Algorithmic Software Verification I. Overview. Motivation Software validity is one of the main open problems in computer science. – Bugs have been there.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.

IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.

Software Testing – Lecture #1 Thomas Ball with material from M. Young, A. Memon and MSR’s FSE group.

1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,

Automatic Predicate Abstraction of C-Programs T. Ball, R. Majumdar T. Millstein, S. Rajamani.

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li November 22nd In PLDI 01: Programming Language.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

Demonstration Of SPIN By Mitra Purandare

Product Liability When goods cause injury, there is a question of product liability. There are three main issues related to product liability cases: –

1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.

CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

Software Engineering: Where are we? And where do we go from here? V Software Engineering Lecture 23 Clark Barrett New York University 4/17/2006.

1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.

CS 267: Automated Verification Lectures 14: Predicate Abstraction, Counter- Example Guided Abstraction Refinement, Abstract Interpretation Instructor:

Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.

Synthesis of Interface Specifications for Java Classes Rajeev Alur University of Pennsylvania Joint work with P. Cerny, G. Gupta, P. Madhusudan, W. Nam,

Computing OverApproximations with Bounded Model Checking Daniel Kroening ETH Zürich.

Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

Jul The New Geant4 License J. Perl The New Geant4 License Makes clear the user’s wide- ranging freedom to use, extend or redistribute Geant4, even.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.

Model Checking for Embedded Systems Edmund Clarke, CMU High-Confidence Embedded Systems Workshop, May 1 st.

MCAI 2.0 Model Checking in Ten Minutes Edmund Clarke School of Computer Science Carnegie Mellon University.

Lecture 1: Model Checking

Middleware Promises Warranties that Don’t Indemnities that Won’t Stephen Rubin, Esquire

Cs205: engineering software university of virginia fall 2006 Validation David Evans

DIRC Workshop on Software Quality and the Legal System 13 February 2004, Gray's Inn, London LEGAL ASPECTS OF SOFTWARE PROCUREMENT Jos Dumortier University.

Blue Diamond Scott Auge Amduus Information Works, Inc.

1 New Development Techniques: New Challenges for Verification and Validation Mats Heimdahl Critical Systems Research Group Department of Computer Science.

Andrew McNab - License issues - 10 Apr 2002 License issues for EU DataGrid (on behalf of Anders Wannanen) Andrew McNab, University of Manchester

NRCCL (University of Oslo, Faculty of Law) Copyleft and Open Source Jon Bing Notrwegian Research Center for Computers and Law Master Lecture 13 October.

B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.

Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.

Resume Builder Todd Abel, Microsoft Copyright Notice © 2003 Microsoft Corporation. All rights reserved.

CIS 842: Specification and Verification of Reactive Systems Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The.

Model Checking Java Programs using Structural Heuristics

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

1 Predicate Abstraction and Refinement for Verifying Hardware Designs Himanshu Jain Joint work with Daniel Kroening, Natasha Sharygina, Edmund M. Clarke.

National Alliance for Medical Image Computing Licensing in NAMIC 3 requirements from NCBC RFA (paraphrased)

Legal Disclaimers Accuracy Every effort is made to provide information that is accurate. However any information contained in this website or the “article.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Verification & Validation By: Amir Masoud Gharehbaghi

Overview of course CS598MP Spring’05. Modeling FSM, PDA Emptiness of PDA Games on FSMs Binary Decision Diagrams CTL bisimulations Mu-calculus Model-check.

Welcome to CS 477 Formal Methods in Software Development Spring 2011 Madhusudan Parthasarathy ( Madhu )

Automated Formal Verification of PLC (Programmable Logic Controller) Programs

CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.

Permission to reprint or distribute any content from this presentation requires the prior written approval of Standard & Poor’s. Copyright © 2011 Standard.

The secure site rendering issue (all navigation crushed together as a list at the top of the page) is a compatibility issue with Internet Explorer only.

Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.

Formal Methods: Model Checkers and Theorem Provers

CHAPTER 22 Warranties and Product Liability.

CHAPTER 21 Warranties and Product Liability

Comparative Law of Licenses and Contracts in the US, UK and EU

Over-Approximating Boolean Programs with Unbounded Thread Creation

WWEMA Water & Wastewater Equipment Manufacturers Association Inc

Predicate Abstraction

2019 MEDICARE AGE-IN STUDY SENIOR MARKET INSIGHTS SERVICE Part IV

Presentation transcript:

Algorithmic Software Verification I. Overview

Motivation Software validity is one of the main open problems in computer science. – Bugs have been there forever. You can’t wish them away (like pointer-arithmetic or goto-s) – Software verification is almost entirely fuelled by ideas from academia. - Theory makes so much sense - Heuristics need theoretical basis to work. Blind heuristics simply don’t work.

Some bugs - Ariane V Crash (’96) 64bit -> 16 bit conversion - Pentium FDIV bug (’97) lookup table had mistakes - Mars Orbiter feet-per-second -> Newtons-per-second - Therac-25 Radiation therapy machine overdoses patients

Some bugs… - This month, Windows crashed while Gates was giving a demo of Microsoft Media Center at CES --- “blue screen of death” Windows 2000 is the chosen OS for the new Type 45 Destroyers of the British Navy. Plan to fit it to Vanguard class boats that carry the UK's Trident thermo-nuclear intercontinental ballistic missiles. “Windows for Warships safe for Royal Navy” --- says MoD

11. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Microsoft Powerpoint EULA Point EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The GPL 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Goal Make software reliable Software industry---Automobile industry What is the notion of certification for software ? Compare to airline industry. In the future, will software be required to meet certain requirements (like being certified by a model-checker) before being used for certain applications?

Goal What will JAVA 2010 look like? –More features for program annotation –Built-in tools that can validate/model-check properties and give feedback to programmer –Programming styles that can help automate verification

Review ’70s -- proving programs correct –Hoare, Djikstra –Program invariants –Belief: programmers will eventually write programs and prove them correct with help of theorem provers. –Utter failure Programs (say a device driver) does not have interesting invariant properties worth proving No reward for programmer; unacceptable in industry Fails for large systems

Review SPIN (Holzmann, Bell Labs, ’90s) Explicit-state model checker Heuristics to control state-space explosion –Partial order reduction –Hashing and approximate search –Specification: LTL / omega automata

Review Focus on hardware verification SMV (McMillan, Clarke, CMU, ’80s) Symbolic model checker using binary decision diagrams (BDDs) Could handle large state spaces –Heuristics to handle search spaces well –Specification: CTL (and later LTL) –by far the most useful technique in the hardware domain

Review Advent of SAT tools (2000) –zChaff (Princeton) –can handle formulas with vars, and millions of clauses! The idea of bounded model checking –Is there a path of length k that reaches an unsafe state? – NuSMV and contemporary model checkers use SAT heavily.

Review The SLAM tool from Microsoft Research Ball and Rajamani, 2000 Model-checker that validates device drivers against formal specifications. Key ideas –Predicate abstraction to boolean programs –Algorithms to check pushdown automata –State-space exploration of bool pgms using BDDs. –Tremendous success; Static Driver Verifier

Review The Metal project from Stanford. Dawson Engler Static analysis to find patterns of bad programming practice in systems code. Very successful in terms of errors found –100s of bugs (incl security) found in Linux/BSD –Errors in various protocols, drivers. –Coverity (2004)

Review Light-weight static analysis –Pointer chasing –Data-dependency analysis –Usually explicit-state analysis on CFG –Example: Codesurfer (Tom Reps)

Techniques Abstraction into models –Abstract Interpretation (Cousot&Cousot ’70s) –Predicate abstraction –Automatic theorem provers –Inference of invariants –Shape analysis for handling data structures –Separation logic –Abstraction refinement Counter-example guided SAT proof guided

Techniques Algorithms to search models –BDDs –SAT techniques –Explicit-state algorithms –Algorithms to explore models with recursion –Concurrency: Even two threads with finite processes is hard Heuristics that exploit structure of programs (eg. Transactions in Zing) –Concurrency + Recursion –Shapes (reasoning with abstractions of heaps, arrays, pointers, etc.)

Techniques Algorithms to search models –BDDs –SAT techniques –Explicit-state algorithms –Algorithms to explore models with recursion –Concurrency: Even two threads with finite processes is hard Heuristics that exploit structure of programs (eg. Transactions in Zing) –Concurrency + Recursion –Shapes (reasoning with abstractions of heaps, arrays, pointers, etc.) –Compositional reasoning – modular verification, games, interaction –Combining SAT, BDDs, abstraction and shapes.

Techniques The problem of specification –Specification paradigms: Temporal logics, automata, assert, JML –Specification of liveness Infinite computations; temporal logics, omega automata –Specification of non-regular properties CARET, Visibly pushdown automata –Extracting specifications Extracting using implicit information in code (JIST) Extracting specifications from non-exceptional paths (Berkeley, Microsoft Research)

Tools SLAM, Zing (Microsoft Research) SPIN SMV, NuSMV (CMU) JIST Mocha (Penn) zChaff JPF (Java Path Finder, NASA) Bandera (KSU) SAL (SRI) BLAST (Berkeley) MAGIC (CMU) Codesurfer, TVLA (Reps)