Presentation is loading. Please wait.

Presentation is loading. Please wait.

K. Rustan M. Leino RiSE, Microsoft Research 1 Dec 2008 Invited talk, working group meeting COST Action IC0701, Formal Verification of Object-Oriented Software.

Published byNancy Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "K. Rustan M. Leino RiSE, Microsoft Research 1 Dec 2008 Invited talk, working group meeting COST Action IC0701, Formal Verification of Object-Oriented Software."— Presentation transcript:

1 K. Rustan M. Leino RiSE, Microsoft Research 1 Dec 2008 Invited talk, working group meeting COST Action IC0701, Formal Verification of Object-Oriented Software Madrid, Spain

2 experimental language sequential, object based (no subclassing) specifications in the style of dynamic frames coarse-grained frames (at the level of whole objects, not individual memory locations)

3 queue linked list with head/tail pointers in-situ list reversal integer set binary tree Schorr-Waite marking algorithm

4 Program ::= Class* Class ::= class C { Member* } Member ::= Field Method Function

5 var x : T;

6 T ::= bool int set seq C object

7 method M (Param*) returns (Param*) Spec* { Stmt* }

8 Stmt ::= var x: T; x := E; E.f := E’; x := new C ; call x* := E.M(E*); if (E) { Stmt* } else { Stmt* } while (E) invariant J; decreases F; { Stmt* } foreach (x in S) { x.f := E; }

9 Spec ::= requires E; modifies S; ensures E; where “modifies S” means modifies Heap ensures (  o,f  Heap[o,f] = old(Heap)[o,f]  o  old(S)  ¬ old(Heap)[o,alloc]) modifies clauses are enforced at every update

10 function F (Param*): T reads Rd; { Expr } produces definitional axiom: (  Heap,this,x  F(Heap,this,x) = Expr)

11 ensures definitional axioms are consistent reading o.f requires o  Rd calling a function G requires Rd G  Rd produces frame axiom: (  h0,h1,this,x  (  o,f  o  Rd  h0[o,f] = h1[o,f])  F(h0,this,x) = F(h1,this,x))

12 *) well, pretty much… *

13 class C { var footprint: set ; function Valid(): bool reads {this},footprint; { this  footprint  … } …

14 method Init() modifies {this}; ensuresValid()  fresh(footprint – {this});

15 method M() requires Valid(); modifies footprint; ensuresValid()  fresh(footprint – old(footprint));

16 :Queue:Queue :Node:Node:Node:Node:Node:Node:Node:Node head tail

17 Specification (excerpt): ensures root.marked; ensures (  n, i  n.marked  0 ≤ i < |n.children|  n.children[i] = null  n.children[i].marked); Loop invariant (excerpt): invariant t.marked; invariant (  n, i  n.marked  0 ≤ i < |n.children|  n  nodeStack  n.children[i] = null  n.children[i].marked);

18 decreases { n | ¬ n.marked }, |nodeStack|, |t.children| – t.childrenVisited;

19 ensures root.marked; ensures (  n, i  n.marked  0 ≤ i < |n.children|  n.children[i] = null  n.children[i].marked); ensures (  n  Reach(root,n)  ¬n.marked);

20 Dynamic-frame specifications are useful and flexible A language design around dynamic frames can be simple Thus good in teaching? Specifications are verbose, but perhaps simplification techniques can be applied (like in Spec# or Chalice) Currently missing in Dafny: scopes for axioms

21 Pure methods are hard, functions are easy SMT solvers work better with ghost fields than with functions Reachability is not always necessary in specifications Sets and sequences are nice as value types Generics are a cinch Decreases bound checks can be more liberal than naïve translation

22 SMT solvers can be used for functional- correctness verification Inductive predicates seem useful cases fit nicely with matching triggers take us in the direction of the input languages of interactive theorem provers Need: better views/visualizations of program states to clarify error messages and, generally, what’s going on

23 Try it for yourself: http://research.microsoft.com/boogie/dafny

Download ppt "K. Rustan M. Leino RiSE, Microsoft Research 1 Dec 2008 Invited talk, working group meeting COST Action IC0701, Formal Verification of Object-Oriented Software."

Similar presentations

Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.

Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.
Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Extended Static Checking for Java Cormac Flanagan K. Rustan M. Leino Mark Lillibridge Greg Nelson James B. Saxe Raymie Stata Compaq SRC 18 June 2002 PLDI02,

Extended Static Checking for Java Cormac Flanagan K. Rustan M. Leino Mark Lillibridge Greg Nelson James B. Saxe Raymie Stata Compaq SRC 18 June 2002 PLDI02,
Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 4 EEF summer school on Specification,

Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 4 EEF summer school on Specification,
Object Invariants in Specification and Verification K. Rustan M. Leino Microsoft Research, Redmond, WA Joint work with: Mike Barnett, Ádám Darvas, Manuel.

Object Invariants in Specification and Verification K. Rustan M. Leino Microsoft Research, Redmond, WA Joint work with: Mike Barnett, Ádám Darvas, Manuel.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 Summer school on Formal Models.
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.

Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Chapter 1 Object Oriented Programming 1. OOP revolves around the concept of an objects. Objects are created using the class definition. Programming techniques.

Chapter 1 Object Oriented Programming 1. OOP revolves around the concept of an objects. Objects are created using the class definition. Programming techniques.
Program synthesis with Jennisys K. Rustan M. Leino Research in Software Engineering (RiSE), Microsoft Research, Redmond Aleksandar Milicevic MIT IFIP Working.

Program synthesis with Jennisys K. Rustan M. Leino Research in Software Engineering (RiSE), Microsoft Research, Redmond Aleksandar Milicevic MIT IFIP Working.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Model-based reasoning meets code verification Michael Butler 21 May 2014 WG 2.3 Meeting 55, Orlando.

Model-based reasoning meets code verification Michael Butler 21 May 2014 WG 2.3 Meeting 55, Orlando.
Lecture #21 Software Model Checking: predicate abstraction Thomas Ball Testing, Verification and Measurement Microsoft Research.

Lecture #21 Software Model Checking: predicate abstraction Thomas Ball Testing, Verification and Measurement Microsoft Research.
K. Rustan M. Leino Microsoft Research Peter Müller ETH Zurich Angela Wallenburg Chalmers University.

K. Rustan M. Leino Microsoft Research Peter Müller ETH Zurich Angela Wallenburg Chalmers University.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 3 December 2008 U. Lugano Lugano, Switzerland.

K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 3 December 2008 U. Lugano Lugano, Switzerland.

Similar presentations

Ads by Google