Automated Verification with HIP and SLEEK Asankhaya Sharma.

Slides:

Advertisements

Similar presentations

A Framework for describing recursive data structures Kenneth Roe Scott Smith.

Advertisements

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Linked Lists CSE 2451 Matt Boggus. Dynamic memory reminder Allocate memory during run-time malloc() and calloc() – return a void pointer to memory or.

Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University.

Reasoning About Code; Hoare Logic, continued

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.

Partial correctness © Marcelo d’Amorim 2010.

ISBN Chapter 3 Describing Syntax and Semantics.

1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLine’s CSE 503, Software Engineering University of Washington 26 Apr 2004.

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 1.

Copyright © 2003 Pearson Education, Inc. Slide 1.

Well-cooked Spaghetti: Weakest-Precondition of Unstructured Programs Mike Barnett and Rustan Leino Microsoft Research Redmond, WA, USA.

Describing Syntax and Semantics

Proving termination conditions Name Country, City, University Omer Subasi Turkey, Istanbul, Koc University Anton Dergunov

Specifications Liskov Chapter 9 SWE 619 Last Updated Fall 2008.

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman

From Program Verification to Program Synthesis Saurabh Srivastava * Sumit Gulwani ♯ Jeffrey S. Foster * * University of Maryland, College Park ♯ Microsoft.

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.

1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.

1 Chapter 13 Recursion. 2 Chapter 13 Topics l Meaning of Recursion l Base Case and General Case in Recursive Function Definitions l Writing Recursive.

CSI 3125, Axiomatic Semantics, page 1 Axiomatic semantics The assignment statement Statement composition The "if-then-else" statement The "while" statement.

Recursion Textbook chapter Recursive Function Call a recursive call is a function call in which the called function is the same as the one making.

Tammy Dahlgren with Tom Epperly, Scott Kohn, and Gary Kumfert Center for Applied Scientific Computing Common Component Architecture Working Group October.

Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.

CS 363 Comparative Programming Languages Semantics.

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth

Loops Brent M. Dingle Texas A&M University Chapter 7 – part D (and some from Mastering Turbo Pascal 5.5, 3 rd Edition by Tom Swan)

Cristian Gherghina 1, Cristina David 1, Shengchao Qin 2, Wei-Ngan Chin 1 1 National University of Singapore 2 University of Teesside Structured Specifications.

Application: Correctness of Algorithms Lecture 22 Section 4.5 Fri, Mar 3, 2006.

Reasoning about programs March CSE 403, Winter 2011, Brun.

Application: Correctness of Algorithms Lecture 22 Section 4.5 Fri, Feb 18, 2005.

Automated Verification with HIP and SLEEK Asankhaya Sharma.

Defensive Programming CNS 3370 Copyright 2003, Fresh Sources, Inc.

Loop Invariants and Binary Search Chapter 4.4, 5.1.

CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University

Int fact (int n) { If (n == 0) return 1; else return n * fact (n – 1); } 5 void main () { Int Sum; : Sum = fact (5); : } Factorial Program Using Recursion.

Putting Static Analysis to Work for Verification A Case Study Tal Lev-Ami Thomas Reps Mooly Sagiv Reinhard Wilhelm.

CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2014.

© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.

CPS Today’s topics Programming Recursion Invariants Reading Great Ideas, p Brookshear, Section Upcoming Copyrights, patents, and.

Hoare Logic LN chapter 5, 6 but without 6.8, 6.12, 6.13 (to be discussed later) Hoare Logic is used to reason about the correctness of programs. In the.

Automated Object’s Statechart Generation and Testing from Class-Method Contracts Atul Gupta PhD Scholar, IIT Kapur, India.

A Resource-based Logic for Termination and Non-Termination Proofs Ton Chanh Le Cristian Gherghina Aquinas Hobor Wei-Ngan Chin National University of Singapore.

11/22/2016IT 3271 A formal system:Axioms and Rules, for inferring valid specification x := m; y := n; while ¬(x=y) do if x>y then x := x-y else y := y-x.

Spring 2017 Program Analysis and Verification

Reasoning about code CSE 331 University of Washington.

Specifications Liskov Chapter 9

Proving Loops Testing debugging and verification

Chapter 14 Recursion. Chapter 14 Recursion Overview 14.1 Recursive Functions for Tasks 14.2 Recursive Functions for Values 14.3 Thinking Recursively.

Hoare-style program verification

[0] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

Lecture 8 Functional synthesis

Specifying Object Interfaces

Lecture 5 Floyd-Hoare Style Verification

Testing change to a linked list

Tree A tree is a data structure in which each node is comprised of some data as well as node pointers to child nodes

Axiomatic semantics Points to discuss: The assignment statement

Reasoning about Loops, Conclusion

CSC 143 Error Handling Kinds of errors: invalid input vs programming bugs How to handle: Bugs: use assert to trap during testing Bad data: should never.

CSE 331 Software Design and Implementation

More Mathematical Reasoning (Conditional Statements)

CSE 1020:Software Development

Tutorial Number 8 - Daniel Razavi

Data Structures & Programming

Presentation transcript:

Automated Verification with HIP and SLEEK Asankhaya Sharma

Recall the List length Example int length(struct node* p) requires p::list ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Memory Safety Length of the List Bag of Values

Total Correctness int length(struct node* p) requires p::list & Term[n] ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Termination Metric A ranking function which decreases with each recursive call (or loop iteration)

Termination Examples for SLEEK checkentail Term[m] & m > n |- Term[n]. checkentail x::list & x !=null & Term[n] |- x::node * p::list & Term[m]. checkentail Term[m] |- Loop. checkentail Term[m] |- MayLoop. Valid. InValid.

Structured Specifications Richer specifications that provide guidance to automated verification Support automatic case analysis Support Reuse of Verification Support Multiple specifications

Trivial Loop Example while(z!=n) requires true ensures z’ = n { z = z + 1; } Precondition same as loop invariant Postcondition of loop is final state when loop terminates When does this loop terminate ?

With Termination while(z!=n) requires z <= n & Term[n-z] ensures z’ = n { z = z + 1; } Specify ranking function Term[R]

With Non-Termination while(z!=n) requires z > n & Loop ensures false { z = z + 1; } Post condition is false which signifies unreachable exit

Recall Multiple Specs while(z!=n) requires z n & Loop ensures false { z = z + 1; } Case Analysis

Case Structure Case Specification case { p1  requires R1 ensures Q1; p2  requires R2 ensures Q2; } Analogous to LEM – It can be applied during verification to support more comprehensive reasoning

Why Case ? The presence of case structures enables: – Automatic case analysis – Clearer and more concise specifications

Case Specs for Scenario Analysis Trivial loop with multiple scenarios revisited: while(z!=n) case{ z n  requires Loop ensures false } { z = z + 1; }

A Tricky Loop What termination spec to give to this loop ? while(x>0) { x = x + y; }

Case Specs for Scenario Analysis Three Scenarios while(x>0) case{ x<=0  ensures x’ = x x > 0  case { y >= 0  ensures false y <0  ensures y<x’<=0; } } { x = x + y;} Base Case Non-terminating Recursive but terminating

With Termination Specs while(x>0) case{ x<=0  requires Term[] ensures x’ = x x > 0  case{ y >= 0  requires Loop ensures false y <0  requires Term[x] ensures y<x’<=0} } { x = x + y;}

McCarthy 91 Function This function always returns 91 when input is less than or equal to 100 int mcCarthy(int n) { if (n>100) return n-10; else return mcCarthy(mcCarthy(n+11)); } Nested recursion. Does it terminate ?

Termination int mcCarthy(int n) case{ n > 100  requires Term[] ensures res=n-10 n<=100  requires Term[100-n] ensures res = 91 }{}{ if (n>100) return n-10; else return mcCarthy(mcCarthy(n+11)); }

Further Reading Gherghina, Cristian, Cristina David, Shengchao Qin, and Wei-Ngan Chin. "Structured specifications for better verification of heap- manipulating programs." In FM 2011: Formal Methods, pp Springer Berlin Heidelberg, 2011.