Proving that programs eventually do something good. Byron Cook
Size: px
Start display at page:

Download "Proving that programs eventually do something good. Byron Cook"

Transcription

1 Proving that programs eventually do something good Byron Cook 1

2 Collaborators Domagoj Babic, Josh Berdine, Aziem Chawdhary, Dino Distefano, Alexey Gotsman, Sumit Gulwani, Alan Hu, Samin Ishtiaq, Eric Koskinen, Tal Lev-Ami, Peter O Hearn, Matthew Parkinson, Andreas Podelski, Zvonimir Rakameric, Andrey Rybalchenko, Mooly Sagiv, Moshe Vardi, Viktor Vafeiadis, Hongseok Yang, & the East London Massive. 2

3 Collaborators Domagoj Babic, Josh Berdine, Aziem Chawdhary, Dino Distefano, Alexey Gotsman, Sumit Gulwani, Alan Hu, Samin Ishtiaq, Eric Koskinen, Tal Lev-Ami, Peter O Hearn, Matthew Parkinson, Andreas Podelski, Zvonimir Rakameric, Andrey Rybalchenko, Mooly Sagiv, Moshe Vardi, Viktor Vafeiadis, Hongseok Yang, & the East London Massive. 3

4 Formal verification 4

5 Formal verification 5

6 Automatic formal verification View artifact of interest as a mathematical system: Software Hardware Biological system etc Build tools that find proofs of correctness using mathematics and logic 100% testing coverage Faster and more scalable than brute force Allows for 100% coverage even for infinite-state systems 6

7 Example property The parallel port device driver s event-handling routine only calls KeReleaseSpinLock() when IRQL=PASSIVE 7

8 Example property The parallel port device driver s event-handling routine only calls KeReleaseSpinLock() when IRQL=PASSIVE 8

9 Example property The parallel port device driver s event-handling routine only calls KeReleaseSpinLock() when IRQL=PASSIVE 9

10 Example property The parallel port device driver s event-handling routine only calls KeReleaseSpinLock() when IRQL=PASSIVE 10

11 Example property The mouse device driver s event-handling routine always eventually terminates 11

12 Example property The mouse device driver s event-handling routine always eventually terminates 12

13 Example property The mouse device driver s event-handling routine always eventually terminates 13

14 Example property The mouse device driver s event-handling routine always eventually terminates 14

15 Example property The mouse device driver s event-handling routine always eventually terminates 15

16 Formal verification 16

17 Formal verification 17

18 Formal verification 18

19 Outline Introduction Termination basics New advances for program termination proving Proving termination argument validity Finding termination arguments Conclusion 19

20 Outline Introduction Termination basics New advances for program termination proving Proving termination argument validity Finding termination arguments Conclusion 20

21 Proving termination Traditional termination proving method originally proposed by the forefathers of computing E.g. Turing, Checking a large routine,

22 Proving termination Traditional termination proving method originally proposed by the forefathers of computing E.g. Turing, Checking a large routine,

23 Proving termination R 23

24 Proving termination R 24

25 Proving termination 25

26 Proving termination 26

27 Proving termination 27

28 Proving termination 28

29 Proving termination f 29

30 Proving termination f f f f f f 30

31 Proving termination 31

32 Proving termination 32

33 Proving termination f > R f 33

34 Proving termination f > R f 34

35 Proving termination 35

36 Proving termination f > R f 36

37 Proving termination 37

38 Outline Introduction Termination basics New advances for program termination proving Proving termination argument validity Finding termination arguments Conclusion 38

39 Outline Introduction Termination basics & history New advances for program termination proving Proving termination argument validity Finding termination arguments Conclusion 39

40 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 40

41 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 41

42 Automating the search for proofs Transition relations must be computed Technically, computing is undeciable, so we must find a sound over-approximation using available techniques: represents an infinite set of states, but has a compact expression 42

43 Automating the search for proofs Transition relations must be computed Technically, computing is undeciable, so we must find a sound over-approximation using available techniques: represents an infinite set of states, but has a compact expression 43

44 Automating the search for proofs Transition relations must be computed Technically, computing is undeciable, so we must find a sound over-approximation using available techniques: represents an infinite set of states, but has a compact expression 44

45 Automating the search for proofs Transition relations must be computed Technically, computing is undeciable, so we must find a sound over-approximation using available techniques: represents an infinite set of states, but has a compact expression 45

46 Automating the search for proofs We use an over-approximation of the transition relation Since, we can prove termination by showing 46 Meaning: there might be unrealistic transitions that we have to worry about R

47 Automating the search for proofs In practice, its extremely hard to find the right overapproximation Luckily: recent breakthroughs in safety proving now make this possible. In fact: the checking the validity of a termination argument can be directly encoded as a safety property Tools like SLAM can be used to prove validity 47

48 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 48

49 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 49

50 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 50

51 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 51

52 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 52

53 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 53

54 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 54

55 Modular termination arguments 55

56 Modular termination arguments 56

57 Modular termination arguments 57

58 Modular termination arguments 58

59 Modular termination arguments f f 59

60 Modular termination arguments f f or g or h h g 60

61 Modular termination arguments f f or g or h h g 61

62 Modular termination arguments Modularity gives us freedom when looking for valid arguments Strategy: refinement based on failed attempts Start with empty termination argument Check inclusion If inclusion check succeeds, termination has been proved If it fails, synthesize a new ranking function from a counterexample and add it in Go to start 62

63 Modular termination arguments 63

64 Modular termination arguments X 64

65 Modular termination arguments X 65

66 Modular termination arguments X f f 66

67 Modular termination arguments X f f 67

68 Modular termination arguments X f f 68

69 Modular termination arguments X f f 69

70 Modular termination arguments X 70

71 Modular termination arguments X X 71

72 Modular termination arguments X X 72

73 Modular termination arguments X g g 73

74 Modular termination arguments X X g g 74

75 Modular termination arguments X g g 75

76 Modular termination arguments X 76

77 Modular termination arguments X 77

78 Modular termination arguments X h h 78

79 Modular termination arguments X h h 79

80 Modular termination arguments 80

81 Modular termination arguments 81

82 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 82

83 Automating the search for proofs Difficulties: Proving the inclusion undecidable in theory) is hard in practice (and Finding an such that is even harder in practice (and undecidable in theory) 83

84 Terminator copied = 0;... while(x<y) { if x = (!copied) f(x,y); { g(&y,x); if (*) { } H[x] = x; H[y] = y; copied = 1; } } else { assert(t1 T2 T3); } 84 copied = 0;

85 85

86 86

87 87

88 88

89 89

90 Examples 90

91 Examples 91

92 Examples 92

93 Examples 93

94 Examples 94

95 Examples 95

96 Examples 96

97 Examples 97

98 Examples 98

99 Misunderstanding the halting problem 99

100 Misunderstanding the halting problem Terminator

101 Misunderstanding the halting problem Terminator

102 Misunderstanding the halting problem Terminator 2006 X X X X X X X 102

103 Misunderstanding the halting problem Terminator 2006 X X X X X X X 103

104 Misunderstanding the halting problem Terminator 2006 X X X X X X X 104

105 Misunderstanding the halting problem Terminator 2006 X X X X X X X 105

106 Misunderstanding the halting problem Terminator 2006 X X X X X X X 106

107 Misunderstanding the halting problem 107

108 Misunderstanding the halting problem 108

109 Misunderstanding the halting problem 109

110 Misunderstanding the halting problem 110

111 Misunderstanding the halting problem 111

112 Misunderstanding the halting problem 112

113 Misunderstanding the halting problem 113

114 Misunderstanding the halting problem 114

115 Misunderstanding the halting problem 115

116 Misunderstanding the halting problem 116

117 Misunderstanding the halting problem 117

118 Misunderstanding the halting problem? 118

119 Misunderstanding the halting problem? 119

120 Misunderstanding the halting problem Automatic searches for proofs of program termination don t make for exciting demos Termination bugs found from failed proof attempts are usually more entertaining 120

121 Misunderstanding the halting problem 121

122 Misunderstanding the halting problem 122

123 Misunderstanding the halting problem 123

124 Misunderstanding the halting problem 124

125 Misunderstanding the halting problem 125

126 Misunderstanding the halting problem 126

127 Misunderstanding the halting problem 127

128 Misunderstanding the halting problem 128

129 Misunderstanding the halting problem 129

130 Misunderstanding the halting problem 130

131 Misunderstanding the halting problem 131

132 Misunderstanding the halting problem 132

133 Misunderstanding the halting problem 133

134 Misunderstanding the halting problem 134

135 Misunderstanding the halting problem 135

136 Misunderstanding the halting problem 136

137 Outline Introduction Termination basics & history New advances for program termination proving Proving termination argument validity Finding termination arguments Conclusion 137

138 Outline Introduction Termination basics & history New advances for program termination proving Proving termination argument validity Finding termination arguments Conclusion 138

139 Future work Previous wisdom: proving termination for industrial systems code is impossible Now people are beginning to think that it s effectively solved. Much left to do, including Complex data structures (safety) Infinite-state systems w/ bit vectors (safety) Binaries (safety) Non-linear systems (liveness and safety) Better support for concurrent programs Modern programming features (e.g. closures) Finding preconditions to termination Scalability, performance, precision 139

140 Future work Termination proving is at the heart of many undecidable problems (e.g. Wang s tiling problem) Modern termination proving techniques could potentially be used to building working tools Challenge: black-box solutions to undecidable problems die in the most unpredictable ways 140

141 Conclusion Conventional wisdom about termination overturned Undecidable does not mean we cannot soundly approximate a solution Terminator shows that automatic termination proving is not hopeless for industrial systems code Current state-of-the-art solutions based on Abstraction search for safety property verification (e.g. SLAM) Farkas-based linear rank function synthesis Ramsey-based modular termination arguments Separation Logic based data structure analysis 141

142 For more information Research papers Recorded technical lectures Contact details CACM review article 142

Similar documents

List reversal: back into the frying pan

List reversal: back into the frying pan List reversal: back into the frying pan Richard Bornat March 20, 2006 Abstract More than thirty years ago Rod Burstall showed how to do a proof of a neat little program, shown in a modern notation in figure

More information

Constraint Solving for Program Verification: Theory and Practice by Example

Constraint Solving for Program Verification: Theory and Practice by Example Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions

More information

Constraint Solving for Program Verification: Theory and Practice by Example

Constraint Solving for Program Verification: Theory and Practice by Example Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions

More information

Ranking Abstractions

Ranking Abstractions Ranking Abstractions Aziem Chawdhary 1, Byron Cook 2, Sumit Gulwani 2, Mooly Sagiv 3, and Hongseok Yang 1 1 Queen Mary, University of London 2 Microsoft Research 3 Tel Aviv University Abstract. We propose

More information

Disproving Termination with Overapproximation

Disproving Termination with Overapproximation Disproving Termination with Overapproximation Byron Cook Carsten Fuhs Kaustubh Nimkar Peter O Hearn University College London Microsoft Research FMCAD 2014, Lausanne, Switzerland, 24 October 2014 Proving

More information

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1 using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models

More information

Introduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014

Introduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014 Introduction Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2013/2014 P. Cabalar ( Department Introduction of Computer Science University of Corunna, SPAIN2013/2014

More information

Scalable Shape Analysis For Systems Code

Scalable Shape Analysis For Systems Code Scalable Shape Analysis For Systems Code Hongseok Yang 1, Oukseh Lee 2, Josh Berdine 3, Cristiano Calcagno 4, Byron Cook 3, Dino Distefano 1, and Peter O Hearn 1 1 Queen Mary, Univ. of London 2 Hanyang

More information

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa Scalable and Accurate Verification of Data Flow Systems Cesare Tinelli The University of Iowa Overview AFOSR Supported Research Collaborations NYU (project partner) Chalmers University (research collaborator)

More information

Model Checking. Boris Feigin March 9, University College London

Model Checking. Boris Feigin March 9, University College London b.feigin@cs.ucl.ac.uk University College London March 9, 2005 Outline 1 2 Techniques Symbolic 3 Software 4 Vs. Deductive Verification Summary Further Reading In a nutshell... Model checking is a collection

More information

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013 Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions Continued 2.1.1 The Satisfiability Problem SAT 2.1.1.1 Propositional Formulas Definition 2.1.1. Consider a set of

More information

Algorithmic verification

Algorithmic verification Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification

More information

Transition Predicate Abstraction and Fair Termination

Transition Predicate Abstraction and Fair Termination Transition Predicate Abstraction and Fair Termination Andreas Podelski and Andrey Rybalchenko Max-Planck-Institut für Informatik Saarbrücken, Germany POPL 2005 ETH Zürich Can Ali Akgül 2009 Introduction

More information

Model Checking: An Introduction

Model Checking: An Introduction Model Checking: An Introduction Meeting 3, CSCI 5535, Spring 2013 Announcements Homework 0 ( Preliminaries ) out, due Friday Saturday This Week Dive into research motivating CSCI 5535 Next Week Begin foundations

More information

SeLoger: A Tool for Graph-Based Reasoning in Separation Logic

SeLoger: A Tool for Graph-Based Reasoning in Separation Logic SeLoger: A Tool for Graph-Based Reasoning in Separation Logic Christoph Haase 1, Samin Ishtiaq 2, Joël Ouaknine 3, and Matthew J. Parkinson 2 1 LSV CNRS & ENS Cachan, France 2 Microsoft Research Cambridge,

More information

From Separation Logic to Systems Software

From Separation Logic to Systems Software From Separation Logic to Systems Software Peter O Hearn, Queen Mary Based on work of the SpaceInvader team: Cristiano Calcagno, Dino Distefano, Hongseok Yang, and me Special thanks to our SLAyer colleagues

More information

Variance Analyses from Invariance Analyses

Variance Analyses from Invariance Analyses Variance Analyses from Invariance Analyses Josh Berdine Microsoft Research jjb@microsoft.com Aziem Chawdhary Queen Mary, University of London aziem@dcs.qmul.ac.uk Byron Cook Microsoft Research bycook@microsoft.com

More information

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004

More information

CS 361 Meeting 26 11/10/17

CS 361 Meeting 26 11/10/17 CS 361 Meeting 26 11/10/17 1. Homework 8 due Announcements A Recognizable, but Undecidable Language 1. Last class, I presented a brief, somewhat inscrutable proof that the language A BT M = { M w M is

More information

CSCI3390-Lecture 6: An Undecidable Problem

CSCI3390-Lecture 6: An Undecidable Problem CSCI3390-Lecture 6: An Undecidable Problem September 21, 2018 1 Summary The language L T M recognized by the universal Turing machine is not decidable. Thus there is no algorithm that determines, yes or

More information

1 Acceptance, Rejection, and I/O for Turing Machines

1 Acceptance, Rejection, and I/O for Turing Machines 1 Acceptance, Rejection, and I/O for Turing Machines Definition 1.1 (Initial Configuration) If M = (K,Σ,δ,s,H) is a Turing machine and w (Σ {, }) then the initial configuration of M on input w is (s, w).

More information

Decision Problems with TM s. Lecture 31: Halting Problem. Universe of discourse. Semi-decidable. Look at following sets: CSCI 81 Spring, 2012

Decision Problems with TM s. Lecture 31: Halting Problem. Universe of discourse. Semi-decidable. Look at following sets: CSCI 81 Spring, 2012 Decision Problems with TM s Look at following sets: Lecture 31: Halting Problem CSCI 81 Spring, 2012 Kim Bruce A TM = { M,w M is a TM and w L(M)} H TM = { M,w M is a TM which halts on input w} TOTAL TM

More information

Definition: Alternating time and space Game Semantics: State of machine determines who

Definition: Alternating time and space Game Semantics: State of machine determines who CMPSCI 601: Recall From Last Time Lecture Definition: Alternating time and space Game Semantics: State of machine determines who controls, White wants it to accept, Black wants it to reject. White wins

More information

Warm-Up Problem. Is the following true or false? 1/35

Warm-Up Problem. Is the following true or false? 1/35 Warm-Up Problem Is the following true or false? 1/35 Propositional Logic: Resolution Carmen Bruni Lecture 6 Based on work by J Buss, A Gao, L Kari, A Lubiw, B Bonakdarpour, D Maftuleac, C Roberts, R Trefler,

More information

Undecidability. Almost all Languages are undecidable. Question: Is it just weird languages that no one would care about which are undecidable?

Undecidability. Almost all Languages are undecidable. Question: Is it just weird languages that no one would care about which are undecidable? 15-251: Great Theoretical Ideas in Computer Science Lecture 7 Undecidability Almost all Languages are undecidable Set of all languages: Set of all dec. lang.: Most languages do not have a TM deciding them

More information

Limits of Computability

Limits of Computability Limits of Computability Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at Wolfgang Schreiner

More information

An Informal introduction to Formal Verification

An Informal introduction to Formal Verification An Informal introduction to Formal Verification Osman Hasan National University of Sciences and Technology (NUST), Islamabad, Pakistan O. Hasan Formal Verification 2 Agenda q Formal Verification Methods,

More information

Methods for Software Verification. Andrea Corradini Gian Luigi Ferrari. Second Semester 6 CFU

Methods for Software Verification. Andrea Corradini Gian Luigi Ferrari. Second Semester 6 CFU Methods for Software Verification Andrea Corradini Gian Luigi Ferrari Second Semester 6 CFU. The importance of Software Correctness Increasing integration of ICT in different applications: Embedded systems

More information

Transition Predicate Abstraction and Fair Termination

Transition Predicate Abstraction and Fair Termination Transition Predicate Abstraction and Fair Termination ANDREAS PODELSKI Max-Planck-Institut für Informatik, Saarbrücken and ANDREY RYBALCHENKO Ecole Polytechnique Fédérale de Lausanne Max-Planck-Institut

More information

Nonlinear Control as Program Synthesis (A Starter)

Nonlinear Control as Program Synthesis (A Starter) Nonlinear Control as Program Synthesis (A Starter) Sicun Gao MIT December 15, 2014 Preliminaries Definition (L RF ) L RF is the first-order language over the reals that allows arbitrary numerically computable

More information

The Polyranking Principle

The Polyranking Principle The Polyranking Principle Aaron R. Bradley, Zohar Manna, and Henny B. Sipma Computer Science Department Stanford University Stanford, CA 94305-9045 {arbrad,zm,sipma}@theory.stanford.edu Abstract. Although

More information

CSE 311 Lecture 28: Undecidability of the Halting Problem. Emina Torlak and Kevin Zatloukal

CSE 311 Lecture 28: Undecidability of the Halting Problem. Emina Torlak and Kevin Zatloukal CSE 311 Lecture 28: Undecidability of the Halting Problem Emina Torlak and Kevin Zatloukal 1 Topics Final exam Logistics, format, and topics. Countability and uncomputability A quick recap of Lecture 27.

More information

CS 267: Automated Verification. Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan

CS 267: Automated Verification. Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan CS 267: Automated Verification Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan What do these people have in common? 2013 Leslie Lamport 2007 Clarke, Edmund

More information

The Turing Machine. Computability. The Church-Turing Thesis (1936) Theory Hall of Fame. Theory Hall of Fame. Undecidability

The Turing Machine. Computability. The Church-Turing Thesis (1936) Theory Hall of Fame. Theory Hall of Fame. Undecidability The Turing Machine Computability Motivating idea Build a theoretical a human computer Likened to a human with a paper and pencil that can solve problems in an algorithmic way The theoretical provides a

More information

Inductive Theorem Proving

Inductive Theorem Proving Introduction Inductive Proofs Automation Conclusion Automated Reasoning P.Papapanagiotou@sms.ed.ac.uk 11 October 2012 Introduction Inductive Proofs Automation Conclusion General Induction Theorem Proving

More information

Introduction to Turing Machines

Introduction to Turing Machines Introduction to Turing Machines Deepak D Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 12 November 2015 Outline 1 Turing Machines 2 Formal definitions 3 Computability

More information

Can we measure the difficulty of an optimization problem?

Can we measure the difficulty of an optimization problem? 1 / 22 Can we measure the difficulty of an optimization problem? *, Tom Everitt**, and Marcus Hutter*** * Dept. of Electrical and Electronic Engineering The University of Melbourne ** Department of Mathematics

More information

Recognizing Safety and Liveness by Alpern and Schneider

Recognizing Safety and Liveness by Alpern and Schneider Recognizing Safety and Liveness by Alpern and Schneider Calvin Deutschbein 17 Jan 2017 1 Intro 1.1 Safety What is safety? Bad things do not happen For example, consider the following safe program in C:

More information

Verifying Safety Properties of Hybrid Systems.

Verifying Safety Properties of Hybrid Systems. Verifying Safety Properties of Hybrid Systems. Sriram Sankaranarayanan University of Colorado, Boulder, CO. October 22, 2010. Talk Outline 1. Formal Verification 2. Hybrid Systems 3. Invariant Synthesis

More information

Lecture 20: conp and Friends, Oracles in Complexity Theory

Lecture 20: conp and Friends, Oracles in Complexity Theory 6.045 Lecture 20: conp and Friends, Oracles in Complexity Theory 1 Definition: conp = { L L NP } What does a conp computation look like? In NP algorithms, we can use a guess instruction in pseudocode:

More information

Abstractions and Decision Procedures for Effective Software Model Checking

Abstractions and Decision Procedures for Effective Software Model Checking Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture

More information

Automata-based Verification - III

Automata-based Verification - III COMP30172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2009 Third Topic Infinite Word Automata Motivation Büchi Automata

More information

6.045J/18.400J: Automata, Computability and Complexity. Quiz 2. March 30, Please write your name in the upper corner of each page.

6.045J/18.400J: Automata, Computability and Complexity. Quiz 2. March 30, Please write your name in the upper corner of each page. 6.045J/18.400J: Automata, Computability and Complexity March 30, 2005 Quiz 2 Prof. Nancy Lynch Please write your name in the upper corner of each page. Problem Score 1 2 3 4 5 6 Total Q2-1 Problem 1: True

More information

Final Exam Comments. UVa - cs302: Theory of Computation Spring < Total

Final Exam Comments. UVa - cs302: Theory of Computation Spring < Total UVa - cs302: Theory of Computation Spring 2008 Final Exam Comments < 50 50 59 60 69 70 79 80 89 90 94 95-102 Total 2 6 8 22 16 16 12 Problem 1: Short Answers. (20) For each question, provide a correct,

More information

Decidable Languages - relationship with other classes.

Decidable Languages - relationship with other classes. CSE2001, Fall 2006 1 Last time we saw some examples of decidable languages (or, solvable problems). Today we will start by looking at the relationship between the decidable languages, and the regular and

More information

Predicate Abstraction and Refinement for Verifying Multi-Threaded Programs

Predicate Abstraction and Refinement for Verifying Multi-Threaded Programs Predicate Abstraction and Refinement for Verifying Multi-Threaded Programs Ashutosh Gupta Corneliu Popeea Andrey Rybalchenko Institut für Informatik, Technische Universität München Germany {guptaa,popeea,rybal}@in.tum.de

More information

The Abstract Domain of Segmented Ranking Functions

The Abstract Domain of Segmented Ranking Functions The Abstract Domain of Segmented Ranking Functions Caterina Urban To cite this version: Caterina Urban. The Abstract Domain of Segmented Ranking Functions. Logozzo, Francesco and Fähndrich, Manuel. Static

More information

Size-Change Termination and Transition Invariants

Size-Change Termination and Transition Invariants Size-Change Termination and Transition Invariants Matthias Heizmann 1, Neil D. Jones 2, and Andreas Podelski 1 1 University of Freiburg, Germany 2 University of Copenhagen, Denmark Abstract. Two directions

More information

Definition: Alternating time and space Game Semantics: State of machine determines who

Definition: Alternating time and space Game Semantics: State of machine determines who CMPSCI 601: Recall From Last Time Lecture 3 Definition: Alternating time and space Game Semantics: State of machine determines who controls, White wants it to accept, Black wants it to reject. White wins

More information

NP-Complete and Non-Computable Problems. COMP385 Dr. Ken Williams

NP-Complete and Non-Computable Problems. COMP385 Dr. Ken Williams NP-Complete and Non-Computable Problems COMP385 Dr. Ken Williams Start by doing what s necessary; then do what s possible; and suddenly you are doing the impossible. Francis of Assisi Our Goal Define classes

More information

Explain: A Tool for Performing Abductive Inference

Explain: A Tool for Performing Abductive Inference Explain: A Tool for Performing Abductive Inference Isil Dillig and Thomas Dillig {idillig, tdillig}@cs.wm.edu Computer Science Department, College of William & Mary Abstract. This paper describes a tool

More information

FAIRNESS FOR INFINITE STATE SYSTEMS

FAIRNESS FOR INFINITE STATE SYSTEMS FAIRNESS FOR INFINITE STATE SYSTEMS Heidy Khlaaf University College London 1 FORMAL VERIFICATION Formal verification is the process of establishing whether a system satisfies some requirements (properties),

More information

Transition Predicate Abstraction and Fair Termination

Transition Predicate Abstraction and Fair Termination Transition Predicate Abstraction and Fair Termination Andreas Podelski Andrey Rybalchenko Max-Planck-Institut für Informatik Saarbrücken, Germany ABSTRACT Predicate abstraction is the basis of many program

More information

arxiv: v1 [cs.lo] 29 May 2014

arxiv: v1 [cs.lo] 29 May 2014 Under consideration for publication in Theory and Practice of Logic Programming 1 arxiv:1405.7739v1 [cs.lo] 29 May 2014 (Quantified) Horn Constraint Solving for Program Verification and Synthesis Andrey

More information

The L-depth Eventual Linear Ranking Functions for Single-path Linear Constraint Loops

The L-depth Eventual Linear Ranking Functions for Single-path Linear Constraint Loops The L-depth Eventual Linear Ranking Functions for Single-path Linear Constraint Loops Yi Li, Guang Zhu and Yong Feng Key Laboratory of Automated Reasoning and Cognition CIGIT, CAS, Chongqing, China 4714

More information

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE 6341 1 Outline Introduction What are axiomatic semantics? First-order logic & assertions about states Results (triples)

More information

CSE 105 THEORY OF COMPUTATION

CSE 105 THEORY OF COMPUTATION CSE 105 THEORY OF COMPUTATION Spring 2017 http://cseweb.ucsd.edu/classes/sp17/cse105-ab/ Today's learning goals Sipser Ch 5.1 Define and explain core examples of decision problems: A DFA, E DFA, EQ DFA,

More information

IV. Turing Machine. Yuxi Fu. BASICS, Shanghai Jiao Tong University

IV. Turing Machine. Yuxi Fu. BASICS, Shanghai Jiao Tong University IV. Turing Machine Yuxi Fu BASICS, Shanghai Jiao Tong University Alan Turing Alan Turing (23Jun.1912-7Jun.1954), an English student of Church, introduced a machine model for effective calculation in On

More information

Ranked Predicate Abstraction for Branching Time. Complete, Incremental, and Precise

Ranked Predicate Abstraction for Branching Time. Complete, Incremental, and Precise : Complete, Incremental, and Precise Harald Fecher 1 Michael Huth 2 1 Christian-Albrechts-University at Kiel, Germany 2 Imperial College London, United Kingdom Beijing, ATVA 2006 Main Issues Foundation

More information

SAT, NP, NP-Completeness

SAT, NP, NP-Completeness CS 473: Algorithms, Spring 2018 SAT, NP, NP-Completeness Lecture 22 April 13, 2018 Most slides are courtesy Prof. Chekuri Ruta (UIUC) CS473 1 Spring 2018 1 / 57 Part I Reductions Continued Ruta (UIUC)

More information

Handouts. CS701 Theory of Computation

Handouts. CS701 Theory of Computation Handouts CS701 Theory of Computation by Kashif Nadeem VU Student MS Computer Science LECTURE 01 Overview In this lecturer the topics will be discussed including The Story of Computation, Theory of Computation,

More information

Eventual Linear Ranking Functions

Eventual Linear Ranking Functions Eventual Linear Ranking Functions Roberto BAGNARA 1 Fred MESNARD 2 1 BUGSENG & Dipartimento di Matematica e Informatica, Università di Parma, Italy 2 LIM, université de la Réunion, France PPDP 2013 Bagnara,

More information

Decidability and Undecidability

Decidability and Undecidability Decidability and Undecidability Major Ideas from Last Time Every TM can be converted into a string representation of itself. The encoding of M is denoted M. The universal Turing machine U TM accepts an

More information

Lecture 3: Reductions and Completeness

Lecture 3: Reductions and Completeness CS 710: Complexity Theory 9/13/2011 Lecture 3: Reductions and Completeness Instructor: Dieter van Melkebeek Scribe: Brian Nixon Last lecture we introduced the notion of a universal Turing machine for deterministic

More information

Automatic Verification of Parameterized Data Structures

Automatic Verification of Parameterized Data Structures Automatic Verification of Parameterized Data Structures Jyotirmoy V. Deshmukh, E. Allen Emerson and Prateek Gupta The University of Texas at Austin The University of Texas at Austin 1 Outline Motivation

More information

Turing Machines. Lecture 8

Turing Machines. Lecture 8 Turing Machines Lecture 8 1 Course Trajectory We will see algorithms, what can be done. But what cannot be done? 2 Computation Problem: To compute a function F that maps each input (a string) to an output

More information

Automata, Logic and Games: Theory and Application

Automata, Logic and Games: Theory and Application Automata, Logic and Games: Theory and Application 1. Büchi Automata and S1S Luke Ong University of Oxford TACL Summer School University of Salerno, 14-19 June 2015 Luke Ong Büchi Automata & S1S 14-19 June

More information

Parameterised! Linearisability Andrea Cerone

Parameterised! Linearisability Andrea Cerone ised! Linearisability Andrea Cerone Joint work with Alexey Gotsman and Hongseok Yang ICALP - Copenhagen, July 8th, 2014 A Simple Example Converting a sequential data structure into a concurrent one Trivial

More information

Software Verification

Software Verification Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA

More information

A Termination Checker for Isabelle Hoare Logic

A Termination Checker for Isabelle Hoare Logic A Termination Checker for Isabelle Hoare Logic Jia Meng 1, Lawrence C. Paulson 2, and Gerwin Klein 3 1 National ICT Australia jia.meng@nicta.com.au 2 Computer Laboratory, University of Cambridge lp15@cam.ac.uk

More information

Program verification using Hoare Logic¹

Program verification using Hoare Logic¹ Program verification using Hoare Logic¹ Automated Reasoning - Guest Lecture Petros Papapanagiotou Part 2 of 2 ¹Contains material from Mike Gordon s slides: Previously on Hoare Logic A simple while language

More information

15-251: Great Theoretical Ideas in Computer Science Lecture 7. Turing s Legacy Continues

15-251: Great Theoretical Ideas in Computer Science Lecture 7. Turing s Legacy Continues 15-251: Great Theoretical Ideas in Computer Science Lecture 7 Turing s Legacy Continues Solvable with Python = Solvable with C = Solvable with Java = Solvable with SML = Decidable Languages (decidable

More information

Automata-based Verification - III

Automata-based Verification - III CS3172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20/22: email: howard.barringer@manchester.ac.uk March 2005 Third Topic Infinite Word Automata Motivation Büchi Automata

More information

CS154, Lecture 10: Rice s Theorem, Oracle Machines

CS154, Lecture 10: Rice s Theorem, Oracle Machines CS154, Lecture 10: Rice s Theorem, Oracle Machines Moral: Analyzing Programs is Really, Really Hard But can we more easily tell when some program analysis problem is undecidable? Problem 1 Undecidable

More information

Introduction to Axiomatic Semantics

Introduction to Axiomatic Semantics Introduction to Axiomatic Semantics Meeting 9, CSCI 5535, Spring 2009 Announcements Homework 3 is out, due Mon Feb 16 No domain theory! Homework 1 is graded Feedback attached 14.2 (mean), 13 (median),

More information

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹ Formal Verification Lecture 1: Introduction to Model Checking and Temporal Logic¹ Jacques Fleuriot jdf@inf.ed.ac.uk ¹Acknowledgement: Adapted from original material by Paul Jackson, including some additions

More information

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Bounded Model Checking with SAT/SMT Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Recap: Symbolic Model Checking with BDDs Method used by most industrial strength model checkers:

More information

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052

More information

Further discussion of Turing machines

Further discussion of Turing machines Further discussion of Turing machines In this lecture we will discuss various aspects of decidable and Turing-recognizable languages that were not mentioned in previous lectures. In particular, we will

More information

COEN6551: Formal Hardware Verification

COEN6551: Formal Hardware Verification COEN6551: Formal Hardware Verification Prof. Sofiène Tahar Hardware Verification Group Electrical and Computer Engineering Concordia University Montréal, Quebec CANADA Accident at Carbide plant, India

More information

Hoare Logic (I): Axiomatic Semantics and Program Correctness

Hoare Logic (I): Axiomatic Semantics and Program Correctness Hoare Logic (I): Axiomatic Semantics and Program Correctness (Based on [Apt and Olderog 1991; Gries 1981; Hoare 1969; Kleymann 1999; Sethi 199]) Yih-Kuen Tsay Dept. of Information Management National Taiwan

More information

Languages, regular languages, finite automata

Languages, regular languages, finite automata Notes on Computer Theory Last updated: January, 2018 Languages, regular languages, finite automata Content largely taken from Richards [1] and Sipser [2] 1 Languages An alphabet is a finite set of characters,

More information

Theory of Computation. Theory of Computation

Theory of Computation. Theory of Computation Theory of Computation Theory of Computation What is possible to compute? We can prove that there are some problems computers cannot solve There are some problems computers can theoretically solve, but

More information

Better termination proving through cooperation

Better termination proving through cooperation Better termination proving through cooperation Marc Brockschmidt, Byron Cook 2,3, and Carsten Fuhs 3 RWTH Aachen University 2 Microsoft Research Cambridge 3 University College London Abstract. One of the

More information

First-Order Theorem Proving and Vampire. Laura Kovács (Chalmers University of Technology) Andrei Voronkov (The University of Manchester)

First-Order Theorem Proving and Vampire. Laura Kovács (Chalmers University of Technology) Andrei Voronkov (The University of Manchester) First-Order Theorem Proving and Vampire Laura Kovács (Chalmers University of Technology) Andrei Voronkov (The University of Manchester) Outline Introduction First-Order Logic and TPTP Inference Systems

More information

Safety and Liveness Properties

Safety and Liveness Properties Safety and Liveness Properties Lecture #6 of Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling and Verification E-mail: katoen@cs.rwth-aachen.de November 5, 2008 c JPK Overview Lecture

More information

Algorithmic Verification of Stability of Hybrid Systems

Algorithmic Verification of Stability of Hybrid Systems Algorithmic Verification of Stability of Hybrid Systems Pavithra Prabhakar Kansas State University University of Kansas February 24, 2017 1 Cyber-Physical Systems (CPS) Systems in which software "cyber"

More information

1 Computational Problems

1 Computational Problems Stanford University CS254: Computational Complexity Handout 2 Luca Trevisan March 31, 2010 Last revised 4/29/2010 In this lecture we define NP, we state the P versus NP problem, we prove that its formulation

More information

Formal Verification of Mathematical Algorithms

Formal Verification of Mathematical Algorithms Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing

More information

Lecture Notes on Invariants for Arbitrary Loops

Lecture Notes on Invariants for Arbitrary Loops 15-414: Bug Catching: Automated Program Verification Lecture Notes on Invariants for Arbitrary Loops Matt Fredrikson Ruben Martins Carnegie Mellon University Lecture 5 1 Introduction The previous lecture

More information

Warm-Up Problem. Please fill out your Teaching Evaluation Survey! Please comment on the warm-up problems if you haven t filled in your survey yet.

Warm-Up Problem. Please fill out your Teaching Evaluation Survey! Please comment on the warm-up problems if you haven t filled in your survey yet. Warm-Up Problem Please fill out your Teaching Evaluation Survey! Please comment on the warm-up problems if you haven t filled in your survey yet Warm up: Given a program that accepts input, is there an

More information

λ Slide 1 Content Exercises from last time λ-calculus COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification

λ Slide 1 Content Exercises from last time λ-calculus COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Content COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ Slide 1 Intro & motivation, getting started [1] Foundations & Principles Lambda

More information

Lecture Notes: The Halting Problem; Reductions

Lecture Notes: The Halting Problem; Reductions Lecture Notes: The Halting Problem; Reductions COMS W3261 Columbia University 20 Mar 2012 1 Review Key point. Turing machines can be encoded as strings, and other Turing machines can read those strings

More information

Undecidability COMS Ashley Montanaro 4 April Department of Computer Science, University of Bristol Bristol, UK

Undecidability COMS Ashley Montanaro 4 April Department of Computer Science, University of Bristol Bristol, UK COMS11700 Undecidability Department of Computer Science, University of Bristol Bristol, UK 4 April 2014 COMS11700: Undecidability Slide 1/29 Decidability We are particularly interested in Turing machines

More information

2.6 Variations on Turing Machines

2.6 Variations on Turing Machines 2.6 Variations on Turing Machines Before we proceed further with our exposition of Turing Machines as language acceptors, we will consider variations on the basic definition of Slide 10 and discuss, somewhat

More information

Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language. Hongseok Yang (Queen Mary, Univ.

Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language. Hongseok Yang (Queen Mary, Univ. Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language Hongseok Yang (Queen Mary, Univ. of London) Dream Automatically verify the memory safety of systems software,

More information

Computational Models #1

Computational Models #1 Computational Models #1 Handout Mode Nachum Dershowitz & Yishay Mansour March 13-15, 2017 Nachum Dershowitz & Yishay Mansour Computational Models #1 March 13-15, 2017 1 / 41 Lecture Outline I Motivation

More information

Principles of Computing, Carnegie Mellon University. The Limits of Computing

Principles of Computing, Carnegie Mellon University. The Limits of Computing The Limits of Computing Intractability Limits of Computing Announcement Final Exam is on Friday 9:00am 10:20am Part 1 4:30pm 6:10pm Part 2 If you did not fill in the course evaluations please do it today.

More information

Computability and Complexity Theory: An Introduction

Computability and Complexity Theory: An Introduction Computability and Complexity Theory: An Introduction meena@imsc.res.in http://www.imsc.res.in/ meena IMI-IISc, 20 July 2006 p. 1 Understanding Computation Kinds of questions we seek answers to: Is a given

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback