ProPed Tool for Symbolic Verification of Probablistic Recursive Programs Rohit Chadha 1 Umang Mathur 2 Stefan Schwoon 3 1 Computer Science Department University of Missouri Columbia, Missouri, USA 2 Department of Computer Science and Engineering Indian Institute of Tchnology - Bombay Mumbai 3 LSV, ENS Cachan France January 23, 2014 Rohit Chadha , Umang Mathur , Stefan Schwoon – 1 of 17
ProPed: Symbolic Verification + Probablistic + Recursion Figure: Comparison with existing state-of-the-art tools Rohit Chadha , Umang Mathur , Stefan Schwoon – 2 of 17
ProPed: Symbolic Verification + Probablistic + Recursion Figure: Comparison with existing state-of-the-art tools – Moped: Recursion and symbolic program verification but no probability Rohit Chadha , Umang Mathur , Stefan Schwoon – 2 of 17
ProPed: Symbolic Verification + Probablistic + Recursion Figure: Comparison with existing state-of-the-art tools – Moped: Recursion and symbolic program verification but no probability – PRISM: Symbolic program analysis and probability but no recursion Rohit Chadha , Umang Mathur , Stefan Schwoon – 2 of 17
ProPed: Symbolic Verification + Probablistic + Recursion Figure: Comparison with existing state-of-the-art tools – Moped: Recursion and symbolic program verification but no probability – PRISM: Symbolic program analysis and probability but no recursion – PReMo: Recursion and probability but explicit state model checking Rohit Chadha , Umang Mathur , Stefan Schwoon – 2 of 17
ProPed: Symbolic Verification + Probablistic + Recursion Figure: Comparison with existing state-of-the-art tools – Moped: Recursion and symbolic program verification but no probability – PRISM: Symbolic program analysis and probability but no recursion – PReMo: Recursion and probability but explicit state model checking ProPed = Moped ∪ PRISM ∪ PReMo Rohit Chadha , Umang Mathur , Stefan Schwoon – 2 of 17
ProPed: Symbolic Verification + Probablistic + Recursion Figure: Comparison with existing state-of-the-art tools – Moped: Recursion and symbolic program verification but no probability – PRISM: Symbolic program analysis and probability but no recursion – PReMo: Recursion and probability but explicit state model checking ProPed = Moped ∪ PRISM ∪ PReMo ProPed is a MTBDD-based tool that analyzes probabilistic recursive programs Rohit Chadha , Umang Mathur , Stefan Schwoon – 2 of 17
Probabilistic Recursive Programs Analysis of Probabilistic Recursive Programs: – Modeling the program Rohit Chadha , Umang Mathur , Stefan Schwoon – 3 of 17
Probabilistic Recursive Programs Analysis of Probabilistic Recursive Programs: – Modeling the program – Reachability Analysis and Property Checking Rohit Chadha , Umang Mathur , Stefan Schwoon – 3 of 17
Probabilistic Recursive Programs Analysis of Probabilistic Recursive Programs: – Modeling the program – Reachability Analysis and Property Checking – Calculating Information Leakage Rohit Chadha , Umang Mathur , Stefan Schwoon – 3 of 17
Example program procedure p; procedure s; if ? then p0: s0: if ? then return; p1: call s; end if; p2: if ? then s1: call p; wp 0.2 -> call p; wp 0.8 -> skip; s2: return; end if; else procedure main ; p3: call p; m0: call s; end if m1: return; P4: return ∗ , initial state = m 0 S = {p 0 , . . . , p 4 , s 0 , . . . , s 2 , m 0 , m 1 } Rohit Chadha , Umang Mathur , Stefan Schwoon – 4 of 17
Example program procedure p; procedure s; if ? then p0: s0: if ? then return; p1: call s; end if; p2: if ? then s1: call p; wp 0.2 -> call p; wp 0.8 -> skip; s2: return; end if; else procedure main ; p3: call p; m0: call s; end if m1: return; P4: return ∗ , initial state = m 0 S = {p 0 , . . . , p 4 , s 0 , . . . , s 2 , m 0 , m 1 } m1 ε p1 s2 m1 s0 p2 s2 m1 m0 s0 m1 s1 m1 p0 s2 m1 p3 s2 m1 p0 p4 s2 m1 Rohit Chadha , Umang Mathur , Stefan Schwoon – 4 of 17
Analysis of Recursive Programs is not Straightforward – Potentially infinite state space ! Rohit Chadha , Umang Mathur , Stefan Schwoon – 5 of 17
Analysis of Recursive Programs is not Straightforward – Potentially infinite state space ! – Simple unrolling/inlining is not applicable Rohit Chadha , Umang Mathur , Stefan Schwoon – 5 of 17
Analysis of Recursive Programs is not Straightforward – Potentially infinite state space ! – Simple unrolling/inlining is not applicable – Cannot be analyzed by naively searching all reachable states Rohit Chadha , Umang Mathur , Stefan Schwoon – 5 of 17
Analysis of Recursive Programs is not Straightforward – Potentially infinite state space ! – Simple unrolling/inlining is not applicable – Cannot be analyzed by naively searching all reachable states – Some finite representation is required Rohit Chadha , Umang Mathur , Stefan Schwoon – 5 of 17
Computation Model for Probabilistic Recursive Programs – Control flow: – Sequential (probabilistic) program – Procedures – Mutual procedure calls (possibly recursive) Rohit Chadha , Umang Mathur , Stefan Schwoon – 6 of 17
Computation Model for Probabilistic Recursive Programs – Control flow: – Sequential (probabilistic) program – Procedures – Mutual procedure calls (possibly recursive) – Data: – Global Variables (finite memory) – Local Variables in each procedure (one copy per call) Rohit Chadha , Umang Mathur , Stefan Schwoon – 6 of 17
Pushdown Systems: Syntax and Semantics A pushdown system is a triple ( P, Γ , δ ) , where – P is a finite set of control locations (states) – Γ is a finite stack alphabet – δ ⊆ ( P × Γ) × ( P × Γ ∗ ) is a finite set of rules Rohit Chadha , Umang Mathur , Stefan Schwoon – 7 of 17
Pushdown Systems: Syntax and Semantics A pushdown system is a triple ( P, Γ , δ ) , where – P is a finite set of control locations (states) – Γ is a finite stack alphabet – δ ⊆ ( P × Γ) × ( P × Γ ∗ ) is a finite set of rules A configuration is a pair pα , where p ∈ P and α ∈ Γ ∗ Semantics: A (possibly infinite) transition system with configurations as states and transitions given by → qα ∈ δ , then pXβ → qαβ for every β ∈ Γ ∗ If pX ֒ Rohit Chadha , Umang Mathur , Stefan Schwoon – 7 of 17
Pushdown Systems: Syntax and Semantics A pushdown system is a triple ( P, Γ , δ ) , where – P is a finite set of control locations (states) – Γ is a finite stack alphabet – δ ⊆ ( P × Γ) × ( P × Γ ∗ ) is a finite set of rules A configuration is a pair pα , where p ∈ P and α ∈ Γ ∗ Semantics: A (possibly infinite) transition system with configurations as states and transitions given by → qα ∈ δ , then pXβ → qαβ for every β ∈ Γ ∗ If pX ֒ Normalization | α | ≤ 2 (each transition pushes atmost 2 symbols on the stack), termination only by empty stack. Rohit Chadha , Umang Mathur , Stefan Schwoon – 7 of 17
Probabilistic Pushdown Systems: Syntax and Semantics A probabilistic pushdown system is a tuple P = ( P, Γ , δ, Prob ), where – ( P, Γ , δ ) is a PDS – Prob : δ → (0 , 1] such that for every pair pX , we have P → qα Prob ( pX ֒ → qα ) = 1 pX֒ x pX ֒ → qα to denote Prob ( pX ֒ → qα ) = x Rohit Chadha , Umang Mathur , Stefan Schwoon – 8 of 17
Probabilistic Pushdown Systems: Syntax and Semantics A probabilistic pushdown system is a tuple P = ( P, Γ , δ, Prob ), where – ( P, Γ , δ ) is a PDS – Prob : δ → (0 , 1] such that for every pair pX , we have P → qα Prob ( pX ֒ → qα ) = 1 pX֒ x pX ֒ → qα to denote Prob ( pX ֒ → qα ) = x Semantics: A (possibly infinite) Markov chain with configurations as states and transition probabilities given by x x → qαβ for every β ∈ Γ ∗ If pX ֒ → qα ∈ δ , then pXβ − Rohit Chadha , Umang Mathur , Stefan Schwoon – 8 of 17
From programs to pushdown systems State of a procedural program: ( g, n, l, ( n 1 , l 1 ) · · · ( n k , l k ) ), where – g is a valuation of the global variables, – n is the value of the program counter, – l is a valuation of local variables of the current active procedure, – n i is a return address, and – l i is a saved valuation of the local variables of a calling procedure Modeled as a configuration pXY 1 · · · Y k where p = g X = ( n, l ) Y i = ( n i , l i ) Rohit Chadha , Umang Mathur , Stefan Schwoon – 9 of 17
From programs to pushdown systems The following correspondence between a program and PDS holds: – State p corresponds to valuations of global variables – Γ corresponds to tuples of the form (program counter, local valuations) – Configuration pAw can be interpreted with globals in p , current procedure with local variables in A and suspended procedures in w – Rule pX ֒ → qY corresponds to a sequential statement within a procedure – Rule pX ֒ → qY Z corresponds to a call to some procedure – Rule pX ֒ → qε corresponds to a return from some procedure Rohit Chadha , Umang Mathur , Stefan Schwoon – 10 of 17
Probabilistic Verification – Qualitative properties: Does a program property hold with probability 1? Rohit Chadha , Umang Mathur , Stefan Schwoon – 11 of 17
Recommend
More recommend