EFFICIENT PREDICATE ABSTRACTION OF PROGRAM SUMMARIES
|
|
- Oliver Dennis
- 5 years ago
- Views:
Transcription
1 EFFICIENT PREDICATE ABSTRACTION OF PROGRAM SUMMARIES Arie Gurfinkel, Sagar Chaki and Samir Sapra Carnegie Mellon Uni In NFM11 Presented by Nimrod Partush
2 OUTLINE Introduction Predicate Abstraction CEGAR and Small Block Encoding Predicate Abstraction Query Program summaries and Large Block Encoding Contribution Extending the applicability of LBE Efficiently generating PAQs Efficiently solve PAQs AllSat LDD
3 INTRODUCTION Based on: [2] The software model checker BLAST by Beyer, Henzinger, Jhala & Majumdar [3] Software Model Checking via Large- Block Encoding by Beyer, Cimatti, Griggio, Keremoglu & Sebastiani
4 PREDICATE ABSTRACTION Instead of maintaining the complete state of a program, only care about what you need to verify. Use a set of predicates P = {p 1,, p n } that are required to prove your property and only maintain their Boolean value. In the example P = {x < 0} will suffice. void foo(int x) { int i,j=x/3,k=13*j; if (x<0) x = -x; while (j>3) { int m = k+9; i = m >> 3; j = getchar(); for (int l=0;l<100;l++) { l -= k % m; m++; k /= 22; } printf( %d,k); } if (x<0) exit(exit_failure); return EXIT_SUCCESS; }
5 COUNTEREXAMPLE-GUIDED ABSTRACTION REFINEMENT (CEGAR) Program Code Safety Predicates Abstraction of Program State Counterexample is a real Bug Abstract - Check - Refine Extract Trace and Report to User Predicate abstraction Refine Abstraction Counterexample Does not hold in Real world Verify Safety Properties No Counterexample Specification Holds
6 CEGAR (IN BLAST) Given a program and a safety specification: a Control Flow Automata (CFA) is first built Locations are nodes, Operations are edges L2 Pred(p1 0) x1 := 1 Pred(p1 0) L1 Pred(p1=0) L3 L1: if(p1) { L2: x1 = 1; } L3: if(p1) { L4: if (x1!= 1) goto ERR; } L5: return EXIT_SUCCESS; ERR: return EXIT_FAILURE; Specification expressed in error locations L4 Pred(p1=0) Pred(x1 1) Pred(x1=1) ERR L5 return EXIT_FAILURE return EXIT_SUCCESS EXIT
7 LAZY ABSTRACTION Nothing changed along the transition, since our set of predicates is empty. a.k.a reachable region i.e. an approximation of all possible data states at the path location Then, An Abstract Reachability Tree is derived from the CFA An ART expresses all reachable data states in the program w.r.t. the abstraction Each node is a (location,state) pair (Ultimately nodes also contain stack trace for interprocedural) Construction continues until an error state is reached, or all paths are covered Pred(p1 0) L2 L1 Pred(p1=0) true L1 true Pred(p1 0) Pred(p1=0) true L2 L3 true x1 := 1 Pred(p1 0) Pred(p1=0) L3 true L4 L5 true x1 := 1 Pred(p1 0) L3 Pred(p1 0) Pred(p1=0) Pred(x1 1) Pred(x1=1) Pred(x1 1) L4 Pred(x1=1) Pred(p1=0) true L4 L5 true ERR L5 ERR return EXIT_FAILURE EXIT L5 return EXIT_SUCCESS true Pred(x1 1) ERR Pred(x1=1) L5 true true true
8 ABSTRACTION REFINEMENT L1 true Pred(p1=0) Once an error state is reached, the path is checked to be feasible A path formula is created in SSA form: p1,1 = 0 p1,1 0 x1,1 1 The formula is satisfiable iff the path is feasible in the concrete program Infeasible error path reported due to abstraction being too coarse. true L4 ERR L3 Pred(p1 0) Pred(x1 1) true true
9 PREDICATE DISCOVERY L1 p1,1 = 0 p1,1 0 x1,1 1 The predicate-discovery algorithm takes the path formula and finds new predicates that must be added to the abstraction in order to rule out the infeasible error path. An interpolant is calculated for every node along the infeasible path formula. p1,1 = 0 p1,1 0 x1,1 1 An interpolant at a cut point means what are the parts in the formula so far, that contradict the rest of the formula? The interpolant at L3 is p1,1 = 0, which translates to p1 = 0 in the original program L4 Pred(p1=0) ERR L3 Pred(p1 0) Pred(x1 1) p1,1 = 0 p1,1 0 x1,1 1 p1,1 = 0 p1,1 0 x1,1 1 p1,1 = 0 p1,1 0 x1,1 1
10 ART REFINEMENT The Abstract Reachability Tree is refined The newly found predicate is added at the cut location(s) The CEGAR algorithm continues L1 true Pred(p1 0) Pred(p1=0) true L2 L3 true p1 = 0 x1 := 1 Pred(p1 0) Pred(p1=0) true L3 true L4 L5 true Pred(p1 0) Pred(p1=0) Pred(x1 1) Pred(x1=1) true L4 L5 true ERR L5 Pred(x1 1) Pred(x1=1) true true true ERR L5 true
11 PREDICATE ABSTRACTION QUERY L3 Pred(p1 0) p1 = 0 Once predicates were added, we need to account for operations i.e. which of the predicates became true? which became false? which are unknown? A single SMT call won t always suffice! For instance if predicates are {p1 = 0, x1 = 1} and the operation is p1 = x1 1 then what we really want is p1 = 0 x1 = 1 (p1 0 x1 1) This operation is called a Predicate Abstraction Query (PAQ) and is a core operation of CEGAR PAQ is formally defined as follows: given a set of quantifier-free predicates P, and a quantifier-free formula ψ in some first-order theory, compute the strongest formula G P (ψ) over P that is implied by ψ. L4 false L3 p1:= x1-1 L4 p1 = 0, x1 =? 1? p1 = 0 x1 = 1 ( p1 = 0 x1 = 1 )
12 PAQ GENERATION How can we compute PAQ? Here s another definition: GP ψ = c c is a minterm over P and c ψ is satisfiable } (A minterm over a set of predicates P is a formula p 1 p n q 1 q m where p i, q j P and each predicate appears exactly once) Thus, GP ψ can be computed by enumerating all minterms and using a decision procedure to decide satisfiability. Can also be reduced to quantifier elimination (later on..)
13 SMALL BLOCK ENCODING The BLAST (and others) technique is called Small Block Encoding (SBE) As the program is divided to basic blocks and each operation is encoded individually Problem?? Each transition update in the ART, requires a PAQ which incurs several SMT solver calls Needlessly costly for certain programs As these can be verified using a single SMT call! L1 : if(p1) { L2 : x1 = 1; } L3 : if(p2) { L4 : x2 = 2; } L5 : if(p3) { L6 : x3 = 3; } L7 : if(p1) { L8 : if (x1!= 1) goto ERR; } L9 : if(p2) { L10: if (x2!= 2) goto ERR; } L11: if(p3) { L12: if (x3!= 3) goto ERR; } L13: return EXIT_SUCCESS; ERR: return EXIT_FAILURE;
14 LARGE BLOCK ENCODING Solution! An alternative to SBE is Large-Block Encoding (LBE). LBE lifts predicate abstraction to program summaries (i.e., loop-free program fragments) The first, main step of LBE is the summarization of the program CFA In which each large control-flow subgraph that is free of loops is replaced by a single control-flow edge with a large formula that represents the removed subgraph.
15 PROGRAM SUMMARIES CFA summarization consists of the fixpoint application of two rewriting rules. a.k.a rule summarization Summarizing the CFA = (L, G) is done by iteratively applying two rewriting rules, Sequence and Choice, until they cannot be applied anymore.
16 PROGRAM SUMMARIES Summarize CFA A = (L, G): Rule 1: Sequence If G contains an edge l 1, op 1, l 2 l 1 l 2 There are no other incoming edges to l 2 where: remove it from L and replace all outgoing edges l 2, op i, l i with edges l 1, op 1 ; op i, l i in G the semantics of the new edge becomes the semantics of first applying op 1 on the state, and then applying op i SP opi (SP op1 ψ )
17 PROGRAM SUMMARIES Summarize CFA A = (L, G): Rule 2: Choice If G contains edges l 1, op 1, l 2 and l 1, op 1, l 2, replace them with the edge l 1, op 1 op 2, l 2 And the semantics of the new edge becomes the semantics of applying op 1 on the state disjunct with applying op 2 on the state SP op1 ψ SP op2 ψ
18 PROGRAM SUMMARIES Lets summarize the following program: L1: while (i>0) { L2: if (x==1) { L3: z = 0; } else { L4: z = 1; } L5: i = i-1; L6: } The initial CFA is: [p] means assume(p) i.e. ψ = ψ p s = e means assignment i.e. ψ = s. ψ[ s/s] s = e
19 PROGRAM SUMMARIES rule 1 rule 1 rule 1 rule 2 rule 1 rule 1
20 LBE PAQ Summary semantics for the loop edge (in steps): ψ 1 = i > 0 ψ 2 = ψ 1 x == 1 ψ 1 x 1 = ψ 2 1 ψ 22 ψ 3 = ( z. ψ 21 z/z z = 0 ) ( z. ψ 22 z/z z = 1 ) ψ = i. ψ 3 i/i (i = i 1) Thus the PAQ will need to generate G P ψ for a much larger ψ
21 RECAP: SBE & LBE Both SBE and LBE are an approach for CEGAR Both use predicate abstraction and discover predicates lazily using counterexamples Both build an Abstract Reachability Tree and advance over it using Predicate Abstraction Queries Small Block Encoding handles each operation separately The resulting ART is usually large A lot of small, simple PAQs Large Block Encoding summarizes entire non-looping subgraphs A much smaller ART is produced Fewer PAQs are much more complex L1 : if(p1) { L2 : x1 = 1; } L3 : if(p2) { L4 : x2 = 2; } L5 : if(p3) { L6 : x3 = 3; } L7 : if(p1) { L8 : if (x1!= 1) goto ERR; } L9 : if(p2) { L10: if (x2!= 2) goto ERR; } L11: if(p3) { L12: if (x3!= 3) goto ERR; } L13: return EXIT_SUCCESS; ERR: return EXIT_FAILURE;
22 CONTRIBUTION Further Based On: [4] SMT Techniques for Fast Predicate Abstraction by Lahiri, Nieuwenhuis & Oliveras [5] Decision Diagrams for Linear Arithmetic by Chaki, Gurfinkel & Strichman
23 SECTION OUTLINE 1. Define a broader notion of program summary (contribution #1) 1. And show that it includes the rule summary definition 2. Provide a way to generate such summaries directly from SSA form (contribution #2) 3. Use the generated summary as a PAQ and solve it (contribution #3) 1. Using AllSAT 2. Using LDD
24 PROGRAM SUMMARY V2 Contribution #1: LBE can be performed not only with rule summarization A broader notion for summarization is defined: A program P = V, L, l 0, L ε, T is a summary for a program P = V, L, l 0, L ε, T iff L L l 1, s 1 l n, s n T iff there exists an L -free trace l 1, s 1 l n, s n in the original program P A trace l 1, s 1 l n, s n is L -free iff L l 2,, l n 1 = Note that P preserves semantics L {l 0 } L ε If a state s is reachable in P at label l L then it is also reachable in P
25 LOOP CUTSET SUMMARY Let G = (V,E) be a graph. A set S V is a cycle cutset (or simply a cutset) of G iff S contains a vertex from every cycle in G i.e., the graph (V \ S,E \ ((S V ) (V S))) is acyclic. We call an element s S a cutpoint. A program P = V, L, l 0, L ε, T is a cutset summary of P iff P is a summary of P and L is a cutset of CFG(P). The cutset summary of a program is not unique. Finding a minimal one is NP-complete, but good polynomial approximations exist.
26 RULE SUMMARY IS A SUMMARY Reminder: rule summarization is based on two program transformations, SEQ and CHOICE. We show that each application of a rule results in a summary: Choice Rule: L did not change thus L L T now has new edge, that corresponds to either previous edges => the application of CHOICE is a summary Sequence Rule: A label was removed so L L still holds The op1;op2 edges corresponds to the op1->l2->op2 path, etc. => the application of SEQ is a summary
27 RULE SUMMARY IS A CUTSET SUMMARY A rule summary can be viewed as the limit of the sequence P, P 1, P 2,, P Summry where each P i is the result of applying a rule on P i 1. We only need to show that L Summry is a cutset i.e. it contains a label from each cycle But we know this, as the rule summary decimates loops into single edges, and leaves one label.
28 GENERATING A CUTSET SUMMARY Contribution #2: given a cutset C produce a summary directly from the (SSA form) off the program A more general (and efficient?) way to create summaries And later show how this summary can be used to generate a PAQ
29 SINGLE STATIC ASSIGNMENT A program is in SSA form if each variable is assigned at most once in its syntax. Any program can be efficiently transformed to SSA In addition to normal assignments, SSA uses special φ-assignments. syntax is x PHI(v 1 l 1,, v n l n ) where x is a variable, l 1 l n are locations and v 1 v n are values The PHI -function evaluates to v i if it is reached from l i
30 SSA EXAMPLE int x = 0,y; while(x < 10) { y = 0; while(y < x) { y++; } x++; } 0 : goto 1; 1 : x = PHI(0:0, x_0:4); if (x < 10) goto 2 else goto 5; 2 : y = PHI(0:1, y_0:3); if (y < x) goto 3 else goto 4; 3 : y_0 := y + 1; goto 2; 4 : x_0 := x + 1; goto 1; 5 : In the example, x = PHI(0:0, x_0:4); evaluates to 0 if reached from label 0 (program start) and otherwise evaluates to x_0 if reached from label 4 (within the loop)
31 SSA SEMANTICS Operationally, advancing from l to l means: Performing the label s assignment (note that only assignments have labels) Validating the guard (for example, x < 10 when advancing from 1 to 2) Evaluating the PHI-assignment according to l Thus graphically: 0 : goto 1; 1 : x = PHI(0:0, x_0:4); if (x < 10) goto 2 else goto 5; 2 : y = PHI(0:1, y_0:3); if (y < x) goto 3 else goto 4; 3 : y_0 := y + 1; goto 2; 4 : x_0 := x + 1; goto 1; 5 :
32 GENERATING SUMMARY FROM SSA Summarization is done incrementally, by choosing pairs of labels from the cutset and summarizing their fragment. We show how by example: Summarize the (2,2) fragment with loop cutset C = 0,1,2,5 and predicates y < 0, x < 0 : int x = 0,y; while(x < 10) { y = 0; while(y < x) { y++; } x++; } 1. Gather all locations on the C-free subgraph of P denoted L f = 2, 3 Why can t labels from cuteset C be taken into account?
33 GENERATING SUMMARY FROM SSA Summarize the (2,2) fragment with loop cutset C = 0,1,2,5 and predicates y < 0, x < 0 : 2. Construct a formula conjuncting all assignments in L f denoted A = (y 0 = y + 1) A satisfying assignment for A corresponds to executing all assignments in the fragment at once Remember: there are no contradictions since the program is SSA and the fragment is loop-free
34 GENERATING SUMMARY FROM SSA 3. Next, define a formula R l for all l L f locations: R 3 = (B 3 (B 2 y < x)) R 2 = (B 2 (B 3 y = y 0 )) Intuitively, B l represents whether l is reachable in the execution. Thus R l states that if l is reachable, then its predecessor l is reachable and the guard\assignment on the (l, l ) must be true. The target location 2 gets a special version R 2, where the LHS is primed. Since 2 is a back-edge destination (cutpoint), φ-assignments there could be circularly dependent on another assignment in the fragment. Generally: R l = (B l l Pred l L f (B l G l, l φ(l, l)) R l = (B l l Pred l L f (B l G l, l φ (l, l))
35 GENERATING SUMMARY FROM SSA 4. Next, we define a formula CFG as follows: CFG = B 2 R 2 R 3 Every satisfying assignment to A CFG corresponds to a path in the fragment! Lets try: A CFG = y 0 = y + 1 B 2 (B 2 (B 3 y = y 0 )) (B 3 (B 2 y < x)) B 2 has to be true (the destination must be reachable), thus we are left with: A CFG = (y 0 = y + 1) (y = y 0 ) (y < x) Which indeed corresponds to the (only) path in the fragment Generally (for a (l 1, l 2 ) fragment): CFG = (B l2 R l2 l L f \{l 1,l 2 } R l )
36 GENERATING SUMMARY FROM SSA 5. Finally, we need to account for predicates y < 0, x < 0 : We define one formula for the source predicate abstraction, and on for the destination: Src = (b y y < 0) b x x < 0 Dst = (b y y < 0) b x x < 0 No prime for x as it wasn t assigned to. The resulting PAQ will therefore be: V, V, V l. A CFG Src Dst And for our (2,2) fragment: y 0 = y + 1 B 2 (B 2 (B 3 y = y 0 )) (B 3 (B 2 y < x)) (b y y < 0) b x x < 0 (b y y < 0) b x x < 0 This is very useful!
37 EFFICIENTLY SOLVING GENERATED PAQS Reminder: We want all possible models for b x, b y, b x, b y To soundly check our spec, we need to know if a predicate if necessarily true, false or neither. We want to be able to plug the previous state s b x, b y and get b x, b y instantly Two approaches for solving: AllSat approach Linear Decision Diagram approach
38 ALLSAT AllSAT is another way to leverage SMT solvers to get all models for a formula ψ over a set of predicates P So far we had to enumerate all minterms Calculating G P ψ in AllSAT: 1. G P (ψ) = true 2. Create a formula ψ = (ψ pi P b i p i ) (a new variable b i is added for every predicate) 3. SMT solve ψ and get a model T 4. G P ψ = ( bi is true in T p i ) ( bi is false in T p i) i.e. create a formula representing all the predicates that are true in T and disjunct it to G P ψ 5. ψ = ( bi is true in T b i ) ( bi is false in T b i ) Make sure you don t get the same assignment again by adding a blocking clause 6. Goto 3 This can be improved by performing backtracking, every time a model is found, as if the blocking clause belongs to the clause set [SMT Techniques for Fast Predicate Abstraction]
39 INCREMENTAL ALLSAT Another way is to incrementally refine G P ψ : A sequence of G P k 1 ψ,, G P k m ψ is calculated k Each G i k P ψ is more precise i.e. i 1 k GP ψ over-approximates G i P ψ k G m P ψ is G P ψ k Advantage: an earlier G i P ψ may suffice! The calculation is done by using increasingly sized cubes k i over P
40 INCREMENTAL ALLSAT Example: ψ x < y 2 x > y and P = {p 1, p 2, p 3 } where p 1 is x < 0, p 2 is y = 2 and p 3 is x = 4. G P ψ = For the computation of G P 1 ψ : the AllSAT procedure first finds the minterm p 1 p 2 p 3 and restricts it to size 1 i.e. p 3. After adding the blocking clause p 3, the minterm p 1 p 2 p 3 is found and restricted to p 1. Then, p 1 is added as a blocking clause and since there are no more minterms to be found we finish with G P 1 ψ = p 3 p 1
41 INCREMENTAL ALLSAT G P 1 ψ = p 3 p 1 For G P 2 ψ we start with the minterms already computed in the previous step: We restrict p 1 p 2 p 3 to p 2 p 3. Note that since G P 2 ψ G P 1 ψ, the restriction must include p 3! The blocking clause p 2 p 3 is added. We similarly restrict p 1 p 2 p 3 to p 1 p 2. and p 1 p 2 is added Then the search starts again: First p 1 p 2 p 3 is found and restricted to p 1 p 3 (again, p 1 p 2 would have been a bad choice). The AllSAT procudre is further applied until it arrives at G P 2 ψ = p 2 p 3 p 1 p 2 p 1 p 3 p 1 p 2. At the last phase, since P = 3, we will necessarily arrive at G P ψ
42 SOLVING OUR PAQS WITH ALLSAT Solving A CFG Src Dst with AllSAT is easy, as it s already in the ψ ( pi P(b i p i )) form. Reminder: Src = pi P b i p i, Dst = pi P b i p i We only need to tell AllSAT of our b i, b i variables (for the blocking clause)
43 BINARY DECISION DIAGRAMS Reminder: any binary function can be represented with a binary decision tree Which can be further reduced to a Binary Decision Diagram using two reduction rules BDDs allow applying logical operations (,,,, ) in polynomial time
44 LINEAR DECISION DIAGRAMS An Linear Descision Diagram (LDD) is a BDD with nodes labeled with atomic terms from Linear Arithmetic (LA). An LDD represents a LA formula in the same way a BDD represents a Boolean formula. LDDs support the usual Boolean operations conjunction, disjunction, negation, etc. Boolean quantification, and variable reordering. Additionally, they provide quantification over numeric variables via direct Fourier- Motzkin elimination on the diagram
45 SOLVING OUR PAQS WITH LDD LDDs can be used to solve the PAQ for A CFG Src Dst by quantifier elimination of all variables except the added b p, b p variables! For example, for the previous summary: y 0, y, y, x, B 2, B 3. (y 0 = y + 1) B 2 (B 2 (B 3 y = y 0 )) (B 3 (B 2 y < x)) (b y y < 0) b x x < 0 (b y y < 0) b x x < 0 if we encode it as an LDD and apply quantifier elimination, we will be left with a BDD over b x, b y, b x, b y that will effectively be G P ψ
46 ALGORITHM SUMMARY
47 CONCLUSION CEGAR require Predicate Abstraction Queries solving. These queries vary in length and complexity according to method (SBE vs. LBE). Efficiently generating and solving PAQs motivated further SMT research AllSAT The paper s techniques: 1. Creating LBE PAQs directly from SSA 2. Solving them with LDDs (superior to ALLSAT)
Predicate Abstraction: A Tutorial
Predicate Abstraction: A Tutorial Predicate Abstraction Daniel Kroening May 28 2012 Outline Introduction Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement
More informationInterpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg
Interpolation Seminar Slides Albert-Ludwigs-Universität Freiburg Betim Musa 27 th June 2015 Motivation program add(int a, int b) { var x,i : int; l 0 assume(b 0); l 1 x := a; l 2 i := 0; while(i < b) {
More informationInformation Flow Analysis via Path Condition Refinement
Information Flow Analysis via Path Condition Refinement Mana Taghdiri, Gregor Snelting, Carsten Sinz Karlsruhe Institute of Technology, Germany FAST September 16, 2010 KIT University of the State of Baden-Wuerttemberg
More informationIC3 and Beyond: Incremental, Inductive Verification
IC3 and Beyond: Incremental, Inductive Verification Aaron R. Bradley ECEE, CU Boulder & Summit Middle School IC3 and Beyond: Incremental, Inductive Verification 1/62 Induction Foundation of verification
More informationSoftware Verification using Predicate Abstraction and Iterative Refinement: Part 1
using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models
More informationLecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
More informationStatic Program Analysis
Static Program Analysis Lecture 16: Abstract Interpretation VI (Counterexample-Guided Abstraction Refinement) Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de
More informationInterpolant-based Transition Relation Approximation
Interpolant-based Transition Relation Approximation Ranjit Jhala and K. L. McMillan 1 University of California, San Diego 2 Cadence Berkeley Labs Abstract. In predicate abstraction, exact image computation
More informationDouble Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking
Double Header Model Checking #1 Two Lectures Model Checking SoftwareModel Checking SLAM and BLAST Flying Boxes It is traditional to describe this stuff (especially SLAM and BLAST) with high-gloss animation
More informationModel Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies
Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies Tom Henzinger EPFL Three Verification Communities Model checking: -automatic, but inefficient
More informationModel Checking: An Introduction
Model Checking: An Introduction Meeting 3, CSCI 5535, Spring 2013 Announcements Homework 0 ( Preliminaries ) out, due Friday Saturday This Week Dive into research motivating CSCI 5535 Next Week Begin foundations
More informationChapter 4: Computation tree logic
INFOF412 Formal verification of computer systems Chapter 4: Computation tree logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 CTL: a specification
More informationSAT-Based Verification with IC3: Foundations and Demands
SAT-Based Verification with IC3: Foundations and Demands Aaron R. Bradley ECEE, CU Boulder & Summit Middle School SAT-Based Verification with IC3:Foundations and Demands 1/55 Induction Foundation of verification
More informationVerification using Satisfiability Checking, Predicate Abstraction, and Craig Interpolation. Himanshu Jain THESIS ORAL TALK
Verification using Satisfiability Checking, Predicate Abstraction, and Craig Interpolation Himanshu Jain THESIS ORAL TALK 1 Computer Systems are Pervasive Computer Systems = Software + Hardware Software/Hardware
More informationA brief introduction to Logic. (slides from
A brief introduction to Logic (slides from http://www.decision-procedures.org/) 1 A Brief Introduction to Logic - Outline Propositional Logic :Syntax Propositional Logic :Semantics Satisfiability and validity
More informationBounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39
Bounded Model Checking with SAT/SMT Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Recap: Symbolic Model Checking with BDDs Method used by most industrial strength model checkers:
More informationTutorial 1: Modern SMT Solvers and Verification
University of Illinois at Urbana-Champaign Tutorial 1: Modern SMT Solvers and Verification Sayan Mitra Electrical & Computer Engineering Coordinated Science Laboratory University of Illinois at Urbana
More information3-Valued Abstraction-Refinement
3-Valued Abstraction-Refinement Sharon Shoham Academic College of Tel-Aviv Yaffo 1 Model Checking An efficient procedure that receives: A finite-state model describing a system A temporal logic formula
More informationProperty Directed Equivalence via Abstract Simulation. Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina
Property Directed Equivalence via Abstract Simulation Grigory Fedyukovich, Arie Gurfinkel, and Natasha Sharygina CAV, Jul 23, 2016 Motivation / Goals Little Leaks Add Up to Big Bills software safety must
More informationCardinality Networks: a Theoretical and Empirical Study
Constraints manuscript No. (will be inserted by the editor) Cardinality Networks: a Theoretical and Empirical Study Roberto Asín, Robert Nieuwenhuis, Albert Oliveras, Enric Rodríguez-Carbonell Received:
More informationLogic. Propositional Logic: Syntax
Logic Propositional Logic: Syntax Logic is a tool for formalizing reasoning. There are lots of different logics: probabilistic logic: for reasoning about probability temporal logic: for reasoning about
More informationEqualities and Uninterpreted Functions. Chapter 3. Decision Procedures. An Algorithmic Point of View. Revision 1.0
Equalities and Uninterpreted Functions Chapter 3 Decision Procedures An Algorithmic Point of View D.Kroening O.Strichman Revision 1.0 Outline Decision Procedures Equalities and Uninterpreted Functions
More informationFMCAD 2013 Parameter Synthesis with IC3
FMCAD 2013 Parameter Synthesis with IC3 A. Cimatti, A. Griggio, S. Mover, S. Tonetta FBK, Trento, Italy Motivations and Contributions Parametric descriptions of systems arise in many domains E.g. software,
More informationPropositional Logic: Models and Proofs
Propositional Logic: Models and Proofs C. R. Ramakrishnan CSE 505 1 Syntax 2 Model Theory 3 Proof Theory and Resolution Compiled at 11:51 on 2016/11/02 Computing with Logic Propositional Logic CSE 505
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationTemporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
More informationDatabase Theory VU , SS Complexity of Query Evaluation. Reinhard Pichler
Database Theory Database Theory VU 181.140, SS 2018 5. Complexity of Query Evaluation Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 17 April, 2018 Pichler
More informationLecture Notes on SAT Solvers & DPLL
15-414: Bug Catching: Automated Program Verification Lecture Notes on SAT Solvers & DPLL Matt Fredrikson André Platzer Carnegie Mellon University Lecture 10 1 Introduction In this lecture we will switch
More informationNested Interpolants. Matthias Heizmann Jochen Hoenicke Andreas Podelski. Abstract. 1. Introduction. University of Freiburg, Germany
c ACM 2010. This is the author s version of the work. t is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Principles of Programming
More informationSAT Solvers: Theory and Practice
Summer School on Verification Technology, Systems & Applications, September 17, 2008 p. 1/98 SAT Solvers: Theory and Practice Clark Barrett barrett@cs.nyu.edu New York University Summer School on Verification
More informationArtificial Intelligence Chapter 7: Logical Agents
Artificial Intelligence Chapter 7: Logical Agents Michael Scherger Department of Computer Science Kent State University February 20, 2006 AI: Chapter 7: Logical Agents 1 Contents Knowledge Based Agents
More informationAlgorithmic verification
Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification
More informationLecture Notes on Software Model Checking
15-414: Bug Catching: Automated Program Verification Lecture Notes on Software Model Checking Matt Fredrikson André Platzer Carnegie Mellon University Lecture 19 1 Introduction So far we ve focused on
More informationPredicate Abstraction via Symbolic Decision Procedures
Predicate Abstraction via Symbolic Decision Procedures Shuvendu K. Lahiri Thomas Ball Byron Cook May 26, 2005 Technical Report MSR-TR-2005-53 Microsoft Research Microsoft Corporation One Microsoft Way
More informationA Boolean Approach to Unbounded, Fully Symbolic Model Checking of Timed Automata
A Boolean Approach to Unbounded, Fully Symbolic Model Checking of Timed Automata Sanjit A. Seshia Randal E. Bryant March 2003 CMU-CS-03-117 School of Computer Science Carnegie Mellon University Pittsburgh,
More informationIC3 Modulo Theories via Implicit Predicate Abstraction
IC3 Modulo Theories via Implicit Predicate Abstraction Alessandro Cimatti, Alberto Griggio, Sergio Mover, and Stefano Tonetta Fondazione Bruno Kessler {cimatti,griggio,mover,tonettas}@fbk.eu Abstract.
More informationUnbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods
Unbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods Sanjit A. Seshia and Randal E. Bryant Computer Science Department Carnegie Mellon University Verifying Timed Embedded Systems
More informationOverview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two circuits
More informationIC3, PDR, and Friends
IC3, PDR, and Friends Arie Gurfinkel Department of Electrical and Computer Engineering University of Waterloo arie.gurfinkel@uwaterloo.ca Abstract. We describe the IC3/PDR algorithms and their various
More informationTableau-based decision procedures for the logics of subinterval structures over dense orderings
Tableau-based decision procedures for the logics of subinterval structures over dense orderings Davide Bresolin 1, Valentin Goranko 2, Angelo Montanari 3, and Pietro Sala 3 1 Department of Computer Science,
More informationKnowledge base (KB) = set of sentences in a formal language Declarative approach to building an agent (or other system):
Logic Knowledge-based agents Inference engine Knowledge base Domain-independent algorithms Domain-specific content Knowledge base (KB) = set of sentences in a formal language Declarative approach to building
More informationLOGIC PROPOSITIONAL REASONING
LOGIC PROPOSITIONAL REASONING WS 2017/2018 (342.208) Armin Biere Martina Seidl biere@jku.at martina.seidl@jku.at Institute for Formal Models and Verification Johannes Kepler Universität Linz Version 2018.1
More informationFormal Modeling with Propositional Logic
Formal Modeling with Propositional Logic Assaf Kfoury February 6, 2017 (last modified: September 3, 2018) Contents 1 The Pigeon Hole Principle 2 2 Graph Problems 3 2.1 Paths in Directed Graphs..................................
More informationPropositional Logic: Evaluating the Formulas
Institute for Formal Models and Verification Johannes Kepler University Linz VL Logik (LVA-Nr. 342208) Winter Semester 2015/2016 Propositional Logic: Evaluating the Formulas Version 2015.2 Armin Biere
More informationConjunctive Normal Form and SAT
Notes on Satisfiability-Based Problem Solving Conjunctive Normal Form and SAT David Mitchell mitchell@cs.sfu.ca September 19, 2013 This is a preliminary draft of these notes. Please do not distribute without
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationLogic. Propositional Logic: Syntax. Wffs
Logic Propositional Logic: Syntax Logic is a tool for formalizing reasoning. There are lots of different logics: probabilistic logic: for reasoning about probability temporal logic: for reasoning about
More informationComp487/587 - Boolean Formulas
Comp487/587 - Boolean Formulas 1 Logic and SAT 1.1 What is a Boolean Formula Logic is a way through which we can analyze and reason about simple or complicated events. In particular, we are interested
More informationECE473 Lecture 15: Propositional Logic
ECE473 Lecture 15: Propositional Logic Jeffrey Mark Siskind School of Electrical and Computer Engineering Spring 2018 Siskind (Purdue ECE) ECE473 Lecture 15: Propositional Logic Spring 2018 1 / 23 What
More informationChapter 7 Propositional Satisfiability Techniques
Lecture slides for Automated Planning: Theory and Practice Chapter 7 Propositional Satisfiability Techniques Dana S. Nau CMSC 722, AI Planning University of Maryland, Spring 2008 1 Motivation Propositional
More informationValidating QBF Invalidity in HOL4
Interactive Theorem Proving (ITP) 14 July, 2010 Quantified Boolean Formulae Quantified Boolean Formulae Motivation System Overview Related Work QBF = propositional logic + quantifiers over Boolean variables
More informationComplexity and algorithms for monomial and clausal predicate abstraction
Complexity and algorithms for monomial and clausal predicate abstraction Shuvendu K. Lahiri and Shaz Qadeer Microsoft Research Abstract. In this paper, we investigate the asymptotic complexity of various
More informationPrice: $25 (incl. T-Shirt, morning tea and lunch) Visit:
Three days of interesting talks & workshops from industry experts across Australia Explore new computing topics Network with students & employers in Brisbane Price: $25 (incl. T-Shirt, morning tea and
More informationScalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa
Scalable and Accurate Verification of Data Flow Systems Cesare Tinelli The University of Iowa Overview AFOSR Supported Research Collaborations NYU (project partner) Chalmers University (research collaborator)
More informationTitle: Logical Agents AIMA: Chapter 7 (Sections 7.4 and 7.5)
B.Y. Choueiry 1 Instructor s notes #12 Title: Logical Agents AIMA: Chapter 7 (Sections 7.4 and 7.5) Introduction to Artificial Intelligence CSCE 476-876, Fall 2018 URL: www.cse.unl.edu/ choueiry/f18-476-876
More informationChapter 3 Deterministic planning
Chapter 3 Deterministic planning In this chapter we describe a number of algorithms for solving the historically most important and most basic type of planning problem. Two rather strong simplifying assumptions
More informationAutomata-Theoretic Model Checking of Reactive Systems
Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,
More informationA Boolean Approach to Unbounded, Fully Symbolic Model Checking of Timed Automata
A Boolean Approach to Unbounded, Fully Symbolic Model Checking of Timed Automata Sanjit A. Seshia Randal E. Bryant March 2003 CMU-CS-03-117 School of Computer Science Carnegie Mellon University Pittsburgh,
More informationUnderstanding IC3. Aaron R. Bradley. ECEE, CU Boulder & Summit Middle School. Understanding IC3 1/55
Understanding IC3 Aaron R. Bradley ECEE, CU Boulder & Summit Middle School Understanding IC3 1/55 Further Reading This presentation is based on Bradley, A. R. Understanding IC3. In SAT, June 2012. http://theory.stanford.edu/~arbrad
More informationor simply: IC3 A Simplified Description
Incremental Construction of Inductive Clauses for Indubitable Correctness or simply: IC3 A Simplified Description Based on SAT-Based Model Checking without Unrolling Aaron Bradley, VMCAI 2011 Efficient
More informationChapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013
Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions Continued 2.1.1 The Satisfiability Problem SAT 2.1.1.1 Propositional Formulas Definition 2.1.1. Consider a set of
More informationApplications of Craig Interpolants in Model Checking
Applications of Craig Interpolants in Model Checking K. L. McMillan Cadence Berkeley Labs Abstract. A Craig interpolant for a mutually inconsistent pair of formulas (A, B) is a formula that is (1) implied
More informationChapter 7 Propositional Satisfiability Techniques
Lecture slides for Automated Planning: Theory and Practice Chapter 7 Propositional Satisfiability Techniques Dana S. Nau University of Maryland 12:58 PM February 15, 2012 1 Motivation Propositional satisfiability:
More informationThe Software Model Checker BLAST
The Software Model Checker BLAST http://mtc.epfl.ch/software-tools/blast/ BLAST 2.0 Team: Dirk Beyer, Tom Henzinger, Ranjit Jhala, and Rupak Majumdar Guest Lecture in Viktor Kuncak s Verification Class,
More informationPropositional Logic: Syntax
Logic Logic is a tool for formalizing reasoning. There are lots of different logics: probabilistic logic: for reasoning about probability temporal logic: for reasoning about time (and programs) epistemic
More informationVinter: A Vampire-Based Tool for Interpolation
Vinter: A Vampire-Based Tool for Interpolation Kryštof Hoder 1, Andreas Holzer 2, Laura Kovács 2, and Andrei Voronkov 1 1 University of Manchester 2 TU Vienna Abstract. This paper describes the Vinter
More informationConjunctive Normal Form and SAT
Notes on Satisfiability-Based Problem Solving Conjunctive Normal Form and SAT David Mitchell mitchell@cs.sfu.ca September 10, 2014 These notes are a preliminary draft. Please use freely, but do not re-distribute
More informationPROPOSITIONAL LOGIC. VL Logik: WS 2018/19
PROPOSITIONAL LOGIC VL Logik: WS 2018/19 (Version 2018.2) Martina Seidl (martina.seidl@jku.at), Armin Biere (biere@jku.at) Institut für Formale Modelle und Verifikation BOX Game: Rules 1. The game board
More informationSAT-Solving: From Davis- Putnam to Zchaff and Beyond Day 3: Recent Developments. Lintao Zhang
SAT-Solving: From Davis- Putnam to Zchaff and Beyond Day 3: Recent Developments Requirements for SAT solvers in the Real World Fast & Robust Given a problem instance, we want to solve it quickly Reliable
More informationUCLID: Deciding Combinations of Theories via Eager Translation to SAT. SAT-based Decision Procedures
UCLID: Deciding Combinations of Theories via Eager Translation to SAT Sanjit A. Seshia SAT-based Decision Procedures Input Formula Input Formula Satisfiability-preserving Boolean Encoder Boolean Formula
More informationMotivation. CS389L: Automated Logical Reasoning. Lecture 10: Overview of First-Order Theories. Signature and Axioms of First-Order Theory
Motivation CS389L: Automated Logical Reasoning Lecture 10: Overview of First-Order Theories Işıl Dillig Last few lectures: Full first-order logic In FOL, functions/predicates are uninterpreted (i.e., structure
More informationNotes. Corneliu Popeea. May 3, 2013
Notes Corneliu Popeea May 3, 2013 1 Propositional logic Syntax We rely on a set of atomic propositions, AP, containing atoms like p, q. A propositional logic formula φ Formula is then defined by the following
More informationTopics in Model-Based Reasoning
Towards Integration of Proving and Solving Dipartimento di Informatica Università degli Studi di Verona Verona, Italy March, 2014 Automated reasoning Artificial Intelligence Automated Reasoning Computational
More informationHoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2018 Programming Paradigms Functional. (Haskell, SML, OCaml,... ) main paradigm:
More informationFormal Verification Techniques. Riccardo Sisto, Politecnico di Torino
Formal Verification Techniques Riccardo Sisto, Politecnico di Torino State exploration State Exploration and Theorem Proving Exhaustive exploration => result is certain (correctness or noncorrectness proof)
More informationNested Interpolants. Matthias Heizmann Jochen Hoenicke Andreas Podelski POPL University of Freiburg, Germany
Nested Interpolants Matthias Heizmann Jochen Hoenicke Andreas Podelski University of Freiburg, Germany POPL 2010 Result Interpolant-based software model checking for recursive programs avoid construction
More informationBoolean decision diagrams and SAT-based representations
Boolean decision diagrams and SAT-based representations 4th July 200 So far we have seen Kripke Structures 2 Temporal logics (and their semantics over Kripke structures) 3 Model checking of these structures
More informationIntroduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either
Introduction to Temporal Logic The purpose of temporal logics is to specify properties of dynamic systems. These can be either Desired properites. Often liveness properties like In every infinite run action
More informationTuring Machine Recap
Turing Machine Recap DFA with (infinite) tape. One move: read, write, move, change state. High-level Points Church-Turing thesis: TMs are the most general computing devices. So far no counter example Every
More informationLecture 9: The Splitting Method for SAT
Lecture 9: The Splitting Method for SAT 1 Importance of SAT Cook-Levin Theorem: SAT is NP-complete. The reason why SAT is an important problem can be summarized as below: 1. A natural NP-Complete problem.
More informationLogical agents. Chapter 7. Chapter 7 1
Logical agents Chapter 7 Chapter 7 Outline Knowledge-based agents Wumpus world Logic in general models and entailment Propositional (Boolean) logic Equivalence, validity, satisfiability Inference rules
More informationSolving Constrained Horn Clauses using Interpolation
Solving Constrained Horn Clauses using Interpolation MSR-TR-2013-6 Kenneth L. McMillan Micrsoft Research Andrey Rybalchenko Technische Universität München Abstract We present an interpolation-based method
More informationEssential facts about NP-completeness:
CMPSCI611: NP Completeness Lecture 17 Essential facts about NP-completeness: Any NP-complete problem can be solved by a simple, but exponentially slow algorithm. We don t have polynomial-time solutions
More informationAutomata Theory CS Complexity Theory I: Polynomial Time
Automata Theory CS411-2015-17 Complexity Theory I: Polynomial Time David Galles Department of Computer Science University of San Francisco 17-0: Tractable vs. Intractable If a problem is recursive, then
More informationAutomata-based Verification - III
COMP30172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2009 Third Topic Infinite Word Automata Motivation Büchi Automata
More informationFirst-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms
First-Order Logic 1 Syntax Domain of Discourse The domain of discourse for first order logic is FO structures or models. A FO structure contains Relations Functions Constants (functions of arity 0) FO
More informationLogical agents. Chapter 7. Chapter 7 1
Logical agents Chapter 7 Chapter 7 1 Outline Knowledge-based agents Logic in general models and entailment Propositional (oolean) logic Equivalence, validity, satisfiability Inference rules and theorem
More information6.841/18.405J: Advanced Complexity Wednesday, February 12, Lecture Lecture 3
6.841/18.405J: Advanced Complexity Wednesday, February 12, 2003 Lecture Lecture 3 Instructor: Madhu Sudan Scribe: Bobby Kleinberg 1 The language MinDNF At the end of the last lecture, we introduced the
More informationConjunctive Normal Form and SAT
Notes on Satisfiability-Based Problem Solving Conjunctive Normal Form and SAT David Mitchell mitchell@cs.sfu.ca October 4, 2015 These notes are a preliminary draft. Please use freely, but do not re-distribute
More informationSolving SAT Modulo Theories
Solving SAT Modulo Theories R. Nieuwenhuis, A. Oliveras, and C.Tinelli. Solving SAT and SAT Modulo Theories: from an Abstract Davis-Putnam-Logemann-Loveland Procedure to DPLL(T) Mooly Sagiv Motivation
More informationIntelligent Agents. Pınar Yolum Utrecht University
Intelligent Agents Pınar Yolum p.yolum@uu.nl Utrecht University Logical Agents (Based mostly on the course slides from http://aima.cs.berkeley.edu/) Outline Knowledge-based agents Wumpus world Logic in
More informationPredicate Calculus. Formal Methods in Verification of Computer Systems Jeremy Johnson
Predicate Calculus Formal Methods in Verification of Computer Systems Jeremy Johnson Outline 1. Motivation 1. Variables, quantifiers and predicates 2. Syntax 1. Terms and formulas 2. Quantifiers, scope
More informationPlanning as Satisfiability
Planning as Satisfiability Alan Fern * Review of propositional logic (see chapter 7) Planning as propositional satisfiability Satisfiability techniques (see chapter 7) Combining satisfiability techniques
More informationAn Introduction to Z3
An Introduction to Z3 Huixing Fang National Trusted Embedded Software Engineering Technology Research Center April 12, 2017 Outline 1 SMT 2 Z3 Huixing Fang (ECNU) An Introduction to Z3 April 12, 2017 2
More informationPropositional Logic. Testing, Quality Assurance, and Maintenance Winter Prof. Arie Gurfinkel
Propositional Logic Testing, Quality Assurance, and Maintenance Winter 2018 Prof. Arie Gurfinkel References Chpater 1 of Logic for Computer Scientists http://www.springerlink.com/content/978-0-8176-4762-9/
More informationTDT4136 Logic and Reasoning Systems
TDT436 Logic and Reasoning Systems Chapter 7 - Logic gents Lester Solbakken solbakke@idi.ntnu.no Norwegian University of Science and Technology 06.09.0 Lester Solbakken TDT436 Logic and Reasoning Systems
More informationThe Impact of Craig s Interpolation Theorem. in Computer Science
The Impact of Craig s Interpolation Theorem in Computer Science Cesare Tinelli tinelli@cs.uiowa.edu The University of Iowa Berkeley, May 2007 p.1/28 The Role of Logic in Computer Science Mathematical logic
More informationMathematical Preliminaries. Sipser pages 1-28
Mathematical Preliminaries Sipser pages 1-28 Mathematical Preliminaries This course is about the fundamental capabilities and limitations of computers. It has 3 parts 1. Automata Models of computation
More informationRefinement of Trace Abstraction
Refinement of Trace Abstraction Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski University of Freiburg, Germany Abstract. We present a new counterexample-guided abstraction refinement scheme.
More informationTheorem Proving beyond Deduction
Theorem Proving beyond Deduction Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität
More information