integrating verification components the evidential tool
play

Integrating Verification Components: The Evidential Tool Bus John - PowerPoint PPT Presentation

Nov 22, 2022 •238 likes •554 views

Integrating Verification Components: The Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I VSTTE: Integrating Verification Components1 Integrating (Deductive)

  1. Integrating Verification Components: The Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I VSTTE: Integrating Verification Components–1

  2. Integrating (Deductive) Verification Components • In the beginning there was just (interactive) theorem proving • Then there were VC generators, decision procedures, model checkers, abstract interpretation, predicate abstraction, fast SAT solvers,. . . • Now there are systems that use several of these (SDV, Blast,. . . ) • And in 15 years time. . . ? • We need an architecture that allows us to make opportunistic use of whatever is out there ◦ And to assemble customized tool chains easily • It should be robust to changes (in problems and tools) • And should deliver evidence John Rushby, SR I VSTTE: Integrating Verification Components–2

  3. Two Kinds of Architecture Backends Bus John Rushby, SR I VSTTE: Integrating Verification Components–3

  4. And Two Kinds of Backends Integrated Endgame John Rushby, SR I VSTTE: Integrating Verification Components–4

  5. A Simple Case: Endgame Verifiers • A higher level proof manager calls components (typically, decision procedures) to discharge subgoals • Components return only verified or unverified ◦ Embellishments: proof objects and counterexamples • But the information returned on failure does not guide the higher-level proof search ◦ Other than to cause it to try something else ◦ Hence endgame verifiers John Rushby, SR I VSTTE: Integrating Verification Components–5

  6. Endgame Verifier Examples 1979: Stanford Pascal Verifier and STP used decision procedures for combinations of theories including arithmetic (STP gave rise to Ehdm, then PVS) 1995: PVS used a BDD-based symbolic model checker 2000: PVS used Mona for WS1S Not only did theorem provers use model checkers as backends, some model checkers grew a front-end theorem prover 1998: Cadence SMV had a proof assistant that generated model checking subproblems by abstraction and composition And some other systems used an entire interactive theorem prover for the endgame 1999: VSDITLU: used PVS backend to check side conditions on Symbolic Definite Integral Table Look-Up in Maple John Rushby, SR I VSTTE: Integrating Verification Components–6

  7. Integrating Endgame Verifiers It’s pretty simple • Provide higher level proof strategies that decompose proof goals into subgoals that can be steered towards the competence of the endgame verifier(s) • Provide a recognizer for proof goals within the competence of an endgame verifier • Provide glue code to translate suitable proof goals into the input of an endgame verifier and to interpret its output Many classes of endgame verifiers are being honed through competition • Improves performance (be careful) • Standardizes interfaces • FO provers, BDD packages, SAT solvers, SMT solvers John Rushby, SR I VSTTE: Integrating Verification Components–7

  8. Evolution of Endgame Verifiers John Rushby, SR I VSTTE: Integrating Verification Components–8

  9. Evolution of Endgame Verifiers • One path grows the endgame verifier and specializes and shrinks the higher-level proof manager • Example: ◦ SAL language has a type system similar to PVS, but is specialized for specification of state machines (as transition relations) ◦ The SAL infinite-state bounded model checker uses an SMT solver (ICS), so handles specifications over reals and integers, uninterpreted functions ◦ Often used as a model checker (i.e., for refutation) ◦ But can perform verification with a single higher level proof rule: k -induction (with lemmas) ◦ Note that counterexamples help debug invariant John Rushby, SR I VSTTE: Integrating Verification Components–9

  10. Performance of Evolved Endgame Verifiers • Biphase Mark Protocol is an algorithm for asynchronous communication ◦ Clocks at either end may be skewed and have different rates, jitter ◦ So have to encode a clock in the data stream ◦ Used in CDs, Ethernet ◦ Verification identifies parameter values for which data is reliably transmitted • Verified in ACL2 by J Moore (1994) • Three different verifications used PVS ◦ One by Groote and Vaandrager used PVS + UPPAAL ◦ Required 37 invariants, 4,000 proof steps, hours of prover time to check John Rushby, SR I VSTTE: Integrating Verification Components–10

  11. Performance of Evolved Endgame Verifiers (ctd.) • Brown and Pike recently did it with sal-inf-bmc ◦ Used timeout automata to model timed aspects ◦ Statement of theorem discovered systematically using disjunctive invariants (7 disjuncts) ◦ Three lemmas proved automatically with 1-induction, ◦ Theorem proved automatically using 5-induction ◦ Verification takes seconds to check • Adapted verification to 8-N-1 protocol (used in UARTs) ◦ Additional lemma proved with 13-induction ◦ Theorem proved with 3-induction (7 disjuncts) John Rushby, SR I VSTTE: Integrating Verification Components–11

  12. Recap: Two Kinds of Backends Integrated Endgame John Rushby, SR I VSTTE: Integrating Verification Components–12

  13. A Difficult Case: Tightly Integrated Components • Endgame verifiers are easy to integrate because they do not interact with higher level proof search (nor with each other) • In fact, they are barely integrated • Classic Boyer-Moore 1986 paper describes tight integration of linear arithmetic decision procedure with Nqthm ◦ Two pages of code for endgame decision procedure ◦ Became 60 for integrated version • PVS takes an intermediate path ◦ Decision procedures are integrated with the rewriter ◦ And used in simplification • A tractable case is the integration of decision procedures with each other John Rushby, SR I VSTTE: Integrating Verification Components–13

  14. Integrated Decision Procedures and SMT Solvers • Long line of research on integrating decision procedures for separate theories so they decide the combined theory ◦ Starts with Nelson-Oppen and Shostak methods ◦ Activity continues today: theory, presentation, verification, and pragmatics • Recently extended through integration with SAT solving to yield SMT solvers ◦ Interactions are intense (millions per verification) ◦ Information from decision procedures must be used efficiently to prune SAT search ◦ Impacts design of individual decision procedures ◦ Engineering choices explored through benchmarking and competition • Homogeneous integration: not quite solved, but on the way John Rushby, SR I VSTTE: Integrating Verification Components–14

  15. SMT Solver Backend ARITH EQUALITY SAT ARRAYS SMT Solver John Rushby, SR I VSTTE: Integrating Verification Components–15

  16. Recap: Two Kinds of Architecture Backends Bus John Rushby, SR I VSTTE: Integrating Verification Components–16

  17. A New Case: Integration of Heterogeneous Components • Modern formal methods tools do more than verification • They also do refutation (bug finding) • And test-case generation • And controller synthesis • And construction of abstractions • And generation of invariants • And . . . • Observe that these tools can return objects other than verification outcomes ◦ Counterexamples, test cases, abstractions, invariants ◦ Hence, heterogeneous John Rushby, SR I VSTTE: Integrating Verification Components–17

  18. Integration of Heterogeneous Components • The tools that perform these computations can be used in opportunistic combination ◦ E.g., use static analysis and model checking to find bugs before attempting verification • And can use each other as (scripted) components ◦ E.g., use a model checker in test case generation • And can be used in integrated combinations ◦ E.g., software model checkers generally have a C front end with CFG analyzer, a predicate abstractor (which uses decision procedures and possibly a model checker), a model checker and counterexample generator, a counterexample concretizer and refinement generator (using Craig interpolation), and a control loop around the whole lot John Rushby, SR I VSTTE: Integrating Verification Components–18

  19. Customized (Re)integration • LAST (Xia, DiVito, Mu˜ noz) generates MC/DC tests for avionics code involving nonlinear arithmetic (with floating point numbers, trigonometric functions etc.) • It’s built on Blast (Henzinger et al) • But extends it to handle nonlinear arithmetic using RealPaver (a numerical nonlinear constraint unsatisfiability checker) ◦ Added 1,000 lines to CIL front end for MC/DC ◦ Added 2,000 lines to RealPaver to integrate with CVC-Lite (Nelson-Oppen style) ◦ Changed 2,000 lines in Blast to tie it all together • Applied it to Boeing autopilot simulator ◦ Modules with upto 1,000 lines of C ◦ 220 decisions Generated tests to (almost) full MC/DC coverage in minutes John Rushby, SR I VSTTE: Integrating Verification Components–19

  20. A Tool Bus • How can we construct these customized combinations and integrations easily and rapidly? • The integrations are coarse-grained (hundreds, not millions of interactions per analysis), so they do not need to share state • So we could take the outputs of one tool, massage it suitably and pass it to another and so on • A combination of XML descriptions, translations, and a scripting language could probably do it • Suitably engineered, we could call it a tool bus John Rushby, SR I VSTTE: Integrating Verification Components–20

Recommend

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park,

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park,

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I ICFEM05 An Evidential Tool Bus1 Formal Methods Integration No one notation, method, tool, or technology

504 views • 47 slides
Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning , (observations to a theory) followed by causal reasoning (theory to predictions). Diagnosis Given symptoms, evidential reasoning leads to hypotheses about

243 views • 8 slides
Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet

Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet

Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet University of British Columbia Vancouver, CA July 09, 2014 Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 1 / 21 Outline

472 views • 22 slides
Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary for a complete verification tool Allows objects in the verification environment to be extended Needs to express constraints Coverage

946 views • 80 slides
Integrating Moodle with an external tool Hubert Chathi MuchLearning May 26 & 29, 2012

Integrating Moodle with an external tool Hubert Chathi MuchLearning May 26 & 29, 2012

Integrating Moodle with an external tool Hubert Chathi MuchLearning May 26 & 29, 2012 Hubert Chathi Integrating Moodle with an external tool About me Programmer/Analyst at MuchLearning developed integration with the MuchLearning platform

934 views • 45 slides
Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

Introduction and motivation Foundations Temporal properties of functional programs CPPCC: Correctness of mobile components Summary Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

494 views • 45 slides
Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University

Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University

Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University Tilburg University Lecture overview 14 April: a logical model of stories and arguments in evidential reasoning 15 April: the strength of

1.05k views • 76 slides
Integrating new major Integrating new major components on fast and slow components on fast and

Integrating new major Integrating new major components on fast and slow components on fast and

Integrating new major Integrating new major components on fast and slow components on fast and slow moving distributions moving distributions How latest GNOME desktop was integrated into latest How latest GNOME desktop was integrated into

616 views • 23 slides
Tool-Assisted Specification and Verification of the JavaCard Platform Gilles

Tool-Assisted Specification and Verification of the JavaCard Platform Gilles

Tool-Assisted Specification and Verification of the JavaCard Platform Gilles Barthe INRIA Sophia-Antipolis, France Joint work with: P . Courtieu, G. Dufay, M. Huisman, L. Jakubiec, B. Serpette, S. Melo de Sousa, S.

694 views • 55 slides
Mind Maps: Useful Schematic Tool for Organizing and Integrating Concepts of Complex Patient Care

Mind Maps: Useful Schematic Tool for Organizing and Integrating Concepts of Complex Patient Care

Mind Maps: Useful Schematic Tool for Organizing and Integrating Concepts of Complex Patient Care in the Clinic and Classroom But But what are student perceptions? Dr. Genevieve Pinto Zipp Dr. Catherine Maher Dr. Anthony D Antoni 1

666 views • 34 slides
Machine tool Tools, components and equipment Assembly Welding-brazing -cutting

Machine tool Tools, components and equipment Assembly Welding-brazing -cutting

Machine tool Tools, components and equipment Assembly Welding-brazing -cutting Woodworking machinery Paper machines Printing machiner Packaging machinery Metrology CNC and Software Robotics Vision Machine tool

578 views • 3 slides
UPPAAL tutorial Modeling Verification 1 2 Architecture of UPPAAL Whats inside UPPAAL

UPPAAL tutorial Modeling Verification 1 2 Architecture of UPPAAL Whats inside UPPAAL

UPPAAL Tool Simulation UPPAAL tutorial Modeling Verification 1 2 Architecture of UPPAAL Whats inside UPPAAL Linux, Windows, Solaris, MacOS 3 4 All Operations on Zones Inside the UPPAAL tool (needed for verification)

468 views • 13 slides
Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool Reiner H ahnle (joint work with Richard Bubel and Ran Ji) Chalmers University of Technology Department of Computer Science and Engineering 10

1.11k views • 82 slides
Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir

Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir

Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir le titre de Docteur en Sciences de l'Universit de Nice-Sophia Antipolis Jean-Paul R IGAULT Prsident Rapporteurs Carlos C ANAL Frantisek P

711 views • 55 slides
Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de

Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de

Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de Technologie de Compigne HEUDIASYC (UMR CNRS 6599) https://www.hds.utc.fr/tdenoeux 4th International Conference on Belief Functions Prague, CZ

814 views • 80 slides
A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena

A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena

A Formal Verification Tool for Ethereum VM Bytecode Daejun Park Yi Zhang Manasvi Saxena Philip Daian Grigore Rosu Nov 7, 2018 @ FSE18 Smart contracts Programs that run on blockchain Usually written in a high-level

537 views • 28 slides
Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik

Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik

Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik Reeber IBM Austin Research Laboratory University of Texas at Austin August 16, 2006 Introduction Implemented prototype mechanism for extending

404 views • 19 slides
An Evidential Approach for Modeling and Reasoning on Uncertainty in Semantic Applications Amandine

An Evidential Approach for Modeling and Reasoning on Uncertainty in Semantic Applications Amandine

URSW2011 An Evidential Approach for Modeling and Reasoning on Uncertainty in Semantic Applications Amandine Bellenger 1,2 , Sylvain Gatepaille 1 Habib Abdulrab 2 , Jean-Philippe Kotowicz 2 1 Information Processing, Control & Cognition

454 views • 17 slides
I u eff I u PRE I u u C C A B A B C * A : C is reachable from A Mahsa

I u eff I u PRE I u u C C A B A B C * A : C is reachable from A Mahsa

File System Replication Pictures Pictures Co-design and Verification of Tool Tool an Available File System Pictures Mahsa Najafzadeh, Marc Shapiro, and Patrick Eugster Low latency Tool High availability Fault tolerance Mahsa

393 views • 13 slides
False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of

False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of

False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of California, Berkeley Haas School of Business Summer Institute June 2014 Who am I? Experimental psychologist who studies judgment and

1.25k views • 88 slides
Making Set-valued Predictions in Evidential Classification: A Comparison of Different Approaches

Making Set-valued Predictions in Evidential Classification: A Comparison of Different Approaches

Making Set-valued Predictions in Evidential Classification: A Comparison of Different Approaches Liyao Ma & Thierry Denux ISIPTA 2019 - 5th July 1 Introduction Classification : label predictions = { 1 , , n }

387 views • 13 slides
Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K.

Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K.

Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K. Bhattacharjee RCnD, BARC Supratik Chakraborty, CFDVS, IIT Bombay Introduction Design of modern computer based systems involves partitioning of

710 views • 58 slides
What Does Algebraic Thinking Mean to You? padlet.com/mcanham1/CMC Integrating Algebraic Thinking

What Does Algebraic Thinking Mean to You? padlet.com/mcanham1/CMC Integrating Algebraic Thinking

What Does Algebraic Thinking Mean to You? padlet.com/mcanham1/CMC Integrating Algebraic Thinking In Elementary Math: The Power of a Routine Melissa Canham @Melissa_Canham Glenda Martinez @GCMartinez23 Common Components of CGI / CCS-M

962 views • 47 slides
EVIDENTIAL STATISTICS Reforming the Introductory Course in Applied Statistics for Non-Majors

EVIDENTIAL STATISTICS Reforming the Introductory Course in Applied Statistics for Non-Majors

EVIDENTIAL STATISTICS Reforming the Introductory Course in Applied Statistics for Non-Majors Milo Schield Augsburg College schield@augsburg.edu JSM-98 Section on Statistical Education August 12, 1998 Dallas, Texas JSM-98final 1 Schield

436 views • 19 slides

More recommend