Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Verification with HIP and SLEEK Asankhaya Sharma.

Published bySheldon Damask Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Verification with HIP and SLEEK Asankhaya Sharma."— Presentation transcript:

1 Automated Verification with HIP and SLEEK Asankhaya Sharma

2 Recall the List length Example int length(struct node* p) /*@ requires p::list ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Memory Safety Length of the List Bag of Values

3 Total Correctness int length(struct node* p) /*@ requires p::list & Term[n] ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Termination Metric A ranking function which decreases with each recursive call (or loop iteration)

4 Termination Examples for SLEEK checkentail Term[m] & m > n |- Term[n]. checkentail x::list & x !=null & Term[n] |- x::node * p::list & Term[m]. checkentail Term[m] |- Loop. checkentail Term[m] |- MayLoop. Valid. InValid.

5 Structured Specifications Richer specifications that provide guidance to automated verification Support automatic case analysis Support Reuse of Verification Support Multiple specifications

6 Trivial Loop Example while(z!=n) requires true ensures z’ = n { z = z + 1; } Precondition same as loop invariant Postcondition of loop is final state when loop terminates When does this loop terminate ?

7 With Termination while(z!=n) requires z <= n & Term[n-z] ensures z’ = n { z = z + 1; } Specify ranking function Term[R]

8 With Non-Termination while(z!=n) requires z > n & Loop ensures false { z = z + 1; } Post condition is false which signifies unreachable exit

9 Recall Multiple Specs while(z!=n) requires z n & Loop ensures false { z = z + 1; } Case Analysis

10 Case Structure Case Specification case { p1  requires R1 ensures Q1; p2  requires R2 ensures Q2; } Analogous to LEM – It can be applied during verification to support more comprehensive reasoning

11 Why Case ? The presence of case structures enables: – Automatic case analysis – Clearer and more concise specifications

12 Case Specs for Scenario Analysis Trivial loop with multiple scenarios revisited: while(z!=n) case{ z n  requires Loop ensures false } { z = z + 1; }

13 A Tricky Loop What termination spec to give to this loop ? while(x>0) { x = x + y; }

14 Case Specs for Scenario Analysis Three Scenarios while(x>0) case{ x<=0  ensures x’ = x x > 0  case { y >= 0  ensures false y <0  ensures y<x’<=0; } } { x = x + y;} Base Case Non-terminating Recursive but terminating

15 With Termination Specs while(x>0) case{ x<=0  requires Term[] ensures x’ = x x > 0  case{ y >= 0  requires Loop ensures false y <0  requires Term[x] ensures y<x’<=0} } { x = x + y;}

16 McCarthy 91 Function This function always returns 91 when input is less than or equal to 100 int mcCarthy(int n) { if (n>100) return n-10; else return mcCarthy(mcCarthy(n+11)); } Nested recursion. Does it terminate ?

17 Termination int mcCarthy(int n) case{ n > 100  requires Term[] ensures res=n-10 n<=100  requires Term[100-n] ensures res = 91 }{}{ if (n>100) return n-10; else return mcCarthy(mcCarthy(n+11)); }

18 Further Reading Gherghina, Cristian, Cristina David, Shengchao Qin, and Wei-Ngan Chin. "Structured specifications for better verification of heap- manipulating programs." In FM 2011: Formal Methods, pp. 386-401. Springer Berlin Heidelberg, 2011.

Download ppt "Automated Verification with HIP and SLEEK Asankhaya Sharma."

Similar presentations

A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Linked Lists CSE 2451 Matt Boggus. Dynamic memory reminder Allocate memory during run-time malloc() and calloc() – return a void pointer to memory or.

Linked Lists CSE 2451 Matt Boggus. Dynamic memory reminder Allocate memory during run-time malloc() and calloc() – return a void pointer to memory or.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University.

HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Partial correctness © Marcelo d’Amorim 2010.

Partial correctness © Marcelo d’Amorim 2010.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.
Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLine’s CSE 503, Software Engineering University of Washington 26 Apr 2004.

Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLine’s CSE 503, Software Engineering University of Washington 26 Apr 2004.
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 1.

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 1.
Copyright © 2003 Pearson Education, Inc. Slide 1.

Copyright © 2003 Pearson Education, Inc. Slide 1.
Well-cooked Spaghetti: Weakest-Precondition of Unstructured Programs Mike Barnett and Rustan Leino Microsoft Research Redmond, WA, USA.

Well-cooked Spaghetti: Weakest-Precondition of Unstructured Programs Mike Barnett and Rustan Leino Microsoft Research Redmond, WA, USA.
Describing Syntax and Semantics

Describing Syntax and Semantics
Proving termination conditions Name Country, City, University Omer Subasi Turkey, Istanbul, Koc University Anton Dergunov

Proving termination conditions Name Country, City, University Omer Subasi Turkey, Istanbul, Koc University Anton Dergunov
Specifications Liskov Chapter 9 SWE 619 Last Updated Fall 2008.

Specifications Liskov Chapter 9 SWE 619 Last Updated Fall 2008.

Similar presentations

Ads by Google