Presentation is loading. Please wait.

Presentation is loading. Please wait.

TAP: Tests and Proofs, 12 February 20071 Testing and Verifying Invariant Based Programs in the SOCOS Environment Ralph-Johan Back, Johannes Eriksson and.

Similar presentations


Presentation on theme: "TAP: Tests and Proofs, 12 February 20071 Testing and Verifying Invariant Based Programs in the SOCOS Environment Ralph-Johan Back, Johannes Eriksson and."— Presentation transcript:

1 TAP: Tests and Proofs, 12 February 20071 Testing and Verifying Invariant Based Programs in the SOCOS Environment Ralph-Johan Back, Johannes Eriksson and Magnus Myreen Åbo Akademi University Turku, Finland Turku Centre for Computer Science Centre for Reliable Software Technology

2 Approaches Program code Contracts Invariants Verification conditions “a posteriori verification”“constructive approach”“invariant based programming”

3 Example: Sort an array! A=A0 A: Int[N] Sorted(A,0,N) A: Int[N] Permutation(A,A0) Start with a pre-/postcondition specification

4 Example: Sort an array! A=A0 Sorted(A,0,N) A: Int[N] Permutation(A,A0) Extract common invariant

5 Construct a loop Example: Sort an array! A=A0Sorted(A,0,N) A: Int[N] k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3422093/slides/slide_5.jpg", "name": "Construct a loop Example: Sort an array.", "description": "A=A0Sorted(A,0,N) A: Int[N] k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i

6 Add initial transition Example: Sort an array! A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3422093/slides/slide_6.jpg", "name": "Add initial transition Example: Sort an array.", "description": "A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i

7 Example: Sort an array! A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3422093/slides/slide_7.jpg", "name": "Example: Sort an array.", "description": "A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i

8 Example: Sort an Array! A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3422093/slides/slide_8.jpg", "name": "Example: Sort an Array.", "description": "A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i

9 Example: Sort an Array! A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3422093/slides/slide_9.jpg", "name": "Example: Sort an Array.", "description": "A=A0Sorted(A,0,N) A: Int[N] Permutation(A,A0) k: Int 0≤k≤N Sorted(A,0,k) ∀i,j:Int 0≤i

10 TAP: Tests and Proofs, 12 February 200710 The SOCOS Tool ● “Software COnstruction Site” ● An editor for invariant diagrams ● Higher-order specifications and formal semantics ● Goal: higher assurance Testing: Find common errors Extended static checking: Find common errors and insufficient (too weak) invariants Interactive proofs: Total correctness

11 TAP: Tests and Proofs, 12 February 200711 SOCOS User Interface

12 TAP: Tests and Proofs, 12 February 200712 Program Constructs ● Procedures with pre- and postconditions ● Statements – if.. fi, assignment, assertion, procedure call ● Simple data types – integers, booleans – strings, arrays ● Data invariants

13 Testing/Debugging

14 TAP: Tests and Proofs, 12 February 200714 Formal Verification ● Verification conditions can be generated for the whole program, or for a single procedure/transition/situation ● Verification conditions are generated and sent to external proof tools ● Three types of verification conditions: – Consistency (for transitions) – Completeness (for situations) – Termination (for loops)

15 TAP: Tests and Proofs, 12 February 200715 Consistency ● Each transition should establish its target: I 1 ⇒ wp(S,I 2 )

16 TAP: Tests and Proofs, 12 February 200716 Completeness (liveness) ● At least one transition from each (non-terminal) situation should be enabled: magic.................. I ⇒ wp(S*,False) I if … fi

17 TAP: Tests and Proofs, 12 February 200717 Termination ● Every transition in a cycle must not increase V : (for all j) I j ∧ V=V 0 ⇒ wp(S j,0≤V≤V 0 ) I k ∧ V=V 0 ⇒ wp(S k,0≤V < V 0 ) (for some k) IkIk I k+1 ● At least one transition must decrease V :

18 TAP: Tests and Proofs, 12 February 200718 Backends Testing Diagram is converted to a Python program, with run-time evaluation of invariants Testing Diagram is converted to a Python program, with run-time evaluation of invariants Static Checking Verification conditions are sent to Simplify, a fully automatic prover Static Checking Verification conditions are sent to Simplify, a fully automatic prover Full Verification PVS is used for full verification of the final components Full Verification PVS is used for full verification of the final components Higher assurance→

19 Conclusion and Future Work ● Specifications and invariants main building blocks ● Correct programs can be developed incrementally ● Currently used in teaching program semantics ● Future work – Scalability: refinement, object-orientation – Larger case studies – Background checking – Test case generation

20 Thank You http://mde.abo.fi/SOCOS


Download ppt "TAP: Tests and Proofs, 12 February 20071 Testing and Verifying Invariant Based Programs in the SOCOS Environment Ralph-Johan Back, Johannes Eriksson and."

Similar presentations


Ads by Google