Presentation is loading. Please wait.

Presentation is loading. Please wait.

Algorithmic Software Verification I. Overview. Motivation Software validity is one of the main open problems in computer science. – Bugs have been there.

Published byJordan Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Algorithmic Software Verification I. Overview. Motivation Software validity is one of the main open problems in computer science. – Bugs have been there."— Presentation transcript:

1 Algorithmic Software Verification I. Overview

2 Motivation Software validity is one of the main open problems in computer science. – Bugs have been there forever. You can’t wish them away (like pointer-arithmetic or goto-s) – Software verification is almost entirely fuelled by ideas from academia. - Theory makes so much sense - Heuristics need theoretical basis to work. Blind heuristics simply don’t work.

3 Some bugs - Ariane V Crash (’96) 64bit -> 16 bit conversion - Pentium FDIV bug (’97) lookup table had mistakes - Mars Orbiter feet-per-second -> Newtons-per-second - Therac-25 Radiation therapy machine overdoses patients

4 Some bugs… - This month, Windows crashed while Gates was giving a demo of Microsoft Media Center at CES --- “blue screen of death” Windows 2000 is the chosen OS for the new Type 45 Destroyers of the British Navy. Plan to fit it to Vanguard class boats that carry the UK's Trident thermo-nuclear intercontinental ballistic missiles. “Windows for Warships safe for Royal Navy” --- says MoD

5 11. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Microsoft Powerpoint EULA Point 11 11. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

6 The GPL 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

7 Goal Make software reliable Software industry---Automobile industry What is the notion of certification for software ? Compare to airline industry. In the future, will software be required to meet certain requirements (like being certified by a model-checker) before being used for certain applications?

8 Goal What will JAVA 2010 look like? –More features for program annotation –Built-in tools that can validate/model-check properties and give feedback to programmer –Programming styles that can help automate verification

9 Review ’70s -- proving programs correct –Hoare, Djikstra –Program invariants –Belief: programmers will eventually write programs and prove them correct with help of theorem provers. –Utter failure Programs (say a device driver) does not have interesting invariant properties worth proving No reward for programmer; unacceptable in industry Fails for large systems

10 Review SPIN (Holzmann, Bell Labs, ’90s) Explicit-state model checker Heuristics to control state-space explosion –Partial order reduction –Hashing and approximate search –Specification: LTL / omega automata

11 Review Focus on hardware verification SMV (McMillan, Clarke, CMU, ’80s) Symbolic model checker using binary decision diagrams (BDDs) Could handle large state spaces –Heuristics to handle search spaces well –Specification: CTL (and later LTL) –by far the most useful technique in the hardware domain

12 Review Advent of SAT tools (2000) –zChaff (Princeton) –can handle formulas with 100000 vars, and millions of clauses! The idea of bounded model checking –Is there a path of length k that reaches an unsafe state? – NuSMV and contemporary model checkers use SAT heavily.

13 Review The SLAM tool from Microsoft Research Ball and Rajamani, 2000 Model-checker that validates device drivers against formal specifications. Key ideas –Predicate abstraction to boolean programs –Algorithms to check pushdown automata –State-space exploration of bool pgms using BDDs. –Tremendous success; Static Driver Verifier

14 Review The Metal project from Stanford. Dawson Engler Static analysis to find patterns of bad programming practice in systems code. Very successful in terms of errors found –100s of bugs (incl security) found in Linux/BSD –Errors in various protocols, drivers. –Coverity (2004)

15 Review Light-weight static analysis –Pointer chasing –Data-dependency analysis –Usually explicit-state analysis on CFG –Example: Codesurfer (Tom Reps)

16 Techniques Abstraction into models –Abstract Interpretation (Cousot&Cousot ’70s) –Predicate abstraction –Automatic theorem provers –Inference of invariants –Shape analysis for handling data structures –Separation logic –Abstraction refinement Counter-example guided SAT proof guided

17 Techniques Algorithms to search models –BDDs –SAT techniques –Explicit-state algorithms –Algorithms to explore models with recursion –Concurrency: Even two threads with finite processes is hard Heuristics that exploit structure of programs (eg. Transactions in Zing) –Concurrency + Recursion –Shapes (reasoning with abstractions of heaps, arrays, pointers, etc.)

18 Techniques Algorithms to search models –BDDs –SAT techniques –Explicit-state algorithms –Algorithms to explore models with recursion –Concurrency: Even two threads with finite processes is hard Heuristics that exploit structure of programs (eg. Transactions in Zing) –Concurrency + Recursion –Shapes (reasoning with abstractions of heaps, arrays, pointers, etc.) –Compositional reasoning – modular verification, games, interaction –Combining SAT, BDDs, abstraction and shapes.

19 Techniques The problem of specification –Specification paradigms: Temporal logics, automata, assert, JML –Specification of liveness Infinite computations; temporal logics, omega automata –Specification of non-regular properties CARET, Visibly pushdown automata –Extracting specifications Extracting using implicit information in code (JIST) Extracting specifications from non-exceptional paths (Berkeley, Microsoft Research)

20 Tools SLAM, Zing (Microsoft Research) SPIN SMV, NuSMV (CMU) JIST Mocha (Penn) zChaff JPF (Java Path Finder, NASA) Bandera (KSU) SAL (SRI) BLAST (Berkeley) MAGIC (CMU) Codesurfer, TVLA (Reps)

Download ppt "Algorithmic Software Verification I. Overview. Motivation Software validity is one of the main open problems in computer science. – Bugs have been there."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.

Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.
IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.

IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.

Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.
Software Testing – Lecture #1 Thomas Ball with material from M. Young, A. Memon and MSR’s FSE group.

Software Testing – Lecture #1 Thomas Ball with material from M. Young, A. Memon and MSR’s FSE group.
1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,

1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,
Automatic Predicate Abstraction of C-Programs T. Ball, R. Majumdar T. Millstein, S. Rajamani.

Automatic Predicate Abstraction of C-Programs T. Ball, R. Majumdar T. Millstein, S. Rajamani.
Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li November 22nd In PLDI 01: Programming Language.

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li November 22nd In PLDI 01: Programming Language.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Demonstration Of SPIN By Mitra Purandare

Demonstration Of SPIN By Mitra Purandare
Product Liability When goods cause injury, there is a question of product liability. There are three main issues related to product liability cases: –

Product Liability When goods cause injury, there is a question of product liability. There are three main issues related to product liability cases: –

Similar presentations

Ads by Google