving transformations of CLP programs for: generating Verification Conditions checking their satisfiability De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  3. Tool Architecture Iterated Verif i er unknown CIL Interpreter C Program Verif i cation Unfold/Fold true/false C-to-CLP Analyzer Conditions Transformer Property Translator Generator Proof Rules Transformation Strategies Constraint Domain Unfolding Generalization Constraint Replacement Data Theory Operators Operators Solvers Rules Available at http://map.uniroma2.it/VeriMAP/ De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  4. Verification of Safety Properties Given the specification { ϕ init } CProg { ψ } , define ϕ error ≡ ¬ ψ int x, y, n; Initial and error properties while ( x<n ) { ϕ init ( x , y , n ) ≡ x = 0 ∧ y = 0 ∧ n ≥ 0 x=x+1; ϕ error ( x , y , n ) ≡ y > 2x y=y+2; } A program is incorrect w.r.t. ϕ init and ϕ error iff from an initial configuration satisfying ϕ init it is possible to reach a final configuration satisfying ϕ error . De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  5. Step 1: C-to-CLP - Translating C programs into CLP Construct the CLP encoding of the C Program CProg as a set of facts at(Label,Command) the Property � ϕ init , ϕ error � as constrained facts Iterated Verif i er unknown CIL Interpreter Verif i cation C Program Unfold/Fold true/false C-to-CLP Analyzer Conditions Transformer Property Translator Generator Proof Rules Transformation Strategies Constraint Domain Unfolding Generalization Constraint Replacement Data Theory Operators Operators Solvers Rules De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  6. C-to-CLP translator First the C program is preprocessed using CIL. while ’s and for ’s are translated into equivalent commands that use if-else ’s and goto ’s. Then, for each program command, C-to-CLP generates a CLP fact of the form at ( L , C ) , where C and L represent the command and its label. 1. ℓ 0 : if (x<n) goto ℓ 1 ; 1. at(l0,ite(less(x,n),l1,lh)) . 2. at(l1,asgn(x,expr(plus(x,1)),l2)) . else goto ℓ h ; 3. at(l2,asgn(y,expr(plus(y,2)),l3)) . 2. ℓ 1 : x=x+1; 4. at(l3,goto(l0)) . 3. ℓ 2 : y=y+2; 4. ℓ 3 : goto ℓ 0 ; 5. at(lh,halt) . 5. ℓ h : halt; Also facts for the initial and error properties are generated: phiInit(cf( . . . ,[(x,X),(y,Y),(n,N)])) :- X=0, Y=0, N>=0. phiError(cf( . . . ,[(x,X),(y,Y),(n,N)])) :- Y>2*X. De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  7. The CLP interpreter Int Proof rules for safety incorrect :- initial(X), phiInit(X), reach(X). reach(X) :- tr(X,Y), reach(Y). reach(X) :- final(X), phiError(X). Operational semantics of the programming language tr(cf(Lab1,Cmd1),cf(Lab2,Cmd2)) :- · · · e.g., operational semantics of the conditional command L: if(Expr) { tr( cf(cmd(L,ite(Expr,L1,L2)),S), cf(C,S)) :- L1: . . . beval(Expr,S), expression is true } at(L1,C). next command else tr( cf(cmd(L,ite(Expr,L1,L2)),S), cf(C,S)) :- L2: . . . beval(not(Expr),S), expression is false } at(L2,C). next command Correctness of Encoding: CProg is correct iff incorrect �∈ M ( Int ) (the least model of Int ) De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  8. Step 2: Generating Verification Conditions Generate the Verification Conditions (VCs) by specializing the CLP interpreter Int (CIL Interpreter + Proof Rules) w.r.t. the CLP encoding of the C program CProg . All references to tr (operational semantics of the C language) at (encoding of the C program CProg ) are removed. Iterated Verif i er unknown CIL Interpreter Verif i cation C Program Unfold/Fold true/false C-to-CLP Analyzer Conditions Transformer Property Translator Generator Proof Rules Transformation Strategies Constraint Domain Unfolding Generalization Constraint Replacement Data Theory Operators Operators Solvers Rules De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  9. Rule-based Program Transformation P transformation rules : R ∈ {Definition, R Unfolding, P 1 Folding, Clause Removal, R Constraint Replacement } P 2 the transformation rules R change the syntax of a program preserve its least model semantics . incorrect ∈ M ( P ) iff incorrect ∈ M ( TransfP ) R the rules are guided by a strategy . TransfP De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  10. Step 3: Transforming the VCs Transform the VCs by propagating either the constraint encoded by phiInit ( ϕ init ) or the constraint encoded by phiError ( ϕ error ) Iterated Verif i er unknown CIL Interpreter Verif i cation C Program Unfold/Fold true/false C-to-CLP Analyzer Conditions Transformer Property Translator Generator Proof Rules Transformation Strategies Constraint Domain Unfolding Generalization Constraint Replacement Data Theory Operators Operators Solvers Rules De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  11. Step 4: Checking satisfiability of the VCs Analyze the CLP program representing the transformed VCs CProg correct if no constrained facts appear in the VCs. CProg incorrect if the fact incorrect. appears in the VCs. Iterated Verif i er unknown CIL Interpreter Verif i cation C Program Unfold/Fold true/false C-to-CLP Analyzer Conditions Transformer Property Translator Generator Proof Rules Transformation Strategies Constraint Domain Unfolding Generalization Constraint Replacement Data Theory Operators Operators Solvers Rules De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  12. Iterating VCs Transformation (3 – 4) Precision achieved by iteration: reverse the direction of the state-space exploration transform and analyze (i.e., alternate the propagation of ϕ init and ϕ error ) Iterated Verif i er unknown CIL Interpreter Verif i cation C Program Unfold/Fold true/false C-to-CLP Analyzer Conditions Transformer Property Translator Generator Proof Rules Transformation Strategies Constraint Domain Unfolding Generalization Constraint Replacement Data Theory Operators Operators Solvers Rules De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  13. Verification Framework Program prog Source (written in L ) Step (0) Translate Prog and ϕ into CLP + to CLP Translator Specification ϕ (specified in M ) Initial CLP Program T Interpreter Int Verification (Semantics of L ) Step (1) Specialize Int w.r.t. T Condition (Removal of the Interpreter) Generator (Semantics of M ) Verification Conditions (VC’s) V Step (2) Transform verification Unfold/Fold conditions w.r.t. ϕ Transformer Transformed VC’s S unknown Step (3) Check whether or + Analyzer not ϕ holds in Q VC’s S true false De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  14. Experimental Evaluation - Integer Programs 216 examples taken from: DAGGER, TRACER, InvGen, and TACAS 2013 Software Verification Competition. VeriMAP ARMC HSF(C) TRACER 1 185 138 160 103 correct answers 2 safe problems 154 112 138 85 3 unsafe problems 31 26 22 18 4 incorrect answers 0 9 4 14 5 false alarms 0 8 3 14 6 missed bugs 0 1 1 0 7 0 18 0 22 errors 8 31 51 52 77 timed-out problems 9 10717.34 15788.21 15770.33 23259.19 total time 10 average time 57.93 114.41 98.56 225.82 ARMC [Podelski, Rybalchenko PADL 2007] HSF(C) [Grebenshchikov et al. TACAS 2012] TRACER [Jaffar, Murali, Navas, Santosa CAV 2012] De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

  15. CLP with array constraints Array constraints read ( a , i , v ) the i -th element of array a is v write ( a , i , v , b ) array b is equal to array a except that its i -th element is v dim ( a , n ) the dimension of a is n Theory of Arrays Array congruence (AC) I = J , read ( A , I , U ) , read ( A , J , V ) → U = V Read-over-Write (RoW1) I = J , write ( A , I , U , B ) , read ( B , J , V ) → U = V (RoW2) I � = J , write ( A , I , U , B ) , read ( B , J , V ) → read ( A , J , V ) De Angelis, Fioravanti VeriMAP: A Tool for Verifying Programs through Transformations

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

M 1 and its strategy extensions (and beyond) Farmer Schlutzenberg, University of Mnster 15th

M 1 and its strategy extensions (and beyond) Farmer Schlutzenberg, University of Mnster 15th

M 1 and its strategy extensions (and beyond) Farmer Schlutzenberg, University of Mnster 15th International Luminy Workshop in Set Theory September 26, 2019 M 1 and its strategy extensions We will discuss connections between (pure extender)

1.16k views • 71 slides
HODGES-LEHMANN INVERSE LIKELIHOOD ESTIMATES (HLES) KJELL DOKSUM DEPT. OF STATISTICS

HODGES-LEHMANN INVERSE LIKELIHOOD ESTIMATES (HLES) KJELL DOKSUM DEPT. OF STATISTICS

HODGES-LEHMANN INVERSE LIKELIHOOD ESTIMATES (HLES) KJELL DOKSUM DEPT. OF STATISTICS UNIVERSITY OF WISCONSIN-MADISON COLUMBIA UNIVERSITY 4TH LEHMANN SYMPOSIUM RICE UNIV. MAY 11, 2011 KJELL DOKSUM DEPT. OF STAT. AT UW-MADISON HLEs

671 views • 31 slides
CSC321 Lecture 4: Learning a Classifier Roger Grosse Roger Grosse CSC321 Lecture 4: Learning a

CSC321 Lecture 4: Learning a Classifier Roger Grosse Roger Grosse CSC321 Lecture 4: Learning a

CSC321 Lecture 4: Learning a Classifier Roger Grosse Roger Grosse CSC321 Lecture 4: Learning a Classifier 1 / 28 Overview Last time: binary classification, perceptron algorithm Limitations of the perceptron no guarantees if data arent

471 views • 32 slides
Guarantees for Spectral Clustering with Fairness Constraints Matthus Kleindessner, Samira Samadi

Guarantees for Spectral Clustering with Fairness Constraints Matthus Kleindessner, Samira Samadi

Guarantees for Spectral Clustering with Fairness Constraints Matthus Kleindessner, Samira Samadi , Pranjal Awasthi &amp; Jamie Morgenstern Spectral Clustering (SC) and Fairness SC is the method of choice for clustering the nodes of a graph.

98 views • 7 slides
Formal Homotopy Quantum Field Theories and 2-groups. Timothy Porter ex-University of Wales,

Formal Homotopy Quantum Field Theories and 2-groups. Timothy Porter ex-University of Wales,

Crossed Modules, etc TQFTs (over C ) HQFTs Classification results Formal C -maps and formal HQFTs Crossed C -algebras Formal Homotopy Quantum Field Theories and 2-groups. Timothy Porter ex-University of Wales, Bangor; ex-Univertiy of Ottawa;

432 views • 24 slides
Ad Adapti tive e Garb rbled ed Ci Circuits ts with th Near Op Ne Optima mal On Online

Ad Adapti tive e Garb rbled ed Ci Circuits ts with th Near Op Ne Optima mal On Online

Ad Adapti tive e Garb rbled ed Ci Circuits ts with th Near Op Ne Optima mal On Online C Comp mplexi xity Sanjam Garg Akshayaram Srinivasan University of California, Berkeley Eurocrypt 2018 Garbled Circuits [Yao 86,

383 views • 19 slides
Asteroid physical and dynamical properties from Lowell Observatory photometric database. Dagmara

Asteroid physical and dynamical properties from Lowell Observatory photometric database. Dagmara

LO Database Photometric properties Results Conclusions Asteroid physical and dynamical properties from Lowell Observatory photometric database. Dagmara Oszkiewicz 1 , 2 , 3 , Ted Bowell 2 , Karri Muinonen 1 , 4 , David Trilling 3 , A. Penttil

406 views • 22 slides
Novel Transport Phenomena with Chirality, Vorticity and Magnetic field Jinfeng Liao 1

Novel Transport Phenomena with Chirality, Vorticity and Magnetic field Jinfeng Liao 1

Jun. 23~25, 2019 Novel Transport Phenomena with Chirality, Vorticity and Magnetic field Jinfeng Liao 1 Fascinating New Frontiers of XQCD It is all about quarks &amp; gluons under extreme conditions! 2 Spin: Chirality, Vorticity

950 views • 80 slides
The high 5 C. difficile C. difficile guidelines: infection control recommendations Continue

The high 5 C. difficile C. difficile guidelines: infection control recommendations Continue

2/19/19 5. When can my hospitalized patient with C. difficile come off contact precautions? What are the Infection Control Questions: recommended precautions after Inpatient and Outpatient discharge home? The high 5 C. difficile C. difficile

95 views • 7 slides
Student assessment in an inquiry-based module Assessment of Inquiry How do we assess inquiry

Student assessment in an inquiry-based module Assessment of Inquiry How do we assess inquiry

Student assessment in an inquiry-based module Assessment of Inquiry How do we assess inquiry skills? Written evidence? Which inquiry skills? How many skills? During inquiry or at the end How much teacher time and effort?

614 views • 33 slides
Interdisciplinary Care and Maximizing Community Partnerships to Serve Youth Experiencing

Interdisciplinary Care and Maximizing Community Partnerships to Serve Youth Experiencing

Interdisciplinary Care and Maximizing Community Partnerships to Serve Youth Experiencing Homelessness 2 Agenda Who We Are Defining Homelessness Interdisciplinary Care Community Partnerships This activity is made possible by the Health

600 views • 23 slides
SVLAN: Secure &amp; Scalable Network Virtualization Jonghoon Kwon, Taeho Lee, Claude Hhni,

SVLAN: Secure &amp; Scalable Network Virtualization Jonghoon Kwon, Taeho Lee, Claude Hhni,

SVLAN: Secure &amp; Scalable Network Virtualization Jonghoon Kwon, Taeho Lee, Claude Hhni, Adrian Perrig ETH Zrich, Network Security Group Jonghoon Kwon, Ph.D | | 25.02.2020 1 Current Inter-domain Network Virtualization: VLAN PM PM PM

679 views • 29 slides
ENROLLING YOUR STUDENT Child must turn 5 on or before August 31, 2020 (No Exceptions)

ENROLLING YOUR STUDENT Child must turn 5 on or before August 31, 2020 (No Exceptions)

ENROLLING YOUR STUDENT Child must turn 5 on or before August 31, 2020 (No Exceptions) Centralized Enrollment: Wednesday, July 29, 2020 at Leavenworth High School Sign-up for transportation, meal plans, Horizon Kids, etc.

504 views • 17 slides
02.07.2019 INGLS LAWDO ESTUDO DE TEXTO ESCOLA NATELL E EXERCICIO DE FIXAO 1) TEXT

02.07.2019 INGLS LAWDO ESTUDO DE TEXTO ESCOLA NATELL E EXERCICIO DE FIXAO 1) TEXT

SADE NA 02.07.2019 INGLS LAWDO ESTUDO DE TEXTO ESCOLA NATELL E EXERCICIO DE FIXAO 1) TEXT STUDY 2) VOCABULARY 3) OVERVIEW PLURAL OF NOUNS ( DE OLHO NO VESTIBULAR ) 4) REVIEW 2 ESTUDO DE TEXTO E EXERCICIO DE FIXAO

508 views • 12 slides
Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3 State-independent interior operators Interior operator from HP recovery 6 5 Resolution of the puzzle Effect of infalling observer 7 Discussions Beni

1.61k views • 106 slides
Introductory Course for Commercial Dealers of Guinea Pigs, Hamsters, Rabbits Part 7: Husbandry

Introductory Course for Commercial Dealers of Guinea Pigs, Hamsters, Rabbits Part 7: Husbandry

Introductory Course for Commercial Dealers of Guinea Pigs, Hamsters, Rabbits Part 7: Husbandry Standards Course Objectives By the end of this presentation, you should be able to, as appropriate for guinea pigs, hamsters or rabbits: 1.

571 views • 33 slides
Money Changes Everything II: Creating Price Transparency in New York State Paul F. Macielak,

Money Changes Everything II: Creating Price Transparency in New York State Paul F. Macielak,

Money Changes Everything II: Creating Price Transparency in New York State Paul F. Macielak, Esq. November 12, 2013 Transparency is a two-way street. While patients indeed have a right to expect fair and accurate payment for services

481 views • 11 slides
On the Approximation of Mean-Payoff Games Raffaella Gentilini University of Perugia Convegno

On the Approximation of Mean-Payoff Games Raffaella Gentilini University of Perugia Convegno

Mean-Payoff Games Exact Solutions Approximation On the Approximation of Mean-Payoff Games Raffaella Gentilini University of Perugia Convegno Italiano Logica Computazionale (CILC2011) 1 / 20 Mean-Payoff Games Exact Solutions Approximation

1.53k views • 59 slides
Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
What is Data? Part 2: Patterns &amp; Associations INFO-1301, Quantitative Reasoning 1 University

What is Data? Part 2: Patterns &amp; Associations INFO-1301, Quantitative Reasoning 1 University

What is Data? Part 2: Patterns &amp; Associations INFO-1301, Quantitative Reasoning 1 University of Colorado Boulder August 29, 2016 Prof. Michael Paul Prof. William Aspray Overview This lecture will look at examples of relationships

571 views • 30 slides
Algorithmic Bias I: Biases and their Consequences Joshua A. Kroll Postdoctoral Research Scholar

Algorithmic Bias I: Biases and their Consequences Joshua A. Kroll Postdoctoral Research Scholar

Algorithmic Bias I: Biases and their Consequences Joshua A. Kroll Postdoctoral Research Scholar UC Berkeley School of Information 2019 ACM Africa Summer School on Machine Learning for Data Mining and Search 14-18 January 2019 Pe People

775 views • 62 slides
alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design

alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design

alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design February 11, 2002 co course ad rse admin in new version of bill new version of bills notes online s notes online schedule today: Alloy

599 views • 34 slides
An Efficient Softcore Multiplier Architecture for Xilinx FPGAs 22 nd IEEE Symposium on Computer

An Efficient Softcore Multiplier Architecture for Xilinx FPGAs 22 nd IEEE Symposium on Computer

An Efficient Softcore Multiplier Architecture for Xilinx FPGAs 22 nd IEEE Symposium on Computer Arithmetic Martin Kumm, Shahid Abbas and Peter Zipf University of Kassel, Germany CONTENTS 1. State-of-the-art 2. Proposed multiplier 3.

327 views • 29 slides
Lifted Inference in Statistical Relational Models Guy Van den Broeck BUDA Invited Tutorial June

Lifted Inference in Statistical Relational Models Guy Van den Broeck BUDA Invited Tutorial June

Lifted Inference in Statistical Relational Models Guy Van den Broeck BUDA Invited Tutorial June 22 nd 2014 Overview 1. What are statistical relational models? 2. What is lifted inference? 3. How does lifted inference work? 4. Theoretical

1.5k views • 118 slides

More recommend