generation of verification conditions
play

Generation of Verification Conditions Andreas Podelski November 15, - PowerPoint PPT Presentation

Feb 20, 2024 •201 likes •818 views

Generation of Verification Conditions Andreas Podelski November 15, 2011 mechanization of correctness proof given a Hoare triple { } C { } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or

  1. Generation of Verification Conditions Andreas Podelski November 15, 2011

  2. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while)

  3. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization:

  4. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization: ◮ construct a derivation assuming that side conditions hold, ◮ and then check side conditions “discharge the verification condition”

  5. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization: ◮ construct a derivation assuming that side conditions hold, ◮ and then check side conditions “discharge the verification condition” ◮ if check does not succeed: try another derivation

  6. mechanization of correctness proof ◮ given a Hoare triple { φ } C { ψ } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or it is inferred by one of the inference rules (seq, cond, while) ◮ mechanization: ◮ construct a derivation assuming that side conditions hold, ◮ and then check side conditions “discharge the verification condition” ◮ if check does not succeed: try another derivation ◮ next: deterministic strategy to construct unique derivation

  7. System H (1) ◮ Hoare triple { φ } C { ψ } derivable in H if exists a derivation using the axioms and inference rules of H

  8. System H (1) ◮ Hoare triple { φ } C { ψ } derivable in H if exists a derivation using the axioms and inference rules of H ◮ skip { φ } skip { φ }

  9. System H (1) ◮ Hoare triple { φ } C { ψ } derivable in H if exists a derivation using the axioms and inference rules of H ◮ skip { φ } skip { φ } ◮ assignment { ψ [ e / x ] } x := e { ψ }

  10. System H (2) ◮ sequential command C ≡ C 1 ; C 2 { φ } C 1 { φ ′ } { φ ′ } C { ψ } { φ } C { ψ }

  11. System H (2) ◮ sequential command C ≡ C 1 ; C 2 { φ } C 1 { φ ′ } { φ ′ } C { ψ } { φ } C { ψ } ◮ conditional command C ≡ if b then C 1 else C 2 { φ ∧ b } C 1 { ψ } { φ ∧ ¬ b } C { ψ } { φ } C { ψ }

  12. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b }

  13. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b } ◮ strengthen precondition, weaken postcondition { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′

  14. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b } ◮ strengthen precondition, weaken postcondition { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′

  15. System H (3) ◮ while command C ≡ while b do { θ } C 0 { θ ∧ b } C 0 { θ } { θ } C { θ ∧ ¬ b } ◮ strengthen precondition, weaken postcondition { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′ ◮ Hoare triple derivable in all logicals models in which implications in side condition are valid

  16. backward construction of derivation ◮ given Hoare triple { φ } C { ψ } , “guess inference rule and guess assumptions” generate Hoare triples from which we could infer { φ } C { ψ } . . . and collect side conditions of inference rule (if any)

  17. backward construction of derivation ◮ given Hoare triple { φ } C { ψ } , “guess inference rule and guess assumptions” generate Hoare triples from which we could infer { φ } C { ψ } . . . and collect side conditions of inference rule (if any) ◮ repeat on generated Hoare triples to generate new Hoare triples until every Hoare triple is an axiom

  18. mechanize backward inference ◮ given Hoare triple { φ } C { ψ } , from what Hoare triples could we have inferred it? . . . using what inference rule?

  19. mechanize backward inference ◮ given Hoare triple { φ } C { ψ } , from what Hoare triples could we have inferred it? . . . using what inference rule? ◮ next: go through each form of command C (skip, update, seq, cond, while)

  20. backward inference ◮ ??? { φ } skip { ψ }

  21. backward inference ◮ ??? { φ } skip { ψ } ◮ derivation can use what axiom and what inference rule?

  22. backward inference ◮ ??? { φ } skip { ψ } ◮ derivation can use what axiom and what inference rule? ◮ axiom for skip { φ } skip { φ }

  23. backward inference ◮ ??? { φ } skip { ψ } ◮ derivation can use what axiom and what inference rule? ◮ axiom for skip { φ } skip { φ } ◮ ‘strengthen precondition, weaken postcondition’ inference rule { φ } C { ψ } { φ ′ } C { ψ ′ } if φ ′ → φ and ψ → ψ ′

  24. backward inference ◮ ??? { φ } skip { ψ }

  25. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ }

  26. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ } ◮ side condition: φ → ψ

  27. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ } ◮ side condition: φ → ψ ◮ possible derivation sequence: axiom for (skip), followed by strengthening of precondition { ψ } skip { ψ } { φ } skip { ψ }

  28. backward inference ◮ ??? { φ } skip { ψ } ◮ possible derivation sequence: axiom for (skip), followed by weaking of postcondition { φ } skip { φ } { φ } skip { ψ } ◮ side condition: φ → ψ ◮ possible derivation sequence: axiom for (skip), followed by strengthening of precondition { ψ } skip { ψ } { φ } skip { ψ } ◮ same side condition: φ → ψ

  29. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ

  30. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ ◮ old axiom & strengthening of precondition

  31. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under skip if and only if φ → ψ is valid

  32. new axiom for skip ◮ { φ } skip { ψ } if φ → ψ ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under skip if and only if φ → ψ is valid ◮ ψ is the weakest precondition for ψ under skip

  33. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ]

  34. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ] ◮ old axiom & strengthening of precondition

  35. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ] ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under x := e if and only if φ → ψ [ e / x ] is valid

  36. new axiom for update ◮ { φ } x := e { ψ } if φ → ψ [ e / x ] ◮ old axiom & strengthening of precondition ◮ φ is a precondition for ψ under x := e if and only if φ → ψ [ e / x ] is valid ◮ ψ [ e / x ] is the weakest precondition for ψ under x := e

  37. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ }

  38. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ }

  39. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ } ◮ let φ 2 be the weakest precondition of ψ under C 2 and let φ 1 be the weakest precondition of φ 2 under C 1

  40. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ } ◮ let φ 2 be the weakest precondition of ψ under C 2 and let φ 1 be the weakest precondition of φ 2 under C 1 ◮ φ is a precondition for ψ under C 1 ; C 2 if and only if φ → φ 1 is valid

  41. new rule for seq ◮ old rule: { φ } C 1 { θ } { θ } C 2 { ψ } { φ } C 1 ; C 2 { ψ } ◮ new rule: { φ 1 } C 1 { φ 2 } { φ 2 } C 2 { ψ } φ → φ 1 { φ } C 1 ; C 2 { ψ } ◮ let φ 2 be the weakest precondition of ψ under C 2 and let φ 1 be the weakest precondition of φ 2 under C 1 ◮ φ is a precondition for ψ under C 1 ; C 2 if and only if φ → φ 1 is valid ◮ the weakest precondition of ψ under C 1 ; C 2 is the weakest precondition of (the weakest precondition of ψ under C 2 ) under C 1

  42. new rule for cond ◮ old rule: { φ ∧ b } C 1 { ψ } { φ ∧ ¬ b } C 2 { ψ } { φ } if b then C 1 else C 2 { ψ }

Recommend

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011

Generation of Verification Conditions (contd) Andreas Podelski November 21, 2011 mechanization of correctness proof given a Hoare triple { } C { } , mechanization of correctness proof given a Hoare triple { } C { } ,

633 views • 18 slides
7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester 2018 Alexander J. Summers 158 Weakest Preconditions So Far Weakest preconditions provide a means of reducing the question: does a program have

339 views • 16 slides
Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State

Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State

Problem Description Synthesizing Non-linear Interpolants Archimedean Condition To invariant generation To machine-lea Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State Key Laboratory of Computer

426 views • 40 slides
Verification Conditions Juan Pablo Galeotti, Alessandra Gorla,

Verification Conditions Juan Pablo Galeotti, Alessandra Gorla,

Verification Conditions Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany 30% projects (10% each) At least 50% threshold

653 views • 31 slides
Executable Models and Verification from MARTE and SysML: a Comparative Study of Code Generation

Executable Models and Verification from MARTE and SysML: a Comparative Study of Code Generation

Introduction SysML MARTE Code Generation Conclusions and Remarks Executable Models and Verification from MARTE and SysML: a Comparative Study of Code Generation Capabilities Marcello Mura Amrit Panda Mauro Prevostini

721 views • 56 slides
Verification of temperature and humidity conditions of mineral soils in the active layer model

Verification of temperature and humidity conditions of mineral soils in the active layer model

Verification of temperature and humidity conditions of mineral soils in the active layer model 1,2 Bogomolov V., 1,3 Dyukarev E., 2,4 Stepanenko V., 5 Volodin E. 1 IMCES SB RAS, 2 MSU Research Computing Center, 3 Yugra State University, 4 MSU, 5

478 views • 19 slides
Removing Unnecessary Variables from Horn Clause Verification Conditions E. De Angelis (1), F.

Removing Unnecessary Variables from Horn Clause Verification Conditions E. De Angelis (1), F.

Removing Unnecessary Variables from Horn Clause Verification Conditions E. De Angelis (1), F. Fioravanti (1) A. Pettorossi (2), M. Proietti (3) (1) DEC, University G. dAnnunzio of Chieti-Pescara, Italy (2) DICII, University of Rome

591 views • 21 slides
Lecture 11 (11.01.2016) Verification Condition Generation Christoph Lth Jan Peleska Dieter

Lecture 11 (11.01.2016) Verification Condition Generation Christoph Lth Jan Peleska Dieter

Systeme Hoher Sicherheit und Qualitt Universitt Bremen WS 2015/2016 Lecture 11 (11.01.2016) Verification Condition Generation Christoph Lth Jan Peleska Dieter Hutter Frohes Neues Jahr! SSQ, WS 15/16 2 [19] Where are we? 01:

638 views • 24 slides
threshold conditions for runaway electron generation and suppression R. Granetz, A. DuBois, B.

threshold conditions for runaway electron generation and suppression R. Granetz, A. DuBois, B.

An ITPA joint experiment to study threshold conditions for runaway electron generation and suppression R. Granetz, A. DuBois, B. Esposito, J. Kim, R. Koslowski, M. Lehnen, J. Martin-Solis ,C. Paz-Soldan, T.-N. Rhee, P. de Vries, J. Wesley, and L.

507 views • 28 slides
AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018 Workshop on SecSoN Heedo Kang, Seungwon Shin, Vinod Yegneswaran*, Shalini Ghosh*, Phillip Porras* KAIST, SRI International* Contents 1. B Background

585 views • 29 slides
Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance Dimitra Giannakopoulou Marko Dimjaevi University of Utah NASA Ames Research Center ISSTA 2015, Baltimore, Maryland July 17, 2015 1 /

614 views • 46 slides
Hybrid session verification through Endpoint API generation Raymond Hu and Nobuko Yoshida

Hybrid session verification through Endpoint API generation Raymond Hu and Nobuko Yoshida

Hybrid session verification through Endpoint API generation Raymond Hu and Nobuko Yoshida Imperial College London 1 / 1 Outline Background: multiparty session types (MPST) Implementations and applications of MPST Hybrid session

1.01k views • 65 slides
PVS Linear Algebra Libraries for Verification of Control Software Algorithms in C/ACSL Heber

PVS Linear Algebra Libraries for Verification of Control Software Algorithms in C/ACSL Heber

Introduction Stability and correctness Defining quadratic invariants as code annotations Verification conditions Mapping PVS Linear Algebra Libraries for Verification of Control Software Algorithms in C/ACSL Heber Herencia-Zapana, Romain

990 views • 75 slides
An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning

An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning

An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning Jiang, Christopher Torng, Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University 1

465 views • 19 slides
AUTOMATED GENERATION OF EQUATION-BASED BOUNDARY CONDITIONS FOR MULTISCALE MODELLING OF UNIT CELLS

AUTOMATED GENERATION OF EQUATION-BASED BOUNDARY CONDITIONS FOR MULTISCALE MODELLING OF UNIT CELLS

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS AUTOMATED GENERATION OF EQUATION-BASED BOUNDARY CONDITIONS FOR MULTISCALE MODELLING OF UNIT CELLS L.F.C. Jeanmeure 1 *, S. Li. 1 1 Department of Mechanical, Materials and Manufacturing

315 views • 5 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
California Independent System Operator Renewable Integration Study David Hawkins September

California Independent System Operator Renewable Integration Study David Hawkins September

California Independent System Operator Renewable Integration Study David Hawkins September 2007 Achieving Californias 20% Renewable Portfolio Standard Over Generation Conditions Typical conditions that lead to over generation

406 views • 18 slides
HELIX: A Case Study of a Formal Verification of High Performance Program Generation Vadim Zaliva

HELIX: A Case Study of a Formal Verification of High Performance Program Generation Vadim Zaliva

HELIX: A Case Study of a Formal Verification of High Performance Program Generation Vadim Zaliva Franz Franchetti Department of Electrical and Computer Engineering Carnegie Mellon University FHPC18 Vadim Zaliva, Franz Franchetti (CMU)

799 views • 61 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Floyd-Hoare Logic & Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A

Floyd-Hoare Logic & Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A

Floyd-Hoare Logic & Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A Small Imperative Language data Var data Exp data Pred A Small Imperative Language data Com = Asgn Var Expr | Seq Com Com | If Exp Com Com | While

802 views • 45 slides
Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification regulations Verification Code Extension (draft-gould-eppext-verificationcode) Purpose Separate verification details from registry interface

167 views • 6 slides

More recommend