counter examples
play

COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas - PowerPoint PPT Presentation

Oct 09, 2022 •446 likes •992 views

FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas

  1. FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas Cordeiro and Arilo Dias Netto

  2. Agenda 1. Introduction 2. Background 3. Proposed Method 4. Experimental Results 5. Related Work 6. Conclusions and Future Work UFAM/IComp/PPGI iFM'2012 2

  3. Introduction Software Applications UFAM/IComp/PPGI iFM'2012 3

  4. Introduction Model Checking  In the last few years, we can observe a trend towards the application of formal verification techniques to the implementation level ;  BMCs have gained popularity due to their ability to handle the full semantics of actual programming languages, and to support the verification of a rich set of properties . UFAM/IComp/PPGI iFM'2012 4

  5. Introduction And what are we proposing? The EZProofC Method  To apply a software bounded model checker , in this case ESBMC (Efficient SMT-Based Context-Bounded Model Checker);  To verify critical parts of a software written in the C programming language;  To gather data to show the evidence that failures might happen. UFAM/IComp/PPGI iFM'2012 5

  6. Introduction The motivation of this work - EZProofC  Data collected by verification tools is usually not trivial to be understood:  Amount of variables;  Values involved in the counter-example;  The lack of a standard output to represent the counter-example;  Our techniques can also be applied to other programming languages like C++ and Java UFAM/IComp/PPGI iFM'2012 6

  7. Agenda 1. Introduction 2. Background 3. Proposed Method 4. Experimental Results 5. Related Work 6. Conclusions and Future Work UFAM/IComp/PPGI iFM'2012 7

  8. Introduction -> Background Bounded Model Checking  The basic idea of BMC is to check ( the negation of ) a given property at a given depth.  Transition system 𝑁 unrolled 𝑙 times  for programs: unroll loops, unfold arrays, …  Translated into verification condition 𝝎 such that  𝝎 satisfiable iff 𝝌 has counterexample of max. depth 𝒍 . UFAM/IComp/PPGI iFM'2012 8

  9. Introduction -> Background Context-Bounded Model Checking with ESBMC ESBMC is a bounded model checker for embedded ANSI-C software based on SMT (Satisfiability Modulo Theories) solvers, which allows:  Data races;  Out-of-bounds array indexing;  Deadlocks;  Division by zero;  Underflow e Overflow;  Pointers safety  Dynamic memory allocation; UFAM/IComp/PPGI iFM'2012 9

  10. Introduction -> Background Counter-Example  A counter-example is a trace that shows that a given property does not hold in the model;  Counter-examples allow the user: i. to analyze the failure; ii. to understand the root of the error; iii. to correct either the specification or the model, in this case, from the property and the program that has been analyzed respectively. UFAM/IComp/PPGI iFM'2012 10

  11. Agenda 1. Introduction 2. Background 3. Proposed Method 4. Experimental Results 5. Related Work 6. Conclusions and Future Work UFAM/IComp/PPGI iFM'2012 11

  12. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 1 UFAM/IComp/PPGI iFM'2012 12

  13. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 2 1 UFAM/IComp/PPGI iFM'2012 13

  14. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 2 1 3 UFAM/IComp/PPGI iFM'2012 14

  15. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 2 4 1 3 UFAM/IComp/PPGI iFM'2012 15

  16. Introduction -> Background -> Proposed Method First Step: Code Preprocessing 1. # define INSIZE 14 UNCRUSTIFY 2. int main (void){ 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { 7. i=0; 8. idx_in++; 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; tTflag_arr_two_loops_bad.c 15. c = in[idx_in]; from Verisec benchmark 16. } 17. } 18. } UFAM/IComp/PPGI iFM'2012 16

  17. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC UFAM/IComp/PPGI iFM'2012 17

  18. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number UFAM/IComp/PPGI iFM'2012 18

  19. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number The variables involved UFAM/IComp/PPGI iFM'2012 19

  20. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number The variables involved The specific value for variable UFAM/IComp/PPGI iFM'2012 20

  21. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number The variables involved The specific value for variable Violated Property UFAM/IComp/PPGI iFM'2012 21

  22. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC 1. # define INSIZE 14 2. int main (void){ 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { 7. i=0; 8. idx_in++; 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; 15. c = in[idx_in]; 16. } Property “ idx_in < 15 ” that has 17. } been violated 18. } UFAM/IComp/PPGI iFM'2012 22

  23. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC 1. # define INSIZE 14 Define the BOUND 2. int main (void){ [0 .. 14] 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { 7. i=0; 8. idx_in++; 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; 15. c = in[idx_in]; 16. } Property “ idx_in < 15 ” that has 17. } been violated 18. } UFAM/IComp/PPGI iFM'2012 23

  24. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC 1. # define INSIZE 14 Define the BOUND 2. int main (void){ [0 .. 14] 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { Loop doesn't 7. i=0; control the value of 8. idx_in++; the variable 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; 15. c = in[idx_in]; 16. } Property “ idx_in < 15 ” that has 17. } been violated 18. } UFAM/IComp/PPGI iFM'2012 24

  25. Introduction -> Background -> Proposed Method Third Step: Code Instantiation 1. Input : Code, CE_Out The runtime complexity is 2. Output : New_instanced_code.c 𝑷(𝒐 + 𝒏) 3. 4. BEGIN 5. Analysis The counter-example (CE_Out) and C program to collect several 6. pieces of information 7. FOREACH line from the C program 8. IF the line number identified (counter-example) is equal to the line 9. number of the C program 10. IF the violated property is in a set of specific cases 11. Apply a Trigger for a specific case 12. Generate and write a new line using variable values from 13. counter-example 14. ELSE Generate and write a new line using variable values from 15. counter-example 16. ELSE Write the line from the C program 17. END UFAM/IComp/PPGI iFM'2012 25

  26. Introduction -> Background -> Proposed Method Third Step: Code Instantiation 1. Input : Code, CE_Out FIRST PHASE: Collect several pieces of 2. Output : New_instanced_code.c information 3. 4. BEGIN 5. Analysis The counter-example (CE_Out) and C program to collect several 6. pieces of information 7. FOREACH line from the C program 8. IF the line number identified (counter-example) is equal to the line line = 14, var =idx_in and 9. number of the C program 10. IF the violated property is in a set of specific cases value = 15 11. Apply a Trigger for a specific case 12. Generate and write a new line using variable values from 13. counter-example 14. ELSE Generate and write a new line using variable values from 15. counter-example 16. ELSE Write the line from the C program 17. END UFAM/IComp/PPGI iFM'2012 26

  27. Introduction -> Background -> Proposed Method Third Step: Code Instantiation 1. Input : Code, CE_Out SECOND PHASE: Generate a new 2. Output : New_instanced_code.c instanced code 3. 4. BEGIN 5. Analysis The counter-example (CE_Out) and C program to collect several 6. pieces of information 7. FOREACH line from the C program 8. IF the line number identified (counter-example) is equal to the line 9. number of the C program 10. IF the violated property is in a set of specific cases 11. Apply a Trigger for a specific case 12. Generate and write a new line using variable values from 13. counter-example 14. ELSE Generate and write a new line using variable values from 15. counter-example 16. ELSE Write the line from the C program 17. END UFAM/IComp/PPGI iFM'2012 27

Recommend

Does COUNTER tell the whole story? Case-by-case examples demonstrating the limitations of

Does COUNTER tell the whole story? Case-by-case examples demonstrating the limitations of

Does COUNTER tell the whole story? Case-by-case examples demonstrating the limitations of COUNTER, and suggestions for alternative evaluation metrics CARLI Spring Forum on Collections Data Analysis and Maintenance Governors State University,

467 views • 23 slides
Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples

Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples

Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples within classical plays Clment Lion. University of Lille, France clement.lion@univ-lille.fr Brouwer (1881-1966) explicitly rejected axiomatic

566 views • 23 slides
Preliminaries Counter-examples to the color-based approach A two-stage approach Discussion

Preliminaries Counter-examples to the color-based approach A two-stage approach Discussion

Outline Preliminaries Counter-examples to the color-based approach A two-stage approach Discussion Interpolation systems for non-ground proofs 1 Maria Paola Bonacina Dipartimento di Informatica Universit` a degli Studi di Verona Verona,

999 views • 44 slides
Counter-examples to the Hirsch conjecture arXiv:1006.2814 Francisco Santos

Counter-examples to the Hirsch conjecture arXiv:1006.2814 Francisco Santos

The conjecture Motivation: LP Why n d ? The construction (I) The construction(s) (II) Its limitations Conclusion Counter-examples to the Hirsch conjecture arXiv:1006.2814 Francisco Santos http://personales.unican.es/santosf/Hirsch

2.18k views • 161 slides
8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim (cj@coe.psu.ac.th) 8051 Timer/Counter Two internal Timers/Counters 16-bit timer/counter Timer uses system clock as source of input pulses Counter uses external

273 views • 8 slides
Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford University Joint work with: Yi Lu, Andrea Montanari , Sarang Dharmapurikar and Abdul Kabbani Overview Counter Braids Background: current

601 views • 30 slides
Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C

Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C

C.1 C.2 Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C Timers and Counters Can count at some rate up to a value, generate an interrupt and start over counting from 0. Useful for performing

402 views • 5 slides
Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do

Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do

Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do We Know if Counters are Working? Three common failures: Wrong counter (PAPI, Kernel, User) Counter works but gives wrong values Counter

376 views • 36 slides
LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

How to play: Each player puts their counter on the space that says 'START'. Take it in turns to roll the dice. Move your counter forward the number of spaces shown on the dice. If your counter lands at the bottom of a ladder, you can move up to

390 views • 5 slides
For Loops and Arrays November 13, 2008 Counting Initialize counter Test counter against limit

For Loops and Arrays November 13, 2008 Counting Initialize counter Test counter against limit

For Loops and Arrays November 13, 2008 Counting Initialize counter Test counter against limit int fireworkCount = 0; while (fireworkCount &lt; NUM_IN_FINALE) { new Firework (...); Repeating Task fireworkCount++; } Increment counter

527 views • 4 slides
Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA ESSLLI 2010, Copenhagen, August 2010 What is in the course? Analysis of Counter Systems

778 views • 65 slides
Verilog HDL:Digital Design and Modeling Chapter 11 Additional Design Examples Chapter 11

Verilog HDL:Digital Design and Modeling Chapter 11 Additional Design Examples Chapter 11

Chapter 11 Additional Design Examples 1 Verilog HDL:Digital Design and Modeling Chapter 11 Additional Design Examples Chapter 11 Additional Design Examples 2 Page 604 //structural 3-bit johnson counter module ctr_johnson3

1.05k views • 104 slides
Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata with finite monoid property and flatness St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9 MPRI

921 views • 56 slides
8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim (cj@coe.psu.ac.th) 8051 Serial Port Serial communications High speed CMOS signal levels Full duplex No modem status/control signals Registers SBUF Two

661 views • 7 slides
Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA ESSLLI 2010, Copenhagen, August 2010 Plan of the talk Previous lectures: CS,

823 views • 59 slides
Amortized Analysis The n-bit Counter 1 1 Problem of the Day Rob has a startup. Each time he

Amortized Analysis The n-bit Counter 1 1 Problem of the Day Rob has a startup. Each time he

Amortized Analysis The n-bit Counter 1 1 Problem of the Day Rob has a startup. Each time he gets a new user, he increments a giant stone counter his investors (VC) erected in downtown San Francisco that's a sequence of 6 stone tablets

1.05k views • 83 slides
Pro-Forestry Counter-Movement Study Overheads 2 3 COUNTER-MOVEMENT HYPOTHESES: VALUES 1.

Pro-Forestry Counter-Movement Study Overheads 2 3 COUNTER-MOVEMENT HYPOTHESES: VALUES 1.

Pro-Forestry Counter-Movement Study Overheads 2 3 COUNTER-MOVEMENT HYPOTHESES: VALUES 1. Preference for anthropocentric values is positively associated with level of identification with the countermovement. 2. Preference for

489 views • 13 slides
Reversal-Bounded Counter Machines St ephane Demri LSV, CNRS, ENS Cachan Workshop on Logics

Reversal-Bounded Counter Machines St ephane Demri LSV, CNRS, ENS Cachan Workshop on Logics

Reversal-Bounded Counter Machines St ephane Demri LSV, CNRS, ENS Cachan Workshop on Logics for Resource-Bounded Agents, Barcelona, August 2015 Overview Presburger Counter Machines Reversal-Bounded Counter Machines Verifying Temporal

534 views • 42 slides
EE 109 Unit 15 Subroutines Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF

EE 109 Unit 15 Subroutines Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF

1 2 EE 109 Unit 15 Subroutines Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF RELEVANT CONCEPTS Stacks 3 4 Review of Program Counter GPR's Used for Subroutine Support Assembler Name Reg. Number Description PC is

70 views • 6 slides
An asymptotic analysis of nonparametric divide-and-conquer methods Botond Szab and Harry van

An asymptotic analysis of nonparametric divide-and-conquer methods Botond Szab and Harry van

An asymptotic analysis of nonparametric divide-and-conquer methods Botond Szab and Harry van Zanten van Dantzig seminar, Delft, 06. 04. 2017. Table of contents 1 Motivation 2 Distributed methods: examples and counter examples Kernel density

651 views • 52 slides
Performance of the MCP-PMT for the Belle II TOP counter Kodai Matsuoka (KMI, Nagoya Univ.) S.

Performance of the MCP-PMT for the Belle II TOP counter Kodai Matsuoka (KMI, Nagoya Univ.) S.

Performance of the MCP-PMT for the Belle II TOP counter Kodai Matsuoka (KMI, Nagoya Univ.) S. Hirose, T. Iijima, K. Inami, Y. Kato, Y. Maeda, R. Mizuno, Y. Sato, K. Suzuki (Nagoya Univ.) 2 TOP (Time Of Propagation) counter A novel ring

186 views • 17 slides
Overview Narcotics Trafficking Operational picture Counter narcotics Strategies

Overview Narcotics Trafficking Operational picture Counter narcotics Strategies

UNCLASSIFIED Counter Narcotics Strategies and Operational Realities May 2009 Peter D. Burgess Counter Narcotics Project Office UNCLASSIFIED UNCLASSIFIED Overview Narcotics Trafficking Operational picture Counter narcotics

373 views • 12 slides
U.S. Counter-Piracy Program Policies and Regulations for US Commercial Fleet 1 US Government

U.S. Counter-Piracy Program Policies and Regulations for US Commercial Fleet 1 US Government

U.S. Counter-Piracy Program Policies and Regulations for US Commercial Fleet 1 US Government Interagency Counter-Piracy Action Plan CP Steering Group - Chaired by DOD/DOS and members from DHS (USCG), DOT (MARAD), and DOJ U.S. National

112 views • 8 slides
Final Project Using Scratch, design an app that teaches a concept to a K 12 student. Examples:

Final Project Using Scratch, design an app that teaches a concept to a K 12 student. Examples:

Final Project Using Scratch, design an app that teaches a concept to a K 12 student. Examples: Solar System simulator: http://scratch.mit.edu/projects/585103/ Dice probabilities: http://scratch.mit.edu/projects/25332454/ Change counter:

623 views • 5 slides

More recommend