cse507
play

CSE507 Computer-Aided Reasoning for Software Model Checking I - PowerPoint PPT Presentation

Dec 30, 2022 •143 likes •776 views

CSE507 Computer-Aided Reasoning for Software Model Checking I courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Symbolic execution and concolic testing 2 Today Last lecture

  1. CSE507 Computer-Aided Reasoning for Software Model Checking I courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu

  2. Today 2

  3. Today Last lecture • Symbolic execution and concolic testing 2

  4. Today Last lecture • Symbolic execution and concolic testing Today • Introduction to model checking 2

  5. Today Last lecture • Symbolic execution and concolic testing Today • Introduction to model checking Reminders • Homework 3 is due on Tuesday, November 18, at 11pm 2

  6. Today Last lecture • Symbolic execution and concolic testing You are already half- way through your final project, right? Today • Introduction to model checking Reminders • Homework 3 is due on Tuesday, November 18, at 11pm 2

  7. What is model checking? An automated technique for verifying that a concurrent M, s ⊨ P finite state system satisfies a given temporal property. 3

  8. What is model checking? An automated technique for verifying that a concurrent M, s ⊨ P finite state system satisfies a given temporal property. A mathematical model of the system, given as a Kripke structure (a finite state machine). 3

  9. What is model checking? A state of the system (e.g., an initial state). An automated technique for verifying that a concurrent M, s ⊨ P finite state system satisfies a given temporal property. A mathematical model of the system, given as a Kripke structure (a finite state machine). 3

  10. What is model checking? A temporal logic formula (e.g., a A state of the system request is eventually (e.g., an initial state). acknowledged). An automated technique for verifying that a concurrent M, s ⊨ P finite state system satisfies a given temporal property. A mathematical model of the system, given as a Kripke structure (a finite state machine). 3

  11. Why model checking? Model checking Classic & bounded verification • Reactive systems : concurrent • Deterministic, single-threaded, finite-state programs with possibly infinite-state, terminating ongoing input/output behavior. programs. • Control-intensive but without a lot • Fully described by their input/ of data manipulation. output behavior. • Fully automatic checking of • Semi-automatic or bounded- properties in less expressive automatic checking of properties (temporal) logics. in expressive logics (e.g., FOL). 4

  12. Why model checking? Model checking Classic & bounded verification • Reactive systems : concurrent • Deterministic, single-threaded, finite-state programs with possibly infinite-state, terminating ongoing input/output behavior. programs. • Control-intensive but without a lot • Fully described by their input/ of data manipulation. output behavior. • Fully automatic checking of • Semi-automatic or bounded- properties in less expressive automatic checking of properties (temporal) logics. in expressive logics (e.g., FOL). 4

  13. Why model checking? Model checking Classic & bounded verification • Reactive systems : concurrent • Deterministic, single-threaded, finite-state programs with possibly infinite-state, terminating ongoing input/output behavior. programs. • Control-intensive but without a lot • Fully described by their input/ of data manipulation. output behavior. • Fully automatic checking of • Semi-automatic or bounded- properties in less expressive automatic checking of properties (temporal) logics. in expressive logics (e.g., FOL). 4

  14. Why model checking? Model checking Classic & bounded verification • Reactive systems : concurrent • Deterministic, single-threaded, finite-state programs with possibly infinite-state, terminating ongoing input/output behavior. programs. • Control-intensive but without a lot • Fully described by their input/ of data manipulation. output behavior. • Fully automatic checking of • Semi-automatic or bounded- properties in less expressive automatic checking of properties (temporal) logics. in expressive logics (e.g., FOL). • Microprocessors and device drivers • Embedded controllers (e.g., cars, planes) • Protocols (e.g., cache coherence) 4

  15. Why model checking? Model checking Classic & bounded verification • Reactive systems : concurrent • Deterministic, single-threaded, finite-state programs with possibly infinite-state, terminating ongoing input/output behavior. programs. • Control-intensive but without a lot • Fully described by their input/ of data manipulation. output behavior. • Fully automatic checking of • Semi-automatic or bounded- properties in less expressive automatic checking of properties (temporal) logics. in expressive logics (e.g., FOL). • Microprocessors and device drivers • Libraries and ADT implementations • Embedded controllers (e.g., cars, planes) • Heap-manipulating programs (e.g., OO) • Protocols (e.g., cache coherence) • Tricky deterministic algorithms 4

  16. A brief history of model checking 1930 1960 1980 1990 2010 5

  17. A brief history of model checking Modern modal logic (Lewis). 1930 1960 1980 1990 2010 5

  18. A brief history of model checking Standard semantics for modal logics (Kripke). Modern modal logic (Lewis). Temporal logic (Prior). 1930 1960 1980 1990 2010 5

  19. A brief history of model checking 1977: Using LTL to reason about concurrent programs (Pnueli). 1981-82: Explicit-state model checking for CTL (Emerson & Clarke; Queille & Sifakis). 1985: Automata-theoretic approach for LTL Standard semantics model checking (Vardi & Wolper). for modal logics (Kripke). 1987: Symbolic model checking for CTL Modern modal (McMillan). logic (Lewis). Temporal logic (Prior). 1930 1960 1980 1990 2010 5

  20. A brief history of model checking 1977: Using LTL to reason about concurrent programs (Pnueli). 1981-82: Explicit-state model checking for CTL (Emerson & Clarke; Queille & Sifakis). 1985: Automata-theoretic approach for LTL Standard semantics model checking (Vardi & Wolper). for modal logics (Kripke). 1987: Symbolic model checking for CTL Modern modal (McMillan). logic (Lewis). Temporal logic (Prior). 1930 1960 1980 1990 2010 1989: SPIN (Holzmann) 1992: SMV (McMillan) 1994: Pentium bug 1995: Futurebus+ verified 5

  21. A brief history of model checking 1996: Pnueli wins the 2007: Clarke, Emerson Turing award “for seminal and Sifakis jointly win the work introducing Turing award “for their temporal logic into role in developing Model- computing science and for Checking into a highly outstanding contributions effective verification to program and system technology that is widely verification.” adopted in the hardware and software industries.” 1930 1960 1980 1990 2010 5

  22. Kripke structures 6

  23. Kripke structures A Kripke structure is a tuple M = ⟨ S, S 0 , R, L ⟩ 6

  24. Kripke structures A Kripke structure is a tuple M = ⟨ S, S 0 , R, L ⟩ • S is a finite set of states. 6

  25. Kripke structures A Kripke structure is a tuple M = ⟨ S, S 0 , R, L ⟩ • S is a finite set of states. • S 0 ⊆ S is the set of initial states. 6

  26. Kripke structures A Kripke structure is a tuple M = ⟨ S, S 0 , R, L ⟩ • S is a finite set of states. • S 0 ⊆ S is the set of initial states. • R ⊆ S × S is the transition relation, which must be total. 6

  27. Kripke structures A Kripke structure is a tuple M = ⟨ S, S 0 , R, L ⟩ a b • S is a finite set of states. • S 0 ⊆ S is the set of initial states. b c c • R ⊆ S × S is the transition relation, which must be total. • L : S ➝ 2 AP is a function that labels each state with a set of atomic propositions true in that state. 6

  28. Kripke structures A Kripke structure is a tuple M = ⟨ S, S 0 , R, L ⟩ a b • S is a finite set of states. • S 0 ⊆ S is the set of initial states. b c c • R ⊆ S × S is the transition relation, which must be total. • L : S ➝ 2 AP is a function that labels each state with a set of atomic propositions true in that state. A path in M is an infinite sequence of … a b b c a b states π = s 0 s 1 … such that for all i ≥ 0, (s i , s i+1 ) ∈ R . 6

  29. Modeling systems with Kripke structures // x==1, y==1 • In a finite-state program, s ystem x := (x + y) % 2 variables V range over a finite domain D: V = {x, y} and D = {0, 1}. • A state of the system is a valuation V → D. s : • Use FOL to describe the (initial) states and the transition relation. • Extract a Kripke structure from the FOL description. 7

  30. Modeling systems with Kripke structures // x==1, y==1 • In a finite-state program, s ystem x := (x + y) % 2 variables V range over a finite domain D: V = {x, y} and D = {0, 1}. • A state of the system is a valuation V → D. s : S ≡ (x = 0 ∨ x = 1) ∧ (y = 0 ∨ y = 1) • Use FOL to describe the (initial) S 0 ≡ (x = 1) ∧ (y = 1) states and the transition relation. R(x, y, x ′ , y ′ ) ≡ (x ′ = (x + y) % 2) ∧ (y ′ = y) • Extract a Kripke structure from the FOL description. 7

Recommend

CSE507 Computer-Aided Reasoning for Software Symbolic Execution

CSE507 Computer-Aided Reasoning for Software Symbolic Execution

CSE507 Computer-Aided Reasoning for Software Symbolic Execution courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Bounded verification: forward VCG for finitized programs 2

851 views • 45 slides
CSE507 Computer-Aided Reasoning for Software Finite Model Finding

CSE507 Computer-Aided Reasoning for Software Finite Model Finding

CSE507 Computer-Aided Reasoning for Software Finite Model Finding courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture The DPPL(T) framework for deciding quantifier-free SMT

986 views • 69 slides
CSE507 Computer-Aided Reasoning for Software Bounded Verification

CSE507 Computer-Aided Reasoning for Software Bounded Verification

CSE507 Computer-Aided Reasoning for Software Bounded Verification courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Full functional verification with Dafny, Boogie, and Z3 2

809 views • 54 slides
CSE507 Computer-Aided Reasoning for Software Program Synthesis

CSE507 Computer-Aided Reasoning for Software Program Synthesis

CSE507 Computer-Aided Reasoning for Software Program Synthesis courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today Last lecture Angelic nondeterminism and execution Today Program synthesis:

645 views • 15 slides
CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages

CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages

CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Program synthesis 2 Today Last lecture Program

1.77k views • 127 slides
CSE507 Computer-Aided Reasoning for Software Model Checking II

CSE507 Computer-Aided Reasoning for Software Model Checking II

CSE507 Computer-Aided Reasoning for Software Model Checking II courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Model checking basics 2 Today Last lecture Model

831 views • 55 slides

More recommend