Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Methods for Finding Bugs in Concurrent Software

Published byReynard Dennis Modified over 6 years ago

Similar presentations

Presentation on theme: "Formal Methods for Finding Bugs in Concurrent Software"— Presentation transcript:

1 Formal Methods for Finding Bugs in Concurrent Software
Serdar Taşıran Koç University Joint work with Shaz Qadeer (Microsoft Research) Tayfun Elmas, Erkan Keremoglu (Koç University) Sabancı University, CS Seminar March 20, 2008

2

3 (Courtesy of Prof. Tom Henzinger), EPFL

4 (Courtesy of Prof. Tom Henzinger), EPFL

5 (Courtesy of Prof. Tom Henzinger), EPFL

6 (Courtesy of Prof. Tom Henzinger), EPFL

7 (Courtesy of Prof. Tom Henzinger), EPFL

8 (Courtesy of Prof. Tom Henzinger), EPFL

9 Concurrency: A source of serious functional errors
Sony Takes The Wraps Off Its Cell Processor (PS3) New details of the Cell chip which will power the Playstation 3. RF Standard Digital Peripherals FPGA MPEG CRYPTO SW RADIO 9

10 Concurrency problems W2K hot fixes
Concurrency errors most common defects among “detectable errors” 26% of defects analyzed were races or deadlocks (14 out of 52) Incorrect synchronization and protocol errors most common defects among all coding errors 33% of defects analyzed were synchronization or protocol errors (15 out of 45) Windows Server 2003 late cycle defects Synchronization errors second in the list, next to buffer overruns 13% of studied late-cycle defects were synchronization errors

11 Affected millions of people Race in Alarm and Event Processing code
“We had in excess of three million online operational hours in which nothing had ever exercised that bug. I'm not sure that more testing would have revealed it.” -- GE Energy's Mike Unum As concurrency becomes ubiquitous, these issues would be faced not just by systems programmers but also by application programmers. 11

12 Multi-core “revolution”
Single-processor performance has peaked Hardware will scale with by increasing the number of cores Programmers will use explicit parallelism to harness the multiple cores Our code bases be it Windows, Server or Office are highly concurrent Applications and infrastructures that we are betting on for our future are also highly concurrent 3.The major revolution in computer architecture these days is the presence of multiple processors on the same chip. 12

13 Formal Methods for Verifying Software
“… software is hard. … I shall have significantly greater respect for every successful software tool that I encounter. … the writing of programs for TeX and Metafont proved to be much more difficult than all the other things I had done (like proving theorems or writing books). The creation of good software demands a significantly higher standard of accuracy … “ —Donald Knuth (Turing Award ’74) “… software verification … Holy Grail of computer science for many decades but now in some very key areas, for example, driver verification we’re building tools that can do actual proof about the software […] in order to guarantee the reliability." – Bill Gates 13 13

14 Formal Verification Program  Property 14 14 Pre/post conditions
Temporal formula Assertion Reference model Program modelled by Automata Logical formulae Satisfaction relation Containment of languages Logical implication 14 14 14

15 Cost of Finding Flaws Late

16 SCIENCE Natural Systems ENGINEERING Artificial Systems ANALYSIS PURE Abstract Systems THEORY Veri/Falsification APPLIED Concrete Systems EXPERIMENT DESIGN

17 DESIGN VERI/FALSIFICATION
by simulation by test INFORMAL (ad hoc) Poor coverage High recovery cost by proof by algorithm FORMAL (systematic)

18 Design : specify and enter the design intent
Design Process Design : specify and enter the design intent Verify: verify the correctness of design and implementation Implement: refine the design through all phases

19 Role of Computer-Aided Design and Verification Tools: Helping humans cope
Intelligence Quotient Transistors PPC603 10M Pentium 50 80 120 140 160 180 100 80486 Pentium Pro 1M 80386 PPC601 68020 68040 MIPS R4000 68000 100K 8086 10K 4004 8080 1K 100 10 1 1975 1980 1985 1990 1995 Processor Complexity Avg. Human IQ

20 Simulation/Testing vs. Formal Verification
Not complete Need to generate expected behavior Difficult to cover corner cases CPU intensive have to run billions of cycles Can handle large systems Formal Verification Complete wrt specification No need to generate expected behavior Corner cases are automatically taken care of Most of the state-of-the-art methods are memory intensive Memory usage is strongly related with the size of systems to be verified

21 11 10 stars 7 10 transistors 100,000 states

22 Verification by State Space Traversal
Spec State-Space Is transition legal according to the spec? Is transition legal according to the spec? fabs : Abstraction mapping System State-Space

23 (Prof. Tom Henzinger’den alıntı)

24 Exploring the State Space of an FSM
Implicit methods: Represent sets of states with decision diagrams Representation size not proportional to number of states But still memory limited

Download ppt "Formal Methods for Finding Bugs in Concurrent Software"

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania www.cis.upenn.edu/~alur/

Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
Promising Directions in Hardware Design Verification Shaz Qadeer Serdar Tasiran Compaq Systems Research Center.

Promising Directions in Hardware Design Verification Shaz Qadeer Serdar Tasiran Compaq Systems Research Center.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Computer Abstractions and Technology

Computer Abstractions and Technology
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.

1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.
CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.
Chapter 1 CSF 2009 Computer Performance. Defining Performance Which airplane has the best performance? Chapter 1 — Computer Abstractions and Technology.

Chapter 1 CSF 2009 Computer Performance. Defining Performance Which airplane has the best performance? Chapter 1 — Computer Abstractions and Technology.
The Design Process Outline Goal Reading Design Domain Design Flow

The Design Process Outline Goal Reading Design Domain Design Flow
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Logic Design Outline –Logic Design –Schematic Capture –Logic Simulation –Logic Synthesis –Technology Mapping –Logic Verification Goal –Understand logic.

Logic Design Outline –Logic Design –Schematic Capture –Logic Simulation –Logic Synthesis –Technology Mapping –Logic Verification Goal –Understand logic.
EET 4250: Chapter 1 Performance Measurement, Instruction Count & CPI Acknowledgements: Some slides and lecture notes for this course adapted from Prof.

EET 4250: Chapter 1 Performance Measurement, Instruction Count & CPI Acknowledgements: Some slides and lecture notes for this course adapted from Prof.
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 0.

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 0.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Similar presentations

Ads by Google