modular compositional and sound verification of the input
play

Modular, compositional and sound verification of the input/output - PowerPoint PPT Presentation

Jan 03, 2023 •199 likes •660 views

Modular, compositional and sound verification of the input/output behavior of programs Willem Penninckx, Bart Jacobs, Frank Piessens Department of Computer Science, KU Leuven, Belgium DRADS 2014 Table of Contents Introduction Requirements

  1. Modular, compositional and sound verification of the input/output behavior of programs Willem Penninckx, Bart Jacobs, Frank Piessens Department of Computer Science, KU Leuven, Belgium DRADS 2014

  2. Table of Contents Introduction Requirements Specifying I/O behaviour Wrapping up

  3. Table of Contents Introduction Requirements Specifying I/O behaviour Wrapping up

  4. Popular way to prove software properties ◮ Theorem: ◮ Possible proofs: ◮ When is a proof correct?

  5. Popular way to prove software properties ◮ Theorem: Informal: returns a bigger number ◮ Possible proofs: ◮ When is a proof correct?

  6. Popular way to prove software properties ◮ Theorem: Informal: returns a bigger number Formal: ◮ Possible proofs: ◮ When is a proof correct?

  7. Popular way to prove software properties ◮ Theorem: Informal: returns a bigger number Formal: if x > y then result := x else result := y ◮ Possible proofs: ◮ When is a proof correct?

  8. Popular way to prove software properties ◮ Theorem: Informal: returns a bigger number Formal: if x > y then result := x else result := y { result > = x ∧ result > = y } ◮ Possible proofs: ◮ When is a proof correct?

  9. Popular way to prove software properties ◮ Theorem: Informal: returns a bigger number Formal: {} if x > y then result := x else result := y { result > = x ∧ result > = y } ◮ Possible proofs: ◮ When is a proof correct?

  10. Popular way to prove software properties ◮ Theorem: Informal: returns a bigger number Formal: {} if x > y then result := x else result := y { result > = x ∧ result > = y } ◮ Possible proofs: No time to explain! ◮ When is a proof correct?

  11. Popular way to prove software properties ◮ Theorem: Informal: returns a bigger number Formal: {} if x > y then result := x else result := y { result > = x ∧ result > = y } ◮ Possible proofs: No time to explain! ◮ When is a proof correct? No time to explain!

  12. { x = 2 } x := x + 1 { x = 3 } ◮ � �� � � �� � state before program starts state after program terminates ◮ People added support for... ◮ Concurrency ◮ Dynamic memory allocation ◮ ...

  13. { x = 2 } x := x + 1 { x = 3 } ◮ � �� � � �� � state before program starts state after program terminates ◮ People added support for... ◮ Concurrency ◮ Dynamic memory allocation ◮ ... ◮ Typically verified: (memory) state.

  14. { x = 2 } x := x + 1 { x = 3 } ◮ � �� � � �� � state before program starts state after program terminates ◮ People added support for... ◮ Concurrency ◮ Dynamic memory allocation ◮ ... ◮ Typically verified: (memory) state. ◮ End-users care about: what’s on their screen.

  15. { x = 2 } x := x + 1 { x = 3 } ◮ � �� � � �� � state before program starts state after program terminates ◮ People added support for... ◮ Concurrency ◮ Dynamic memory allocation ◮ ... ◮ Typically verified: (memory) state. ◮ End-users care about: what’s on their screen. ◮ = > Add support to verify Input/Output (I/O)

  16. Table of Contents Introduction Requirements Specifying I/O behaviour Wrapping up

  17. {...} main(){ code; code; code; code; code; code; code; code; ... code; } {...}

  18. {...} {...} {...} {...} main(){ main(){ f1(){ f1(){ code; f1(); f3(); f3(); code; f2(); f4(); f4(); code; } } } code; {...} {...} {...} code; code; {...} {...} code; f2(){ f2(){ code; f4(); f4(); ... f5(); f5(); code; } } } {...} {...} {...}

  19. {...} {...} {...} {...} main(){ main(){ f1(){ f1(){ code; f1(); f3(); f3(); code; f2(); f4(); f4(); code; } } } code; {...} {...} {...} code; code; {...} {...} code; f2(){ f2(){ code; Compositionality f4(); f4(); ... f5(); f5(); code; } } } {...} {...} {...}

  20. {...} {...} {...} {...} main(){ main(){ f1(){ f1(){ code; f1(); f3(); f3(); code; f2(); f4(); f4(); code; } } } code; {...} {...} {...} code; code; di ff erent {...} {...} developers code; f2(){ f2(){ code; f4(); f4(); ... f5(); f5(); Modularity code; } } } {...} {...} {...}

  21. {specs specs specs specs} main(){ ... } { specs specs specs specs}

  22. {specs specs spec1= specs spec3 { spec1 specs} * spec4 * spec2} main(){ main(){ ... ... } } { specs spec2= specs spec4 specs * spec5 specs} .

  23. {specs specs spec1= specs spec3 { spec1 specs} * spec4 * spec2} main(){ main(){ ... ... } } { specs spec2= specs Compositionality spec4 specs * spec5 specs} .

  24. {specs specs spec1= specs spec3 { spec1 specs} * spec4 * spec2} main(){ main(){ ... ... } } { di ff erent developers specs spec2= specs spec4 specs * spec5 Modularity specs} .

  25. Requirements ◮ Compositionality. ◮ e.g. define I/O action download on top of tcp write and file write , etc.

  26. Requirements ◮ Compositionality. ◮ e.g. define I/O action download on top of tcp write and file write , etc. ◮ Modularity ◮ e.g. combine independent I/O action tcp write with file write

  27. Requirements ◮ Compositionality. ◮ e.g. define I/O action download on top of tcp write and file write , etc. ◮ Modularity ◮ e.g. combine independent I/O action tcp write with file write ◮ Non-terminating programs (part WIP) ◮ e.g. {} while true ... { these I/O happened } : postcondition useless

  28. Requirements ◮ Compositionality. ◮ e.g. define I/O action download on top of tcp write and file write , etc. ◮ Modularity ◮ e.g. combine independent I/O action tcp write with file write ◮ Non-terminating programs (part WIP) ◮ e.g. {} while true ... { these I/O happened } : postcondition useless ◮ Actions depend on outcome of actions ◮ e.g. read file containing filenames to read ◮ ...

  29. Table of Contents Introduction Requirements Specifying I/O behaviour Wrapping up

  30. By example

  31. By example ◮ {} ... {} ◮ No I/O allowed

  32. By example ◮ {} ... {} ◮ No I/O allowed ◮ { time ( t 1 ) } ... { time ( t 1 ) } ◮ No I/O allowed ◮ A time like t 1 ≈ a point in time. ◮ Doing I/O “increases” time

  33. By example ◮ {} ... {} ◮ No I/O allowed ◮ { time ( t 1 ) } ... { time ( t 1 ) } ◮ No I/O allowed ◮ A time like t 1 ≈ a point in time. ◮ Doing I/O “increases” time ◮ { time ( t 1 ) ⋆ print io( t 1 , ‘h ′ , t 2 ) } print char(‘h ′ ); { time ( t 2 ) } ◮ Doing print char(‘h’) ◮ requires a permission print io( t 1 , ‘h ′ , t 2 ) ◮ requires a time ( t 1 ) ◮ disposes the permission ◮ “increases” the time to t 2

  34. ◮ { time ( t 1 ) ⋆ print io( t 1 , ‘h ′ , t 2 ) ⋆ print io( t 2 , ‘i ′ , t 3 ) } ... { time ( t 3 ) } ◮ Can print “hi”, “h”, “”. ◮ If terminates: can only print “hi”. ◮ Can not print: “x”, “i”, “ih”, ...

  35. ◮ { time ( t 1 ) ⋆ print io( t 1 , ‘h ′ , t 2 ) ⋆ print io( t 2 , ‘i ′ , t 3 ) } ... { time ( t 3 ) } ◮ Can print “hi”, “h”, “”. ◮ If terminates: can only print “hi”. ◮ Can not print: “x”, “i”, “ih”, ... ◮ { time ( t 1 ) ⋆ print io( t 1 , ‘h ′ , t 2 ) ⋆ print io( t 1 , ‘i ′ , t 2 ) } ... { time ( t 2 ) } ◮ Can print “h”, “i”, “”. ◮ If terminates: has printed either “h” or “i”. ◮ Can not print: “x”, “hi”, ...

  36. Defining new I/O actions ◮ predicate print string io( t 1 , str , t 2 ) = if str = nil then t 1 = t 2 else ( print io( t 1 , head( str ) , t between ) ⋆ print string io( t between , tail( str ) , t 2 ) )

  37. Defining new I/O actions ◮ predicate print string io( t 1 , str , t 2 ) = if str = nil then t 1 = t 2 else ( print io( t 1 , head( str ) , t between ) ⋆ print string io( t between , tail( str ) , t 2 ) ) ◮ Build actions using actions (compositionality)

  38. Defining new I/O actions ◮ predicate print string io( t 1 , str , t 2 ) = if str = nil then t 1 = t 2 else ( print io( t 1 , head( str ) , t between ) ⋆ print string io( t between , tail( str ) , t 2 ) ) ◮ Build actions using actions (compositionality) ◮ { time ( t 1 ) ⋆ print string io( t 1 , “hello world! ′′ , t 2 ) } ... { time ( t 2 ) }

  39. Linking arguments ◮ { time ( t 1 ) ⋆ read string io( t 1 , str , t 2 ) ⋆ print string io( t 2 , str , t 3 ) } ... { time ( t 3 ) }

  40. Unconstrained order/interleaving ◮ { time ( t 2 ) ⋆ time ( t 3 ) ⋆ read string io( t 2 , str , t 4 ) ⋆ print string io( t 3 , str , t 5 ) } ... { time ( t 4 ) ⋆ time ( t 5 ) } ◮ Allows buffering of any size.

  41. Unconstrained order/interleaving ◮ { time ( t 2 ) ⋆ time ( t 3 ) ⋆ read string io( t 2 , str , t 4 ) ⋆ print string io( t 3 , str , t 5 ) } ... { time ( t 4 ) ⋆ time ( t 5 ) } ◮ Allows buffering of any size. ◮ How to get two times ( time ( t 2 ) and time ( t 3 ))?

  42. Unconstrained order/interleaving ◮ { time ( t 1 ) ⋆ split ( t 1 , t 2 , t 3 ) ⋆ read string io( t 2 , str , t 4 ) ⋆ print string io( t 3 , str , t 5 ) ⋆ join ( t 4 , t 5 , t 6 ) } ... { time ( t 4 ) } ◮ split ( t 1 , t 2 , t 3 ) consumes time ( t 1 ) and yields time ( t 2 ) and time ( t 3 ).

  43. Table of Contents Introduction Requirements Specifying I/O behaviour Wrapping up

Recommend

Viktor Vafeiadis Software Analysis & Verification Full functional verification

Viktor Vafeiadis Software Analysis & Verification Full functional verification

Viktor Vafeiadis Software Analysis & Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Compositional Verification of PLC Software using Horn Clauses and Mode Abstraction Dimitri

Compositional Verification of PLC Software using Horn Clauses and Mode Abstraction Dimitri

Compositional Verification of PLC Software using Horn Clauses and Mode Abstraction Dimitri Bohlender | Stefan Kowalewski WODES 2018, June 1, 2018 Introduction CHC-based Verification Conclusion Outline Introduction CHC-based Verification

1.75k views • 118 slides
An Assume-Guarantee Method for Modular An Assume-Guarantee Method for Modular Verification of

An Assume-Guarantee Method for Modular An Assume-Guarantee Method for Modular Verification of

An Assume-Guarantee Method for Modular An Assume-Guarantee Method for Modular Verification of Evolving Component-Based Software Verification of Evolving Component-Based Software Pham Ngoc Hung, Nguyen Truong Thang, and Takuya Katayama Japan

544 views • 21 slides
COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction) Mykola (Nikolaj) S. Nikitchenko Taras Shevchenko National University of Kyiv Linz, JKU, November 08-19, 2012 1 Contents Introduction

783 views • 40 slides
Local State Space Construction for Compositional Verification of Concurrent Systems Hao Zheng

Local State Space Construction for Compositional Verification of Concurrent Systems Hao Zheng

Local State Space Construction for Compositional Verification of Concurrent Systems Hao Zheng Department of Computer Science and Engineering University of South Florida H. Zheng (CSE USF) Local State Space Construction for Compositional

1.12k views • 50 slides
Compositional Verification of Software Product Families Ina Schaefer 1 Dilian Gurov 2 Siavash

Compositional Verification of Software Product Families Ina Schaefer 1 Dilian Gurov 2 Siavash

Compositional Verification of Software Product Families Ina Schaefer 1 Dilian Gurov 2 Siavash Soleimanifard 2 1 Technische Universit at Braunschweig, Germany 2 Kungliga Tekniska H ogskolan, Stockholm, Sweden Deduction at Scale 2011 Schlo

662 views • 26 slides
Compositional Verification of Product Families Ina Schaefer 1 Dilian Gurov 2 Siavash Soleimanifard

Compositional Verification of Product Families Ina Schaefer 1 Dilian Gurov 2 Siavash Soleimanifard

Compositional Verification of Product Families Ina Schaefer 1 Dilian Gurov 2 Siavash Soleimanifard 2 1 Technische Universit at Braunschweig, Germany 2 Kungliga Tekniska H ogskolan, Stockholm, Sweden Formal Methods for Components and Objects

270 views • 25 slides
Compositional Verification of Security Properties for Embedded Execution Platforms Christoph

Compositional Verification of Security Properties for Embedded Execution Platforms Christoph

Compositional Verification of Security Properties for Embedded Execution Platforms Christoph Baumann , Oliver Schwarz , Mads Dam KTH Royal Institute of Technology, Stockholm, Sweden RISE.SICS, Kista, Sweden cbaumann@kth.se

903 views • 65 slides
Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification

Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification

Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification Vytautas Astrauskas Peter Mller Federico Poli Alexander J. Summers Department of Computer Science Analogy with C verification void client(list *

451 views • 18 slides
Learning minimal separating DFA for Compositional Verification Karsten Fix February 23, 2017

Learning minimal separating DFA for Compositional Verification Karsten Fix February 23, 2017

Overview Definitions Algorithm References Learning minimal separating DFA for Compositional Verification Karsten Fix February 23, 2017 Karsten Fix Learning minimal separating DFA for Compositional Verification Overview Definitions

525 views • 35 slides
Compositional Verification of Events and Observers Cynthia Disenfeld and Shmuel Katz Technion -

Compositional Verification of Events and Observers Cynthia Disenfeld and Shmuel Katz Technion -

Compositional Verification of Events and Observers Cynthia Disenfeld and Shmuel Katz Technion - Israel Institute of Technology March 21, 2011 Standard Aspect Model Pointcuts determine the places where aspects should be woven. Aspect

464 views • 20 slides
Modular Termination Verification Bart Jacobs 1 Dragan Bosnacki 2 Ruurd Kuiper 2 1 DistriNet, KU

Modular Termination Verification Bart Jacobs 1 Dragan Bosnacki 2 Ruurd Kuiper 2 1 DistriNet, KU

Modular Termination Verification Bart Jacobs 1 Dragan Bosnacki 2 Ruurd Kuiper 2 1 DistriNet, KU Leuven 2 Eindhoven University of Technology ECOOP 2015 Bart Jacobs , Dragan Bosnacki , Ruurd Kuiper Modular Termination Verification Disclaimer This

1.45k views • 89 slides
Modular Termination Verification for Non-blocking Concurrency Julian Sutherland Joint work with:

Modular Termination Verification for Non-blocking Concurrency Julian Sutherland Joint work with:

Modular Termination Verification for Non-blocking Concurrency Julian Sutherland Joint work with: Pedro da Rocha Pinto, Thomas Dinsdale-Young, Philippa Gardner July, 2015 1 / 15 Module Abstractions Given the following modules. Queue Counter

444 views • 28 slides
Puget Sound Nutrient Forum A collaborative effort to discuss, learn, and provide input on

Puget Sound Nutrient Forum A collaborative effort to discuss, learn, and provide input on

Puget Sound Nutrient Forum A collaborative effort to discuss, learn, and provide input on reducing human sources of nutrients entering Puget Sound Kick-off meeting April 25, 2018 1 Welcome, Icebreaker, & Background Heather Bartlett, WQ

456 views • 26 slides
Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control

Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control

Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control Zachary Kincaid Azadeh Farzan University of Toronto January 18, 2013 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18,

751 views • 54 slides
GRAPHICS AND SOUND Fundamentals of Computer Science I Outline File Input Graphics

GRAPHICS AND SOUND Fundamentals of Computer Science I Outline File Input Graphics

GRAPHICS AND SOUND Fundamentals of Computer Science I Outline File Input Graphics StdDraw.java Draw primitive shapes Draw images from a file Create animation loops Get keyboard input from users Audio

506 views • 24 slides
GCT535- Sound Technology for Multimedia Digital Systems Graduate School of Culture Technology

GCT535- Sound Technology for Multimedia Digital Systems Graduate School of Culture Technology

GCT535- Sound Technology for Multimedia Digital Systems Graduate School of Culture Technology KAIST Juhan Nam 1 Systems Input Output System Audio systems modify the acoustic characteristics of the input sound Examples Amplifiers,

663 views • 45 slides
The VeriFast Tool DD2460 Software Safety and Security VeriFast is a modular, sound program

The VeriFast Tool DD2460 Software Safety and Security VeriFast is a modular, sound program

The VeriFast Tool DD2460 Software Safety and Security VeriFast is a modular, sound program verifier for sequential and concurrent C and Java programs If VeriFast reports that a program is correct: Introduction to VeriFast for Java 1.

219 views • 3 slides
0 Lecture 5+6: Compositional Message Sequence Graphs Joost-Pieter Katoen Lehrstuhl fr

0 Lecture 5+6: Compositional Message Sequence Graphs Joost-Pieter Katoen Lehrstuhl fr

Theoretical Foundations of the UML 0 Lecture 5+6: Compositional Message Sequence Graphs Joost-Pieter Katoen Lehrstuhl fr Informatik 2 Software Modeling and Verification Group moves.rwth-aachen.de/teaching/ss-20/fuml/ May 4, 2020 Be BEE

901 views • 52 slides
Theoretical Foundations of the UML Lecture 5+6: Compositional Message Sequence Graphs

Theoretical Foundations of the UML Lecture 5+6: Compositional Message Sequence Graphs

Theoretical Foundations of the UML Lecture 5+6: Compositional Message Sequence Graphs Joost-Pieter Katoen Lehrstuhl fr Informatik 2 Software Modeling and Verification Group moves.rwth-aachen.de/teaching/ss-20/fuml/ May 4, 2020 Joost-Pieter

1.24k views • 59 slides
A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and Seth Terashima Portland State University Motivation: Full Disk Encryption File System Virtual Disk (Exposes plaintexts) FDE Physical Disk

1.24k views • 59 slides
Sound 1 Sound "50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound "50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound "50% of the movie experience is sound - George Lucas Sound is used to create: Mood Ambience Drama Environmental clues Continuity Feedback Practical Issues Real-time requirement

311 views • 17 slides
Session-Based Compositional Verification on Actor-based Concurrent Systems Session Types for ABS

Session-Based Compositional Verification on Actor-based Concurrent Systems Session Types for ABS

Session-Based Compositional Verification on Actor-based Concurrent Systems Session Types for ABS Eduard Kamburjan, Crystal Chang Din, Tzu-Chun Chen 20. Oktober 2015 | TU Darmstadt | Eduard Kamburjan, Crystal Chang Din, Tzu-Chun Chen | 1

357 views • 34 slides
Compositional Computational Reflection Gregory Malecha Adam Chlipala Thomas Braibant

Compositional Computational Reflection Gregory Malecha Adam Chlipala Thomas Braibant

Compositional Computational Reflection Gregory Malecha Adam Chlipala Thomas Braibant gmalecha@cs.harvard.edu Harvard SEAS MIT CSAIL Inria July 17, 2014 MirrorShard (ITP14) 1 / 13 Program Verification in Bedrock [Chl11] Imperative

653 views • 52 slides

More recommend