Presentation is loading. Please wait.

Presentation is loading. Please wait.

Higher-Order Verification With Liquid Types Ranjit Jhala, UC San Diego (with Pat Rondon, Ming Kawaguchi)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Higher-Order Verification With Liquid Types Ranjit Jhala, UC San Diego (with Pat Rondon, Ming Kawaguchi)"— Presentation transcript:

1 Higher-Order Verification With Liquid Types Ranjit Jhala, UC San Diego (with Pat Rondon, Ming Kawaguchi)

2 Part I First-Order Verification Part II Higher-Order Verification

3 char* rev_copy(char* a, int n){ i = 0; j = n – 1; b = malloc(n); while(0<=j){ b[i] = a[j]; i++; j--; } return b; } First-Order Verification

4 char* rev_copy(char* a, int n){ i = 0; j = n – 1; b = malloc(n); while(0<=j){ b[i] = a[j]; i++; j--; } return b; } Example: Memory Safety Access Within Array Bounds

5 char* rev_copy(char* a, int n){ i = 0; j = n – 1; b = malloc(n); while(j>=0){ b[i] = a[j]; i++; j--; } return b; } assert (0<=i && i<n); 0: 1: 2: How to prove assert never fails ? assert (i<n); 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } Access Within Array Bounds

6 How to prove asserts? Invariants [Floyd-Hoare]

7 Invariants Predicate that is always true @ Program Location 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } true i+j=n-1 i+j=n-1 Æ 0 · j Invariant Proves Assert

8 How to Prove Asserts?How to Find Invariants?

9 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } ? What are Invariants ? ? ?

10 Let X i = Invariant @ location i

11 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } ? What are Invariants ? ? ? X0X0 X1X1 X2X2 Properties of X 0,X 1,X 2 ?

12 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } What are Invariants ? X0X0 Initial Values Arbitrary X 0 = true

13 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } What are Invariants ? i=0 Æ j=n-1 ) X 1 true X1X1

14 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } What are Invariants ? 0 · j Æ X 1 ) X 2 X1X1 X2X2

15 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } What are Invariants ? X 2 ) i<n X2X2

16 0: i = 0; j = n–1; 1: while (0<=j){ 2: assert(i<n); i = i+1; j = j–1; } What are Invariants ? i=i o +1 Æ j=j o -1 Æ [ i o /i ][ j o /j ] X 2 ) X 1 X1X1 X2X2

17 What are Invariants ? … Æ [ i o /i ][ j o /j ] X 2 ) X 1 Predicates X 1, X 2 s.t. i=0 Æ j=n-1 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n

18 What are Invariants ? … Æ [ i o /i ][ j o /j ] X 2 ) X 1 Predicates X 1, X 2 s.t. i=0 Æ j=n-1 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n How to Infer Invariants? How to Solve for X 1, X 2 ? Idea: Lazy Abstraction

19 Tree of executions over atomic predicates i+j=n-1 0·j0·j Nodes: X 1, X 2 Edges: X 1 ) X 2

20 … [ i o /i ][ j o /j ] X 2 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n Lazy Predicate Abstraction X0X0 true Tree Root Root X (i.e. non-RHS) i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j

21 Lazy Predicate Abstraction X0X0 true X1X1 Tree Edge “Unrolled” Implication … [ i o /i ][ j o /j ] X 2 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j

22 Lazy Predicate Abstraction X0X0 true X1X1 Theorem Prover i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j ? i=0 Æ j=n-1 Æ true ) i+j=n-1 Valid

23 Lazy Predicate Abstraction X0X0 true X1X1 i+j=n-1 Theorem Prover i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j i=0 Æ j=n-1 Æ true ) 0·j0·j Invalid … [ i o /i ][ j o /j ] X 2 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n ?

24 Lazy Predicate Abstraction X0X0 true X1X1 i+j=n-1 … [ i o /i ][ j o /j ] X 2 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j X2X2 i+j=n-1 Æ 0 · j ?

25 Lazy Predicate Abstraction X0X0 true X1X1 i+j=n-1 … [ i o /i ][ j o /j ] X 2 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j X2X2 i+j=n-1 Æ 0 · j i<ni<n Theorem Prover 0 · j Æ i+j=n-1 ) i<n Valid

26 Lazy Predicate Abstraction X0X0 true X1X1 i+j=n-1 X2X2 X1X1 i<ni<n ? i+j=n-1 Æ 0 · j … [ i o /i ][ j o /j ] X 2 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j i+j=n-1

27 Lazy Predicate Abstraction X0X0 true X1X1 i+j=n-1 X2X2 X1X1 i<ni<n i+j=n-1 Æ 0 · j … [ i o /i ][ j o /j ] X 2 ) X 1 0 · j Æ X 1 ) X 2 X 2 ) i<n i=0 Æ j=n-1 Æ X 0 ) X 1 Atoms: i+j=n-1, 0 · j i+j=n-1 Fixpoint Stop Unrolling Inferred Invariants Proved Asserts… Constraints Solved …not so fast!

28 C Program + Asserts Lazy Abstraction [popl 02] Atoms Safety Invariants How to get good atoms? e.g. i+j=n-1 If we have bad atoms... e.g. i=0, j=n-1, 0 · j

29 X2X2 i<ni<n X0X0 true X1X1 i=0 Æ j=n-1 X2X2 X1X1 i<ni<n i=0 Æ j=n-1 Æ 0 · j true …Yields Counterexample “Path” Abstraction With Bad Atoms... Assert Holds Not a fixpoint Assert Fails i:=0 j:=n–1 0<=j? i:=i+1 j:=j-1 0<=j?

30 Bad atoms yield counterexample paths

31 C Program + Asserts Lazy Abstraction [popl 02] AtomsPath Safety Invariants Counterexample Analysis Unsafe Paths “Counterexample Guided Abstraction Refinement” [Kurshan 94, Clarke et al. 00, Ball & Rajamani 00] PathAtoms

32 X2X2 i<ni<n X0X0 X1X1 X2X2 X1X1 i:=0 j:=n–1 0<=j? i:=i+1 j:=j-1 0<=j? PathAtomsFormulaProof Good Atoms Relationships from past Prove safety of future i:=0 j:=n–1 0<=j? i:=i+1 j:=j-1 0<=j? How to compute good atoms from paths?

33 PathAtomsFormulaProof Æ i 0 = 0 Æ j 0 = n–1 Æ 0 · j 0 Æ i 1 = i 0 + 1 Æ j 1 = j 0 - 1 Æ n · i 1 ¸ Æ 0 · j 1 Negate Assert Rename Variables (SSA) Formula Unsatisfiable iff Assert Holds X2X2 i<ni<n X0X0 X1X1 X2X2 X1X1 i:=0 j:=n–1 0<=j? i:=i+1 j:=j-1 0<=j?

34 PathAtomsFormulaProof Æ i 0 =0 Æ j 0 =n–1 Æ 0 · j 0 Æ i 1 =i 0 +1 Æ j 1 =j 0 -1 Æ n · i 1 Æ 0 · j 1 Æ i 0 = 0 Æ j 0 = n–1 Æ 0 · j 0 Æ i 1 = i 0 + 1 Æ j 1 = j 0 - 1 Æ i 1 ¸ n Æ 0 · j 1 0·j10·j1 j 1 =j 0 -1 j 0 =n-1 n·i1n·i1 i 1 =i 0 +1 i 0 =0 0 · j 0 -1 0 · n-2 0 · -1 n · i 0 +1 n·1n·1 False X2X2 i<ni<n X0X0 X1X1 X2X2 X1X1 i:=0 j:=n–1 0<=j? i:=i+1 j:=j-1 0<=j? + + + + +

35 PathAtomsFormulaProof 0·j10·j1 j 1 =j 0 -1 j 0 =n-1 n·i1n·i1 i 1 =i 0 +1 i 0 =0 0 · j 0 -1 0 · n-2 n · i 0 +1 n·1n·1 False + + + + + Good Atoms Relationships from past Prove safety of future + i+j=n-1

36 Atom = Craig Interpolant Of Past, Future Formulas Extracted from proof Of path unsatifiability Inferred Good Atom i+j=n-1 X2X2 i<ni<n X0X0 X1X1 X2X2 X1X1 0<=j? i:=0 j:=n–1 0<=j? i:=i+1 j:=j-1 0<=j?

37 Recap How to verify safety ? Compute invariants X 1, X 2... How to solve for X 1, X 2... ? Tree of executions over atoms How to find good atoms ? Interpolants of path formulas

38 Recap Safety Invariants Implications AI, PA, CEGAR,… X 0, X 1 X0 ) X1X0 ) X1

39 Part I First-Order (by Logic) Part II Higher-Order Verification

40 Key Problem: Invariants for… Collections? Closures? Polymorphism? Recursive Data?

41 Idea: Logically Qualified Types Factor Invariant to Logic x Type Idea: Liquid Types

42 Logic Describes Individual Data Type Quantifies over Structure

43 factored into 8 i: 0 · i < table.length ) -1 · table[i] table :: {v:int|-1 · v} array TypeLogic

44 factored into 8 x: next*(root,x) ) -1 · x.data root :: {v:int|-1 · v} list TypeLogic

45 Pre-Condition x:’a array -> {v:int|0 · v< len x} -> ’a Functions: Array.get Post-Condition ’a array -> int -> ’a

46 int -> int -> (int-> unit) -> unit Higher-Order: ffor lo:int -> hi:{int|lo · v} -> ({v:int|lo · v unit) -> unit

47 Logic Describes Individual Data Type Quantifies over Structure Theorem Prover Reasoning about Individual Data Type System Quantified Reasoning about Structure

48 Demo “Map-Reduce”

49 map :: (e -> (k, v) list) -> e list -> (k, v) list group :: (k, v) list -> (k, v list) table reduce :: (v -> v -> v) -> (k, v list) table -> (k, v) table

50 K-Means Clustering

51 0. Choose K Centers Arbitrarily

52 1. (Map) Points to Nearest Center

53 2. (Group) Points by Center

54 3. (Reduce) Centroids into New Centers

55 Repeat 1,2,3 Until Convergence

56 Demo K-Means via Map-Reduce

57 Base Types Collections Closures Polymorphism Recursive Data

58 let rec ffor l u f = if l < u then ( f l; ffor (l+1) u f ) Type of f int ! unit Template of f {v:int| X 1 } ! unit Liquid Type of f {v:int|l · v Æ v<u} ! unit l Flows Into Input of f {v:int | v=l} <: {v:int |X 1 } l<u |- l<u Æ v=l ) X 1 Solution X 1 = l · v Æ v<u Reduces to

59 Base Types Collections Closures Polymorphism Recursive Data

60 let nearest dist ctra x = let da = Array.map (dist x) ctra in [min_index da, (x, 1)] Type of Output int * ’b * int list Template of Output {v:int | X 1 } * ’b * {v:int | X 2 } list (’a ! ’b) ! x:’a array ! {v:’b array|len x = len v} Liquid Type of x:’a array ! {v:int| 0 · v Æ v < len x} min_index da {v:int| 0 · v Æ v < len da} da {v:’b array| len v = len ctra} len da = len ctra Æ 0 · v<len da ) X 1 len da = len ctra Æ v=1 ) X 2 da:{len v = len ctra} |-{ 0 · v<len da} * ’b * {v=1} list <: { X 1 } * ’b * { X 2 } list Reduces To Solution X 1 = 0 · v < len ctra X 2 = 0 < v Liquid Type of Output {v:int|0 · v<len ctra}*’b*{v:int|0<v} list

61 Base Types Collections Closures Polymorphism Recursive Data

62 let min_index a = let min = ref 0 in ffor 0 (Array.length a) (fun i -> if a.(i) < a.(!min) then min := i ); !min Liquid Type of ffor 0 (len a) ({v:int|0 · v < len a} ! unit) ! unit Template of (fun i ->...) {v:int| X i } ! unit { X i } ! unit <: {0 · v<len a} ! unit {0 · v<len a} unit {Xi}{Xi} {0 · v<len a} <: { X i } Reduces To unit <: unit 0 · v < len a ) X i Solution X i = 0 · v< len a Liquid Type of (fun i ->...) {v:int|0 · v<len a} ! unit Liquid Type of ffor l:int ! u:int ! ({v:int|l · v<u} ! unit) ! unit Liquid Type of ffor 0 u:int ! ({v:int|0 · v< u} ! unit) ! unit

63 Base Types Collections Closures Polymorphism Recursive Data

64 mapreduce (nearest dist ctra) (centroid plus) xs |> List.iter (fun (i,(x,sz)) -> ctra.(i)<- div x sz) Type of mapreduce (’a ! ’b * ’c list) !... ! ’b * ’c list Template of mapreduce (’a ! { X 1 } * ’a * { X 2 } list) !... ! { X 1 } * ’a * { X 2 } list Type Instantiation ’a with ’a ’b with int ’c with ’a * int Template Instantiation ’a with ’a ’b with {v:int| X 1 } ’c with ’a * {v:int| X 2 } Liquid Type of (nearest dist ya) ’a ! {0 · v < len ctra} * ’a * {0<v} list <: ’a ! { X 1 } * ’a * { X 2 } list Solution X 1 = 0 · v < len ctra X 2 = 0 < v Reduces To 0 · v < len ctra ) X 1 0 < v ) X 2 Liquid Type of mapreduce Output {0 · v < len ctra} * ’a * {0 < v} list

65 Polymorphism = “Meta” Invariants

66 Polymorphism = “Meta Invariants” foldl :: (a->b-> a)-> a-> b list-> a

67 Polymorphism = “Meta Invariants” foldl :: (a->b-> a)-> a-> b list-> a Initial Value Satisfies a

68 Polymorphism = “Meta Invariants” foldl :: (a->b-> a)-> a-> b list-> a Each “Iteration” Preserves a

69 Polymorphism = “Meta Invariants” foldl :: (a->b-> a)-> a-> b list-> a Hence, Output Satisfies a

70 Polymorphism = “Meta Invariants” foldl :: (a->b-> a)-> a-> b list-> a At callsite instantiate a for invariant Analysis oblivious to iterated structure

71 Base Types Collections Closures Polymorphism Recursive Data

72 Recursive Data Structures

73 Data (Structure) Invariants Piggyback Predicates On Types

74 [] :: {x:int|0<x} listint list 0<x Describes all elements x : int Representation

75 [] :: 0<x x : int Type Unfolding [] :: 0<h h : int [] :: 0<x x : int HeadTailEmpty PositiveProperty holds recursively List of positive integers

76 [] :: 0<x Describes all elements x : int x<v v Describes tail elements Representation

77 [] :: x<v x : int Type Unfolding [] :: h : int [] :: x<v x : int HeadTailEmpty Elements larger than head Property holds recursively List of sorted integers h<v Push Edge Predicate Into NodeRename Variable h<x

78 Piggyback Predicates On Types Data (Structure) Invariants

79 [] :: x : int Unfold :: h : int [] :: x : int l:sorted listh:intt:sorted list & {h<x} list Instantiate tl match l with h :: t x<V h<x Quantifier Instantiation

80 Piggyback Predicates On Types Data (Structure) Invariants

81 [] :: x : int Fold h : int [] :: x : int :: l:sorted listh:intt:sorted list & {h<x} list Generalize tl let l = h :: t in x<V h<x Quantifier Generalization

82 Demo isort

83 Recursive Data Structures

84 Piggyback Predicates On Types (Data) Structure Invariants

85 measure len = | [] -> 0 | x::xs -> 1 + len xs Representation: List Length

86 8 l,x,xs. len([]) = 0 len(x::xs) = 1+len(xs)

87 Piggyback Predicates On Types (Data) Structure Invariants

88 l:’a list h:’a t:’a list len(l)=1+len(t) Instantiate match l with h :: t Quantifier Instantiation 8 l,x,xs. len([]) = 0 len(x::xs) = 1+len(xs)

89 Piggyback Predicates On Types (Data) Structure Invariants

90 h:’a t:’a list Quantifier Generalization 8 l,x,xs. len([]) = 0 len(x::xs) = 1+len(xs) Generalize let l = h :: t in h:’a t:’a list l:’a list len(l)=1+len(t)

91 Demo msortb

92 Recursive Data Structures Piggyback Measures

93 Leaf l r l = Left subtree r = Right subtree treeHeight H l = Left subtree’s height H r = Right subtree’s height measure H = | Leaf = 0 | Node(x,l,r) = 1 + max (H l) (H r) Height Balanced Tree | Hl–Hr |< 2 Node Height difference bounded at each node

94 Demo eval

95 Automatic Liquid Type Inference By Predicate Abstraction

96 0<x [] :: x : int x<v Automatic Liquid Type Inference Predicates Determine Invariant Let X 1, X 2,... = Unknown Predicates Complex Subtyping Between data types X1X1 X2X2 Reduces To Simple Implications Between X 1, X 2,... Solved by Predicate Abstraction Over atoms 0<x, x<v,...

97 Part I First-Order (by Logic) Part II Higher-Order (by Types)

98 Take Home Lessons Why are HO Programs difficult? Complex “invariants” How to represent invariants? Factor into liquid type How to compute liquid type? AbsInt/Predicate Abstraction/…

99 “Back-End” Logic Constraint Solving Rich Decidable Logics Qualifier Discovery… Much Work Remains…

100 “Front-End” Types Destructive Update Concurrency Objects & Classes Dynamic Languages… Much Work Remains…

101 User Interface The smarter your analysis, the harder to tell why it fails! Much Work Remains…

102 http://goto.ucsd.edu/liquid source, papers, demo, etc.

103 Program (ML)Verified Safety Properties List-based SortingSorted, Outputs Permutation of Input Finite MapBalance, BST, Implements a Set Red-Black TreesBalance, BST, Color StablesortSorted Extensible VectorsBalance, Bounds Checking, … Binary HeapsHeap, Returns Min, Implements Set Splay HeapsBST, Returns Min, Implements Set MallocUsed and Free Lists Are Accurate BDDsVariable Order Union FindAcyclicity Bitvector UnificationAcyclicity

104 Finite Maps (ML) 5: ‘cat’ 3: ‘cow’ 8: ‘tic’ 1: ‘doc’ 4: ‘hog’ 7: ‘ant’ 9: ‘emu’ From Ocaml Standard Library Implemented as AVL Trees Rotate/Rebalance on Insert/Delete Verified Invariants Binary Search Ordered Height Balanced Keys Implement Set

105 Binary Decision Diagrams (ML) X1X1 X2X2 X2X2 X3X3 X4X4 X4X4 1 Graph-Based Boolean Formulas [Bryant 86] X 1  X 2  X 3  X 4 Efficient Formula Manipulation Memoizing Results on Subformulas Verified Invariant Variables Ordered Along Each Path

106 Vec: Extensible Arrays (317 LOC) “Python-style” extensible arrays for Ocaml find, insert, delete, join etc. Efficiency via balanced trees Balanced Height difference between siblings ≤ 2 Dsolve found balance violation

107 fatal off-by-one error Recursive Rebalance

108 Debugging via Inference Using Dsolve we found Where imbalance occurred (specific path conditions) How imbalance occurred (left tree off by up to 4) Leading to test and fix

Download ppt "Higher-Order Verification With Liquid Types Ranjit Jhala, UC San Diego (with Pat Rondon, Ming Kawaguchi)"

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.

A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.
Consequence Generation, Interpolants, and Invariant Discovery Ken McMillan Cadence Berkeley Labs.

Consequence Generation, Interpolants, and Invariant Discovery Ken McMillan Cadence Berkeley Labs.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Satisfiability Modulo Computable Functions Philippe Suter, Ali Sinan Köksal, and Viktor Kuncak ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE, SWITZERLAND Photo:

Satisfiability Modulo Computable Functions Philippe Suter, Ali Sinan Köksal, and Viktor Kuncak ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE, SWITZERLAND Photo:
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,

Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN 2006 -

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Time Complexity of Basic BST Operations Search, Insert, Delete – These operations visit the nodes along a root-to- leaf path – The number of nodes encountered.

Time Complexity of Basic BST Operations Search, Insert, Delete – These operations visit the nodes along a root-to- leaf path – The number of nodes encountered.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Relatively Complete Verification of Higher- Order Programs (via Automated Refinement Type Inference) Tachio Terauchi Nagoya University TexPoint fonts used.

Relatively Complete Verification of Higher- Order Programs (via Automated Refinement Type Inference) Tachio Terauchi Nagoya University TexPoint fonts used.
BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.

BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
CSE332: Data Abstractions Lecture 7: AVL Trees Tyler Robison Summer 2010 1.

CSE332: Data Abstractions Lecture 7: AVL Trees Tyler Robison Summer
Binary Heaps CSE 373 Data Structures Lecture 11. 2/5/03Binary Heaps - Lecture 112 Readings Reading ›Sections 6.1-6.4.

Binary Heaps CSE 373 Data Structures Lecture 11. 2/5/03Binary Heaps - Lecture 112 Readings Reading ›Sections
Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.

Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.
Comp 122, Spring 2004 Heapsort. heapsort - 2 Lin / Devi Comp 122 Heapsort  Combines the better attributes of merge sort and insertion sort. »Like merge.

Comp 122, Spring 2004 Heapsort. heapsort - 2 Lin / Devi Comp 122 Heapsort  Combines the better attributes of merge sort and insertion sort. »Like merge.

Similar presentations

Ads by Google