Presentation is loading. Please wait.

Presentation is loading. Please wait.

Counterexample Generation for Verification of Object-Oriented Software

Published byLiana Susanto Modified over 5 years ago

Similar presentations

Presentation on theme: "Counterexample Generation for Verification of Object-Oriented Software"— Presentation transcript:

1 Counterexample Generation for Verification of Object-Oriented Software
Proposal for Swiss Secretariat for Education and Research to Support Research in the Scope of COST Actions Viktor Kuncak Laboratory for Automated Reasoning and Analysis

2 Proofs and Counterexamples for Java
Java source code proof of the claim . . . void remove(x : Node) { Node prev = null; Node current = root; while (current != null) { if (current = x) ... else if (current.data < ... else if (current.data > ... ,,,, Program Verifier Claim: Program satisfies properties x.next.prev = x properties tree is sorted counterexample to the claim (valuable for interactive verification)

3 Data Structure Verification using Jahob
Verified correctness of e.g. - hash table - association list - array-based list - lists with cursor elements - priority heap More information on our site Full Functional Verification of Linked Data Structures ACM Conf. Prog. Language Design and Implementation’08 An Integrated Proof Language for Imperative Programs ACM Conf. Prog. Language Design and Implementation’09

4 Automated Provers in Jahob

5 Adapting Our Proof Techniques to Generate Counterexamples?
Jahob was designed to generate proofs, so: Many approximations in one direction only: verification condition implies correctness claim approximated formula implies original one Theorem provers give no counterexample FOL provers complete for proofs no complete FOL proof system for non-validity (undecidability of FOL) feature not implemented in prover

6 Possible Solutions First approach: avoid approximation
use decision procedures use complete combination methods keep track what was approximated, refine Second approach – appealing alternative systematic test-case generation end-to-end solution for counterexamples supports: loops, all computable invariants effective, widely and immediately applicable joint work with T.Gvero, D.Marinov, M.Gligoric

7 Checking Hoare Triples
Program c with state (heap) h havoc(h);  arbitrary initial state assume(P(h));  precondition c;  program (with loops) assert(Q(h))  postcondition Test Case Generation assume(size(h)<N);  bound Testing (with Runtime Checks)

8 Checking Hoare Triples
Program c with state (heap) h havoc(h);  arbitrary initial state assume(P(h));  precondition View test generation as systematic execution of (bounded-choice) guarded command language x = getInt(0,N) means: havoc(x); assume(0 < x <= N) Test Case Generation assume(size(h)<N);  bound

9 Systematic Execution Example
static void main(int N) { x0 = getInt(0, N); x1 = getInt(0, N); x2 = getInt(0, N); assume(x0 < x1); assume(x1 < x2); } x0 = getInt(0, 1); N = 1 x0 = 0 x0 = 1 x1 = getInt(0, 1); x1 = 0 x1 = 1 x2 = getInt(0, 1); x2 = getInt(0,1); x2 = 0 x2 = 1 assume(x0 < x1); assume(x0 < x1); assume(x1 < x2); assume(x1 < x2);

10 Delayed Execution (for Integers)
x0 = Susp(0,1); force(x0); x1 = Susp(0,1); force(x1); x2 = Susp(0,1); force(x2); assume(x0 < x1); assume(x1 < x2); eager evaluation x0 = Susp(0,1); x1 = Susp(0,1); x2 = Susp(0,1); force(x0); force(x1); assume(x0 < x1); force(x2); assume(x1 < x2); delayed execution original code x0 = getInt(0,1); x1 = getInt(0,1); x2 = getInt(0,1); assume(x0< x1); assume(x1 < x2);

11 Implementation Implemented in Java Pathfinder from NASA
explicit-state model checker implemented as JVM interpreter supports backtracking, state comparison, etc. We implemented our delayed execution This contribution accepted by JPF developers Now part of JPF distribution

12 Delayed Choice is Essential for Efficiency
Eager Choice Delayed Choice data structure N time [s] RedBlackTree 7 8 9 9.96 65.67 449.17 3.24 13.85 64.24 DAG 3 4 5 5.68 out of mem - 0.69 6.41 1,013.75 HeapArray 6 16.66 304.32 8,166.77 4.12 32.43 318.59 SortedList 5.94 900.67 0.64 2.38 9.85 Prvi skup eksperimenata, sa više struktura podataka, pokazuje da tehnika za optimizovano generisanje pomoću odloženog izvršavanja poboljšava vreme generisanja test ulaza do određene veličine i vreme do pronalska prve greške.

13 Testing the Framework and Java Pathfinder
generator time [s] actual bugs found AnnotatedMethod 24.77 2 RefactoringGet 5.30 1 DeclaredMethodsReturn 8.22 RefactoringSet 5.33 StructureClass 10.34 4 DeclaredFieldTest 51.67 ClassCastMethod 47.57 Treći skup eksperimenata, koji predstavlja testiranje delova UDITA-ine implementacije, je otkrio nekoliko novih grešaka u samom JPF-u i jedan u JPF UDITA-inoj ekstenziji (koji je naknadno popravljen). Ovi rezultati sugerišu da je UDITA efikasna u otkrivanju realnih grešaka u veliki bazama koda.

14 Conclusions and Plan JPF implementation results encouraging
based on executing code and backtracking Next steps: fast, robust implementation eliminate orders of magniture JPF slowdown explore trade-off with symbolic execution (backtrack in solver or in execution engine?) high-level specifications using Scala integration with verification tools

15 Integration with COST Action IC701
Related efforts on testing by members (Beckert, Gladisch, Klebanov, Ahrendt) This approach to test-case generation can be a useful complement for tools developed in Action This approach is robust enough to be adapted to different specification languages and tools good connections to WG4

Download ppt "Counterexample Generation for Verification of Object-Oriented Software"

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Abstraction of Source Code (from Bandera lectures and talks)

Abstraction of Source Code (from Bandera lectures and talks)
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.

This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Chair of Software Engineering Automatic Verification of Computer Programs.

Chair of Software Engineering Automatic Verification of Computer Programs.
Describing Syntax and Semantics

Describing Syntax and Semantics
Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.

Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.

Similar presentations

Ads by Google