Author: Alex Groce, Daniel Kroening, and Flavio Lerda Computer Science Department, Carnegie Mellon University Pittsburgh, PA 15213 Source: R. Alur and.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Exploiting SAT solvers in unbounded model checking

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Delta Debugging and Model Checkers for fault localization

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

Evidence-Based Verification Li Tan Computer Science Department Stony Brook Joint work with Rance Cleaveland Augest 2002.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.

Software Testing and Quality Assurance

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.

SAT-Based Decision Procedures for Subsets of First-Order Logic

Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.

Swerve: Semester in Review. Topics  Symbolic pointer analysis  Model checking –C programs –Abstract counterexamples  Symbolic simulation and execution.

1 Regression Verification: Proving the equivalence of similar programs Benny Godlin Ofer Strichman Technion, Haifa, Israel (This presentation is a subset.

Computing OverApproximations with Bounded Model Checking Daniel Kroening ETH Zürich.

CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan.

Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor:

Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

Prototype & Design Computer Inputs. How to Prototype & Design Computer Inputs Step 1: Review Input Requirements Step 2: Select the GUI Controls Step 3:

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

1/20 Symbolic Execution and Program Testing Charngki PSWLAB Symbolic Execution and Program Testing James C.King IBM Thomas J.Watson Research Center.

Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal.

Predicate Abstraction of ANSI-C Programs Using SAT By Edmund Clarke, Daniel Kroening, Natalia Sharygina, Karen Yorav Presented by Yunho Kim Provable Software.

Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26,

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

1 Predicate Abstraction and Refinement for Verifying Hardware Designs Himanshu Jain Joint work with Daniel Kroening, Natasha Sharygina, Edmund M. Clarke.

Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.

Localization and Register Sharing for Predicate Abstraction Himanshu Jain Franjo Ivančić Aarti Gupta Malay Ganai.

Verification & Validation By: Amir Masoud Gharehbaghi

Verification of Synchronization in SpecC Description with the Use of Difference Decision Diagrams Thanyapat Sakunkonchak Masahiro Fujita Department of.

Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

© 2006 Carnegie Mellon University Introduction to CBMC: Part 1 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel,

Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.

Error Explanation with Distance Metrics Authors: Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman International Journal on Software Tools for.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.

CHARME’03 Predicate abstraction with Minimum Predicates Sagar Chaki*, Ed Clarke*, Alex Groce*, Ofer Strichman** * Carnegie Mellon University ** Technion.

© 2006 Carnegie Mellon University Introduction to CBMC: Part 1 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel,

Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.

ALLOY: A Formal Methods Tool Glenn Gordon Indiana University of Pennsylvania COSC 481- Formal Methods Dr. W. Oblitey 26 April 2005.

© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,

SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.

© 2012 IBM Corporation Perfect Hashing and CNF Encodings of Cardinality Constraints Yael Ben-Haim Alexander Ivrii Oded Margalit Arie Matsliah SAT 2012.

SAT for Software Model Checking Introduction to SAT-problem for newbie

Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.

SS 2017 Software Verification Bounded Model Checking, Outlook

Inference and search for the propositional satisfiability problem

ATTRACT TWD Symposium, Barcelona, Spain, 1st July 2016

runtime verification Brief Overview Grigore Rosu

Introduction to Software Verification

Over-Approximating Boolean Programs with Unbounded Thread Creation

Error Explanation with Distance Metrics

Predicate Abstraction

Presentation transcript:

Author: Alex Groce, Daniel Kroening, and Flavio Lerda Computer Science Department, Carnegie Mellon University Pittsburgh, PA Source: R. Alur and D.A. Peled (Eds.): CAV 2004, LNCS 3114, pp. 453– 456, ©Springer-Verlag Berlin Heidelberg 2004 Presented by Jui-Lung Yao, Master Student of CSIE, CCU Understanding Counterexamples with explain 1

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 2

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 3

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 4

CBMC A tool for the formal verification of ANSI-C programs using Bounded Model Checking (BMC). Two applications of the tool:  1) The tool checks safety properties such as the correctness of pointer constructs.  2) the tool can compare an ANSI-C program with another design, such as a circuit given in Verilog. 5

CBMC (cont’) In BMC, the transition relation for a complex state machine and its specification are jointly unwound to obtain a Boolean formula that is satisfiable if there exists an error trace. The formula is then checked by using a SAT procedure. If the formula is satisfiable, a counterexample is extracted from the output of the SAT procedure. 6

CBMC (cont’) The tool comes with a graphical user interface (GUI) that hides the implementation details from the user. If a counterexample is found, the GUI allows stepping through the trace like a debugger. 7

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 8

Distance metrics A distance metric for program executions is a function d(a, b) (where a and b are executions of the same program) that satisfies certain properties: 9

Distance metrics (cont’) Let a and b be executions of a program P, represented as sets of assignments, 10

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 11

PBS The term pseudo-Boolean constraints refers to arbitrary linear inequalities 0-1 in terms of variables, however many applications require only integer coefficients. 12

PBS (cont’) Example representing “ at most 2 out of v 1, v 2, v 3, v 4, v 5 can be true “ using (a) pure CNF (b) PB form. 13

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 14

explain explain uses distance metrics on program executions, in a manner inspired by the counterfactual theory of causality, to provide a number of automatic analyses:  Given a counterexample execution, explain can automatically produce an execution that is as similar as possible to the failing run but does not violate the specification.  explain can also automatically produce a new counterexample that is as different as possible from the original counterexample.  Finally, explain can determine causal dependencies between predicates in an execution. 15

explain (cont’) explain is used through the same GUI as CBMC. The interface allows users to step through explanatory traces as they would in a debugger (with the ability to step forwards and backwards). explain uses the PBS pseudo-Boolean solver to produce the trace, and lists the changes made to the original counterexample. Portions of the code that explain suggests may be faulty are highlighted for the user. 16

explain (cont’) The tool assists the user in understanding counterexamples, but knowledge of the program (and the specification) is necessary to guide the tool. As an example, we will use explain to narrow in on an error in a small but non-trivial C program. 17

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 18

Case study: TCAS 19 TCAS (Traffic Alert and Collision Avoidance System) is an aircraft conflict detection and resolution system used by all US commercial aircraft. The Georgia Tech version of the Siemens suite includes 41 buggy versions of ANSI-C code for the Resolution Advisory (RA) component of the TCAS system.

Case study: TCAS (cont’) 20 We load tcas.c into the GUI and run the CBMC model checker. After a few seconds, the GUI reports that the assertion on line 257 has been violated. We run explain on the counterexample to find a successful execution that is as similar as possible to the failing run. explain produces this trace, and lists the changes made to the original counterexample.

Case study: TCAS (cont’) 21 Only Down_Separation has changed, causing result to be FALSE instead of TRUE. In the original run, Down Separation was 500, and now it is We need to change the > into a >= comparison.

Outline Introduction CBMC Distance metrics PBS explain Case study Conclusion 22

Conclusion Framework 23 ANSI-C program CBMC Trace of run List the changes Counter- example Modify source code PBSexplain flow order

Conclusion (cont’) explain is a tool that uses a model checker to assist users in debugging programs (or specifications). The tool is fully integrated with a model checker that precisely handles a rich variety of the features of the ANSI-C language, and provides a graphical front-end for user interactions. Case studies have demonstrated that explain can successfully localize errors in a number of programs 24

Thanks for your listening 25