Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethan Jackson, Nikolaj Bjørner and Wolfram Schulte Research in Software Engineering (RiSE), Microsoft Research 1. A FORMULA for Abstractions and Automated.

Published bySabina Cameron Modified over 8 years ago

Similar presentations

Presentation on theme: "Ethan Jackson, Nikolaj Bjørner and Wolfram Schulte Research in Software Engineering (RiSE), Microsoft Research 1. A FORMULA for Abstractions and Automated."— Presentation transcript:

1 Ethan Jackson, Nikolaj Bjørner and Wolfram Schulte Research in Software Engineering (RiSE), Microsoft Research 1. A FORMULA for Abstractions and Automated Analysis Dirk Seifert, Markus Dahlweid and Thomas Santen European Microsoft Innovation Center (EMIC), Microsoft Research

2 http://research.microsoft.com/formula

3 Abstractions let us formally reason using about properties using only the relevant details. Why Abstractions? For example, we don’t reason about functional properties of software with an oscilloscope…

4 The Right Abstraction Pays Off… Can apply axioms to automatically reason about a model of a program Trace showing a reachable bug Axioms of machineInitial Configuration x = 2; y = 2 * x; x y IP 00 Traces

5 Of course, tradeoffs between precision and analyzability of programs. Also, modern software systems have new problems where: 1.The axioms of the machine are insufficient to express the property. 2.The property is not easily phrased in terms of execution traces of programs. Why More Than One Abstraction?

6 Example 1 – Data Center Configuration How can a set of services be feasibly deployed in a data center? (Functional correctness of services doesn’t help) HBI DatabaseWeb serverVoice rec. service Can’t do this; literally illegal in some cases. Can’t do this; may overload CPU. Need some model of conflicts between services, but not necessarily implementation details.

7 Example 2 – Web-Service Integration When (correct) web-services are mashed-up can new vulnerabilities arise? Genealogy data to make friend recommendations Policy for computing genealogical relationships Policy for computing friend recommendations Full static verification would be very difficult. Abstracting to the data policies focuses the problem. Genealogy site Social networking site Can Evil Eve get recommended as friend to Bob?

8 A FORMULA for Abstractions Algebraic data types (ADTs) and strongly typed constraint logic programming (CLP) Queries - Yes/no questions about the model The FORMULA language is a general framework for specifying abstractions. My Abstraction A finite set of facts over which the logic program reasons My Model Can Eve trick Bob? Is the data center correctly configured ? The class of CLP means axioms are a subclass of FPL over background theories

9 A FORMULA for Analysis Assume the logic program does not state all the facts (open world assumption). The FORMULA solver provides general state-of-the-art automated analysis by finite model finding. My Abstraction Require a query to hold My Model Can Eve trick Bob? = Yes My Model Model k Model 2 Model 1 Search for models (worlds) where the query holds Can encode design space exploration, bounded model checking, schedulability analysis etc… as finite model finding over OWA programs.

10 http://research.microsoft.com/formula

11 Typically, CLP semantics state a proposition is false if it is false in the least model of the logic program. This assumption hinders our desire to search over worlds where a query holds. It requires the programmer to define search strategies, thereby losing the declarative nature of CLP. The Closed World Assumption (CWA)

12 Example: N-Queens with CWA Can we write a set of rules that inductively generates and tests board configurations until it places n queens so they do not attack? ? ? ? ? ? ? ? ? ? ?

13 Example: N-Queens with CWA

14 Closed World Query Operation Use the query operation to search for board configurations

15 Example: N-Queens with OWA Give semantics of “attack”. Is there a world containing N queens where none can attack? ? ? ? ? ? ? ? ? ? ?

16 Example: N-Queens with OWA

17 Open World Query Operation Use the query operation to search for board configurations May further constraint the query operation so every W is a subset of regular Herbrand set.

18 Finding Models http://research.microsoft.com/formula model Queens8_1 of NQueens at "../NQueens.4ml" { Size(8) Queen(0,4) Queen(1,0) Queen(2,3) Queen(3,5) Queen(4,7) Queen(5,1) Queen(6,6) Queen(7,2) }

19 http://research.microsoft.com/formula

20 Need semantic types to explain the shape of worlds, otherwise we search many erroneous words: Types in OWA Use a sub-class of regular types admitting canonical forms. Lift interpreted functions into the type system via Galois approximations. Also want to know if the OWA program is meaningful over all well-typed worlds. Must deal with constraints.

21 Type Language Given the declarations: Then this is a type term: And its canonical form is:

22 Constraint-Level Type Inference Need to determine if a rule is meaningful over all possible worlds. Over-approximate the satisfying assignments of the body with regular types Check that the head is a sub-type of the declared type.

23 Model Finding By Symbolic Execution

24 (= (+ (@Nat2Int _ !23) (* -1 (@Nat2Int _ !25))) -2) (= (+ (@Nat2Int _ !23) (* -1 (@Nat2Int _ !26))) -3) (= (+ (@Nat2Int _ !24) (* -1 (@Nat2Int _ !25))) -1) (= (+ (@Nat2Int _ !24) (* -1 (@Nat2Int _ !26))) -2) (= (+ (@Nat2Int _ !25) (* -1 (@Nat2Int _ !26))) -1) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !23))) 1) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !24))) 2) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !25))) 3) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !26))) 4) (= (+ (@Nat2Int _ !23) (* -1 (@Nat2Int _ !24))) 1) (= (+ (@Nat2Int _ !23) (* -1 (@Nat2Int _ !25))) 2) (= (+ (@Nat2Int _ !23) (* -1 (@Nat2Int _ !26))) 3) (= (+ (@Nat2Int _ !24) (* -1 (@Nat2Int _ !25))) 1) (= (+ (@Nat2Int _ !24) (* -1 (@Nat2Int _ !26))) 2) (= (+ (@Nat2Int _ !25) (* -1 (@Nat2Int _ !26))) 1))) (not (or (>= (@Nat2Int _ !22) 5) (>= (@Nat2Int _ !23) 5) (>= (@Nat2Int _ !24) 5) (>= (@Nat2Int _ !25) 5) (>= (@Nat2Int _ !26) 5) (= _ !22 _ !23) (= _ !22 _ !24) (= _ !22 _ !25) (= _ !22 _ !26) (= _ !23 _ !24) (= _ !23 _ !25) (= _ !23 _ !26) (= _ !24 _ !25) (= _ !24 _ !26) (= _ !25 _ !26) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !23))) -1) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !24))) -2) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !25))) -3) (= (+ (@Nat2Int _ !22) (* -1 (@Nat2Int _ !26))) -4) (= (+ (@Nat2Int _ !23) (* -1 (@Nat2Int _ !24))) -1) Boolean connectives Type coercions Symbolic constants Arithmetic functions

25 Solving and Search FORMULA Specification Symbolic Execution SMT Formula Guess symbolic world Add symmetry breaking Z3 Solver Pick next region Encode solution region Try something new Use state-of-the-art satisfiability modulo theories (SMT) solver Z3 to solve quantifier-free formulas. Get solution, reconstruct model

26 Solving and Search

27 http://research.microsoft.com/formula

Download ppt "Ethan Jackson, Nikolaj Bjørner and Wolfram Schulte Research in Software Engineering (RiSE), Microsoft Research 1. A FORMULA for Abstractions and Automated."

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.

Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.
First Order Logic Logic is a mathematical attempt to formalize the way we think. First-order predicate calculus was created in an attempt to mechanize.

First Order Logic Logic is a mathematical attempt to formalize the way we think. First-order predicate calculus was created in an attempt to mechanize.
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
CPSC 422, Lecture 21Slide 1 Intelligent Systems (AI-2) Computer Science cpsc422, Lecture 21 Mar, 4, 2015 Slide credit: some slides adapted from Stuart.

CPSC 422, Lecture 21Slide 1 Intelligent Systems (AI-2) Computer Science cpsc422, Lecture 21 Mar, 4, 2015 Slide credit: some slides adapted from Stuart.
Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.

Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt 5.0-5.1) February, 23, 2009.

CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt ) February, 23, 2009.
Programming with Constraints Jia-Huai You. Subject of Study Constraint Programming (CP) studies the computational models, languages, and systems for solving.

Programming with Constraints Jia-Huai You. Subject of Study Constraint Programming (CP) studies the computational models, languages, and systems for solving.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Similar presentations

Ads by Google