Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implicit Programming Viktor Kuncak EPF Lausanne

Published byAmberlynn Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "Implicit Programming Viktor Kuncak EPF Lausanne"— Presentation transcript:

1 Implicit Programming Viktor Kuncak EPF Lausanne http://lara.epfl.ch/w/impro

2 Joint work with Ruzica PiskacPhilippe SuterTihomir GveroMikaël MayerAli Sinan Köksal Barbara Jobstmann Verimag Jad Hamza ENS Cachan EPFL Sebastien Vasey Darko Marinov Milos Gligoric Vilas Jagannath UIUC Sarfraz Khurshid UT Austin

3 Notion of Implicit Programming

4 Calculus of numbers and functions (studied for centuries in real analysis) two tasks - compute y : F(x) = y ? 5∙7 2 + 2∙7 + 3 = y sin’(t) = y(t) - solve for x : F(x ? ) = y 5∙x 2 + 2∙x + 3 = 42 f ’(t) = cos(t) arithmetic derivatives algebraic equations differential equations

5 Calculus of Programs Compute with numbers and with: lists, trees, sets, relations Again two tasks compute the result y : F(x) = y ? –today’s software (imperative and functional) solve for x : F(x ? ) = y –verification: find input that crashes program, or invariants that prove correctness –synthesis: find program that satisfies the spec tomorrow’s software – implicit computation

6 Programming Activity Consider three related activities: Development within an IDE (Eclipse, Visual Studio, emacs, vim) Compilation and static checking (optimizing compiler for the language, static analyzer, contract checker) Execution on a (virtual) machine More compute power available for each of these  use it to improve programmer productivity requirements def f(x : Int) = { y = 2 * x + 1 } iload_0 iconst_1 iadd 42

7 Implicit Programming A high-level programming model In addition to traditional constructs, use implicit specifications Give property of result, not how to compute it More expressive, easier to argue correctness Challenge: – make it executable and efficient, so it is useful Claim: automated reasoning is a key technique

8 Explicit Design Explicit = written down, machine readable Implicit = omitted, to be (re)discovered Current practice: – explicit program code – implicit design (key invariants, properties) Goal: – explicit design – implicit program Total work not increased, moreover – can be decreased for certain types of specifications – confidence in correctness higher –following design

9 Example: Date Conversion Knowing number of days since 1980, find current year and day BOOL ConvertDays(UINT32 days, SYSTEMTIME* lpTime) {...; year = 1980; while (days > 365) { if (IsLeapYear(year)) { if (days > 366) { days -= 366; year += 1; } } else { days -= 365; year += 1; } Enter December 31, 2008 all music players of a major brand freeze

10 Date Conversion in Kaplan System val origin = 1980 val (year, day)=choose((year:Val[Int],day:Val[Int]) => { def leapYearsUpto(y : Tree[IntSort]) = (y - 1) / 4 - (y - 1) / 100 + (y - 1) / 400 totalDays == (year - origin) * 365 + leapYearsUpto(year)-leapYearsUpto(origin) + day && day > 0 && day <= 366 }) The implicit programming approach ensures both termination and correctness with respect to stated properties Let origin denote 1980. Choose year and day such that the property holds, where leadYearsUpto is defined by the given expression.

11 Implicit Programming at All Levels Opportunities for implicit programming in Development within an IDE – InSynth tool (CAV’11) Compilation – Comfusy (PLDI’10) and RegSy (FMCAD’10) Execution – UDITA (ICSE’10), Scala ^ Z3 (CADE’11), Kaplan requirements def f(x : Int) = { choose y st... } iload_0 iconst_1 call Z3 42

12 Overview of Our Tools&Prototypes InSynth (w/ T.Gvero, R. Piskac) – synthesize code fragments interactively within IDE Comfusy (w/ M.Mayer,R.Piskac,P.Suter) – compile specifications using quantifier elimination RegSy (w/ J. Hamza, B. Jobstmann) – compile specifications into very fast automata UDITA extension of Java Pathfinder – make non-deterministic choice variables symbolic Scala^Z3 (w/ P.Suter, A.S. Köksal, R.Steiger) – invoke Z3 from Scala and vice versa with nice syntax Kaplan (w/ A.S.Köksal, P.Suter) – constraint solving for constraints over Z3+executable functions – solution enumeration through `for’ comprehensions – logical variables with global constraint store

13 Implicit (Programming Language) Constructs

14 A concrete language Notation for functions in Scala x => x*xsquaring function f, such that f(x)=x*x (x,y) => x+2*yexample linear function of arguments x and y x => (x > 0)returning true iff the argument is positive (x,y) => x+y < 10true if sum of its arguments is less than 10 (x,y) => x > 0 && y > 0true if both arguments positive predicate: function of type (A 1,...,A n ) => Boolean

15 Algebraic Data Types and Pattern Matching Objective Caml type tree = Leaf | Node of tree*int*tree let rec elem x t = match t with | Leaf -> false | Node(l,y,r) -> if x=y then true else if x<y then elem x l else elem x r Scala abstract class Tree case class Leaf() extends Tree case class Node(left:Tree, data:Int, right:Tree) extends Tree def elem(x:Int,t:Tree):Boolean= t match { case Leaf() => false case Node(l,y,r) => if (x==y) true else if (x<y) elem(x,l) else elem(x,r) }

16 Option Types abstract case class Option[T] case class None() extends Option[T] case class Some(x:T) extends Option[T] Example use of option types: lookup(x,myMap) match { case None() => print(“Nothing found”) case Some(v) => print(“Found: “ + v) }

17 Constraints Semantically, constraint is a predicate Syntactically, we specify them (for now) using 1) variable binding and 2) boolean expression x => (x*x==a):Int => Boolean Here ‘a’ is parameter, some valid value of the language In general, constraint C is a function of form (x 1,..., x n ) => P(x 1,..., x n, a 1,...,a n ) : Int n => Boolean where P has type Boolean Given values a 1,...,a n, the set of solutions of C is S(C) = {(x 1,..., x n ) | P(x 1,..., x n, a 1,...,a n ) }

18 findAll and find C - a constraint S(C) - its solution set, S(C) = { x | C(x) } S(x => x > 5) = {5,6,7,8,...} 1) findAll(C) = S(C) findAll: (T => Boolean) => Set[T] We represent result of findAll as iterator and use a for loop for ((a,b) 0 < x && x < y && x + y < 10)) { println(“a = “ + a + “b = “ + b) } 2) find(C) = if S(C)={} then None else Some(x) where x  S(C) find: (T => Boolean) => Option[T] Example of use: find(x => (x*x==a)) match { case Some(v) => println(“Square root of a is” + v) case None() => println(“a is not a square of an integer”) }

19 find variations: choose and given // choose : (T => Boolean) => T def choose(C : T => Boolean) : T = find(C) match { case Some(v) => v case None() => throw new Exception(“no solution”) } Example: println(choose(x => (x*x==a))) // print x such that x*x=a // given one x such that P(x), compute q(x); if none exists, compute r given (x => P(x)) have q(x) else r find(x => P(x)) match { case Some(y) => q(y) case None() => r } Example: given (k=> (2*k==a)) have k else 3*k+1 given (_ => e) have q else r  if (e) q else r

20 def secondsToTime(totalSeconds: Int) : (Int, Int, Int) = choose((h: Int, m: Int, s: Int) ⇒ ( h * 3600 + m * 60 + s == totalSeconds && 0 <= h && 0 <= m && m < 60 && 0 <= s && s < 60 )) Example of using choose 3787 seconds1 hour, 3 mins. and 7 secs.

21 What Pattern Matching Means sealed abstract class Tree case class Leaf() extends Tree case class Node(left:Tree, data:Int, right:Tree) extends Tree t match { case Leaf() => q case Node(l,y,r) => r(l,y,r) }  if (t == Leaf()) q else if (t.isInstanceOf[Node]) r(t.left, t.data, t.right) else throw new Exception(“unhandled match case”)  l,y,r. t == Node(l,y,r)  given _=> t == Leaf() have q else given (l,y,r)=> t == Node(l,y,r) have r(l,y,r) else throw new Exception(“unhandled match case”)

22 Generalized pattern matching by translation to given t match { case _: Leaf() => q case l,y,r: Node(l,y,r) => r(l,y,r) } bound variables indicated explicitly, not by convention t match { case _: Leaf() =>... case l,k,r: Node(l,2*k,r) =>... case l,k,r: Node(l,2*k+1,Node(l’,k+1,r’)) =>... }... case v 1,...,v n : p i (v 1,...,v n ) => q i (v 1,...,v n )...... else given v 1,...,v n => t==p i (v 1,...,v n ) have q i (v 1,...,v n )... 

23 Halving Functions using given def halfToZero(x:Int) : Int = given k=> x==2*k have k else given k=> x==2*k+1 && k >= 0 have k else given k=> x==2*k - 1 && k < 0 have k else error } def halfToMinusInf(x:Int) : Int = given k=> x==2*k have k else given k=> x==2*k+1 && k >= 0 have k else given k=> x==2*k+1 && k < 0 have k else error } Note: error can never happen

24 More Implicit Programming Constructs

25 First-class constraints

26

27

28

29 Example using Scala ^ Z3 find triples of integers x, y, z such that x > 0, y > x, 2x + 3y <= 40, x · z = 3y 2, and y is prime val results = for( (x,y)  findAll((x: Var[Int], y: Var[Int]) ) => x > 0 && y > x && x * 2 + y * 3 <= 40); if isPrime(y); z  findAll((z: Var[Int]) ) => x * z === 3 * y * y)) yield (x, y, z) model enumeration (currently: negate previous) user’s Scala function Scala’s existing mechanism for composing iterations (reduces to standard higher order functions such as flatMap-s) λ Use Scala syntax to construct Z3 syntax trees a type system prevents certain ill-typed Z3 trees Obtain models as Scala values Can also write own plugin decision procedures in Scala

30 Interpretation versus Compilation

31 def secondsToTime(totalSeconds: Int) : (Int, Int, Int) = choose((h: Var[Int], m: Var[Int], s: Var[Int]) ⇒ ( h * 3600 + m * 60 + s == totalSeconds && 0 <= h && 0 <= m && m < 60 && 0 <= s && s < 60 )) How to execute choose by invoking SMT solver at run time exec (Z3 “ h * 3600 + m * 60 + s == 3787 &&...”) sat model: h=1, m=3, s=7 3787 seconds This approach works for constraints in theories for which SMT solver is complete and provides model generation. will be known at run-time syntax tree constructor need to find

32 Scala ^ Z3 Invoking Constraint Solver at Run-Time Java Virtual Machine - functional and imperative code - custom ‘decision procedure’ plugins Z3 SMT Solver Q: implicit constraint A: model A: custom theory consequences Q: queries containing extension symbols with: Philippe Suter, Ali Sinan Köksal

33 UDITA: Non-deterministic Language void generateDAG(IG ig) { for (int i = 0; i < ig.nodes.length; i++) { int num = chooseInt(0, i); ig.nodes[i].supertypes = new Node[num]; for (int j = 0, k = −1; j < num; j++) { k = chooseInt(k + 1, i − (num − j)); ig.nodes[i].supertypes[j] = ig.nodes[k]; } } } We used to it to generate tests and find real bugs in javac, JPF itself, Eclipse, NetBeans refactoring On top of Java Pathfinder’s backtracking mechanism Can enumerate all executions Key technique: suspended execution of non-determinism Java + choose - integers - (fresh) objects with: M. Gligoric, T. Gvero, V. Jagannath, D. Marinov, S. Khurshid

34

35 Comparison of Runtime Approaches Scala^Z3 is a library approach to using a constraint solving – efficient solving of given formulas – nice interface to Z3 from Scala UDITA is an improved JavaPathfinder, a non- deterministic JVM (much slower than JVM) Recent work: Kaplan – integrates non-determinism through for comprehensions (iterate over solutions) – supports symbolic logical variables (postpone solving) – has first class constraints, so subsumes Scala^Z3

36

37

38 def secondsToTime(totalSeconds: Int) : (Int, Int, Int) = choose((h: Int, m: Int, s: Int) ⇒ ( h * 3600 + m * 60 + s == totalSeconds && h ≥ 0 && m ≥ 0 && m < 60 && s ≥ 0 && s < 60 )) What would ideal code look like? def secondsToTime(totalSeconds: Int) : (Int, Int, Int) = val t1 = totalSeconds div 3600 val t2 = totalSeconds -3600 * t1 val t3 = t2 div 60 val t4 = totalSeconds -3600 * t1 -60 * t3 (t1, t3, t4) Ruzica Piskac Philippe Suter, PLDI’10 Mikaël Mayer

39 Comparing with runtime invocation Pros of synthesis Change in complexity: time is spent at compile time Solving most of the problem only once Partial evaluation: we get a specialized decision procedure No need to ship a decision procedure with the program Pros of runtime invocation Conceptually simpler Can use off-the-shelf solver for now can be more expressive and even faster but: val times = for (secs ← timeStats) yield secondsToTime(secs)

40 Compilation using Variable Elimination for Linear Integer Arithmetic

41 Implicit Programming at All Levels Opportunities for implicit programming in Development within an IDE – InSynth tool Compilation – Comfusy and RegSy tools Execution – Scala ^ Z3 and UDITA tools I next examine these tools, from last to first, focusing on Compilation requirements def f(x : Int) = { choose y st... } iload_0 iconst_1 call Z3 42 

42

43 Possible starting point: quantifier elimination A specification statement of the form Corresponds to constructively solving the quantifier elimination problem where a is a parameter Witness terms from QE are the generated program! r = choose(x ⇒ F( a, x )) ∃ x. F( a, x ) “let r be x such that F(a, x) holds”

44 val z = ceil(5*a/12) val x = -7*z + 3*a val y = 5*z + -2*a choose((x, y) ⇒ 5 * x + 7 * y == a && x ≤ y) z = ceil(5*31/12) = 13 x = -7*13 + 3*31 = 2 y = 5*13 – 2*31 = 3 ∃ x ∃ y. 5x + 7y = a ∧ x ≤ y x = 3a y = -2a Use extended Euclid’s algorithm to find particular solution to 5x + 7y = a: (5,7 are mutually prime, else we get divisibility pre.) Express general solution of equations for x, y using a new variable z: x = -7z + 3a y = 5z - 2a Rewrite inequations x ≤ y in terms of z:5a ≤ 12z z ≥ ceil(5a/12) Obtain synthesized program: For a = 31: Corresponding quantifier elimination problem:

45 choose((x, y) ⇒ 5 * x + 7 * y == a && x ≤ y && x ≥ 0) Express general solution of equations for x, y using a new variable z: x = -7z + 3a y = 5z - 2a Rewrite inequations x ≤ y in terms of z:z ≥ ceil(5a/12) assert(ceil(5*a/12) ≤ floor(3*a/7)) val z = ceil(5*a/12) val x = -7*z + 3*a val y = 5*z + -2*a Obtain synthesized program: z ≤ floor(3a/7)Rewrite x ≥ 0: ceil(5a/12) ≤ floor(3a/7)Precondition on a: (exact precondition) With more inequalities and divisibility: generate ‘for’ loop

46 NP-Hard Constructs Disjunctions – Synthesis of a formula computes program and exact precondition of when output exists – Given disjunctive normal form, use preconditions to generate if-then-else expressions (try one by one) Divisibility combined with inequalities: – corresponding to big disjunction in q.e., we will generate a for loop with constant bounds (could be expanded if we wish)

47 Methodology QE  Synthesis Each quantifier elimination ‘trick’ we found corresponds to a synthesis trick Find the corresponding terms Key techniques: – one point rule immediately gives a term – change variables, using a computable function – strengthen formula while preserving realizability – recursively eliminate variables one-by one Example use – transform formula into disjunction – strengthen each disjunct using equality – apply one-point rule

48 General Form of Synthesized Functions for Presburger Arithmetic choose x such that F(x,a)  x = t(a) Result t(a) is expressed in terms of +, -, C*, /C, if Need arithmetic for solving equations Need conditionals for – disjunctions in input formula – divisibility and inequalities (find a witness meeting bounds and divisibility by constants) t(a) = if P 1 (a) t 1 (a) elseif … elseif P n (a) t n (a) else error(“No solution exists for input”,a)

49 Basic Compile-Time Analysis

50 Compile-time warnings def secondsToTime(totalSeconds: Int) : (Int, Int, Int) = choose((h: Int, m: Int, s: Int) ⇒ ( h * 3600 + m * 60 + s == totalSeconds && h ≥ 0 && h < 24 && m ≥ 0 && m < 60 && s ≥ 0 && s < 60 )) Warning: Synthesis predicate is not satisfiable for variable assignment: totalSeconds = 86400

51 Compile-time warnings def secondsToTime(totalSeconds: Int) : (Int, Int, Int) = choose((h: Int, m: Int, s: Int) ⇒ ( h * 3600 + m * 60 + s == totalSeconds && h ≥ 0 && m ≥ 0 && m ≤ 60 && s ≥ 0 && s < 60 )) Warning: Synthesis predicate has multiple solutions for variable assignment: totalSeconds = 60 Solution 1: h = 0, m = 0, s = 60 Solution 2: h = 0, m = 1, s = 0

52 Handling Data Structures

53 Synthesis for sets def splitBalanced[T](s: Set[T]) : (Set[T], Set[T]) = choose((a: Set[T], b: Set[T]) ⇒ ( a union b == s && a intersect b == empty && a.size – b.size ≤ 1 && b.size – a.size ≤ 1 )) def splitBalanced[T](s: Set[T]) : (Set[T], Set[T]) = val k = ((s.size + 1)/2).floor val t1 = k val t2 = s.size – k val s1 = take(t1, s) val s2 = take(t2, s minus s1) (s1, s2) a b s

54 Synthesis for non-linear arithmetic def decomposeOffset(offset: Int, dimension: Int) : (Int, Int) = choose((x: Int, y: Int) ⇒ ( offset == x + dimension * y && 0 ≤ x && x < dimension )) The predicate becomes linear at run-time Synthesized program must do case analysis on the sign of the input variables Some coefficients are computed at run-time

55 Experience with Comfusy Works well for examples we encountered – Needed: synthesis for more expressive logics, to handle more examples – seems ideal for domain-specific languages Efficient for conjunctions of equations (could be made polynomial) Extends to synthesis with parametric coefficients Extends to logics that reduce to Presburger arithmetic (implemented for BAPA)

56 Comfusy for Arithmetic  Limitations of Comfusy for arithmetic: – Naïve handling of disjunctions – Blowup in elimination, divisibility constraints – Complexity of running synthesized code (from QE): doubly exponential in formula size – Not tested on modular arithmetic, or on synthesis with optimization objectives – Arbitrary-precision arithmetic with multiple operations generates time-inefficient code – Cannot do bitwise operations (not in PA)

57 Arithmetic Synthesis using Automata

58 RegSy Synthesis for regular specifications over unbounded domains J. Hamza, B. Jobstmann, V. Kuncak FMCAD 2010

59 Synthesize Functions over Integers Given weight w, balance beam using weights 1kg, 3kg, and 9kg Where to put weights if w=7kg? 1 1 3 3 9 9 w w

60 Synthesize Functions over Integers Given weight w, balance beam using weights 1kg, 3kg, and 9kg Where to put weights if w=7kg? Synthesize program that computes correct positions of 1kg, 3kg, and 9kg for any w? 9 9 7 7 3 3 1 1

61 Synthesize Functions over Integers 9 9 7 7 3 3 1 1 Assumption: Integers are non-negative

62 Expressiveness of Spec Language Non-negative integer constants and variables Boolean operators Linear arithmetic operator Bitwise operators Quantifiers over numbers and bit positions PAbit = Presburger arithmetic with bitwise operators WS1S= weak monadic second-order logic of one successor

63 Problem Formulation Given – relation R over bit-stream (integer) variables in WS1S (PAbit) – partition of variables into inputs and outputs Constructs program that, given inputs, computes correct output values, whenever they exist. Unlike Church synthesis problem, we do not require causality (but if spec has it, it helps us)

64 Basic Idea View integers as finite (unbounded) bit-streams (binary representation starting with LSB) Specification in WS1S (PAbit) Synthesis approach: – Step 1: Compile specification to automaton over combined input/output alphabet (automaton specifying relation) – Step 2: Use automaton to generate efficient function from inputs to outputs realizing relation

65 Inefficient but Correct Method Run over a deterministic automaton over inputs and outputs Becomes run of a non-deterministic if we look only at outputs Simulate all branches until the end of input Successful branches indicate outputs that work

66 WS1S spec WS1S spec Mona Synthesis: 1.Det. automaton for spec over joint alphabet 2.Project, determinize, extract lookup table Synthesis: 1.Det. automaton for spec over joint alphabet 2.Project, determinize, extract lookup table Execution: 1.Run A on input w and record trace 2.Use table to run backwards and output Execution: 1.Run A on input w and record trace 2.Use table to run backwards and output Our Approach: Precompute Synthesized program: Automaton + lookup table Synthesized program: Automaton + lookup table Input word Output word without losing backward information

67 Experiments Linear scaling observed in length of input NoExampleMONA (ms)Syn (ms)|A||A’|512b1024b2048b4096b 1addition3181324950999519673978 2approx719670273547093218213641 3company8291130658177608131223914930 4parity3461084533667013102572 5mod-6341242232746091717653567 63-weights- min 26963640221343887516883391 74-weights27071537551945890317813605 8smooth-4b5157819501781955637127125054942 9smooth-f-2b569331736753198919903905 10smooth-b-2b5691241733421693476281304 116-3n+183410072337955695318824022 In 3 seconds solve constraint, minimizing the output; Inputs and outputs are of order 2 4000

68 More on Compilation Essence: partial evaluation Recent work: partially evaluate Simplex – repeatedly solve same formula (with different parameters) – obtaining orders of magnitude speedups Work by Sebastien Vasey

69 Implicit Programming at All Levels Opportunities for implicit programming in Development within an IDE – InSynth tool Compilation – Comfusy and RegSy tools Execution – Scala ^ Z3 and UDITA tools requirements def f(x : Int) = { choose y st... } iload_0 iconst_1 call Z3 42  

70 Example tool all : SequenceInputStream = 

71 InSynth - Interactive Synthesis of Code Snippets def map[A,B](f:A => B, l:List[A]): List[B] = {... } def stringConcat(lst : List[String]): String = {... }... def printInts(intList:List[Int], prn: Int => String): String = def map[A,B](f:A => B, l:List[A]): List[B] = {... } def stringConcat(lst : List[String]): String = {... }... def printInts(intList:List[Int], prn: Int => String): String = Returned value: stringConcat(map (prn, intList)) Returned value: stringConcat(map (prn, intList)) Is there a term of given type in given environment? Monorphic: decidable. Polymorphic: undecidable joint work with: Tihomir Gvero, Ruzica Piskac

72 Program point Max steps Create clauses: - encode in FOL - assign weights Find all visible symbols Resolution algorithm with weights ………………………… ………………………… ………………………… ………………………… ………………………… ………………………… ………………………… ………………………… …………… Code snippets Code Synthesis inside IDE

73 Relationship to Verification Some functionality is best synthesized from specs – other: better implemented, verified (and put into library) Currently, no choice –must always implement – specifications and verification are viewed as overhead Goal: make specifications intrinsic part of programs, with clear benefits to programmers – they run! Example: write an assertion, not how to establish it This will help both – verifiability: document, not reverse-engineer the invariants – productivity: avoid writing messy implementation

74 Conclusion: Implicit Programming Development within an IDE – InSynth tool – theorem proving as code completion Compilation – Comfusy : decision procedure  synthesis procedure Scala implementation for integer arithmetic, BAPA – RegSy : solving WS1S constraints Execution – Scala ^ Z3 : constraint programming – UDITA: Java + choice as test generation language Future: linked structures and distributed systems http://lara.epfl.ch/w/impro

75 Runtime Invocation vs Compilation Pros of synthesis Change in complexity: time is spent at compile time Solving most of the problem only once Partial evaluation: we get a specialized decision procedure No need to ship a decision procedure with the program Pros of runtime invocation Conceptually simpler Can use off-the-shelf solver for now can be more expressive and even faster but: val times = for (secs ← timeStats) yield secondsToTime(secs)

Download ppt "Implicit Programming Viktor Kuncak EPF Lausanne"

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Intermediate Code Generation

Intermediate Code Generation
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,

Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
Control Structures Any mechanism that departs from straight-line execution: –Selection: if-statements –Multiway-selection: case statements –Unbounded iteration:

Control Structures Any mechanism that departs from straight-line execution: –Selection: if-statements –Multiway-selection: case statements –Unbounded iteration:
Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 

Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
The Big Picture Chapter 3. We want to examine a given computational problem and see how difficult it is. Then we need to compare problems Problems appear.

The Big Picture Chapter 3. We want to examine a given computational problem and see how difficult it is. Then we need to compare problems Problems appear.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.

INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
CS 355 – Programming Languages

CS 355 – Programming Languages

Similar presentations

Ads by Google