Download presentation

Presentation is loading. Please wait.

Published bySheldon Damask Modified over 3 years ago

1
Automated Verification with HIP and SLEEK Asankhaya Sharma

2
Recall the List length Example int length(struct node* p) /*@ requires p::list ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Memory Safety Length of the List Bag of Values

3
Total Correctness int length(struct node* p) /*@ requires p::list & Term[n] ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Termination Metric A ranking function which decreases with each recursive call (or loop iteration)

4
Termination Examples for SLEEK checkentail Term[m] & m > n |- Term[n]. checkentail x::list & x !=null & Term[n] |- x::node * p::list & Term[m]. checkentail Term[m] |- Loop. checkentail Term[m] |- MayLoop. Valid. InValid.

5
Structured Specifications Richer specifications that provide guidance to automated verification Support automatic case analysis Support Reuse of Verification Support Multiple specifications

6
Trivial Loop Example while(z!=n) requires true ensures z’ = n { z = z + 1; } Precondition same as loop invariant Postcondition of loop is final state when loop terminates When does this loop terminate ?

7
With Termination while(z!=n) requires z <= n & Term[n-z] ensures z’ = n { z = z + 1; } Specify ranking function Term[R]

8
With Non-Termination while(z!=n) requires z > n & Loop ensures false { z = z + 1; } Post condition is false which signifies unreachable exit

9
Recall Multiple Specs while(z!=n) requires z n & Loop ensures false { z = z + 1; } Case Analysis

10
Case Structure Case Specification case { p1 requires R1 ensures Q1; p2 requires R2 ensures Q2; } Analogous to LEM – It can be applied during verification to support more comprehensive reasoning

11
Why Case ? The presence of case structures enables: – Automatic case analysis – Clearer and more concise specifications

12
Case Specs for Scenario Analysis Trivial loop with multiple scenarios revisited: while(z!=n) case{ z n requires Loop ensures false } { z = z + 1; }

13
A Tricky Loop What termination spec to give to this loop ? while(x>0) { x = x + y; }

14
Case Specs for Scenario Analysis Three Scenarios while(x>0) case{ x<=0 ensures x’ = x x > 0 case { y >= 0 ensures false y <0 ensures y

15
With Termination Specs while(x>0) case{ x<=0 requires Term[] ensures x’ = x x > 0 case{ y >= 0 requires Loop ensures false y <0 requires Term[x] ensures y

16
McCarthy 91 Function This function always returns 91 when input is less than or equal to 100 int mcCarthy(int n) { if (n>100) return n-10; else return mcCarthy(mcCarthy(n+11)); } Nested recursion. Does it terminate ?

17
Termination int mcCarthy(int n) case{ n > 100 requires Term[] ensures res=n-10 n<=100 requires Term[100-n] ensures res = 91 }{}{ if (n>100) return n-10; else return mcCarthy(mcCarthy(n+11)); }

18
Further Reading Gherghina, Cristian, Cristina David, Shengchao Qin, and Wei-Ngan Chin. "Structured specifications for better verification of heap- manipulating programs." In FM 2011: Formal Methods, pp. 386-401. Springer Berlin Heidelberg, 2011.

Similar presentations

OK

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth

© 2018 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on applied operational research jobs Full ppt on electron beam machining videos Ppt on van de graaff generator definition Ppt on global warming in hindi Ppt on bluetooth based smart sensor networks security Free ppt on american war of independence Seminar ppt on hadoop Ppt on power system stability course Ppt on natural sources of acids Ppt on global warming and greenhouse effect