Property Directed Equivalence via Abstract Simulation. Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina
|
|
- Ralph Franklin
- 6 years ago
- Views:
Transcription
1 Property Directed Equivalence via Abstract Simulation Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina CAV, Jul 23, 2016
2 Motivation / Goals Little Leaks Add Up to Big Bills software safety must be re-proven after even a small change verification from scratch is expensive Property Directed Equivalence of Programs in contrast to absolute equivalence check whether two programs both satisfy the same property Safety Proof Migration formally verify one program aim at establishing a simulation relation lift the proof using the simulation to another program 1
3 counter-example change impact Big Picture Niagara Framework Simulation Discovery to synthesize a mapping between variables [LPAR 15] evolution process V i proof program encoding Simulation Discovery prev. round V i Proof Adapt to migrate the proof certificate across evolution boundaries to obtain a counter-example and a change impact Program Repair 2 to provide a hint to the user how to fix the detected bug [NFM 14] [CAV 16] [tbd...] evolution process... candidate repair simulation relation abstraction of Vi proof to be adapted proof program Proof V i+1 encoding Adapt V i+1 evolution process program encoding program encoding Program Repair adapted proof enable next round...
4 What We Mean By Proofs [Hoare 69] Hoare Triples {precond} code {postcond} precond, postcond are expressions over program variables code is some code fragment That is, if code starts in a state satisfying precond and terminates, then code ends in a state satisfying postcond Example {x>=0} x++; if (*) x:=1 else x++ {x>=1} validity of the triple as unsatisfiability of the formula: (x 0 0) ^ (x 1 = x 0 + 1) ^ (x 2 =1_ x 2 = x 1 + 1) ^ (x 2 1) =)? 3
5 Example Safe Program {>} {x 0} {?} Cutpoint graph (CPG) [Beyer et al. 09] generalization of classical Control-Flow graph each edge is a longest loop-free program path A safety proof is a mapping from nodes of CPG to expressions such that each edge is a valid Hoare triple (inductiveness) entry location is mapped to true error location is mapped to false (safety) 4 Assume no overflow for simplicity of presentation
6 Example Safe Program Evolved and Got an Extra Loop {>} {>} {?} {x 0} {?} {?} {?} 5 Assume no overflow for simplicity of presentation
7 Example Establishing Simulation between Programs {>} {>} {?} {x 0} {?} {?} {?} 5 Assume no overflow for simplicity of presentation
8 Example Using Simulation to Lift Proofs between Programs {>} {>} {x 0} {x 0} {x 0} {?} safety is preserved {?} 5 Assume no overflow for simplicity of presentation
9 Abstract Simulation Discovery [Milner 71] Searching for total simulation relations for each behavior of one program (called source) there should exist a behavior of another program (called target) matched by some simulation relation Synthesizing abstract simulation relations if the target does not simulate the source search for an abstraction of the target that does 6
10 Prior Work big picture [LPAR 15] source target Two loops T i.e., allowing the target to have more behaviors first, find an abstraction via T second, refine using Skolem as much as possible i.e., removing some infeasible behavior Sk 7
11 Prior Work big picture [LPAR 15] source target Two loops i.e., allowing the target to have more behaviors first, find an abstraction via T T second, refine using Skolem as much as possible i.e., removing some infeasible behavior Sk Drawback: No control over abstraction Only concrete simulations can be used to lift proofs Abstract simulations are not generally applicable 7
12 Lifting Proofs via Simulation [Pnueli et al. 00] [Namjoshi 03] Given programs S, T (~y ) is invariant of T (~y ) If T (~y ) simulates S(~x ) via (~x, ~y ) then 9~y (~x, ~y ) ^ (~y ) is an invariant of S(~x ) 8
13 Lifting Proofs via Simulation [Pnueli et al. 00] [Namjoshi 03] Given programs S, T (~y ) is invariant of T (~y ) If T (~y ) simulates S(~x ) via (~x, ~y ) then 9~y (~x, ~y ) ^ (~y ) is an invariant of S(~x ) But Concrete simulations are not needed It is enough to find an abstraction of T simulates S is safe with respect to (~y ) 8
14 Property Preserving Abstraction T Produced by mapping each CPG-edge by the invariant over the post-state 9
15 Our Solution ASSI + : Abstract Simulation Synthesis with Invariants forces the abstraction to preserve safety still goes to abstraction level when needed no Skolem-based refinement 10
16 Lifting Invariants Directly Given programs, S(~x ) T (~y ) (~y ) is invariant of T (~y ) simulates S(~x ) via then 9~y (~x, ~y ) ^ (~y ) is an invariant of S(~x ) (~x, ~y ) 11
17 Lifting Invariants Partially When delivered abstraction T (~y ) is too weak: i.e., abstraction T (~y ) does not preserve (~y ) but still S(~x ) T (~y ) S(~x ) thus, 9~y (~x, ~y ) ^ (~y ) is not an invariant of 12
18 Lifting Invariants Partially We propose weakening (~y ) =) 0 (~y ) 0 (~y ) T (~y ) S(~x ) such that is an invariant for then 9~y (~x, ~y ) ^ 0 (~y ) is an invariant of strengthening 9~y (~x, ~y ) ^ 0 (~y ) to become safe invariant of S(~x ) reducing the problem to Constraint Horn Solving When delivered abstraction T (~y ) is too weak: i.e., abstraction T (~y ) does not preserve (~y ) but still S(~x ) T (~y ) S(~x ) thus, 9~y (~x, ~y ) ^ (~y ) is not an invariant of 12
19 To recap ASSI + : Abstract Simulation Synthesis with Invariants forces the abstraction to preserve safety still goes to abstraction level when needed no Skolem-based refinement PDE Property Directed Equivalence exploits ASSI + and checks if the delivered abstraction is psi-safe skips verification if success (i.e., if the invariants are lifted completely) Verify 13 lifts the invariants partially via abstract simulation performs counter-example-guided weakening of invariants strengthens the invariants using Constraint Horn Solving
20 Evaluation ASSI + vs SimAbs Tools LLVM compiler + indvars + licm optimization passes UFO model checker (Z3/ PDR engine) to get proofs 115 Safe C programs from SVCOMP 13 psi-safe abstractions by SimAbs 39 psi-safe abstractions by ASSI in order of magnitude faster 14
21 Evaluation PDE vs UFO Tools LLVM compiler + indvars + licm optimization passes UFO model checker (Z3/ PDR engine) to get proofs, perform weakening/strengthening 115 Safe C programs from SVCOMP: 90: PDE outperformed UFO 15
22 Conclusion Incremental Verification Fully automated and exhaustive analysis of software versions SMT-based Unbounded Model Checking The first approach that combines using Reusable specifications Relational specifications Implemented and Evaluated ASSI + and PDE within Niagara framework Validation of non-trivial LLVM-optimizations 16
23 Thank you!
Incremental Proof-Based Verification of Compiler Optimizations
Incremental Proof-Based Verification of Compiler Optimizations Grigory Fedyukovich joint work with Arie Gurfinkel and Natasha Sharygina 5 of May, 2015, Attersee, Austria counter-example change impact Big
More informationAutomated Discovery of Simulation Between Programs. Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina
Automated Discovery of Simulation Between Programs Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina LPAR, Fiji, 25 Nov 2015 What is this talk about Searching for total simulation relations for
More informationProperty Directed Equivalence via Abstract Simulation
Property Directed Equivalence via Abstract Simulation Grigory Fedyukovich 1,2, Arie Gurfinkel 3, and Natasha Sharygina 1 1 USI, Switzerland, {name.surname}@usi.ch 2 UW, USA, grigory@cs.washington.edu 3
More informationProgram Analysis Part I : Sequential Programs
Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for
More informationHoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples
Hoare Logic I Introduction to Deductive Program Verification Işıl Dillig Program Spec Deductive verifier FOL formula Theorem prover valid contingent Example specs: safety (no crashes), absence of arithmetic
More informationSAT-Based Verification with IC3: Foundations and Demands
SAT-Based Verification with IC3: Foundations and Demands Aaron R. Bradley ECEE, CU Boulder & Summit Middle School SAT-Based Verification with IC3:Foundations and Demands 1/55 Induction Foundation of verification
More informationIC3 and Beyond: Incremental, Inductive Verification
IC3 and Beyond: Incremental, Inductive Verification Aaron R. Bradley ECEE, CU Boulder & Summit Middle School IC3 and Beyond: Incremental, Inductive Verification 1/62 Induction Foundation of verification
More informationInformation Flow Analysis via Path Condition Refinement
Information Flow Analysis via Path Condition Refinement Mana Taghdiri, Gregor Snelting, Carsten Sinz Karlsruhe Institute of Technology, Germany FAST September 16, 2010 KIT University of the State of Baden-Wuerttemberg
More informationAutomated Discovery of Simulation Between Programs
Automated Discovery of imulation Between Programs Grigory Fedyukovich 1, Arie Gurfinkel 2, and Natasha harygina 1 1 UI, witzerland, {grigoryfedyukovich,natashasharygina}@usich 2 EI/CMU, UA, arie@cmucom
More informationEFFICIENT PREDICATE ABSTRACTION OF PROGRAM SUMMARIES
EFFICIENT PREDICATE ABSTRACTION OF PROGRAM SUMMARIES Arie Gurfinkel, Sagar Chaki and Samir Sapra Carnegie Mellon Uni In NFM11 Presented by Nimrod Partush OUTLINE Introduction Predicate Abstraction CEGAR
More informationProgram verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program
Program verification Assertional semantics of a program Meaning of a program: relation between its inputs and outputs; specified by input assertions (pre-conditions) and output assertions (post-conditions)
More informationFloyd-Hoare Style Program Verification
Floyd-Hoare Style Program Verification Deepak D Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 9 Feb 2017 Outline of this talk 1 Overview 2 Hoare Triples 3
More informationarxiv: v1 [cs.lo] 29 May 2014
Under consideration for publication in Theory and Practice of Logic Programming 1 arxiv:1405.7739v1 [cs.lo] 29 May 2014 (Quantified) Horn Constraint Solving for Program Verification and Synthesis Andrey
More informationValidity-Guided Synthesis of Reactive Systems from Assume-Guarantee Contracts
Consistent * Complete * Well Documented * Easy to Reuse * * Evaluated * TACAS * Artifact * AEC Validity-Guided Synthesis of Reactive Systems from Assume-Guarantee Contracts Andreas Katis 1, Grigory Fedyukovich
More informationPushing to the Top FMCAD 15. Arie Gurfinkel Alexander Ivrii
Pushing to the Top FMCAD 15 Arie Gurfinkel Alexander Ivrii Safety Verification Consider a verification problem (Init, Tr, Bad) The problem is UNSAFE if and only if there exists a path from an Init-state
More informationHoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2017 Catch Up / Drop in Lab When Fridays, 15.00-17.00 Where N335, CSIT Building
More informationIMITATOR: A Tool for Synthesizing Constraints on Timing Bounds of Timed Automata
ICTAC 09 IMITATOR: A Tool for Synthesizing Constraints on Timing Bounds of Timed Automata Étienne ANDRÉ Laboratoire Spécification et Vérification LSV, ENS de Cachan & CNRS Étienne ANDRÉ (LSV) ICTAC 09
More informationIntegrating Induction and Deduction for Verification and Synthesis
Integrating Induction and Deduction for Verification and Synthesis Sanjit A. Seshia Associate Professor EECS Department UC Berkeley DATE 2013 Tutorial March 18, 2013 Bob s Vision: Exploit Synergies between
More informationWhat happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )
Starter Questions Feel free to discuss these with your neighbour: Consider two states s 1 and s 2 such that s 1, x := x + 1 s 2 If predicate P (x = y + 1) is true for s 2 then what does that tell us about
More informationWeakest Precondition Calculus
Weakest Precondition Calculus COMP2600 Formal Methods for Software Engineering Rajeev Goré Australian National University Semester 2, 2016 (Most lecture slides due to Ranald Clouston) COMP 2600 Weakest
More informationFMCAD 2013 Parameter Synthesis with IC3
FMCAD 2013 Parameter Synthesis with IC3 A. Cimatti, A. Griggio, S. Mover, S. Tonetta FBK, Trento, Italy Motivations and Contributions Parametric descriptions of systems arise in many domains E.g. software,
More informationLoop Invariants and Binary Search. Chapter 4.4, 5.1
Loop Invariants and Binary Search Chapter 4.4, 5.1 Outline Iterative Algorithms, Assertions and Proofs of Correctness Binary Search: A Case Study Outline Iterative Algorithms, Assertions and Proofs of
More informationGeneralized Property Directed Reachability
Generalized Property Directed Reachability Kryštof Hoder (1) and Nikolaj Bjørner (2) (1) The University of Manchester (2) Microsoft Research, Redmond Abstract. The IC3 algorithm was recently introduced
More informationSoftware Verification
Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA
More informationSolving SAT Modulo Theories
Solving SAT Modulo Theories R. Nieuwenhuis, A. Oliveras, and C.Tinelli. Solving SAT and SAT Modulo Theories: from an Abstract Davis-Putnam-Logemann-Loveland Procedure to DPLL(T) Mooly Sagiv Motivation
More informationTopics in Model-Based Reasoning
Towards Integration of Proving and Solving Dipartimento di Informatica Università degli Studi di Verona Verona, Italy March, 2014 Automated reasoning Artificial Intelligence Automated Reasoning Computational
More informationHoare Logic (I): Axiomatic Semantics and Program Correctness
Hoare Logic (I): Axiomatic Semantics and Program Correctness (Based on [Apt and Olderog 1991; Gries 1981; Hoare 1969; Kleymann 1999; Sethi 199]) Yih-Kuen Tsay Dept. of Information Management National Taiwan
More informationScalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa
Scalable and Accurate Verification of Data Flow Systems Cesare Tinelli The University of Iowa Overview AFOSR Supported Research Collaborations NYU (project partner) Chalmers University (research collaborator)
More informationReasoning About Imperative Programs. COS 441 Slides 10b
Reasoning About Imperative Programs COS 441 Slides 10b Last time Hoare Logic: { P } C { Q } Agenda If P is true in the initial state s. And C in state s evaluates to s. Then Q must be true in s. Program
More information3-Valued Abstraction-Refinement
3-Valued Abstraction-Refinement Sharon Shoham Academic College of Tel-Aviv Yaffo 1 Model Checking An efficient procedure that receives: A finite-state model describing a system A temporal logic formula
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationNon-linear Interpolant Generation and Its Application to Program Verification
Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State Key Laboratory of Computer Science, Institute of Software, CAS Joint work with Liyun Dai, Ting Gan, Bow-Yaw
More informationUnderstanding IC3. Aaron R. Bradley. ECEE, CU Boulder & Summit Middle School. Understanding IC3 1/55
Understanding IC3 Aaron R. Bradley ECEE, CU Boulder & Summit Middle School Understanding IC3 1/55 Further Reading This presentation is based on Bradley, A. R. Understanding IC3. In SAT, June 2012. http://theory.stanford.edu/~arbrad
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More informationIn this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows how a program can sometimes be systematically constructed
More informationModel Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies
Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies Tom Henzinger EPFL Three Verification Communities Model checking: -automatic, but inefficient
More informationConstraint Solving for Program Verification: Theory and Practice by Example
Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions
More informationProgram verification using Hoare Logic¹
Program verification using Hoare Logic¹ Automated Reasoning - Guest Lecture Petros Papapanagiotou Part 2 of 2 ¹Contains material from Mike Gordon s slides: Previously on Hoare Logic A simple while language
More informationSynthesizing from Components: Building from Blocks
Synthesizing from Components: Building from Blocks Ashish Tiwari SRI International 333 Ravenswood Ave Menlo Park, CA 94025 Joint work with Sumit Gulwani (MSR), Vijay Anand Korthikanti (UIUC), Susmit Jha
More informationSemantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr
Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004
More informationValidity-Guided Synthesis of Reactive Systems from Assume-Guarantee Contracts
Validity-Guided Synthesis of Reactive Systems from Assume-Guarantee Contracts Andreas Katis 1(B), Grigory Fedyukovich 2, Huajun Guo 1, Andrew Gacek 3, John Backes 3, Arie Gurfinkel 4, and Michael W. Whalen
More informationAxiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE 6341 1 Outline Introduction What are axiomatic semantics? First-order logic & assertions about states Results (triples)
More informationIC3, PDR, and Friends
IC3, PDR, and Friends Arie Gurfinkel Department of Electrical and Computer Engineering University of Waterloo arie.gurfinkel@uwaterloo.ca Abstract. We describe the IC3/PDR algorithms and their various
More informationProgram Verification as Probabilistic Inference
Program Verification as Probabilistic Inference Sumit Gulwani Microsoft Research, Redmond sumitg@microsoft.com Nebojsa Jojic Microsoft Research, Redmond jojic@microsoft.com Abstract In this paper, we propose
More informationCOP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen Assertions and Preconditions Assertions are used by programmers to verify run-time execution An assertion is a
More informationExploiting Synchrony and Symmetry in Relational Verification
Exploiting Synchrony and Symmetry in Relational Verification Lauren Pick, Grigory Fedyukovich, Aarti Gupta Princeton University Abstract. Relational safety specifications describe multiple runs of the
More informationOptimization-based Modeling and Analysis Techniques for Safety-Critical Software Verification
Optimization-based Modeling and Analysis Techniques for Safety-Critical Software Verification Mardavij Roozbehani Eric Feron Laboratory for Information and Decision Systems Department of Aeronautics and
More informationCentral Algorithmic Techniques. Iterative Algorithms
Central Algorithmic Techniques Iterative Algorithms Code Representation of an Algorithm class InsertionSortAlgorithm extends SortAlgorithm { void sort(int a[]) throws Exception { for (int i = 1; i < a.length;
More informationAlgorithmic verification
Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification
More informationHoare Logic: Part II
Hoare Logic: Part II COMP2600 Formal Methods for Software Engineering Jinbo Huang Australian National University COMP 2600 Hoare Logic II 1 Factorial {n 0} fact := 1; i := n; while (i >0) do fact := fact
More informationDynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
More informationLecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
More informationFormal Methods in Software Engineering
Formal Methods in Software Engineering An Introduction to Model-Based Analyis and Testing Vesal Vojdani Department of Computer Science University of Tartu Fall 2014 Vesal Vojdani (University of Tartu)
More informationSoftware Verification using Predicate Abstraction and Iterative Refinement: Part 1
using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models
More informationIvy: Safety Verification by Interactive Generalization
Ivy: Safety Verification by Interactive Generalization Oded Padon Verification Day 1-June-2016 [PLDI 16] Oded Padon, Kenneth McMillan, Aurojit Panda, Mooly Sagiv, Sharon Shoham. Ivy: Safety Verification
More informationLast Time. Inference Rules
Last Time When program S executes it switches to a different state We need to express assertions on the states of the program S before and after its execution We can do it using a Hoare triple written
More informationAxiomatic Verification II
Axiomatic Verification II Software Testing and Verification Lecture Notes 18 Prepared by Stephen M. Thebaut, Ph.D. University of Florida Axiomatic Verification II Reasoning about iteration (while loops)
More informationProof Certificates for SMT-based Model Checkers. Alain Mebsout and Cesare Tinelli SMT 2016 July 2 nd, 2016
Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2 nd, 2016 Motivation Model checkers return error traces but no evidence when they say yes Complex tools 2
More informationProofs of Correctness: Introduction to Axiomatic Verification
Proofs of Correctness: Introduction to Axiomatic Verification Introduction Weak correctness predicate Assignment statements Sequencing Selection statements Iteration 1 Introduction What is Axiomatic Verification?
More informationPredicate Abstraction and Refinement for Verifying Multi-Threaded Programs
Predicate Abstraction and Refinement for Verifying Multi-Threaded Programs Ashutosh Gupta Corneliu Popeea Andrey Rybalchenko Institut für Informatik, Technische Universität München Germany {guptaa,popeea,rybal}@in.tum.de
More informationFoundations of Computation
The Australian National University Semester 2, 2018 Research School of Computer Science Tutorial 6 Dirk Pattinson Foundations of Computation The tutorial contains a number of exercises designed for the
More informationCSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 1 Overview We ll develop proof rules, such as: { I b } S { I } { I } while b do S end { I b } That allow us to verify
More informationFormal Specification and Verification. Specifications
Formal Specification and Verification Specifications Imprecise specifications can cause serious problems downstream Lots of interpretations even with technicaloriented natural language The value returned
More informationConstraint Solving for Program Verification: Theory and Practice by Example
Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions
More informationSampling Invariants from Frequency Distributions
Sampling Invariants from Frequency Distributions Grigory Fedyukovich Samuel J. Kaufman Rastislav Bodík University of Washington Paul G. Allen School of Computer Science & Engineering {grigory, kaufmans,
More informationSAT-Solving: From Davis- Putnam to Zchaff and Beyond Day 3: Recent Developments. Lintao Zhang
SAT-Solving: From Davis- Putnam to Zchaff and Beyond Day 3: Recent Developments Requirements for SAT solvers in the Real World Fast & Robust Given a problem instance, we want to solve it quickly Reliable
More informationStatic Program Analysis using Abstract Interpretation
Static Program Analysis using Abstract Interpretation Introduction Static Program Analysis Static program analysis consists of automatically discovering properties of a program that hold for all possible
More informationThe TLA + proof system
The TLA + proof system Stephan Merz Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport INRIA Nancy & INRIA-MSR Joint Centre, France Amir Pnueli Memorial Symposium New York University, May 8, 2010 Stephan
More informationAxiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs
Review Operational semantics relatively l simple many flavors (small vs. big) not compositional (rule for while) Good for describing language implementation reasoning about properties of the language eg.
More informationLecture Notes: Axiomatic Semantics and Hoare-style Verification
Lecture Notes: Axiomatic Semantics and Hoare-style Verification 17-355/17-665/17-819O: Program Analysis (Spring 2018) Claire Le Goues and Jonathan Aldrich clegoues@cs.cmu.edu, aldrich@cs.cmu.edu It has
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements
Axiomatic Semantics: Verification Conditions Meeting 12, CSCI 5535, Spring 2009 Announcements Homework 4 is due tonight Wed forum: papers on automated testing using symbolic execution 2 Questions? Review
More informationSpring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University Agenda Basic concepts of correctness Axiomatic semantics (pages 175-183) Hoare Logic
More informationProof Certificates for SMT-based Model Checkers for Infinite State Systems. Alain Mebsout and Cesare Tinelli FMCAD 2016 October 5 th, 2016
Proof Certificates for SMT-based Model Checkers for Infinite State Systems Alain Mebsout and Cesare Tinelli FMCAD 2016 October 5 th, 2016 Motivation Model checkers return error traces but no evidence when
More informationSciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis
Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis Sanjit A. Seshia Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report
More informationCS 267: Automated Verification. Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan
CS 267: Automated Verification Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan What do these people have in common? 2013 Leslie Lamport 2007 Clarke, Edmund
More informationIntegrating Induction, Deduction and Structure for Synthesis
Integrating Induction, Deduction and Structure for Synthesis Sanjit A. Seshia Associate Professor EECS Department UC Berkeley Students & Postdocs: S. Jha, W.Li, A. Donze, L. Dworkin, B. Brady, D. Holcomb,
More informationComputer-Aided Program Design
Computer-Aided Program Design Spring 2015, Rice University Unit 3 Swarat Chaudhuri February 5, 2015 Temporal logic Propositional logic is a good language for describing properties of program states. However,
More informationSAT-based Model Checking: Interpolation, IC3, and Beyond
SAT-based Model Checking: Interpolation, IC3, and Beyond Orna GRUMBERG a, Sharon SHOHAM b and Yakir VIZEL a a Computer Science Department, Technion, Haifa, Israel b School of Computer Science, Academic
More informationModel Checking: An Introduction
Model Checking: An Introduction Meeting 3, CSCI 5535, Spring 2013 Announcements Homework 0 ( Preliminaries ) out, due Friday Saturday This Week Dive into research motivating CSCI 5535 Next Week Begin foundations
More informationThe Polyranking Principle
The Polyranking Principle Aaron R. Bradley, Zohar Manna, and Henny B. Sipma Computer Science Department Stanford University Stanford, CA 94305-9045 {arbrad,zm,sipma}@theory.stanford.edu Abstract. Although
More informationThe Eager Approach to SMT. Eager Approach to SMT
The Eager Approach to SMT Sanjit A. Seshia UC Berkeley Slides based on ICCAD 09 Tutorial Eager Approach to SMT Input Formula Satisfiability-preserving Boolean Encoder Boolean Formula SAT Solver SAT Solver
More informationLogical Abduction and its Applications in Program Verification. Isil Dillig MSR Cambridge
Logical Abduction and its Applications in Program Verification? Isil Dillig MSR Cambridge What is Abduction? Abduction: Opposite of deduction 2 / 21 What is Abduction? Abduction: Opposite of deduction
More informationor simply: IC3 A Simplified Description
Incremental Construction of Inductive Clauses for Indubitable Correctness or simply: IC3 A Simplified Description Based on SAT-Based Model Checking without Unrolling Aaron Bradley, VMCAI 2011 Efficient
More informationSpring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University
Spring 2016 Program Analysis and Verification Lecture 3: Axiomatic Semantics I Roman Manevich Ben-Gurion University Warm-up exercises 1. Define program state: 2. Define structural semantics configurations:
More informationAlgorithmic Verification of Stability of Hybrid Systems
Algorithmic Verification of Stability of Hybrid Systems Pavithra Prabhakar Kansas State University University of Kansas February 24, 2017 1 Cyber-Physical Systems (CPS) Systems in which software "cyber"
More informationSolutions to exercises for the Hoare logic (based on material written by Mark Staples)
Solutions to exercises for the Hoare logic (based on material written by Mark Staples) Exercise 1 We are interested in termination, so that means we need to use the terminology of total correctness, i.e.
More informationRanking Verification Counterexamples: An Invariant guided approach
Ranking Verification Counterexamples: An Invariant guided approach Ansuman Banerjee Indian Statistical Institute Joint work with Pallab Dasgupta, Srobona Mitra and Harish Kumar Complex Systems Everywhere
More informationG54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV
G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV Henrik Nilsson University of Nottingham, UK G54FOP: Lecture 17 & 18 p.1/33 These Two Lectures Revisit attempt to define denotational
More informationLRA Interpolants from No Man s Land. Leonardo Alt, Antti E. J. Hyvärinen, and Natasha Sharygina University of Lugano, Switzerland
LR Interpolants from No Man s Land Leonardo lt, ntti E. J. Hyvärinen, and Natasha Sharygina University of Lugano, Switzerland Motivation The goal: Finding the right proof The tool: Make interpolation
More informationCOEN6551: Formal Hardware Verification
COEN6551: Formal Hardware Verification Prof. Sofiène Tahar Hardware Verification Group Electrical and Computer Engineering Concordia University Montréal, Quebec CANADA Accident at Carbide plant, India
More informationINVARIANT RELATIONS: A CONCEPT FOR ANALYZING WHILE LOOPS. Ali Mili, NJIT NII, Tokyo, Japan December 20, 2011
INVARIANT RELATIONS: A CONCEPT FOR ANALYZING WHILE LOOPS Ali Mili, NJIT NII, Tokyo, Japan December 20, 2011 PLAN 2 Motivation Relational Mathematics Invariant Relations Invariant Relations and Loop Functions
More informationAxiomatic Semantics: Verification Conditions. Review of Soundness of Axiomatic Semantics. Questions? Announcements
Axiomatic Semantics: Verification Conditions Meeting 18, CSCI 5535, Spring 2010 Announcements Homework 6 is due tonight Today s forum: papers on automated testing using symbolic execution Anyone looking
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationThe Assignment Axiom (Hoare)
The Assignment Axiom (Hoare) Syntax: V := E Semantics: value of V in final state is value of E in initial state Example: X:=X+ (adds one to the value of the variable X) The Assignment Axiom {Q[E/V ]} V
More informationAutomatic Verification of Parameterized Data Structures
Automatic Verification of Parameterized Data Structures Jyotirmoy V. Deshmukh, E. Allen Emerson and Prateek Gupta The University of Texas at Austin The University of Texas at Austin 1 Outline Motivation
More informationICS141: Discrete Mathematics for Computer Science I
ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by
More informationCS256/Winter 2009 Lecture #6. Zohar Manna
CS256/Winter 2009 Lecture #6 Zohar Manna Chapter 1 Invariance: Proof Methods For assertion q and SPL program P show P Õ ¼ q (i.e., q is P-invariant) 6-1 Proving Invariances Definitions Recall: the variables
More informationClassical Program Logics: Hoare Logic, Weakest Liberal Preconditions
Chapter 1 Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions 1.1 The IMP Language IMP is a programming language with an extensible syntax that was developed in the late 1960s. We will
More informationSymmetry Reduction and Heuristic Search for Error Detection in Model Checking p.1/??
Symmetry Reduction and Heuristic Search for Error Detection in Model Checking Workshop on Model Checking and Artificial Intelligence 10 August 2003 Alberto Lluch Lafuente? - Tilman Mehler? lafuente@informatikuni-freiburgde
More information