Invariant Generation for Parametrized Systems using Self-Reflection
Size: px
Start display at page:

Download "Invariant Generation for Parametrized Systems using Self-Reflection"

Transcription

1 Invariant Generation for Parametrized Systems using Self-Reflection Alejandro Sánchez 1 César Sánchez 1,3 Sriram Sankaranarayanan 2 Bor-Yuh Evan Chang 2 1 IMDEA Software Institute, Spain 2 University of Colorado, USA 3 Spanish Council for Scientific Research (CSIC), Spain Rich Model Toolkit COST Action Meeting, Malta, 17 June 2013

2 Motivation

3 Motivation P 1 P 2 P N Consider a finite but unbounded set of processes

4 Motivation P 1 P 2 P N Consider a finite but unbounded set of processes Running the same program in paralallel

5 Motivation P 1 P 2 P N Consider a finite but unbounded set of processes Running the same program in paralallel Classical scenarios include: Device drivers Distributed algorithms Concurrent datastructures Robotic swarms Biological Systems

6 Motivation P 1 P 2 P N GOAL : Automatic Infer Parametrized Invariants Consider a finite but unbounded set of processes Running the same program in paralallel Classical scenarios include: Device drivers Distributed algorithms Concurrent datastructures Robotic swarms Biological Systems

7 Our Contribution

8 Our Contribution An automatic abstract-interpretation-based framework Able to reason over parametrized programs Capable of infering indexed invariants

9 Our Contribution An automatic abstract-interpretation-based framework Able to reason over parametrized programs Capable of infering indexed invariants... and even more important... Adapting existing invariant synthesis techniques Leveraging off-the-shelf sequential invariant generators

10 Our Contribution An automatic abstract-interpretation-based framework Able to reason over parametrized programs Capable of infering indexed invariants... and even more important... Adapting existing invariant synthesis techniques Leveraging off-the-shelf sequential invariant generators In this talk Introduce the notion of Reflective Abstraction Report first empirical evaluation

11 Motivating Example: Workstealing

12 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: }

13 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data

14 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data

15 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data c end

16 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data c end

17 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } data c end

18 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } data T 1 T i T j T N

19 Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } data As example, for a 2-indexed invariant T 1 T i T j T N P [1] P [2] materialized materialized

20 Motivating Example: Workstealing data global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } As example, for a 2-indexed invariant T 1 T i T j T N P [1] P [2] materialized materialized

21 Motivating Example: Workstealing data global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } As example, for a 2-indexed invariant T 1 T i T j T N P [1] P [2] materialized materialized Reflective Abstraction

22 Motivating Example: Workstealing Invariant examples # Mat. Threads Ψ 0 : next mod 5 = 0 0 Ψ 1 : ( i) 0 c[i] < len 1 Ψ 2 : ( i 1, i 2 ) c[i 1 ] c[i 2 ] 2 data T 1 T i T j T N P [1] P [2] materialized materialized Reflective Abstraction

23 Reflective Invariants in a Nutshell

24 Reflective Invariants in a Nutshell Materialized

25 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2

26 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 next + 5 > len l 2

27 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 next + 5 > len l 2 c < end l 3

28 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 next + 5 > len l 2 c < end c = c + 1 l 3 processdata[c] l 4

29 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end c < end c = c + 1 l 3 l 5 processdata[c] l 4

30 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end c < end c = c + 1 l 3 l 5 processdata[c] l 4 Transition modifying shared variable next

31 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Transition modifying shared variable next

32 Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end ( c, end, c, end ) Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Transition modifying shared variable next

33 Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4

34 Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4

35 Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Over approximation True

36 Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Over approximation True False

37 Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 1. Begin, l Loc, Inv 1 (l) = false processdata[c] l 4

38 Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 1. Begin, l Loc, Inv 1 (l) = false l 4 processdata[c] 2. Compute Σ j using Inv j 3. Obtain Inv j+1 = AbsInt(Σ j ) 4. Stop when l Loc, Inv j+1 (l) Inv j (l)

39 Reflective Abstraction and Inductive Invariants

40 Reflective Abstraction and Inductive Invariants We define as usual: Parametrized Transition System: Π = G, X, Trs, l 0, Θ Transition: τ = l src, l dst, ρ A reflective abstraction over approximates all parametrized instances of Π by a finite transition system

41 Reflective Abstraction and Inductive Invariants We define as usual: Parametrized Transition System: Π = G, X, Trs, l 0, Θ Transition: τ = l src, l dst, ρ A reflective abstraction over approximates all parametrized instances of Π by a finite transition system Let Γ[X] be some fixed first-order language of assertions An assertion map η : Loc fin Γ[X] is inductive when: 1. Θ η(l 0 ) 2. for any τ : l src, l dst, ρ, τ(η(l src )) η(l dst )

42 Reflective Abstraction and Inductive Invariants We define as usual: Parametrized Transition System: Π = G, X, Trs, l 0, Θ Transition: τ = l src, l dst, ρ A reflective abstraction over approximates all parametrized instances of Π by a finite transition system Let Γ[X] be some fixed first-order language of assertions An assertion map η : Loc fin Γ[X] is inductive when: 1. Θ η(l 0 ) 2. for any τ : l src, l dst, ρ, τ(η(l src )) η(l dst ) In formal verification, to show Ψ, we seek an inductive assertion map η s.t. l Loc, η(l) Ψ

43 Reflective Abstraction and Inductive Invariants Given Π = G, X, Loc, Trs, l 0, Θ and assertion map η, we define: Reflect Π (η) as a sequential transition system with: variables : G X locations : Loc transitions : Trs { (τ, η, l) τ Trs and l Loc } pres(x) ( Y, Y ) ( η(l src )[G, Y ] ρ[g, Y, G, Y ] ) l

44 Theorem: Reflection Soundness Let η be an inductive assertion map for Reflect Π (η), then for each location l of Π, η(l) is a 1-index invariant

45 Theorem: Reflection Soundness Let η be an inductive assertion map for Reflect Π (η), then for each location l of Π, η(l) is a 1-index invariant What about k-index invariants? Start from Π Π }{{} k To obtain an assertion map η k : Loc Loc fin Γ[X]

46 Reflective Abstract Interpretation We iteratively generate invariants for parametrized systems As fix point of a monotone operator over an abstract domain Applying abstract interpretation on reflective abstractions η = lfp F (, Σ)

47 Reflective Abstract Interpretation We consider 3 schemas: Lazy: η Lazy = lfp G L,Π ( ) G L,Π ( η) def = lfp F (, Reflect Π (γ η)) Eager: η Eager = lfp G E,Π ( ) G E,Π ( η) def = F ( η, Reflect Π (γ η)) Eager+: η Eager+ = lfp G E +,Π( ) G E,Π ( η) def = lfp F (, Reflect Π (γ η Eager ))

48 Reflective Abstraction vs. Interference Abstraction

49 Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: }

50 Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x

51 Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x Interference Abstraction Reflective Abstraction

52 Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x Interference Abstraction over approximates from True Reflective Abstraction fails to derive g 0 (a non- deterministic update to g)

53 Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x Interference Abstraction over approximates from True Reflective Abstraction over approximates from False fails to derive g 0 (a non- deterministic update to g) incrementally infers invs over x (derives g 0)

54 Empirical Evaluation We study these examples (2-75 locs., 6-24 vars., 4-49 trans.): Simple software barrier Centralized software barrier Workstealing Generalized dinning philosophers Robot swarm moving on a m n grid

55 Empirical Evaluation We study these examples (2-75 locs., 6-24 vars., 4-49 trans.): Simple software barrier Centralized software barrier Workstealing Generalized dinning philosophers Robot swarm moving on a m n grid We compare 4 schemes: Lazy Eager Eager+ Interference

56 Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I P O Wsteal I P O Cbar I P TO O TO Phil I P O TO Rb(2,2) I P TO O TO Rb(2,3) I P TO O TO Rb(3,3) I P TO O TO Rb(4,4) I 29 TO P TO O TO 0 TO 0 TO 0 TO 0

57 Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I P O Wsteal I P O Cbar I P TO O TO Phil I P O TO Rb(2,2) I P TO O TO Rb(2,3) I P TO O TO Rb(3,3) I P TO O TO Rb(4,4) I 29 TO P TO O TO 0 TO 0 TO 0 TO 0 Still interference abstraction is the fastest

58 Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I P O Wsteal I P O Cbar I P TO O TO Phil I P O TO Rb(2,2) I P TO O TO Rb(2,3) I P TO O TO Rb(3,3) I P TO O TO Rb(4,4) I 29 TO P TO O TO 0 TO 0 TO 0 TO 0 Lazy abstraction was the slowest (with many TO)

59 Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. ID Dom Time(Lazy) Time(Eager) Time(Eager+) Time(Interf) Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I P O Wsteal P O Wsteal I P O Cbar I Cbar P TO P 0 TO O TO O TO Phil I P O TO Phil P Rb(2,2) I P TO O TO O 0 TO Rb(2,3) I P TO O TO Rb(3,3) P TO O TO Rb(3,3) I P TO O TO Rb(4,4) I 29 TO P TO O TO 0 TO 0 TO 0 TO 0 Polyhedra in general results faster than octagons (possibly due to Apron library)

60 Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. ID Dom Prps Prp(Lazy) Prp(Eager) Prp(Eager+) Prp(Interf) Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I P O Wsteal I Wsteal I P P O Cbar I Cbar P TO I O TO P Phil I P O TO Phil I P Rb(2,2) I P TO O TO Rb(2,3) I P TO O TO Rb(4,4) I Rb(3,3) I P TO P O TO Rb(4,4) I 29 TO P TO O TO 0 TO 0 TO 0 TO 0 Interference infers more properties in polyhedra,

61 Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. ID Dom Prps Prp(Lazy) Prp(Eager) Prp(Eager+) Prp(Interf) Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I P O Wsteal I Wsteal I P P O Cbar I Cbar P TO I O TO P Phil I P O TO Phil I P Rb(2,2) I P TO O TO Rb(2,3) I P TO O TO Rb(4,4) I Rb(3,3) I P TO P O TO Rb(4,4) I 29 TO P TO O TO 0 TO 0 TO 0 TO 0 Interference infers more properties in polyhedra, but less in intervals

62 Empirical Evaluation Relative strengths of inferred invariants ID Dom L:E L:E+ L:In E:In E+:In E:E+ Tbar I = P = = = O = = = Wsteal I = P + O = = = Cbar I = P TO TO TO O TO TO TO + + = Phil I = P = O TO TO TO + + = Rb(2,2) I = P TO TO TO O TO TO TO + Rb(2,3) I = P TO TO TO O TO TO TO + Rb(3,3) I = P TO TO TO O TO TO TO + Rb(4,4) I TO TO TO + + = P TO TO TO O TO TO TO TO TO TO

63 Empirical Evaluation Relative strengths of inferred invariants ID Dom L:E L:E+ L:In E:In E+:In E:E+ Tbar I = P = = = O = = = Wsteal I = P + O = = = Cbar I = P TO TO TO O TO TO TO + + = Phil I = P = O TO TO TO + + = Rb(2,2) I = P TO TO TO O TO TO TO + Rb(2,3) I = P TO TO TO O TO TO TO + Rb(3,3) I = P TO TO TO O TO TO TO + Rb(4,4) I TO TO TO + + = P TO TO TO O TO TO TO TO TO TO Lazy, eager and eager+ prove stronger invariants for interval domain compared to interference

64 Empirical Evaluation Relative strengths of inferred invariants ID Dom L:E L:E+ L:In E:In E+:In E:E+ Tbar I = P = = = O = = = Wsteal I = P + O = = = Cbar I = P TO TO TO O TO TO TO + + = Phil I = P = O TO TO TO + + = Rb(2,2) I = P TO TO TO O TO TO TO + Rb(2,3) I = P TO TO TO O TO TO TO + Rb(3,3) I = P TO TO TO O TO TO TO + Rb(4,4) I TO TO TO + + = P TO TO TO O TO TO TO TO TO TO Trend is reversed for polyhedra domain

65 Conclusions We presented a new technique: Reflective Abstraction Helpful to infer k-indexed invariants on parametrized systems Enables leveraging off-the-shelf invariant generators We studied three variants of reflective abstraction, analyzing their relative strength in inferring invariants Possible future directions, study the possibility of additional structure on the summarized threads

Similar documents

Proofs of Correctness: Introduction to Axiomatic Verification

Proofs of Correctness: Introduction to Axiomatic Verification Proofs of Correctness: Introduction to Axiomatic Verification Introduction Weak correctness predicate Assignment statements Sequencing Selection statements Iteration 1 Introduction What is Axiomatic Verification?

More information

CS256/Winter 2009 Lecture #6. Zohar Manna

CS256/Winter 2009 Lecture #6. Zohar Manna CS256/Winter 2009 Lecture #6 Zohar Manna Chapter 1 Invariance: Proof Methods For assertion q and SPL program P show P Õ ¼ q (i.e., q is P-invariant) 6-1 Proving Invariances Definitions Recall: the variables

More information

The algorithmic analysis of hybrid system

The algorithmic analysis of hybrid system The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher: Prof. Ugo Buy Xin Li, Huiyong Xiao Nov. 13, 2002 Summary What s a hybrid system? Definition of Hybrid Automaton

More information

Formal Methods in Software Engineering

Formal Methods in Software Engineering Formal Methods in Software Engineering An Introduction to Model-Based Analyis and Testing Vesal Vojdani Department of Computer Science University of Tartu Fall 2014 Vesal Vojdani (University of Tartu)

More information

AN INTRODUCTION TO SEPARATION LOGIC. 2. Assertions

AN INTRODUCTION TO SEPARATION LOGIC. 2. Assertions AN INTRODUCTION TO SEPARATION LOGIC 2. Assertions John C. Reynolds Carnegie Mellon University January 7, 2011 c 2011 John C. Reynolds Pure Assertions An assertion p is pure iff, for all stores s and all

More information

A Brief History of Shared memory C M U

A Brief History of Shared memory C M U A Brief History of Shared memory S t e p h e n B r o o k e s C M U 1 Outline Revisionist history Rational reconstruction of early models Evolution of recent models A unifying framework Fault-detecting

More information

Program Verification Using Separation Logic

Program Verification Using Separation Logic Program Verification Using Separation Logic Cristiano Calcagno Adapted from material by Dino Distefano Lecture 1 Goal of the course Study Separation Logic having automatic verification in mind Learn how

More information

Algebraic Trace Theory

Algebraic Trace Theory Algebraic Trace Theory EE249 Roberto Passerone Material from: Jerry R. Burch, Trace Theory for Automatic Verification of Real-Time Concurrent Systems, PhD thesis, CMU, August 1992 October 21, 2002 ee249

More information

The State Explosion Problem

The State Explosion Problem The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis

More information

On simulations and bisimulations of general flow systems

On simulations and bisimulations of general flow systems On simulations and bisimulations of general flow systems Jen Davoren Department of Electrical & Electronic Engineering The University of Melbourne, AUSTRALIA and Paulo Tabuada Department of Electrical

More information

Lecture 3: Semantics of Propositional Logic

Lecture 3: Semantics of Propositional Logic Lecture 3: Semantics of Propositional Logic 1 Semantics of Propositional Logic Every language has two aspects: syntax and semantics. While syntax deals with the form or structure of the language, it is

More information

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R. COMP2111 Glossary Kai Engelhardt Revision: 1.3, May 18, 2018 Contents 1 Symbols 1 2 Hoare Logic 3 3 Refinement Calculus 5 1 Symbols Booleans B = {false, true}, natural numbers N = {0, 1, 2,...}, integers

More information

Trace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University

Trace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University Trace semantics: towards a unification of parallel paradigms Stephen Brookes Department of Computer Science Carnegie Mellon University MFCSIT 2002 1 PARALLEL PARADIGMS State-based Shared-memory global

More information

Axiomatic semantics. Semantics and Application to Program Verification. Antoine Miné. École normale supérieure, Paris year

Axiomatic semantics. Semantics and Application to Program Verification. Antoine Miné. École normale supérieure, Paris year Axiomatic semantics Semantics and Application to Program Verification Antoine Miné École normale supérieure, Paris year 2015 2016 Course 6 18 March 2016 Course 6 Axiomatic semantics Antoine Miné p. 1 /

More information

Theories of Programming Languages Assignment 5

Theories of Programming Languages Assignment 5 Theories of Programming Languages Assignment 5 December 17, 2012 1. Lambda-Calculus (see Fig. 1 for initions of = β, normal order evaluation and eager evaluation). (a) Let Ω = ((λx. x x) (λx. x x)), and

More information

Termination Analysis of Loops

Termination Analysis of Loops Termination Analysis of Loops Zohar Manna with Aaron R. Bradley Computer Science Department Stanford University 1 Example: GCD Algorithm gcd(y 1, y 2 ) = gcd(y 1 y 2, y 2 ) if y 1 > y 2 gcd(y 1, y 2 y

More information

Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language. Hongseok Yang (Queen Mary, Univ.

Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language. Hongseok Yang (Queen Mary, Univ. Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language Hongseok Yang (Queen Mary, Univ. of London) Dream Automatically verify the memory safety of systems software,

More information

A Short Introduction to Hoare Logic

A Short Introduction to Hoare Logic A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking

More information

Size-Change Termination and Transition Invariants

Size-Change Termination and Transition Invariants Size-Change Termination and Transition Invariants Matthias Heizmann 1, Neil D. Jones 2, and Andreas Podelski 1 1 University of Freiburg, Germany 2 University of Copenhagen, Denmark Abstract. Two directions

More information

Proving Liveness of Parameterized Programs

Proving Liveness of Parameterized Programs Proving Liveness of Parameterized Programs Azadeh Farzan University of Toronto Zachary Kincaid Princeton University Andreas Podelski University of Freiburg Abstract Correctness of multi-threaded programs

More information

Inductive Data Flow Graphs

Inductive Data Flow Graphs Inductive Data Flow Graphs Azadeh Farzan University of Toronto Zachary Kincaid Andreas Podelski University of Freiburg Abstract The correctness of a sequential program can be shown by the annotation of

More information

Simply Typed Lambda-Calculi (II)

Simply Typed Lambda-Calculi (II) THEORY AND PRACTICE OF FUNCTIONAL PROGRAMMING Simply Typed Lambda-Calculi (II) Dr. ZHANG Yu Institute of Software, Chinese Academy of Sciences Fall term, 2011 GUCAS, Beijing Introduction PCF Programming

More information

1 Introduction. 2 Recap The Typed λ-calculus λ. 3 Simple Data Structures

1 Introduction. 2 Recap The Typed λ-calculus λ. 3 Simple Data Structures CS 6110 S18 Lecture 21 Products, Sums, and Other Datatypes 1 Introduction In this lecture, we add constructs to the typed λ-calculus that allow working with more complicated data structures, such as pairs,

More information

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC)

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC) University of Science and Technology of China (USTC) 09/26/2011 Overview Predicate logic over integer expressions: a language of logical assertions, for example x. x + 0 = x Why discuss predicate logic?

More information

Chapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011

Chapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011 Chapter 2 An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011 Assertions In this chapter, we give a more detailed exposition of the assertions of separation logic: their meaning,

More information

Algebraic Trace Theory

Algebraic Trace Theory Algebraic Trace Theory EE249 Presented by Roberto Passerone Material from: Jerry R. Burch, Trace Theory for Automatic Verification of Real-Time Concurrent Systems, PhD thesis, CMU, August 1992 October

More information

Clojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014

Clojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014 Clojure Concurrency Constructs, Part Two CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014 1 Goals Cover the material presented in Chapter 4, of our concurrency textbook In particular,

More information

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen Assertions and Preconditions Assertions are used by programmers to verify run-time execution An assertion is a

More information

Verification Constraint Problems with Strengthening

Verification Constraint Problems with Strengthening Verification Constraint Problems with Strengthening Aaron R. Bradley and Zohar Manna Computer Science Department Stanford University Stanford, CA 94305-9045 {arbrad,manna}@cs.stanford.edu Abstract. The

More information

Efficient Strongly Relational Polyhedral Analysis

Efficient Strongly Relational Polyhedral Analysis Efficient Strongly Relational Polyhedral Analysis Sriram Sankaranarayanan 1,3, Michael A. Colón 2, Henny Sipma 3, Zohar Manna 3 1 NEC Laboratories America, Princeton, NJ srirams@nec-labs.com 2 Center for

More information

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹ Formal Verification Lecture 1: Introduction to Model Checking and Temporal Logic¹ Jacques Fleuriot jdf@inf.ed.ac.uk ¹Acknowledgement: Adapted from original material by Paul Jackson, including some additions

More information

Incremental Proof-Based Verification of Compiler Optimizations

Incremental Proof-Based Verification of Compiler Optimizations Incremental Proof-Based Verification of Compiler Optimizations Grigory Fedyukovich joint work with Arie Gurfinkel and Natasha Sharygina 5 of May, 2015, Attersee, Austria counter-example change impact Big

More information

Floyd-Hoare Style Program Verification

Floyd-Hoare Style Program Verification Floyd-Hoare Style Program Verification Deepak D Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 9 Feb 2017 Outline of this talk 1 Overview 2 Hoare Triples 3

More information

Semantics and Verification of Software

Semantics and Verification of Software Semantics and Verification of Software Thomas Noll Software Modeling and Verification Group RWTH Aachen University http://moves.rwth-aachen.de/teaching/ss-15/sv-sw/ The Denotational Approach Denotational

More information

Predicate Logic. x. x + 0 = x. Predicate logic over integer expressions: a language of logical assertions, for example. Why discuss predicate logic?

Predicate Logic. x. x + 0 = x. Predicate logic over integer expressions: a language of logical assertions, for example. Why discuss predicate logic? Predicate Logic Predicate logic over integer expressions: a language of logical assertions, for example x. x + 0 = x Why discuss predicate logic? It is an example of a simple language It has simple denotational

More information

Verifying Safety Properties of Hybrid Systems.

Verifying Safety Properties of Hybrid Systems. Verifying Safety Properties of Hybrid Systems. Sriram Sankaranarayanan University of Colorado, Boulder, CO. October 22, 2010. Talk Outline 1. Formal Verification 2. Hybrid Systems 3. Invariant Synthesis

More information

Predicate Logic. Xinyu Feng 11/20/2013. University of Science and Technology of China (USTC)

Predicate Logic. Xinyu Feng 11/20/2013. University of Science and Technology of China (USTC) University of Science and Technology of China (USTC) 11/20/2013 Overview Predicate logic over integer expressions: a language of logical assertions, for example x. x + 0 = x Why discuss predicate logic?

More information

Online Appendix to: Types for Atomicity: Static Checking and Inference for Java

Online Appendix to: Types for Atomicity: Static Checking and Inference for Java Online Appendix to: Types for Atomicity: Static Checking and Inference for Java CORMAC FLANAGAN University of California at Santa Cruz STEPHEN N. FREUND and MARINA LIFSHIN Williams College and SHAZ QADEER

More information

State-Dependent Representation Independence (Technical Appendix)

State-Dependent Representation Independence (Technical Appendix) State-Dependent Representation Independence (Technical Appendix) Amal Ahmed Derek Dreyer Andreas Rossberg TTI-C MPI-SWS MPI-SWS amal@tti-c.org dreyer@mpi-sws.mpg.de rossberg@mpi-sws.mpg.de Contents August

More information

Scalable Analysis of Linear Systems using Mathematical Programming

Scalable Analysis of Linear Systems using Mathematical Programming Scalable Analysis of Linear Systems using Mathematical Programming Sriram Sankaranarayanan, Henny B. Sipma, and Zohar Manna Computer Science Department Stanford University Stanford, CA 94305-9045 {srirams,sipma,zm}@theory.stanford.edu

More information

Abstract Interpretation II

Abstract Interpretation II Abstract Interpretation II Semantics and Application to Program Verification Antoine Miné École normale supérieure, Paris year 2015 2016 Course 11 13 May 2016 Course 11 Abstract Interpretation II Antoine

More information

Dynamic logic for Hybrid systems

Dynamic logic for Hybrid systems Differential Dynamic Logic for Verifying Parametric Hybrid Systems by Andre Platzer presented by Hallstein Asheim Hansen 15th April 2008 Hallstein Asheim Hansen Slide 1 An example of a hybrid system: Thermostat

More information

CS256/Winter 2009 Lecture #1. Zohar Manna. Instructor: Zohar Manna Office hours: by appointment

CS256/Winter 2009 Lecture #1. Zohar Manna. Instructor: Zohar Manna Office hours: by appointment CS256/Winter 2009 Lecture #1 Zohar Manna FORMAL METHODS FOR REACTIVE SYSTEMS Instructor: Zohar Manna Email: manna@cs.stanford.edu Office hours: by appointment TA: Boyu Wang Email: wangboyu@stanford.edu

More information

The Polyranking Principle

The Polyranking Principle The Polyranking Principle Aaron R. Bradley, Zohar Manna, and Henny B. Sipma Computer Science Department Stanford University Stanford, CA 94305-9045 {arbrad,zm,sipma}@theory.stanford.edu Abstract. Although

More information

Decision Theory and the Logic of Provability

Decision Theory and the Logic of Provability Machine Intelligence Research Institute 18 May 2015 1 Motivation and Framework Motivating Question Decision Theory for Algorithms Formalizing Our Questions 2 Circles of Mutual Cooperation FairBot and Löbian

More information

Program Analysis Part I : Sequential Programs

Program Analysis Part I : Sequential Programs Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for

More information

Beyond First-Order Logic

Beyond First-Order Logic Beyond First-Order Logic Software Formal Verification Maria João Frade Departmento de Informática Universidade do Minho 2008/2009 Maria João Frade (DI-UM) Beyond First-Order Logic MFES 2008/09 1 / 37 FOL

More information

The TLA + proof system

The TLA + proof system The TLA + proof system Stephan Merz Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport INRIA Nancy & INRIA-MSR Joint Centre, France Amir Pnueli Memorial Symposium New York University, May 8, 2010 Stephan

More information

Automata-Theoretic Model Checking of Reactive Systems

Automata-Theoretic Model Checking of Reactive Systems Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,

More information

Learning Methods for Online Prediction Problems. Peter Bartlett Statistics and EECS UC Berkeley

Learning Methods for Online Prediction Problems. Peter Bartlett Statistics and EECS UC Berkeley Learning Methods for Online Prediction Problems Peter Bartlett Statistics and EECS UC Berkeley Course Synopsis A finite comparison class: A = {1,..., m}. 1. Prediction with expert advice. 2. With perfect

More information

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications NICTA Advanced Course Theorem Proving Principles, Techniques, Applications λ 1 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic, natural

More information

Lecture 4 Event Systems

Lecture 4 Event Systems Lecture 4 Event Systems This lecture is based on work done with Mark Bickford. Marktoberdorf Summer School, 2003 Formal Methods One of the major research challenges faced by computer science is providing

More information

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052

More information

DERIVING AND PROVING ABSTRACT NON-INTERFERENCE

DERIVING AND PROVING ABSTRACT NON-INTERFERENCE DERIVING AND PROVING ABSTRACT NON-INTERFERENCE Roberto Giacobazzi and Isabella Mastroeni Dipartimento di Informatica Università di Verona Italy Paris, February 20th, 2004 Deriving and Proving Abstract

More information

Views: Compositional Reasoning for Concurrent Programs

Views: Compositional Reasoning for Concurrent Programs Views: Compositional Reasoning for Concurrent Programs Thomas Dinsdale-Young Imperial College td202@doc.ic.ac.uk Lars Birkedal IT University of Copenhagen birkedal@itu.dk Philippa Gardner Imperial College

More information

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw Applied Logic Lecture 1 - Propositional logic Marcin Szczuka Institute of Informatics, The University of Warsaw Monographic lecture, Spring semester 2017/2018 Marcin Szczuka (MIMUW) Applied Logic 2018

More information

Linearity and Passivity

Linearity and Passivity Linearity and Passivity David A. 1 School of Computing University of Tasmania GPO Box 252-100 Hobart 7001 Australia Abstract A simple symmetric logic is proposed which captures both the notions of Linearity

More information

FAIRNESS FOR INFINITE STATE SYSTEMS

FAIRNESS FOR INFINITE STATE SYSTEMS FAIRNESS FOR INFINITE STATE SYSTEMS Heidy Khlaaf University College London 1 FORMAL VERIFICATION Formal verification is the process of establishing whether a system satisfies some requirements (properties),

More information

Restricted truth predicates in first-order logic

Restricted truth predicates in first-order logic Restricted truth predicates in first-order logic Thomas Bolander 1 Introduction It is well-known that there exist consistent first-order theories that become inconsistent when we add Tarski s schema T.

More information

Static Program Analysis using Abstract Interpretation

Static Program Analysis using Abstract Interpretation Static Program Analysis using Abstract Interpretation Introduction Static Program Analysis Static program analysis consists of automatically discovering properties of a program that hold for all possible

More information

Automatic Generation of Polynomial Invariants for System Verification

Automatic Generation of Polynomial Invariants for System Verification Automatic Generation of Polynomial Invariants for System Verification Enric Rodríguez-Carbonell Technical University of Catalonia Talk at EPFL Nov. 2006 p.1/60 Plan of the Talk Introduction Need for program

More information

Syntax and semantics of a GPU kernel programming language

Syntax and semantics of a GPU kernel programming language Syntax and semantics of a GPU kernel programming language John Wickerson April 17, 2016 Abstract This document accompanies the article The Design and Implementation of a Verification Technique for GPU

More information

The Leader Election Protocol (IEEE 1394)

The Leader Election Protocol (IEEE 1394) The Leader Election Protocol (IEEE 1394) J.R. Abrial, D. Cansell, D. Méry July 2002 This Session - Background :-) - An informal presentation of the protocol :-) - Step by step formal design :- - Short

More information

Integrating State Constraints and Obligations in Situation Calculus

Integrating State Constraints and Obligations in Situation Calculus Integrating State Constraints and Obligations in Situation Calculus Robert Demolombe ONERA-Toulouse 2, Avenue Edouard Belin BP 4025, 31055 Toulouse Cedex 4, France. Robert.Demolombe@cert.fr Pilar Pozos

More information

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program Program verification Assertional semantics of a program Meaning of a program: relation between its inputs and outputs; specified by input assertions (pre-conditions) and output assertions (post-conditions)

More information

CSE 505, Fall 2008, Midterm Examination 29 October Please do not turn the page until everyone is ready.

CSE 505, Fall 2008, Midterm Examination 29 October Please do not turn the page until everyone is ready. CSE 505, Fall 2008, Midterm Examination 29 October 2008 Please do not turn the page until everyone is ready. Rules: The exam is closed-book, closed-note, except for one side of one 8.5x11in piece of paper.

More information

Realizability Semantics of Parametric Polymorphism, General References, and Recursive Types

Realizability Semantics of Parametric Polymorphism, General References, and Recursive Types Realizability Semantics of Parametric Polymorphism, General References, and Recursive Types Lars Birkedal IT University of Copenhagen Joint work with Kristian Støvring and Jacob Thamsborg Oct, 2008 Lars

More information

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Lecture Notes: Axiomatic Semantics and Hoare-style Verification Lecture Notes: Axiomatic Semantics and Hoare-style Verification 17-355/17-665/17-819O: Program Analysis (Spring 2018) Claire Le Goues and Jonathan Aldrich clegoues@cs.cmu.edu, aldrich@cs.cmu.edu It has

More information

Bringing class diagrams to life

Bringing class diagrams to life Bringing class diagrams to life Luis S. Barbosa & Sun Meng DI-CCTC, Minho University, Braga & CWI, Amsterdam UML & FM Workshop 2009 Rio de Janeiro 8 December, 2009 Formal Methods proofs problems structures

More information

An Abstract Domain to Infer Ordinal-Valued Ranking Functions

An Abstract Domain to Infer Ordinal-Valued Ranking Functions An Abstract Domain to Infer Ordinal-Valued Ranking Functions Caterina Urban and Antoine Miné ÉNS & CNRS & INRIA, Paris, France urban@di.ens.fr, mine@di.ens.fr Abstract. The traditional method for proving

More information

Constraint Solving for Program Verification: Theory and Practice by Example

Constraint Solving for Program Verification: Theory and Practice by Example Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions

More information

Institute of Theoretical Computer Science, ETH Zurich

Institute of Theoretical Computer Science, ETH Zurich Eidgenossische Technische Hochschule Zurich Ecole polytechnique federale de Zurich Politecnico federale di Zurigo Swiss Federal Institute of Technology Zurich A Logic for Secure Memory Access of ASMs Stanislas

More information

Operational Semantics Using the Partiality Monad

Operational Semantics Using the Partiality Monad page.1 Operational Semantics Using the Partiality Monad Nils Anders Danielsson (Göteborg) Shonan Meeting 026: Coinduction for computation structures and programming languages The research leading to these

More information

Logical Abduction and its Applications in Program Verification. Isil Dillig MSR Cambridge

Logical Abduction and its Applications in Program Verification. Isil Dillig MSR Cambridge Logical Abduction and its Applications in Program Verification? Isil Dillig MSR Cambridge What is Abduction? Abduction: Opposite of deduction 2 / 21 What is Abduction? Abduction: Opposite of deduction

More information

MAKING THE UNOBSERVABLE, UNOBSERVABLE.

MAKING THE UNOBSERVABLE, UNOBSERVABLE. MAKING THE UNOBSERVABLE, UNOBSERVABLE. 3 PAPERS FROM THE LAST 365 DAYS AVAILABLE TO READ NOW ON YOUR COMPUTER PAWEL SOBOCINSKI AND JULIAN RATHKE GO TO www.ecs.soton.ac.uk/~ps/publications.php Plan of the

More information

Coinductive big-step semantics and Hoare logics for nontermination

Coinductive big-step semantics and Hoare logics for nontermination Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of Cybernetics, Tallinn joint work with Keiko Nakata COST Rich Models Toolkit meeting, Madrid, 17 18 October 2013

More information

Discrete Fixpoint Approximation Methods in Program Static Analysis

Discrete Fixpoint Approximation Methods in Program Static Analysis Discrete Fixpoint Approximation Methods in Program Static Analysis P. Cousot Département de Mathématiques et Informatique École Normale Supérieure Paris

More information

Temporal Logic of Actions

Temporal Logic of Actions Advanced Topics in Distributed Computing Dominik Grewe Saarland University March 20, 2008 Outline Basic Concepts Transition Systems Temporal Operators Fairness Introduction Definitions Example TLC - A

More information

Hybrid systems and computer science a short tutorial

Hybrid systems and computer science a short tutorial Hybrid systems and computer science a short tutorial Eugene Asarin Université Paris 7 - LIAFA SFM 04 - RT, Bertinoro p. 1/4 Introductory equations Hybrid Systems = Discrete+Continuous SFM 04 - RT, Bertinoro

More information

Relational Reasoning in Natural Language

Relational Reasoning in Natural Language 1/67 Relational Reasoning in Natural Language Larry Moss ESSLLI 10 Course on Logics for Natural Language Inference August, 2010 Adding transitive verbs the work on R, R, and other systems is joint with

More information

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa Scalable and Accurate Verification of Data Flow Systems Cesare Tinelli The University of Iowa Overview AFOSR Supported Research Collaborations NYU (project partner) Chalmers University (research collaborator)

More information

Functional Object Calculus

Functional Object Calculus Notations a, b Ter terms d D, e E iterators over some finite sets f, g, h F field names i, j, k N indices (usually i < j < k) l Loc locations m, m d, m e M method names u, v, w Val values x, y, z Var variables

More information

arxiv: v1 [cs.lo] 29 May 2014

arxiv: v1 [cs.lo] 29 May 2014 Under consideration for publication in Theory and Practice of Logic Programming 1 arxiv:1405.7739v1 [cs.lo] 29 May 2014 (Quantified) Horn Constraint Solving for Program Verification and Synthesis Andrey

More information

Verifying Concurrent Memory Reclamation Algorithms with Grace

Verifying Concurrent Memory Reclamation Algorithms with Grace Verifying Concurrent Memory Reclamation Algorithms with Grace Alexey Gotsman, Noam Rinetzky, and Hongseok Yang 1 IMDEA Software Institute 2 Tel-Aviv University 3 University of Oxford Abstract. Memory management

More information

Logics For Epistemic Programs

Logics For Epistemic Programs 1 / 48 Logics For Epistemic Programs by Alexandru Baltag and Lawrence S. Moss Chang Yue Dept. of Philosophy PKU Dec. 9th, 2014 / Seminar 2 / 48 Outline 1 Introduction 2 Epistemic Updates and Our Target

More information

Interpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg

Interpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg Interpolation Seminar Slides Albert-Ludwigs-Universität Freiburg Betim Musa 27 th June 2015 Motivation program add(int a, int b) { var x,i : int; l 0 assume(b 0); l 1 x := a; l 2 i := 0; while(i < b) {

More information

Automatic Verification of Parameterized Data Structures

Automatic Verification of Parameterized Data Structures Automatic Verification of Parameterized Data Structures Jyotirmoy V. Deshmukh, E. Allen Emerson and Prateek Gupta The University of Texas at Austin The University of Texas at Austin 1 Outline Motivation

More information

Anti-unification algorithms and their applications

Anti-unification algorithms and their applications Anti-unification algorithms and their applications in program analysis Faculty of Computational Mathematics and Cybernetics, Moscow State University, Moscow, RU-119899, Russia Perspectives of System Informatics,

More information

Imperative Data Parallelism (Correctness)

Imperative Data Parallelism (Correctness) Imperative Data Parallelism (Correctness) Unit 1.b 1 Acknowledgments Authored by Thomas Ball, MSR Redmond 9/4/2010 2 Concepts Code Concept Parallel.Invoke Parallel.ForEach Correctness Concept Schedules

More information

Extending the Lambda Calculus: An Eager Functional Language

Extending the Lambda Calculus: An Eager Functional Language Syntax of the basic constructs: Extending the Lambda Calculus: An Eager Functional Language canonical forms z cfm ::= intcfm boolcfm funcfm tuplecfm altcfm intcfm ::= 0 1-1... boolcfm ::= boolconst funcfm

More information

Control Synthesis of Discrete Manufacturing Systems using Timed Finite Automata

Control Synthesis of Discrete Manufacturing Systems using Timed Finite Automata Control Synthesis of Discrete Manufacturing Systems using Timed Finite utomata JROSLV FOGEL Institute of Informatics Slovak cademy of Sciences ratislav Dúbravská 9, SLOVK REPULIC bstract: - n application

More information

OPTIMAL TOKEN ALLOCATION IN TIMED CYCLIC EVENT GRAPHS

OPTIMAL TOKEN ALLOCATION IN TIMED CYCLIC EVENT GRAPHS OPTIMAL TOKEN ALLOCATION IN TIMED CYCLIC EVENT GRAPHS Alessandro Giua, Aldo Piccaluga, Carla Seatzu Department of Electrical and Electronic Engineering, University of Cagliari, Italy giua@diee.unica.it

More information

Notes on Abstract Interpretation

Notes on Abstract Interpretation Notes on Abstract Interpretation Alexandru Sălcianu salcianu@mit.edu November 2001 1 Introduction This paper summarizes our view of the abstract interpretation field. It is based on the original abstract

More information

PSL Model Checking and Run-time Verification via Testers

PSL Model Checking and Run-time Verification via Testers PSL Model Checking and Run-time Verification via Testers Formal Methods 2006 Aleksandr Zaks and Amir Pnueli New York University Introduction Motivation (Why PSL?) A new property specification language,

More information

CSE 505, Fall 2005, Midterm Examination 8 November Please do not turn the page until everyone is ready.

CSE 505, Fall 2005, Midterm Examination 8 November Please do not turn the page until everyone is ready. CSE 505, Fall 2005, Midterm Examination 8 November 2005 Please do not turn the page until everyone is ready. Rules: The exam is closed-book, closed-note, except for one side of one 8.5x11in piece of paper.

More information

Predicate Abstraction: A Tutorial

Predicate Abstraction: A Tutorial Predicate Abstraction: A Tutorial Predicate Abstraction Daniel Kroening May 28 2012 Outline Introduction Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement

More information

An Algorithm Inspired by Constraint Solvers to Infer Inductive Invariants in Numeric Programs

An Algorithm Inspired by Constraint Solvers to Infer Inductive Invariants in Numeric Programs An Algorithm Inspired by Constraint Solvers to Infer Inductive Invariants in Numeric Programs Antoine Miné 1, Jason Breck 2, and Thomas Reps 2,3 1 LIP6, Paris, France 2 University of Wisconsin; Madison,

More information

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows how a program can sometimes be systematically constructed

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback