Incremental Proof-Based Verification of Compiler Optimizations
|
|
- Ginger Hicks
- 5 years ago
- Views:
Transcription
1 Incremental Proof-Based Verification of Compiler Optimizations Grigory Fedyukovich joint work with Arie Gurfinkel and Natasha Sharygina 5 of May, 2015, Attersee, Austria
2 counter-example change impact Big picture Niagara framework Simulation Discovery to synthesize a mapping between variables evolution process V i proof program encoding Simulation Discovery prev. round V i Proof Adapt to migrate the proof certificate across evolution boundaries to obtain a counter-example and a change impact evolution process program encoding simulation relation abstraction of Vi proof to be adapted proof program Proof V i+1 encoding Adapt V i+1 adapted proof Program Repair to provide a hint to the user how to fix the detected bug evolution process... program encoding candidate repair Program Repair enable next round... 2
3 counter-example change impact Today Niagara framework Simulation Discovery to synthesize a mapping between variables evolution process V i proof program encoding Simulation Discovery prev. round V i Proof Adapt to migrate the proof certificate across evolution boundaries to obtain a counter-example and a change impact evolution process program encoding simulation relation abstraction of Vi proof to be adapted proof program Proof V i+1 encoding Adapt V i+1 adapted proof Program Repair to provide a hint to the user how to fix the detected bug evolution process... program encoding candidate repair Program Repair enable next round... 2
4 Motivation Changes by humans fixing a bug, adding a feature, or improving performance typically, can be localized and verified using existing techniques see our previous work, [e.g., TACAS 2013] Optimizations many small changes along the control flow localizing changes impractical / infeasible need for an efficient upgrade checking technique 3
5 Our approach Original Program given with properties (i.e., assertions) with a certificate of correctness (proof) Optimization off-the-shelf compiler optimizer (we use LLVM) small changes that do not change loop-structure Our approach property-directed equivalence based on Unbounded SMT-based Model Checking with Incremental Inductive Verification 4
6 Programs Program P =(V,en,err,E, P ) V is set of cut-points en, err is entry and error locations E V V is control-flow relation P : E! Stmt mapping controls to loop-free program statements Cut-Point graph (V,E) 5 generalization of classical Control-Flow graph each edge is a loop-free program path
7 CFG vs CPG Control-Flow-Graph 2-diamond structure with a cycle Cut-Point Graph Just a cycle v 1 v 0 1 v 00 1 v 2 v v 00 1 v 00 2 v 3 6
8 Hoare triples Express the code specification pre, post 2 Expr are expressions over program variables S 2 Stmt is some code fragment {pre}s{post} Whenever S starts in a state satisfying pre, if S terminates then it ends in a state satisfying post Example 7 {x>=0} x=x+1 {x>0}
9 Safety Proof A safety proof is a mapping from nodes of CPG to expressions such that each edge is a valid Hoare triple (inductive) error location is mapped to False (safe) Formally, : V! Expr 8(u, v) 2 E ` { (u)} P (u, v) { (v)} (err) =)? 8
10 Example C program with unbounded loops int x = 0; while(*){ int y = 0; int z = 0; while(*){ y++; z++; } x = x + y + z; } assert(x >= 0); assume no overflow 9
11 Example CPG int x = 0; while(*){ int y = 0; int z = 0; while(*){ y++; z++; } x = x + y + z; } assert(x >= 0); x:=0 [x<0] en CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ assume no overflow 9
12 Example CPG labeled by invariants int x = 0; while(*){ int y = 0; int z = 0; while(*){ y++; z++; } x = x + y + z; } assert(x >= 0); { > } { } x:=0? CP 0 CP { } 1? {?} [x<0] en err y:=0 z:=0 x=x+y+z y++ z++ assume no overflow 9
13 Example Safety condition as a Horn system System: True (x' = 0) I 0 (x') { > } en I 0 (x) (x' = x) (y' = 0) (z' = 0) I 1 (x', y', z') x:=0 y:=0 z:=0 I 1 (x, y, z) (x' = x) (y' = y+1) (z' = z+1) I 1 (x', y', z') I 1 (x, y, z) (x' = x + y + z) I 0 (x') {I0(x) (x < 0) False { I 0 (x)} CP 0 CP { } 1 I 1 (x, y, z) {?} [x<0] err x=x+y+z y++ z++ 9
14 Example Producing safe inductive invariants System: True (x' = 0) I 0 (x') I 0 (x) (x' = x) (y' = 0) (z' = 0) I 1 (x', y', z') Solution: I 0 (x) = x 0 I 1 (x, y, z) = x + y + z 0 I 1 (x, y, z) (x' = x) (y' = y+1) (z' = z+1) I 1 (x', y', z') I 1 (x, y, z) (x' = x + y + z) I 0 (x') {I0(x) (x < 0) False 10
15 Example Producing safe inductive invariants System: { True (x' = 0) I 0 (x') I 0 (x) (x' = x) (y' = 0) (z' = 0) I 1 (x', y', z') I 1 (x, y, z) (x' = x) (y' = y+1) (z' = z+1) I 1 (x', y', z') I 1 (x, y, z) (x' = x + y + z) I 0 (x') Solution: I 0 (x) = x 0 I 1 (x, y, z) = x + y + z 0 These invariants are not factored and therefore are not practical enough I 0 (x) (x < 0) False 10
16 Example Invariants in CNF System: True (x' = 0) I 0 (x') I 0 (x) I 0 (x) I 0 (x) (x' = x) (y' = 0) (z' = 0) I 11 (x') (x' = x) (y' = 0) (z' = 0) I 12 (y') (x' = x) (y' = 0) (z' = 0) I 13 (z ) I 11 (x) I 12 (y) I 13 (z) I 11 (x) I 12 (y) I 13 (z) I 11 (x) I 12 (y) I 13 (z) I 11 (x) I 12 (y) I 13 (z) {I0(x) (x < 0) False (x' = x) (y' = y+1) (z' = z+1) I 11 (x') (x' = x) (y' = y+1) (z' = z+1) I 12 (y') (x' = x) (y' = y+1) (z' = z+1) I 13 (z') (x' = x + y + z) I 0 (x') 11
17 Example Invariants in CNF System: True (x' = 0) I 0 (x') I 0 (x) (x' = x) (y' = 0) (z' = 0) I 11 (x') I 0 (x) (x' = x) (y' = 0) (z' = 0) I 12 (y') I 0 (x) (x' = x) (y' = 0) (z' = 0) I 13 (z ) Solution: I 0 (x) = x 0 I 11 (x) = x 0 I 12 (y) = y 0 I 13 (z) = z 0 I 11 (x) I 12 (y) I 13 (z) I 11 (x) I 12 (y) I 13 (z) I 11 (x) I 12 (y) I 13 (z) I 11 (x) I 12 (y) I 13 (z) {I0(x) (x < 0) False (x' = x) (y' = y+1) (z' = z+1) I 11 (x') (x' = x) (y' = y+1) (z' = z+1) I 12 (y') (x' = x) (y' = y+1) (z' = z+1) I 13 (z') (x' = x + y + z) I 0 (x') 12
18 Example Safety proof { > } en { x 0} {?} x:=0 [x<0] CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ { x 0 } y 0 z 0 ^ ^ 13
19 Our approach Adapt verification certificate across simple complier optimizations Program P Compiler Optimized program Q Safety proof C P Adapt Invariant I Q Verifier Our contribution Bug Counterexample Safe Proof C Q 14
20 Example Optimization { > } en { x 0} {?} x:=0 [x<0] CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ { x 0 } y 0 z 0 ^ ^ 15
21 Example Optimization removes variable z { > } en { x 0} {?} x:=0 [x<0] CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ { x 0 } y 0 z 0 y:=y+2 ^ ^ 15 There is a need to adapt the proof
22 Example Re-checking Hoare triple for CP 1 CP 1 { > } en { x 0} {?} x:=0 [x<0] CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ { x 0 } y 0 z 0 y:=y+2 ^ ^ Is is still valid? (x 0) (y 0) (z 0) (y' = y + 2) (x' = x) (x' 0) (y' 0) (z' 0) 16
23 Example Re-checking Hoare triple for CP 1 CP 1 { > } en { x 0} {?} x:=0 [x<0] CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ { x 0 } y 0 z 0 y:=y+2 ^ ^ Is is still unsatisfiable? (x 0) (y 0) (z 0) (y' = y + 2) (x' = x) (~ (x' 0) (y' 0) (z' 0)) 16
24 Example Re-checking Hoare triple for CP 1 CP 1 { > } en { x 0} {?} x:=0 [x<0] CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ { x 0 } y 0 z 0 y:=y+2 ^ ^ Is is still unsatisfiable? No! (x 0) (y 0) (z 0) (y' = y + 2) (x' = x) (~ (x' 0) (y' 0) (z' 0)) 16
25 Weakening the invariants Satisfiable formula (x 0) (y 0) (z 0) (y' = y + 2) (x' = x) (~ (x' 0) (y' 0) (z' 0)) Introduce assumptions (a x 0) (b y 0) (c z 0) (Re)-solve with assumptions and get a model M (a x 0) (b y 0) (c z 0) (y' = y + 2) (x' = x) (~ (a x' 0) (b y' 0) (c z' 0)) Evaluate a, b, c in the model M, block satisfied assumptions and repeat the check M = a M = b M = c Finally, we calculated Maximal Inductive Subset 17
26 Example Inductive weakening the invariants { > } en { x 0} {?} x:=0 [x<0] CP 0 err y:=0 z:=0 x=x+y+z CP 1 y++ z++ { x 0 } y 0 z 0 y:=y+2 ^ ^ 18 Finally, we weaken the invariant Need to check other edges, which is trivial in this case
27 Evaluation Tools LLVM compiler + instcombine optimization pass UFO model checker (Z3/PDR engine) Benchmarks SV-COMP (0.3 5K LOC) 397 Safe C programs 108 non-trivial verification time 102 significant time for re-verification (> 1 sec) 67 candidate invariant is already safe 52 proof adaptation is an order of magnitude faster 19
28 Evaluation 1000 Adaptation time (seconds, log scale) Re-verification time (seconds, log scale) 20
29 Evaluation 1000 Adaptation time (seconds, log scale) Proof adaptation dramatically improves re-verification Re-verification time (seconds, log scale) 20
30 Evaluation Adaptation time (seconds, log scale) optimization reduced verification time Proof adaptation dramatically improves re-verification Re-verification time (seconds, log scale) 20
31 Next Steps of the Niagara project Extend to optimizations that modify CPG searching for the least common unrolling Automated discovery of a possible simulation using simulation relation as a mapping between variables Symbolic verification of simulation relation to check stronger equivalence property Explain/repair the detected bugs using the change impact 21
32 Thank you!
33 Emergency slides
34 benchmark (name) ov (sec) mkind (sec) optverify proof candidate Verify (sec) speedup (X) uv (sec) s3_srvr.blast.15_safe.i.cil.o3.bc safe 0.06 timeout s3_srvr_7_safe.cil.o3.bc safe 0.07 timeout s3_srvr_2_safe.cil.o3.bc safe 0.08 timeout s3_srvr_3_safe.cil.o3.bc safe 0.1 timeout s3_srvr.blast.13_safe.i.cil.o3.bc safe 0.12 timeout token_ring.08_safe.cil.o3.bc safe 0.18 timeout pc_sfifo_2_safe.cil.o3.bc safe 0.22 timeout token_ring.09_safe.cil.o3.bc safe 0.28 timeout s3_srvr_8_safe.cil.o3.bc safe s3_srvr.blast.16_safe.i.cil.o3.bc safe s3_srvr.blast.10_safe.i.cil.o3.bc safe s3_srvr.blast.11_safe.i.cil.o3.bc safe s3_srvr.blast.16_safe.i.cil.o0.bc safe s3_srvr.blast.06_safe.i.cil.o3.bc safe s3_clnt_3_safe.cil.o3.bc safe s3_srvr.blast.01_safe.i.cil.o3.bc safe s3_srvr.blast.09_safe.i.cil.o0.bc safe token_ring.06_safe.cil.o3.bc safe s3_srvr.blast.15_safe.i.cil.o0.bc safe token_ring.07_safe.cil.o3.bc safe s3_srvr.blast.02_safe.i.cil.o0.bc safe s3_srvr.blast.12_safe.i.cil.o0.bc safe s3_srvr.blast.13_safe.i.cil.o0.bc safe s3_srvr.blast.11_safe.i.cil.o0.bc safe s3_clnt.blast.03_safe.i.cil.o3.bc safe token_ring.06_safe.cil.o0.bc safe s3_srvr.blast.07_safe.i.cil.o0.bc safe token_ring.07_safe.cil.o0.bc safe s3_clnt_2_safe.cil.o3.bc safe s3_clnt_1_safe.cil.o3.bc safe s3_srvr_4_safe.cil.o3.bc safe s3_srvr.blast.14_safe.i.cil.o0.bc safe s3_srvr_3_safe.cil.o0.bc safe s3_srvr.blast.12_safe.i.cil.o3.bc safe s3_clnt.blast.02_safe.i.cil.o3.bc safe s3_srvr.blast.01_safe.i.cil.o0.bc safe s3_srvr.blast.14_safe.i.cil.o3.bc safe s3_clnt_1_safe.cil.o0.bc safe
35 benchmark (name) ov (sec) mkind (sec) optverify proof candidate Verify (sec) speedup (X) uv (sec) elevator_spec2_product01_safe.cil.o3.bc ind elevator_spec2_product17_safe.cil.o3.bc ind elevator_spec2_product03_safe.cil.o3.bc ind elevator_spec9_product27_safe.cil.o3.bc ind elevator_spec2_product19_safe.cil.o3.bc ind elevator_spec2_product27_safe.cil.o3.bc ind elevator_spec2_product25_safe.cil.o3.bc ind elevator_spec9_product09_safe.cil.o3.bc ind elevator_spec2_product09_safe.cil.o3.bc ind elevator_spec2_product29_safe.cil.o3.bc ind elevator_spec9_product25_safe.cil.o3.bc ind elevator_spec2_product11_safe.cil.o3.bc ind elevator_spec9_product11_safe.cil.o3.bc ind elevator_spec2_product31_safe.cil.o3.bc ind elevator_spec9_product31_safe.cil.o3.bc ind elevator_spec2_product23_safe.cil.o3.bc ind elevator_spec2_product21_safe.cil.o3.bc ind elevator_spec1_product25_safe.cil.o3.bc ind elevator_spec9_product29_safe.cil.o3.bc ind elevator_spec1_product03_safe.cil.o0.bc ind elevator_spec1_product27_safe.cil.o0.bc ind elevator_spec1_product19_safe.cil.o3.bc ind elevator_spec1_product17_safe.cil.o3.bc ind elevator_spec1_product27_safe.cil.o3.bc ind elevator_spec1_product01_safe.cil.o3.bc ind elevator_spec1_product03_safe.cil.o3.bc ind elevator_spec1_product31_safe.cil.o3.bc ind elevator_spec1_product19_safe.cil.o0.bc ind elevator_spec1_product11_safe.cil.o0.bc ind elevator_spec1_product17_safe.cil.o0.bc ind elevator_spec1_product01_safe.cil.o0.bc ind elevator_spec1_product11_safe.cil.o3.bc ind elevator_spec1_product23_safe.cil.o3.bc ind elevator_spec1_product21_safe.cil.o3.bc ind
36
37
38
Property Directed Equivalence via Abstract Simulation. Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina
Property Directed Equivalence via Abstract Simulation Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina CAV, Jul 23, 2016 Motivation / Goals Little Leaks Add Up to Big Bills software safety must
More informationAutomated Discovery of Simulation Between Programs. Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina
Automated Discovery of Simulation Between Programs Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina LPAR, Fiji, 25 Nov 2015 What is this talk about Searching for total simulation relations for
More informationProperty Directed Equivalence via Abstract Simulation
Property Directed Equivalence via Abstract Simulation Grigory Fedyukovich 1,2, Arie Gurfinkel 3, and Natasha Sharygina 1 1 USI, Switzerland, {name.surname}@usi.ch 2 UW, USA, grigory@cs.washington.edu 3
More informationFloyd-Hoare Style Program Verification
Floyd-Hoare Style Program Verification Deepak D Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 9 Feb 2017 Outline of this talk 1 Overview 2 Hoare Triples 3
More informationIn this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows how a program can sometimes be systematically constructed
More informationHoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples
Hoare Logic I Introduction to Deductive Program Verification Işıl Dillig Program Spec Deductive verifier FOL formula Theorem prover valid contingent Example specs: safety (no crashes), absence of arithmetic
More informationScalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa
Scalable and Accurate Verification of Data Flow Systems Cesare Tinelli The University of Iowa Overview AFOSR Supported Research Collaborations NYU (project partner) Chalmers University (research collaborator)
More informationProgram Analysis Part I : Sequential Programs
Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for
More informationIC3 and Beyond: Incremental, Inductive Verification
IC3 and Beyond: Incremental, Inductive Verification Aaron R. Bradley ECEE, CU Boulder & Summit Middle School IC3 and Beyond: Incremental, Inductive Verification 1/62 Induction Foundation of verification
More informationA Short Introduction to Hoare Logic
A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking
More informationConstraint Solving for Program Verification: Theory and Practice by Example
Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions
More informationProgram verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program
Program verification Assertional semantics of a program Meaning of a program: relation between its inputs and outputs; specified by input assertions (pre-conditions) and output assertions (post-conditions)
More informationNon-linear Interpolant Generation and Its Application to Program Verification
Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State Key Laboratory of Computer Science, Institute of Software, CAS Joint work with Liyun Dai, Ting Gan, Bow-Yaw
More informationSoftware Verification
Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements
Axiomatic Semantics: Verification Conditions Meeting 12, CSCI 5535, Spring 2009 Announcements Homework 4 is due tonight Wed forum: papers on automated testing using symbolic execution 2 Questions? Review
More informationAxiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs
Review Operational semantics relatively l simple many flavors (small vs. big) not compositional (rule for while) Good for describing language implementation reasoning about properties of the language eg.
More informationSAT-Based Verification with IC3: Foundations and Demands
SAT-Based Verification with IC3: Foundations and Demands Aaron R. Bradley ECEE, CU Boulder & Summit Middle School SAT-Based Verification with IC3:Foundations and Demands 1/55 Induction Foundation of verification
More informationIMITATOR: A Tool for Synthesizing Constraints on Timing Bounds of Timed Automata
ICTAC 09 IMITATOR: A Tool for Synthesizing Constraints on Timing Bounds of Timed Automata Étienne ANDRÉ Laboratoire Spécification et Vérification LSV, ENS de Cachan & CNRS Étienne ANDRÉ (LSV) ICTAC 09
More informationInfinite-State Backward Exploration of Boolean Broadcast Programs
Infinite-State Backward Exploration of Boolean Broadcast Programs Peizun Liu and Thomas Wahl Northeastern University, Boston, USA FMCAD 2014 Lausanne, Switzerland October 24, 2014 This work is supported
More informationLecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
More informationPredicate Abstraction and Refinement for Verifying Multi-Threaded Programs
Predicate Abstraction and Refinement for Verifying Multi-Threaded Programs Ashutosh Gupta Corneliu Popeea Andrey Rybalchenko Institut für Informatik, Technische Universität München Germany {guptaa,popeea,rybal}@in.tum.de
More informationDynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
More informationAutomata-Theoretic Model Checking of Reactive Systems
Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,
More informationWhat happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )
Starter Questions Feel free to discuss these with your neighbour: Consider two states s 1 and s 2 such that s 1, x := x + 1 s 2 If predicate P (x = y + 1) is true for s 2 then what does that tell us about
More informationEfficient Verification of Multi-Property Designs. The benefit of wrong assumptions (E. Goldberg, M. Güdemann, D. Kroening, R.
Efficient Verification of Multi-Property Designs The benefit of wrong assumptions (E. Goldberg, M. Güdemann, D. Kroening, R. Mukherjee) Motivation Main bulk of research: single property verification A
More informationConstraint Solving for Program Verification: Theory and Practice by Example
Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions
More informationHoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2018 Programming Paradigms Functional. (Haskell, SML, OCaml,... ) main paradigm:
More informationStability and Stabilization of polynomial dynamical systems. Hadi Ravanbakhsh Sriram Sankaranarayanan University of Colorado, Boulder
Stability and Stabilization of polynomial dynamical systems Hadi Ravanbakhsh Sriram Sankaranarayanan University of Colorado, Boulder Proving Asymptotic Stability: Lyapunov Functions Lyapunov Function:
More informationUnderstanding IC3. Aaron R. Bradley. ECEE, CU Boulder & Summit Middle School. Understanding IC3 1/55
Understanding IC3 Aaron R. Bradley ECEE, CU Boulder & Summit Middle School Understanding IC3 1/55 Further Reading This presentation is based on Bradley, A. R. Understanding IC3. In SAT, June 2012. http://theory.stanford.edu/~arbrad
More informationDeductive Verification
Deductive Verification Mooly Sagiv Slides from Zvonimir Rakamaric First-Order Logic A formal notation for mathematics, with expressions involving Propositional symbols Predicates Functions and constant
More informationWeakest Precondition Calculus
Weakest Precondition Calculus COMP2600 Formal Methods for Software Engineering Rajeev Goré Australian National University Semester 2, 2016 (Most lecture slides due to Ranald Clouston) COMP 2600 Weakest
More informationAuthors Le, Q. L. (Quang Loc); Li, J. (Jiaying); Sun, J. (Jun); Li, L. (Li); Lin, S. (Shang-Wei)
TeesRep - Teesside's Research Repository Automatic Loop-invariant Generation and Refinement through Selective Sampling Item type Meetings and Proceedings Authors Le, Q. L. (Quang Loc); Li, J. (Jiaying);
More informationPAC Learning-Based Verification and Model Synthesis
PAC Learning-Based Verification and Model Synthesis Yu-Fang Chen Tsung-Ju Lii National Taiwan University Chiao Hsieh National Taiwan University Ming-Hsien Tsai Farn Wang National Taiwan University Ondřej
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements
Axiomatic Semantics: Verification Conditions Meeting 18, CSCI 5535, Spring 2010 Announcements Homework 6 is due tonight Today s forum: papers on automated testing using symbolic execution Anyone looking
More informationEFFICIENT PREDICATE ABSTRACTION OF PROGRAM SUMMARIES
EFFICIENT PREDICATE ABSTRACTION OF PROGRAM SUMMARIES Arie Gurfinkel, Sagar Chaki and Samir Sapra Carnegie Mellon Uni In NFM11 Presented by Nimrod Partush OUTLINE Introduction Predicate Abstraction CEGAR
More informationLRA Interpolants from No Man s Land. Leonardo Alt, Antti E. J. Hyvärinen, and Natasha Sharygina University of Lugano, Switzerland
LR Interpolants from No Man s Land Leonardo lt, ntti E. J. Hyvärinen, and Natasha Sharygina University of Lugano, Switzerland Motivation The goal: Finding the right proof The tool: Make interpolation
More informationProof Certificates for SMT-based Model Checkers. Alain Mebsout and Cesare Tinelli SMT 2016 July 2 nd, 2016
Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2 nd, 2016 Motivation Model checkers return error traces but no evidence when they say yes Complex tools 2
More informationProgramming Languages and Compilers (CS 421)
Programming Languages and Compilers (CS 421) Sasa Misailovic 4110 SC, UIUC https://courses.engr.illinois.edu/cs421/fa2017/cs421a Based in part on slides by Mattox Beckman, as updated by Vikram Adve, Gul
More informationSynthesizing from Components: Building from Blocks
Synthesizing from Components: Building from Blocks Ashish Tiwari SRI International 333 Ravenswood Ave Menlo Park, CA 94025 Joint work with Sumit Gulwani (MSR), Vijay Anand Korthikanti (UIUC), Susmit Jha
More informationPushing to the Top FMCAD 15. Arie Gurfinkel Alexander Ivrii
Pushing to the Top FMCAD 15 Arie Gurfinkel Alexander Ivrii Safety Verification Consider a verification problem (Init, Tr, Bad) The problem is UNSAFE if and only if there exists a path from an Init-state
More informationSymbolic Optimization with SMT Solvers
Symbolic Optimization with SMT Solvers Yi Li University of Toronto liyi@cs.toronto.edu Aws Albarghouthi University of Toronto aws@cs.toronto.edu Zachary Kincaid University of Toronto zkincaid@cs.toronto.edu
More informationReasoning About Imperative Programs. COS 441 Slides 10b
Reasoning About Imperative Programs COS 441 Slides 10b Last time Hoare Logic: { P } C { Q } Agenda If P is true in the initial state s. And C in state s evaluates to s. Then Q must be true in s. Program
More informationSemantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr
Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004
More informationICS141: Discrete Mathematics for Computer Science I
ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by
More informationGeneralized Property Directed Reachability
Generalized Property Directed Reachability Kryštof Hoder (1) and Nikolaj Bjørner (2) (1) The University of Manchester (2) Microsoft Research, Redmond Abstract. The IC3 algorithm was recently introduced
More informationFormal Methods in Software Engineering
Formal Methods in Software Engineering An Introduction to Model-Based Analyis and Testing Vesal Vojdani Department of Computer Science University of Tartu Fall 2014 Vesal Vojdani (University of Tartu)
More informationOverview, cont. Overview, cont. Logistics. Optional Reference #1. Optional Reference #2. Workload and Grading
Course staff CS389L: Automated Logical Reasoning Lecture 1: ntroduction and Review of Basics şıl Dillig nstructor: şil Dillig E-mail: isil@cs.utexas.edu Office hours: Thursday after class until 6:30 pm
More informationSAT-Solving: From Davis- Putnam to Zchaff and Beyond Day 3: Recent Developments. Lintao Zhang
SAT-Solving: From Davis- Putnam to Zchaff and Beyond Day 3: Recent Developments Requirements for SAT solvers in the Real World Fast & Robust Given a problem instance, we want to solve it quickly Reliable
More informationVerification using Satisfiability Checking, Predicate Abstraction, and Craig Interpolation. Himanshu Jain THESIS ORAL TALK
Verification using Satisfiability Checking, Predicate Abstraction, and Craig Interpolation Himanshu Jain THESIS ORAL TALK 1 Computer Systems are Pervasive Computer Systems = Software + Hardware Software/Hardware
More informationInformation Flow Analysis via Path Condition Refinement
Information Flow Analysis via Path Condition Refinement Mana Taghdiri, Gregor Snelting, Carsten Sinz Karlsruhe Institute of Technology, Germany FAST September 16, 2010 KIT University of the State of Baden-Wuerttemberg
More informationSpring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2016 Program Analysis and Verification Lecture 3: Axiomatic Semantics I Roman Manevich Ben-Gurion University Warm-up exercises 1. Define program state: 2. Define structural semantics configurations:
More informationPropositional Logic. Methods & Tools for Software Engineering (MTSE) Fall Prof. Arie Gurfinkel
Propositional Logic Methods & Tools for Software Engineering (MTSE) Fall 2017 Prof. Arie Gurfinkel References Chpater 1 of Logic for Computer Scientists http://www.springerlink.com/content/978-0-8176-4762-9/
More informationModel Checking: An Introduction
Model Checking: An Introduction Meeting 3, CSCI 5535, Spring 2013 Announcements Homework 0 ( Preliminaries ) out, due Friday Saturday This Week Dive into research motivating CSCI 5535 Next Week Begin foundations
More informationCP405 Theory of Computation
CP405 Theory of Computation BB(3) q 0 q 1 q 2 0 q 1 1R q 2 0R q 2 1L 1 H1R q 1 1R q 0 1L Growing Fast BB(3) = 6 BB(4) = 13 BB(5) = 4098 BB(6) = 3.515 x 10 18267 (known) (known) (possible) (possible) Language:
More informationProgram verification using Hoare Logic¹
Program verification using Hoare Logic¹ Automated Reasoning - Guest Lecture Petros Papapanagiotou Part 2 of 2 ¹Contains material from Mike Gordon s slides: Previously on Hoare Logic A simple while language
More informationCSE 331 Software Design & Implementation
CSE 331 Software Design & Implementation Kevin Zatloukal Summer 2017 Lecture 2 Reasoning About Code With Logic (Based on slides by Mike Ernst, Dan Grossman, David Notkin, Hal Perkins, Zach Tatlock) Recall
More informationProof Certificates for SMT-based Model Checkers for Infinite State Systems. Alain Mebsout and Cesare Tinelli FMCAD 2016 October 5 th, 2016
Proof Certificates for SMT-based Model Checkers for Infinite State Systems Alain Mebsout and Cesare Tinelli FMCAD 2016 October 5 th, 2016 Motivation Model checkers return error traces but no evidence when
More informationSoundness and Completeness of Axiomatic Semantics
#1 Soundness and Completeness of Axiomatic Semantics #2 One-Slide Summary A system of axiomatic semantics is sound if everything we can prove is also true: if ` { A } c { B } then ² { A } c { B } We prove
More informationLecture Notes on Software Model Checking
15-414: Bug Catching: Automated Program Verification Lecture Notes on Software Model Checking Matt Fredrikson André Platzer Carnegie Mellon University Lecture 19 1 Introduction So far we ve focused on
More informationCOP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen Assertions and Preconditions Assertions are used by programmers to verify run-time execution An assertion is a
More informationSolutions to exercises for the Hoare logic (based on material written by Mark Staples)
Solutions to exercises for the Hoare logic (based on material written by Mark Staples) Exercise 1 We are interested in termination, so that means we need to use the terminology of total correctness, i.e.
More informationCSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 1 Overview We ll develop proof rules, such as: { I b } S { I } { I } while b do S end { I b } That allow us to verify
More informationEDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach
EDA045F: Program Analysis LECTURE 10: TYPES 1 Christoph Reichenbach In the last lecture... Performance Counters Challenges in Dynamic Performance Analysis Taint Analysis Binary Instrumentation 2 / 44 Types
More informationTermination Analysis of Loops
Termination Analysis of Loops Zohar Manna with Aaron R. Bradley Computer Science Department Stanford University 1 Example: GCD Algorithm gcd(y 1, y 2 ) = gcd(y 1 y 2, y 2 ) if y 1 > y 2 gcd(y 1, y 2 y
More informationPath Testing and Test Coverage. Chapter 9
Path Testing and Test Coverage Chapter 9 Structural Testing Also known as glass/white/open box testing Structural testing is based on using specific knowledge of the program source text to define test
More informationAlgorithmic verification
Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification
More informationIC3, PDR, and Friends
IC3, PDR, and Friends Arie Gurfinkel Department of Electrical and Computer Engineering University of Waterloo arie.gurfinkel@uwaterloo.ca Abstract. We describe the IC3/PDR algorithms and their various
More informationPath Testing and Test Coverage. Chapter 9
Path Testing and Test Coverage Chapter 9 Structural Testing Also known as glass/white/open box testing Structural testing is based on using specific knowledge of the program source text to define test
More informationVerification as Learning Geometric Concepts
Verification as Learning Geometric Concepts Rahul Sharma 1, Saurabh Gupta 2, Bharath Hariharan 2, Alex Aiken 1, and Aditya V. Nori 3 1 Stanford University, {sharmar,aiken}@cs.stanford.edu 2 University
More informationCardinality Networks: a Theoretical and Empirical Study
Constraints manuscript No. (will be inserted by the editor) Cardinality Networks: a Theoretical and Empirical Study Roberto Asín, Robert Nieuwenhuis, Albert Oliveras, Enric Rodríguez-Carbonell Received:
More informationSpring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University Agenda Basic concepts of correctness Axiomatic semantics (pages 175-183) Hoare Logic
More informationComplexity Theory VU , SS The Polynomial Hierarchy. Reinhard Pichler
Complexity Theory Complexity Theory VU 181.142, SS 2018 6. The Polynomial Hierarchy Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 15 May, 2018 Reinhard
More informationOutline. Complexity Theory EXACT TSP. The Class DP. Definition. Problem EXACT TSP. Complexity of EXACT TSP. Proposition VU 181.
Complexity Theory Complexity Theory Outline Complexity Theory VU 181.142, SS 2018 6. The Polynomial Hierarchy Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität
More informationModel Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies
Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies Tom Henzinger EPFL Three Verification Communities Model checking: -automatic, but inefficient
More informationContext-Free Grammars (and Languages) Lecture 7
Context-Free Grammars (and Languages) Lecture 7 1 Today Beyond regular expressions: Context-Free Grammars (CFGs) What is a CFG? What is the language associated with a CFG? Creating CFGs. Reasoning about
More informationAxiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE 6341 1 Outline Introduction What are axiomatic semantics? First-order logic & assertions about states Results (triples)
More informationMid-Semester Quiz Second Semester, 2012
THE AUSTRALIAN NATIONAL UNIVERSITY Mid-Semester Quiz Second Semester, 2012 COMP2600 (Formal Methods for Software Engineering) Writing Period: 1 hour duration Study Period: 10 minutes duration Permitted
More informationFast DQBF Refutation
Fast DQBF Refutation Bernd Finkbeiner and Leander Tentrup Saarland University Abstract. Dependency Quantified Boolean Formulas (DQBF) extend QBF with Henkin quantifiers, which allow for non-linear dependencies
More informationLeonardo de Moura Microsoft Research
Leonardo de Moura Microsoft Research Logic is The Calculus of Computer Science (Z. Manna). High computational complexity Naïve solutions will not scale Is formula F satisfiable modulo theory T? SMT solvers
More informationFormal Reasoning CSE 331. Lecture 2 Formal Reasoning. Announcements. Formalization and Reasoning. Software Design and Implementation
CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Announcements Homework 0 due Friday at 5 PM Heads up: no late days for this one! Homework 1 due Wednesday at 11 PM Using program logic
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More informationProgram Verification as Probabilistic Inference
Program Verification as Probabilistic Inference Sumit Gulwani Microsoft Research, Redmond sumitg@microsoft.com Nebojsa Jojic Microsoft Research, Redmond jojic@microsoft.com Abstract In this paper, we propose
More informationLazy Annotation Revisited
Lazy Annotation Revisited MSR-TR-2014-65 Kenneth L. McMillan Micrsoft Research Abstract Lazy Annotation is a method of software model checking that performs a backtracking search for a symbolic counterexample.
More informationThe Assignment Axiom (Hoare)
The Assignment Axiom (Hoare) Syntax: V := E Semantics: value of V in final state is value of E in initial state Example: X:=X+ (adds one to the value of the variable X) The Assignment Axiom {Q[E/V ]} V
More informationThe Polyranking Principle
The Polyranking Principle Aaron R. Bradley, Zohar Manna, and Henny B. Sipma Computer Science Department Stanford University Stanford, CA 94305-9045 {arbrad,zm,sipma}@theory.stanford.edu Abstract. Although
More informationInterpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg
Interpolation Seminar Slides Albert-Ludwigs-Universität Freiburg Betim Musa 27 th June 2015 Motivation program add(int a, int b) { var x,i : int; l 0 assume(b 0); l 1 x := a; l 2 i := 0; while(i < b) {
More informationNP-Complete Reductions 2
x 1 x 1 x 2 x 2 x 3 x 3 x 4 x 4 12 22 32 CS 447 11 13 21 23 31 33 Algorithms NP-Complete Reductions 2 Prof. Gregory Provan Department of Computer Science University College Cork 1 Lecture Outline NP-Complete
More informationProving Liveness of Parameterized Programs
Proving Liveness of Parameterized Programs Azadeh Farzan University of Toronto Zachary Kincaid Princeton University Andreas Podelski University of Freiburg Abstract Correctness of multi-threaded programs
More informationNP-Complete Problems. Complexity Class P. .. Cal Poly CSC 349: Design and Analyis of Algorithms Alexander Dekhtyar..
.. Cal Poly CSC 349: Design and Analyis of Algorithms Alexander Dekhtyar.. Complexity Class P NP-Complete Problems Abstract Problems. An abstract problem Q is a binary relation on sets I of input instances
More informationFormal Verification of Mobile Network Protocols
Dipartimento di Informatica, Università di Pisa, Italy milazzo@di.unipi.it Pisa April 26, 2005 Introduction Modelling Systems Specifications Examples Algorithms Introduction Design validation ensuring
More informationEasy Parameterized Verification of Biphase Mark and 8N1 Protocols
Easy Parameterized Verification of Biphase Mark and 8N1 Protocols Geoffrey M. Brown, Indiana University geobrown@cs.indiana.edu Lee Pike (Presenting), Galois Connections 1 leepike@galois.com March 27,
More informationCS256/Winter 2009 Lecture #6. Zohar Manna
CS256/Winter 2009 Lecture #6 Zohar Manna Chapter 1 Invariance: Proof Methods For assertion q and SPL program P show P Õ ¼ q (i.e., q is P-invariant) 6-1 Proving Invariances Definitions Recall: the variables
More informationTwo hours. Examination definition sheet is available at the back of the examination. UNIVERSITY OF MANCHESTER SCHOOL OF COMPUTER SCIENCE
COMP 60332 Two hours Examination definition sheet is available at the back of the examination. UNIVERSITY OF MANCHESTER SCHOOL OF COMPUTER SCIENCE Automated Reasoning and Verification Date: Wednesday 30th
More informationBounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39
Bounded Model Checking with SAT/SMT Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Recap: Symbolic Model Checking with BDDs Method used by most industrial strength model checkers:
More informationECE 5775 (Fall 17) High-Level Digital Design Automation. Control Flow Graph
ECE 5775 (Fall 17) High-Level Digital Design Automation Control Flow Graph Announcements ECE colloquium on Monday 9/11 from 4:30pm, PHL 233 Smart Healthcare by Prof. Niraj Jha of Princeton Lab 1 is due
More informationHoare Logic: Part II
Hoare Logic: Part II COMP2600 Formal Methods for Software Engineering Jinbo Huang Australian National University COMP 2600 Hoare Logic II 1 Factorial {n 0} fact := 1; i := n; while (i >0) do fact := fact
More informationQuantum Computing Approach to V&V of Complex Systems Overview
Quantum Computing Approach to V&V of Complex Systems Overview Summary of Quantum Enabled V&V Technology June, 04 Todd Belote Chris Elliott Flight Controls / VMS Integration Discussion Layout I. Quantum
More informationCounterexample-Guided Abstraction Refinement
Counterexample-Guided Abstraction Refinement Edmund Clarke Orna Grumberg Somesh Jha Yuan Lu Helmut Veith Seminal Papers in Verification (Reading Group) June 2012 O. Rezine () Verification Reading Group
More informationFoundations of Computation
The Australian National University Semester 2, 2018 Research School of Computer Science Tutorial 6 Dirk Pattinson Foundations of Computation The tutorial contains a number of exercises designed for the
More information