deductive verification of java programs
play

Deductive Verification of Java programs Introduction with Algebraic - PowerPoint PPT Presentation

Nov 29, 2023 •316 likes •636 views

Krakatoa Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover Overview of Krakatoa Algebraic models Backend: the Why/Krakatoa platform Conclusions Claude March e Christine Paulin Jean-Christophe

  1. Krakatoa Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover Overview of Krakatoa Algebraic models Backend: the Why/Krakatoa platform Conclusions Claude March´ e Christine Paulin Jean-Christophe Filliˆ atre Nicolas Rousset Xavier Urbain ProVal project - http://proval.lri.fr INRIA-Futurs & Universit´ e Paris-Sud 11 Orsay, France January 20th, 2007

  2. Krakatoa Outline Introduction Overview of Krakatoa Introduction 1 Algebraic models Context Conclusions JML: Introductory example Overview of Krakatoa 2 Demo Platform overview Why intermediate language Contributions 3 Algebraic models Principles Example Demo Conclusions 4

  3. Krakatoa Outline Introduction Context JML: Introductory example Introduction 1 Overview of Context Krakatoa JML: Introductory example Algebraic models Conclusions Overview of Krakatoa 2 Demo Platform overview Why intermediate language Contributions 3 Algebraic models Principles Example Demo Conclusions 4

  4. Krakatoa Context Introduction Context JML: Introductory example Overview of Krakatoa Algebraic models • ProVal research group develops tools for Deduction Conclusions Verification of Java and C source code • Requirements: specified as annotations in the source • For Java (Card): specifications given in JML (Java Modeling Language) � Krakatoa tool • For C: home-made specification language � Caduceus tool • Generation of Verification Conditions , to be discharged by theorem provers • Originality: common platform for C and Java

  5. Krakatoa JML toy example Introduction Context JML: Introductory example Overview of • JML class invariants Krakatoa Algebraic models • JML method behaviors: pre- and post-conditions Conclusions class Purse { int balance; //@ invariant balance >= 0; /*@ normal_behavior @ requires s >= 0; @ assigns balance; @ ensures balance == \old(balance)+s; @*/ public void credit(int s) { balance += s; }

  6. Krakatoa Toy example (cont.) Introduction Context JML: Introductory example Overview of Krakatoa • JML exceptional behaviors Algebraic models Conclusions /*@ behavior @ requires s >= 0; @ assigns balance; @ ensures s <= \old(balance) && @ balance == \old(balance) - s; @ signals (NoCreditException) @ s > \old(balance) && @ balance == \old(balance); @*/ public void withdraw(int s) throws NoCreditException { if (balance >= s) balance -= s; else throw new NoCreditException(); }

  7. Krakatoa JML tools Introduction Context JML: Introductory example Overview of Krakatoa Algebraic models Conclusions • Runtime assertion checking : JML RAC • Static verification : • ESC/Java • Several others: LOOP , Jack, KeY, Jive, Bogor. . . Krakatoa • Common goal: prove advanced functional behaviors • Why so many tools ? hard problems, many challenges: http://www.cs.ru.nl/ ∼ woj/esfws06/ • Other tools: testing, symbolic execution. . .

  8. Krakatoa Outline Introduction Overview of Krakatoa Introduction 1 Demo Platform overview Context Why intermediate language JML: Introductory example Contributions Algebraic models Overview of Krakatoa 2 Conclusions Demo Platform overview Why intermediate language Contributions 3 Algebraic models Principles Example Demo Conclusions 4

  9. Krakatoa Demo: toy example (cont.) Introduction Overview of Krakatoa Demo Platform overview Why intermediate • A buggy example language Contributions Algebraic models /*@ normal_behavior Conclusions @ requires p1.balance == 100; @ ensures \result == 150; @*/ public static int test(Purse p1, Purse p2) { p1.credit(50); p2.withdraw(100); return p1.balance; } Demo

  10. Krakatoa Remarks Introduction Overview of Krakatoa Demo Platform overview Why intermediate language Contributions • Krakatoa generates VCs for both Algebraic models Conclusions • Safety properties : no NullPointerException, no ArrayIndexOutOfBounds, no DivisionByZero • Method calls: precondition is satisfied • Methods post-conditions are valid • Class invariants are preserved (beware: challenging issues) • Modular Approach : • for each method call: only its specification is seen

  11. Krakatoa Platform Architecture Introduction Overview of Krakatoa Demo Platform overview Annotated programs Why intermediate language Java+JML Contributions Annotated C Algebraic models Conclusions Krakatoa Caduceus Why provers Coq,PVS,Isabelle. . . Simplify, CVS-lite, haRVey, Ergo SMT provers (Yices. . . )

  12. Krakatoa Platform characteristics Introduction Overview of Krakatoa Demo Platform overview Why intermediate language Contributions Algebraic models • Shared intermediate language : Why language Conclusions • Only one VCG (Verification Condition Generator) : Why tool • Several provers as output: • allows both • automatic proving and • interactive proof contruction for discharging VCs

  13. Krakatoa Why tool Introduction Overview of Krakatoa Demo Platform overview • Multi-prover output Why intermediate language • Why language : Contributions • programming language: a WHILE language, tailored to VC Algebraic models generation generation, with Conclusions • limited side-effects: only mutable variables • no data types • basic control statements + throw, try/catch • program = set of functions, annotated with pre- and post-conditions • specification language: multi-sorted (polymorphic) first-order logic , with built-in arithmetic • VC generation based on a Weakest Precondition calculus , incorporating exceptional post-conditions , and computation of effects over mutable variables .

  14. Krakatoa Why as intermediate language Introduction Overview of Krakatoa Demo Platform overview Why intermediate language Contributions • Common approach to Java and C: Algebraic models translation into Why programs Conclusions • Why specification language used both for • translation of input annotations • modeling Java objects (resp. C pointers/structures) and heap memory. • Modeling in Why: algebraic specifications • introducing functions and predicates • stating axioms

  15. Krakatoa Heap memory model Introduction Overview of Principle: Burstall-Bornat ‘component-as-array’ model Krakatoa Demo Platform overview Java Why Why intermediate language balance := upd (balance,this, balance += s; Contributions Algebraic models acc (balance,this)+s) Conclusions • Each Java field becomes a Why mutable variable of type ‘functional array’ • acc ( f , o ) denotes f at index o → encodes o . f • upd ( f , o , v ) denotes functional update • Theory of arrays: acc ( upd ( f , o , v ) , o ) = v o � = o ′ → acc ( upd ( f , o , v ) , o ′ ) = acc ( f , o ′ )

  16. Krakatoa Heap memory model in Introduction Krakatoa Overview of Krakatoa Demo Platform overview Why intermediate language Contributions Algebraic models • Similar encoding for Java arrays Conclusions • Objects hierarchy modeled by a predicate instanceof with axioms. • • A theory for modeling assigns clauses [TPHOLs’05] • Approximately 500 lines of Why specifications, + additional axioms generated on-the-fly for each Java program

  17. Krakatoa Java: contributions Introduction Overview of Krakatoa Demo Platform overview Why intermediate language • Krakatoa tool publicly available Contributions Algebraic models • A specific modeling of Java/JML, in particular for assigns Conclusions clauses [TPHOLs’05] • Java Card transactions [SEFM’06] • on-the-fly generation of interpretation of beginTransaction() , commitTransaction() . . . • Case studies: • PSE applet provided by Axalto [AMAST’04] • Demoney Applet provided by Trusted Logic

  18. Krakatoa C programs: contributions Introduction Overview of Krakatoa Demo Platform overview Why intermediate language Contributions • Caduceus tool publicly available Algebraic models • An original modeling of heap memory and pointer arithmetic Conclusions [ICFEM’04] • Original support of floating-point programs [ARITH’07] • Case studies: • Schorr-Waite graph-marking algorithm [SEFM’05], • Avionics embedded code provided by Dassault aviation company � A original analysis of memory separation [submitted]

  19. Krakatoa Outline Introduction Overview of Krakatoa Introduction 1 Algebraic models Context Principles Example JML: Introductory example Demo Conclusions Overview of Krakatoa 2 Demo Platform overview Why intermediate language Contributions 3 Algebraic models Principles Example Demo Conclusions 4

  20. Krakatoa Design choices Introduction Overview of Krakatoa Algebraic models Principles Example Demo • Krakatoa, 2003: Conclusions • ad-hoc interpretation of pure methods • Underlying Why logic: • multi-sorted first order logic • one may declare sorts, logical functions, predicates, axioms. • Idea: • use this logic for describing models of programs • � algebraic specifications of models

  21. Krakatoa Design choices Introduction Overview of Krakatoa Algebraic models Principles Example Demo • Caduceus, 2004: Conclusions • allow first-order modeling at C source level • used for: • linked-list in-place reversal in C [Filliˆ atre & March´ e, ICFEM 2004] • Schorr-Waite graph traversal in C [Hubert & March´ e, SEFM 2005] • Krakatoa, 2006: • allow first-order modeling similarly • but JML models are OO, not algebraic • so Krakatoa now diverges from JML : allows algebraic models (recent work, still in progress)

Recommend

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische Universit at Darmstadt Department of Computer Science, Software Engineering Group Dagstuhl Seminar 16131: Language Based Verification Tools for

1.01k views • 68 slides
Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform for deductive program verification Made by: Franois Bobot Martin Clochard Lon Gondelman Jean-Christophe Fillitre Claude

98 views • 9 slides
Design Verification: Deductive Verification Virendra Singh Associate Professor C omputer A

Design Verification: Deductive Verification Virendra Singh Associate Professor C omputer A

Design Verification: Deductive Verification Virendra Singh Associate Professor C omputer A rchitecture and D ependable S ystems L ab Department of Electrical Engineering Indian Institute of Technology Bombay http://www.ee.iitb.ac.in/~viren/

627 views • 27 slides
The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische Universit at Darmstadt Department of Computer Science, Software Engineering Group 25 April 2016 Joint Work with. . . Wolfgang Ahrendt, Bernhard

1.06k views • 55 slides
Challenges In Deductive Software Verification Reiner Hhnle (with Marieke Huisman, U Twente)

Challenges In Deductive Software Verification Reiner Hhnle (with Marieke Huisman, U Twente)

Challenges In Deductive Software Verification Reiner Hhnle (with Marieke Huisman, U Twente) www.se.tu-darmstadt.de TU Darmstadt, Software Engineering Group Many challenges apply to AD in general Deductive Software Verification

165 views • 15 slides
Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud Toccata, Inria Saclay JCP 2016 1. A short look back 2 / 100 Introduction Software is hard. D ONALD K NUTH ... 1996: Ariane 5 explosion an

1.13k views • 100 slides
Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud Toccata, Inria Saclay http://why3.lri.fr/ejcp-2019 JCP 2019 Software is hard. D ONALD K NUTH 2 / 171 Ensure the absence of bugs Several

2k views • 171 slides
Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool Reiner H ahnle (joint work with Richard Bubel and Ran Ji) Chalmers University of Technology Department of Computer Science and Engineering 10

1.11k views • 82 slides
1 Deductive Verification Extremely powerful Extremely hard One proof can cover very

1 Deductive Verification Extremely powerful Extremely hard One proof can cover very

Methods of Assessing Model Behavior Testing spot checks aspects of real system Simulation spot checks aspects of abstract (model) system Deductive verification Uses axioms and proofs on a mathematical model of

596 views • 21 slides
Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Chapter 1 Introduction to Computers, Programs, and Java 1 Objectives To Know the basics To write a simple Java program To know error types To Know basic syntax of a Java program 2 Programs Computer programs , known as software

473 views • 36 slides
Deductive Verification of Object-Oriented Software Part A Bernhard Beckert | VTSA,

Deductive Verification of Object-Oriented Software Part A Bernhard Beckert | VTSA,

Deductive Verification of Object-Oriented Software Part A Bernhard Beckert | VTSA, 24.28.08.2015 KIT I NSTITUTE FOR T HEORETICAL C OMPUTER S CIENCE www.kit.edu KIT University of the State of Baden-Wuerttemberg and National Laboratory

1.29k views • 106 slides
Deductive Verification of Object-Oriented Software Part B Bernhard Beckert | VTSA,

Deductive Verification of Object-Oriented Software Part B Bernhard Beckert | VTSA,

Deductive Verification of Object-Oriented Software Part B Bernhard Beckert | VTSA, 24.28.08.2015 KIT I NSTITUTE FOR T HEORETICAL C OMPUTER S CIENCE www.kit.edu KIT University of the State of Baden-Wuerttemberg and National Laboratory

1.82k views • 158 slides
Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values, terms, ... Typing and operational semantics JVM Compiler Definition Proof Techniques Compilation and Bytecode Verification

643 views • 18 slides
Teaching Deductive Verification to Teenagers Jean-Christophe Filli atre CNRS IFIP WG

Teaching Deductive Verification to Teenagers Jean-Christophe Filli atre CNRS IFIP WG

Teaching Deductive Verification to Teenagers Jean-Christophe Filli atre CNRS IFIP WG 1.9/2.15 Leuven, Belgium May 1112, 2017 context Universit e Paris Sud participates to a programme called Les Apprentis Chercheurs (the research

707 views • 42 slides
An Introduction to Deductive Program Verification Jean-Christophe Filli atre CNRS Sixth

An Introduction to Deductive Program Verification Jean-Christophe Filli atre CNRS Sixth

An Introduction to Deductive Program Verification Jean-Christophe Filli atre CNRS Sixth Summer School on Formal Techniques May 2016 http://why3.lri.fr/ssft-16/ 1 / 145 Software is hard. Don Knuth why? wrong interpretation of

1.97k views • 145 slides
Todays topics Java Syntax and Grammars Sample Programs Upcoming More

Todays topics Java Syntax and Grammars Sample Programs Upcoming More

Todays topics Java Syntax and Grammars Sample Programs Upcoming More Java Reading Great Ideas , Chapter 2 Java! Java is a buzzword-enabled language From Sun (the developers of Java), Java is a simple,

582 views • 28 slides
Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan Computer Science Department, Carnegie Mellon University INRIA, 30th Apr 2020 1 / 34 Motivation: Cyber-Physical Systems (CPSs) Cyber-Physical System:

1.14k views • 89 slides
Chapter 1 Introduction to Computers, Programs, and Java 1 Objectives To Know the basics

Chapter 1 Introduction to Computers, Programs, and Java 1 Objectives To Know the basics

Chapter 1 Introduction to Computers, Programs, and Java 1 Objectives To Know the basics To write a simple Java program To know error types To Know basic syntax of a Java program 2 Programs Computer programs , known as software

370 views • 36 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
Deductive Program Verification Jean-Christophe Filli atre CNRS ITP 2018 Oxford, UK July 12,

Deductive Program Verification Jean-Christophe Filli atre CNRS ITP 2018 Oxford, UK July 12,

Deductive Program Verification Jean-Christophe Filli atre CNRS ITP 2018 Oxford, UK July 12, 2018 1 / 32 joint work with Fran cois Bobot Claude March e Guillaume Melquiond Andrei Paskevich 2 / 32 a question for programmers

991 views • 80 slides
Deductive Program Verification Jean-Christophe Filli atre STOP r = 1 v = u s = 1 u

Deductive Program Verification Jean-Christophe Filli atre STOP r = 1 v = u s = 1 u

Deductive Program Verification Jean-Christophe Filli atre STOP r = 1 v = u s = 1 u = u + v s = s + 1 TEST r n u = 1 r = r + 1 TEST s r A Definition program mathematical + proof statement correctness

823 views • 56 slides
Deductive Program Verification with Why3 Jean-Christophe Filli atre CNRS Tallinn January 15,

Deductive Program Verification with Why3 Jean-Christophe Filli atre CNRS Tallinn January 15,

Deductive Program Verification with Why3 Jean-Christophe Filli atre CNRS Tallinn January 15, 2013 http://why3.lri.fr/tallinn-2013/ 1 / 101 definition program verification + proof conditions specification 2 / 101 this is not new

1.18k views • 101 slides
Enhancing Automated Program Repair With Deductive Verification Xuan Bach D. Le 1 , Quang-Loc Le 2

Enhancing Automated Program Repair With Deductive Verification Xuan Bach D. Le 1 , Quang-Loc Le 2

Enhancing Automated Program Repair With Deductive Verification Xuan Bach D. Le 1 , Quang-Loc Le 2 , David Lo 1 , Claire Le Goues 3 1 Singapore Management University 2 Singapore University of Technology and Design 3 Carnegie Mellon University 1

368 views • 20 slides
F unction Symb ols in Prolog F rom Deductive Databases to Logic Programs In

F unction Symb ols in Prolog F rom Deductive Databases to Logic Programs In

F unction Symb ols in Prolog F rom Deductive Databases to Logic Programs In logic there a re t w o kinds of objects p redicates and functions Predicates rep resent statements ab out the w o

890 views • 13 slides

More recommend